diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 6acf6e25fc..f2b602b5bb 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -3,277 +3,277 @@ { "source_path": "windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md", "redirect_url": "/windows/security/windows/security/identity-protection/hello-for-business/webauthn-apis", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/application-management/manage-windows-mixed-reality.md", "redirect_url": "/windows/mixed-reality/enthusiast-guide/manage-windows-mixed-reality", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/browserfavorite-csp.md", "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/windows-10-mobile-security-guide.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/windowssecurityauditing-ddf-file.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/windowssecurityauditing-csp.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/remotelock-ddf-file.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/remotelock-csp.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/registry-ddf-file.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/registry-csp.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/maps-ddf-file.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/maps-csp.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/hotspot-csp.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/filesystem-csp.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-ddf.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-csp.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/enterpriseext-ddf.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/enterpriseext-csp.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/enterpriseassignedaccess-xsd.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/enterpriseassignedaccess-ddf.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/enterpriseassignedaccess-csp.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md", "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/client-management/mdm/deviceinstanceservice-csp.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false - }, + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/cm-proxyentries-csp.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false - }, + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/bootstrap-csp.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false - }, + "redirect_document_id": false + }, { "source_path": "windows/configuration/wcd/wcd-textinput.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false - }, + "redirect_document_id": false + }, { "source_path": "windows/configuration/wcd/wcd-shell.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false - }, + "redirect_document_id": false + }, { "source_path": "windows/configuration/wcd/wcd-rcspresence.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false - }, + "redirect_document_id": false + }, { "source_path": "windows/configuration/wcd/wcd-otherassets.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false - }, + "redirect_document_id": false + }, { "source_path": "windows/configuration/wcd/wcd-nfc.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/wcd/wcd-multivariant.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/wcd/wcd-modemconfigurations.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/wcd/wcd-messaging.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/wcd/wcd-internetexplorer.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/wcd/wcd-initialsetup.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/wcd/wcd-deviceinfo.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/wcd/wcd-calling.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/wcd/wcd-callandmessagingenhancement.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/wcd/wcd-automatictime.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/wcd/wcd-theme.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/wcd/wcd-embeddedlockdownprofiles.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/mobile-devices/configure-mobile.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/mobile-devices/lockdown-xml.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/mobile-devices/mobile-lockdown-designer.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/mobile-devices/provisioning-configure-mobile.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/mobile-devices/provisioning-nfc.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/mobile-devices/provisioning-package-splitter.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/mobile-devices/settings-that-can-be-locked-down.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/mobile-devices/start-layout-xml-mobile.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/whats-new/windows-11.md", "redirect_url": "/windows/whats-new/windows-11-whats-new", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/configuration/use-json-customize-start-menu-windows.md", "redirect_url": "/windows/configuration/customize-start-menu-layout-windows-11", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/application-management/msix-app-packaging-tool.md", "redirect_url": "/windows/application-management/apps-in-windows-10", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "browsers/edge/about-microsoft-edge.md", @@ -500,12 +500,12 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-exploit-protection-mitigations", "redirect_document_id": false }, - { + { "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md", "redirect_url": "/microsoft-365/security/defender-endpoint/ios-privacy", "redirect_document_id": false }, - { + { "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md", "redirect_url": "/microsoft-365/security/defender-endpoint/ios-privacy", "redirect_document_id": false @@ -2115,7 +2115,7 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/manage-edr", "redirect_document_id": false }, - { + { "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-edrmanage-edr.md", "redirect_url": "/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response", "redirect_document_id": false @@ -2285,7 +2285,7 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/powerbi-reports", "redirect_document_id": false }, - { + { "source_path": "windows/security/threat-protection/windows-defender-atp/powerbi-reports.md", "redirect_url": "/microsoft-365/security/defender-endpoint/api-power-bi", "redirect_document_id": false @@ -2465,7 +2465,7 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/supported-response-apis", "redirect_document_id": false }, - { + { "source_path": "windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md", "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-list", "redirect_document_id": false @@ -2816,9 +2816,9 @@ "redirect_document_id": false }, { - "source_path": "windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md", - "redirect_url": "/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus", - "redirect_document_id": false + "source_path": "windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md", + "redirect_url": "/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus", + "redirect_document_id": false }, { "source_path": "windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md", @@ -14366,9 +14366,9 @@ "redirect_document_id": false }, { - "source_path": "store-for-business/manage-mpsa-software-microsoft-store-for-business.md", - "redirect_url": "/microsoft-store/index", - "redirect_document_id": false + "source_path": "store-for-business/manage-mpsa-software-microsoft-store-for-business.md", + "redirect_url": "/microsoft-store/index", + "redirect_document_id": false }, { "source_path": "windows/manage/reset-a-windows-10-mobile-device.md", @@ -16100,7 +16100,7 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac", "redirect_document_id": false }, - { + { "source_path": "windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md", "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac", "redirect_document_id": false @@ -16520,7 +16520,7 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction", "redirect_document_id": false }, - { + { "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md", "redirect_url": "/microsoft-365/security/defender-endpoint/gov", "redirect_document_id": false @@ -18899,7 +18899,7 @@ "source_path": "windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md", "redirect_url": "/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint", "redirect_document_id": false - }, + }, { "source_path": "windows/security/threat-protection/change-history-for-threat-protection.md", "redirect_url": "/windows/security/threat-protection", @@ -19199,7 +19199,7 @@ "source_path": "windows/security/threat-protection/device-control/control-usb-devices-using-intune.md", "redirect_url": "/microsoft-365/security/defender-endpoint/control-usb-devices-using-intune", "redirect_document_id": false - }, + }, { "source_path": "windows/security/threat-protection/device-control/device-control-report.md", "redirect_url": "/microsoft-365/security/defender-endpoint/device-control-report", @@ -19214,12 +19214,12 @@ "source_path": "windows/security/threat-protection/intelligence/ransomware-malware.md", "redirect_url": "/security/compass/human-operated-ransomware", "redirect_document_id": false - }, + }, { "source_path": "windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md", "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows", "redirect_document_id": false - }, + }, { "source_path": "windows/security/identity-protection/change-history-for-access-protection.md", "redirect_url": "/windows/security/", @@ -19294,26 +19294,26 @@ "source_path": "windows/deployment/update/change-history-for-update-windows-10.md", "redirect_url": "/windows/deployment/deploy-whats-new", "redirect_document_id": true - }, + }, { "source_path": "windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md", "redirect_url": "/windows/client-management/mdm/policy-csp-admx-wordwheel", "redirect_document_id": true - }, - { - "source_path": "windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md", - "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings", - "redirect_document_id": true - }, - { - "source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md", - "redirect_url": "/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools", - "redirect_document_id": true }, { - "source_path": "windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md", - "redirect_url": "/legal/windows/license-terms-windows-diagnostic-data-for-powershell", - "redirect_document_id": false + "source_path": "windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md", + "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings", + "redirect_document_id": true + }, + { + "source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md", + "redirect_url": "/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools", + "redirect_document_id": true + }, + { + "source_path": "windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md", + "redirect_url": "/legal/windows/license-terms-windows-diagnostic-data-for-powershell", + "redirect_document_id": false }, { "source_path": "windows/privacy/windows-endpoints-1709-non-enterprise-editions.md", @@ -19335,185 +19335,185 @@ "redirect_url": "/windows/privacy/manage-windows-21h2-endpoints", "redirect_document_id": false }, - { - "source_path": "windows/whats-new/windows-11-whats-new.md", - "redirect_url": "/windows/whats-new/windows-11-overview", - "redirect_document_id": false + { + "source_path": "windows/whats-new/windows-11-whats-new.md", + "redirect_url": "/windows/whats-new/windows-11-overview", + "redirect_document_id": false }, - { - "source_path": "windows/deployment/update/waas-delivery-optimization.md", - "redirect_url": "/windows/deployment/do/waas-delivery-optimization", - "redirect_document_id": false - }, - { - "source_path": "windows/deployment/update/delivery-optimization-proxy.md", - "redirect_url": "/windows/deployment/do/delivery-optimization-proxy", - "redirect_document_id": false - }, - { - "source_path": "windows/deployment/update/delivery-optimization-workflow.md", - "redirect_url": "/windows/deployment/do/delivery-optimization-workflow", - "redirect_document_id": false - }, - { - "source_path": "windows/deployment/update/waas-delivery-optimization-reference.md", - "redirect_url": "/windows/deployment/do/waas-delivery-optimization-reference", - "redirect_document_id": false - }, - { - "source_path": "windows/deployment/update/waas-delivery-optimization-setup.md", - "redirect_url": "/windows/deployment/do/waas-delivery-optimization-setup", - "redirect_document_id": false - }, - { - "source_path": "windows/deployment/update/waas-optimize-windows-10.md", - "redirect_url": "/windows/deployment/do/waas-optimize-windows-10", - "redirect_document_id": false + { + "source_path": "windows/deployment/update/waas-delivery-optimization.md", + "redirect_url": "/windows/deployment/do/waas-delivery-optimization", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/delivery-optimization-proxy.md", + "redirect_url": "/windows/deployment/do/delivery-optimization-proxy", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/delivery-optimization-workflow.md", + "redirect_url": "/windows/deployment/do/delivery-optimization-workflow", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/waas-delivery-optimization-reference.md", + "redirect_url": "/windows/deployment/do/waas-delivery-optimization-reference", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/waas-delivery-optimization-setup.md", + "redirect_url": "/windows/deployment/do/waas-delivery-optimization-setup", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/waas-optimize-windows-10.md", + "redirect_url": "/windows/deployment/do/waas-optimize-windows-10", + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/coinminer-malware.md", "redirect_url": "/microsoft-365/security/intelligence/coinminer-malware", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/coordinated-malware-eradication.md", "redirect_url": "/microsoft-365/security/intelligence/coordinated-malware-eradication", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/criteria.md", "redirect_url": "/microsoft-365/security/intelligence/criteria", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md", "redirect_url": "/microsoft-365/security/intelligence/cybersecurity-industry-partners", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/developer-faq.yml", "redirect_url": "/microsoft-365/security/intelligence/developer-faq", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/developer-resources.md", "redirect_url": "/microsoft-365/security/intelligence/developer-resources", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/exploits-malware.md", "redirect_url": "/microsoft-365/security/intelligence/exploits-malware", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/fileless-threats.md", "redirect_url": "/microsoft-365/security/intelligence/fileless-threats", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/macro-malware.md", "redirect_url": "/microsoft-365/security/intelligence/macro-malware", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/malware-naming.md", "redirect_url": "/microsoft-365/security/intelligence/malware-naming", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/phishing-trends.md", "redirect_url": "/microsoft-365/security/intelligence/phishing-trends", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/phishing.md", "redirect_url": "/microsoft-365/security/intelligence/phishing", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md", "redirect_url": "/microsoft-365/security/intelligence/portal-submission-troubleshooting", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/prevent-malware-infection.md", "redirect_url": "/microsoft-365/security/intelligence/prevent-malware-infection", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/rootkits-malware.md", "redirect_url": "/microsoft-365/security/intelligence/rootkits-malware.md", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/safety-scanner-download.md", "redirect_url": "/microsoft-365/security/intelligence/safety-scanner-download", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/submission-guide.md", "redirect_url": "/microsoft-365/security/intelligence/submission-guide", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/supply-chain-malware.md", "redirect_url": "/microsoft-365/security/intelligence/supply-chain-malware", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/support-scams.md", "redirect_url": "/microsoft-365/security/intelligence/support-scams", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/trojans-malware.md", "redirect_url": "/microsoft-365/security/intelligence/trojans-malware", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/understanding-malware.md", "redirect_url": "/microsoft-365/security/intelligence/understanding-malware", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/unwanted-software.md", "redirect_url": "/microsoft-365/security/intelligence/unwanted-software", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md", "redirect_url": "/microsoft-365/security/intelligence/virus-information-alliance-criteria", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/virus-initiative-criteria.md", "redirect_url": "/microsoft-365/security/intelligence/virus-initiative-criteria", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/intelligence/worms-malware.md", "redirect_url": "/microsoft-365/security/intelligence/worms-malware", - "redirect_document_id": false + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-bug-bounty-program.md", "redirect_url": "/microsoft-365/security/intelligence/microsoft-bug-bounty-program", - "redirect_document_id": false + "redirect_document_id": false }, - { - "source_path": "windows/deployment/update/waas-microsoft-connected-cache.md", - "redirect_url": "/windows/deployment/do/waas-microsoft-connected-cache", - "redirect_document_id": false + { + "source_path": "windows/deployment/update/waas-microsoft-connected-cache.md", + "redirect_url": "/windows/deployment/do/waas-microsoft-connected-cache", + "redirect_document_id": false }, - { - "source_path": "education/itadmins.yml", - "redirect_url": "/education", - "redirect_document_id": false + { + "source_path": "education/itadmins.yml", + "redirect_url": "/education", + "redirect_document_id": false }, - { - "source_path": "education/partners.yml", - "redirect_url": "/education", - "redirect_document_id": false + { + "source_path": "education/partners.yml", + "redirect_url": "/education", + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/security-compliance-toolkit-10.md", @@ -19530,115 +19530,400 @@ "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference", "redirect_document_id": false }, - { - "source_path": "education/developers.yml", - "redirect_url": "/education", - "redirect_document_id": false + { + "source_path": "education/developers.yml", + "redirect_url": "/education", + "redirect_document_id": false }, - { + { "source_path": "windows/client-management/mdm/enterpriseappmanagement-csp.md", "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/client-management/mdm/messaging-ddf.md", "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/client-management/mdm/messaging-csp.md", "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/client-management/mdm/policymanager-csp.md", "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/client-management/mdm/proxy-csp.md", "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/client-management/img-boot-sequence.md", "redirect_url": "/windows/client-management/advanced-troubleshooting-boot-problems#boot-sequence", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/deployment/deploy-windows-mdt/deploy-a-windows-11-image-using-mdt.md", "redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt", "redirect_document_id": false - }, - { + }, + { "source_path": "education/windows/get-minecraft-device-promotion.md", "redirect_url": "/education/windows/get-minecraft-for-education", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md", "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md", "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune", "redirect_document_id": false - }, - { + }, + { "source_path": "smb/cloud-mode-business-setup.md", "redirect_url": "https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog", "redirect_document_id": false - }, - { + }, + { "source_path": "smb/index.md", "redirect_url": "https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/whats-new/contribute-to-a-topic.md", "redirect_url": "https://github.com/MicrosoftDocs/windows-itpro-docs/blob/public/CONTRIBUTING.md#editing-windows-it-professional-documentation", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/deployment/update/waas-delivery-optimization-faq.md", "redirect_url": "/windows/deployment/do/waas-delivery-optimization-faq", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/security/identity-protection/access-control/security-identifiers.md", "redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-identifiers", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/security/identity-protection/access-control/security-principals.md", "redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-principals", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/security/identity-protection/access-control/active-directory-accounts.md", "redirect_url": "/windows-server/identity/ad-ds/manage/understand-default-user-accounts", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/security/identity-protection/access-control/microsoft-accounts.md", "redirect_url": "/windows-server/identity/ad-ds/manage/understand-microsoft-accounts", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/security/identity-protection/access-control/service-accounts.md", "redirect_url": "/windows-server/identity/ad-ds/manage/understand-service-accounts", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/security/identity-protection/access-control/active-directory-security-groups.md", "redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-groups", "redirect_document_id": false - }, - { + }, + { "source_path": "windows/security/identity-protection/access-control/special-identities.md", "redirect_url": "/windows-server/identity/ad-ds/manage/understand-special-identities-groups", "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/access-control/dynamic-access-control.md", + "redirect_url": "/windows-server/identity/solution-guides/dynamic-access-control-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/windows-10-accessibility-for-ITPros.md", + "redirect_url": "/windows/configuration/windows-accessibility-for-ITPros", + "redirect_document_id": false + }, + { + "source_path": "education/windows/take-a-test-multiple-pcs.md", + "redirect_url": "/education/windows/edu-take-a-test-kiosk-mode", + "redirect_document_id": false + }, + { + "source_path": "education/windows/take-a-test-single-pc.md", + "redirect_url": "/education/windows/take-tests-in-windows", + "redirect_document_id": false + }, + { + "source_path": "education/windows/take-tests-in-windows-10.md", + "redirect_url": "/education/windows/take-tests-in-windows", + "redirect_document_id": false + }, + { + "source_path": "education/windows/change-history-edu.md", + "redirect_url": "/education/windows", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/change-history-for-mdm-documentation.md", + "redirect_url": "/windows/client-management/change-history-for-mdm-documentation", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md", + "redirect_url": "/windows/client-management/add-an-azure-ad-tenant-and-azure-ad-subscription", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/appv-deploy-and-config.md", + "redirect_url": "/windows/client-management/appv-deploy-and-config", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/configuration-service-provider-reference.md", + "redirect_url": "/windows/client-management/mdm/index", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/assign-seats.md", + "redirect_url": "/windows/client-management/assign-seats", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/azure-active-directory-integration-with-mdm.md", + "redirect_url": "/windows/client-management/azure-active-directory-integration-with-mdm", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md", + "redirect_url": "/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md", + "redirect_url": "/windows/client-management/bulk-assign-and-reclaim-seats-from-user", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md", + "redirect_url": "/windows/client-management/bulk-enrollment-using-windows-provisioning-tool", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/certificate-authentication-device-enrollment.md", + "redirect_url": "/windows/client-management/certificate-authentication-device-enrollment", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/certificate-renewal-windows-mdm.md", + "redirect_url": "/windows/client-management/certificate-renewal-windows-mdm", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/config-lock.md", + "redirect_url": "/windows/client-management/config-lock", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/data-structures-windows-store-for-business.md", + "redirect_url": "/windows/client-management/data-structures-windows-store-for-business", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/device-update-management.md", + "redirect_url": "/windows/client-management/device-update-management", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md", + "redirect_url": "/windows/client-management/diagnose-mdm-failures-in-windows-10", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md", + "redirect_url": "/windows/client-management/disconnecting-from-mdm-unenrollment", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/dmprocessconfigxmlfiltered.md", + "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md", + "redirect_url": "/windows/client-management/enable-admx-backed-policies-in-mdm", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md", + "redirect_url": "/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterprise-app-management.md", + "redirect_url": "/windows/client-management/enterprise-app-management", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/esim-enterprise-management.md", + "redirect_url": "/windows/client-management/esim-enterprise-management", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/federated-authentication-device-enrollment.md", + "redirect_url": "/windows/client-management/federated-authentication-device-enrollment", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/get-inventory.md", + "redirect_url": "/windows/client-management/get-inventory", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/get-localized-product-details.md", + "redirect_url": "/windows/client-management/get-localized-product-details", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/get-offline-license.md", + "redirect_url": "/windows/client-management/get-offline-license", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/get-product-details.md", + "redirect_url": "/windows/client-management/get-product-details", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/get-product-package.md", + "redirect_url": "/windows/client-management/get-product-package", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/get-product-packages.md", + "redirect_url": "/windows/client-management/get-product-packages", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/get-seat.md", + "redirect_url": "/windows/client-management/get-seat", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/get-seats-assigned-to-a-user.md", + "redirect_url": "/windows/client-management/get-seats-assigned-to-a-user", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/get-seats.md", + "redirect_url": "/windows/client-management/get-seats", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/implement-server-side-mobile-application-management.md", + "redirect_url": "/windows/client-management/implement-server-side-mobile-application-management", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/management-tool-for-windows-store-for-business.md", + "redirect_url": "/windows/client-management/management-tool-for-windows-store-for-business", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/mdm-enrollment-of-windows-devices.md", + "redirect_url": "/windows/client-management/mdm-enrollment-of-windows-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/mdm-overview.md", + "redirect_url": "/windows/client-management/mdm-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/mobile-device-enrollment.md", + "redirect_url": "/windows/client-management/mobile-device-enrollment", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md", + "redirect_url": "/windows/client-management/new-in-windows-mdm-enrollment-management", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/oma-dm-protocol-support.md", + "redirect_url": "/windows/client-management/oma-dm-protocol-support", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/on-premise-authentication-device-enrollment.md", + "redirect_url": "/windows/client-management/on-premise-authentication-device-enrollment", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/push-notification-windows-mdm.md", + "redirect_url": "/windows/client-management/push-notification-windows-mdm", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/reclaim-seat-from-user.md", + "redirect_url": "/windows/client-management/reclaim-seat-from-user", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md", + "redirect_url": "/windows/client-management/register-your-free-azure-active-directory-subscription", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/rest-api-reference-windows-store-for-business.md", + "redirect_url": "/windows/client-management/rest-api-reference-windows-store-for-business", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/server-requirements-windows-mdm.md", + "redirect_url": "/windows/client-management/server-requirements-windows-mdm", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md", + "redirect_url": "/windows/client-management/structure-of-oma-dm-provisioning-files", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/understanding-admx-backed-policies.md", + "redirect_url": "/windows/client-management/understanding-admx-backed-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md", + "redirect_url": "/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md", + "redirect_url": "/windows/client-management/win32-and-centennial-app-policy-configuration", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/windows-mdm-enterprise-settings.md", + "redirect_url": "/windows/client-management/windows-mdm-enterprise-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/wmi-providers-supported-in-windows.md", + "redirect_url": "/windows/client-management/wmi-providers-supported-in-windows", + "redirect_document_id": false }, { "source_path": "windows/security/identity-protection/access-control/dynamic-access-control.md", @@ -19659,6 +19944,11 @@ "source_path": "windows/deployment/do/mcc-enterprise.md", "redirect_url": "/windows/deployment/do/mcc-enterprise-overview", "redirect_document_id": false - } + }, + { + "source_path": "education/windows/set-up-school-pcs-shared-pc-mode.md", + "redirect_url": "/windows/configuration/set-up-shared-or-guest-pc", + "redirect_document_id": false + } ] -} +} \ No newline at end of file diff --git a/education/breadcrumb/toc.yml b/education/breadcrumb/toc.yml index 41fb052a33..7955da8797 100644 --- a/education/breadcrumb/toc.yml +++ b/education/breadcrumb/toc.yml @@ -14,6 +14,6 @@ items: tocHref: /education/windows topicHref: /education/windows/index - name: Windows - tocHref: /windows/security/ + tocHref: /windows/configuration/ topicHref: /education/windows/index diff --git a/education/context/context.yml b/education/context/context.yml new file mode 100644 index 0000000000..861f88f272 --- /dev/null +++ b/education/context/context.yml @@ -0,0 +1,4 @@ +### YamlMime: ContextObject +brand: windows +breadcrumb_path: ../breadcrumb/toc.yml +toc_rel: ../windows/toc.yml \ No newline at end of file diff --git a/education/docfx.json b/education/docfx.json index 7aabd80dfc..e6749db811 100644 --- a/education/docfx.json +++ b/education/docfx.json @@ -29,9 +29,15 @@ "globalMetadata": { "recommendations": true, "ms.topic": "article", + "ms.collection": "education", + "ms.prod": "windows", "ms.technology": "windows", + "author": "paolomatarazzo", + "ms.author": "paoloma", "manager": "aaroncz", + "ms.localizationpriority": "medium", "breadcrumb_path": "/education/breadcrumb/toc.json", + "uhfHeaderId": "MSDocsHeader-M365-IT", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332", @@ -41,6 +47,7 @@ "folder_relative_path_in_docset": "./" } }, + "titleSuffix": "Windows Education", "contributors_to_exclude": [ "rjagiewich", "traya1", @@ -55,9 +62,17 @@ "garycentric" ] }, + "fileMetadata": { + "ms.localizationpriority": { + "windows/tutorial-school-deployment/**/**.md": "medium" + }, + "ms.topic": { + "windows/tutorial-school-deployment/**/**.md": "tutorial" + } + }, "externalReference": [], "template": "op.html", "dest": "education", "markdownEngineName": "markdig" } -} +} \ No newline at end of file diff --git a/education/index.yml b/education/index.yml index 6ed1dbb047..1a3a69e704 100644 --- a/education/index.yml +++ b/education/index.yml @@ -23,7 +23,7 @@ productDirectory: # Card - title: Phase 1 - Cloud deployment imageSrc: ./images/EDU-Deploy.svg - summary: Create your Microsoft 365 tenant, secure and configure your environment, sync your active directry and SIS, and license users. + summary: Create your Microsoft 365 tenant, secure and configure your environment, sync your Active Directory and SIS, and license users. url: /microsoft-365/education/deploy/create-your-office-365-tenant # Card - title: Phase 2 - Device management diff --git a/education/windows/TOC.yml b/education/windows/TOC.yml index b3ef37c53c..777191ba8b 100644 --- a/education/windows/TOC.yml +++ b/education/windows/TOC.yml @@ -12,8 +12,10 @@ items: items: - name: Overview href: windows-11-se-overview.md - - name: Settings and CSP list + - name: Settings list href: windows-11-se-settings-list.md + - name: Frequently Asked Questions (FAQ) + href: windows-11-se-faq.yml - name: Windows in S Mode items: - name: Test Windows 10 in S mode on existing Windows 10 education devices @@ -22,24 +24,22 @@ items: href: enable-s-mode-on-surface-go-devices.md - name: Windows 10 editions for education customers href: windows-editions-for-education-customers.md - - name: Shared PC mode for school devices - href: set-up-school-pcs-shared-pc-mode.md + - name: Considerations for shared and guest devices + href: /windows/configuration/shared-devices-concepts?context=/education/context/context - name: Windows 10 configuration recommendations for education customers href: configure-windows-for-education.md - name: Take tests and assessments in Windows - href: take-tests-in-windows-10.md + href: take-tests-in-windows.md - name: How-to-guides items: - - name: Configure education features - items: - - name: Configure education themes - href: edu-themes.md - - name: Configure Stickers - href: edu-stickers.md - - name: Configure Take a Test on a single PC - href: take-a-test-single-pc.md - - name: Configure a Test on multiple PCs - href: take-a-test-multiple-pcs.md + - name: Configure education themes + href: edu-themes.md + - name: Configure Stickers + href: edu-stickers.md + - name: Configure Take a Test in kiosk mode + href: edu-take-a-test-kiosk-mode.md + - name: Configure Shared PC + href: /windows/configuration/set-up-shared-or-guest-pc?context=/education/context/context - name: Use the Set up School PCs app href: use-set-up-school-pcs-app.md - name: Change Windows edition @@ -96,8 +96,9 @@ items: href: set-up-school-pcs-provisioning-package.md - name: What's new in Set up School PCs href: set-up-school-pcs-whats-new.md - - name: Take a Test app technical reference + - name: Take a Test technical reference href: take-a-test-app-technical.md - - name: Change history for Windows 10 for Education - href: change-history-edu.md + - name: Shared PC technical reference + href: /windows/configuration/shared-pc-technical?context=/education/context/context + diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md index 0e328b18b4..b44ad43f62 100644 --- a/education/windows/autopilot-reset.md +++ b/education/windows/autopilot-reset.md @@ -1,18 +1,8 @@ --- title: Reset devices with Autopilot Reset -description: Gives an overview of Autopilot Reset and how you can enable and use it in your schools. -keywords: Autopilot Reset, Windows, education -ms.prod: windows -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +description: Learn about Autopilot Reset and how to enable and use it. ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz +ms.topic: how-to appliesto: - ✅ Windows 10 --- diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md deleted file mode 100644 index 2b3d262830..0000000000 --- a/education/windows/change-history-edu.md +++ /dev/null @@ -1,156 +0,0 @@ ---- -title: Change history for Windows 10 for Education (Windows 10) -description: New and changed topics in Windows 10 for Education -keywords: Windows 10 education documentation, change history -ms.prod: windows -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: edu -ms.collection: education -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz -appliesto: -- ✅ Windows 10 ---- -# Change history for Windows 10 for Education - -This topic lists new and updated topics in the [Windows 10 for Education](index.yml) documentation. - -## May 2019 - -|New or changed topic | Description| -|-----------|-------------| -|[Windows 10 Subscription Activation](/windows/deployment/windows-10-subscription-activation)|Subscription activation support for Windows 10 Pro Education to Windows 10 Education| - -## April 2018 -New or changed topic | Description ---- | --- -[Windows 10 Pro in S mode for Education](s-mode-switch-to-edu.md) | Created a new topic on S mode for Education. | -[Change to Windows 10 Education from Windows 10 Pro](change-to-pro-education.md) | Updated sections referencing S mode. - -## March 2018 - -New or changed topic | Description ---- | --- -[Reset devices with Autopilot Reset](autopilot-reset.md) | Added section for troubleshooting Autopilot Reset. - -## November 2017 - -| New or changed topic | Description | -| --- | ---- | -| [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | Updated the list of device manufacturers. | -| [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md) | Updated instances of the parameter enablePrint, or enablePrinting, to requirePrinting. | -| [Set up Take a Test on a single PC](take-a-test-single-pc.md) | Updated instances of the parameter enablePrint, or enablePrinting, to requirePrinting. | -| [Take a Test app technical reference](take-a-test-app-technical.md) | Added a note that the Alt+F4 key combination for enabling students to exit the test is disabled in Windows 10, version 1703 (Creators Update) and later. Also added more information about the Ctrl+Alt+Del key combination. | - -## RELEASE: Windows 10, version 1709 (Fall Creators Update) - -| New or changed topic | Description | -| --- | ---- | -| [Reset devices with Autopilot Reset](autopilot-reset.md) | New. Learn how you can use this new feature to quickly reset student PCs from the lock screen and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use and returned to a fully configured or known IT-approved state. | -| [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | Updated the *Go back to your previous edition of Windows 10* section with new information on how to work around cases where Win32 apps are blocked after switching from Windows 10 S back to your previous Windows edition. | -| [Take a Test app technical reference](take-a-test-app-technical.md) | Updated. Starting with Windows 10, version 1709 (Fall Creators Update), assessments can now run in permissive mode. This mode enables students who need access to other apps, like accessibility tools, to use the apps. | - -## September 2017 - -| New or changed topic | Description | -| --- | ---- | -| [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated the prerequisites to provide more clarification. | - -## August 2017 - -| New or changed topic | Description | -| --- | ---- | -| [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | New. Find out how you can test Windows 10 S on various Windows 10 devices (except Windows 10 Home) in your school and share your feedback with us. | -| [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated the instructions to reflect the new or updated functionality in the latest version of the app. | - -## July 2017 - -| New or changed topic | Description | -| --- | ---- | -| [Get Minecraft: Education Edition with Windows 10 device promotion](get-minecraft-for-education.md) | New information about redeeming Minecraft: Education Edition licenses with qualifying purchases of Windows 10 devices. | -| [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Added the how-to video, which shows how to use the app to create a provisioning package that you can use to set up school PCs. | -| [Take a Test app technical reference](take-a-test-app-technical.md) | Added a Group Policy section to inform you of any policies that affect the Take a Test app or functionality within the app. | - -## June 2017 - -| New or changed topic | Description | -| --- | ---- | -| [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) | Includes the following updates:

- New configuration guidance for IT administrators to enable students and school personnel, who use assistive technology apps not available in the Microsoft Store for Education and use devices running Windows 10 S, to be successful in the classroom and in their jobs.
- New configuration information when using Windows 10 S for education. | -| [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md) | New configuration guidance for IT administrators to enable students and school personnel, who use assistive technology apps not available in the Microsoft Store for Education and use devices running Windows 10 S, to be successful in the classroom and in their jobs. | -| [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated the recommended apps section to include information about Office 365 for Windows 10 S (Education Preview). | - -## May 2017 - -| New or changed topic | Description | -| --- | ---- | -| [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) | New. If you have an education tenant and use devices Windows 10 Pro or Windows 10 S in your schools, find out how you can opt in to a free switch to Windows 10 Pro Education. | -| [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated. Now includes network tips and updated step-by-step instructions that show the latest updates to the app such as Wi-Fi setup. | - -## RELEASE: Windows 10, version 1703 (Creators Update) - -| New or changed topic | Description| -| --- | --- | -| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](/microsoft-365/education/deploy/) | New. Learn how you can quickly and easily use the new Microsoft Education system to implement a full IT cloud solution for your school. | -| [Microsoft Education documentation and resources](/education) | New. Find links to more content for IT admins, teachers, students, and education app developers. | -| [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) | New. Provides guidance on ways to configure the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, so that Windows is ready for your school. | -| [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md) | Updated the screenshots and related instructions to reflect the current UI and experience. | -| [Set up Windows devices for education](set-up-windows-10.md) | Updated for Windows 10, version 1703. | -| Set up School PCs app:
[Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md)
[Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated. Describes the school-specific settings and policies that Set up School PC configures. Also provides step-by-step instructions for using the latest version of the app to create a provisioning package that you can use to set up student PCs. | -| Set up using Windows Configuration Designer:
[Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md)
[Provision student PCs with apps](set-up-students-pcs-with-apps.md) | Updated the information for Windows 10, version 1703. | -| [Take tests in Windows 10](take-tests-in-windows-10.md)
[Set up Take a Test on a single PC](take-a-test-single-pc.md)
[Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)
[Take a Test app technical reference](take-a-test-app-technical.md) | Updated. Includes new information on ways you can set up the test account and assessment URL and methods for creating and distributing the link. Methods available to you vary depending on whether you're setting up Take a Test on a single PC or multiple PCs. | - -## January 2017 - -| New or changed topic | Description | -| --- | --- | -| [For IT administrators - get Minecraft: Education Edition](school-get-minecraft.md) | Updates. Learn how schools can use invoices to pay for Minecraft: Education Edition. | - -## December 2016 - -| New or changed topic | Description | -| --- | --- | -| [Upgrade Windows 10 Pro to Pro Education from Microsoft Store for Business] | New. Learn how to opt-in to a free upgrade to Windows 10 Pro Education. As of May 2017, this topic has been replaced with [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md). | - -## November 2016 - -| New or changed topic | Description| -| --- | --- | -| [Working with Microsoft Store for Business – education scenarios](education-scenarios-store-for-business.md) | New. Learn about education scenarios for Microsoft Store for Business. | -| [For teachers - get Minecraft: Education Edition](teacher-get-minecraft.md) | Updates. Subscription support for Minecraft: Education Edition. | -| [For IT administrators - get Minecraft: Education Edition](school-get-minecraft.md) | Updates. Subscription support for Minecraft: Education Edition. | - - -## RELEASE: Windows 10, version 1607 (Anniversary Update) -The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: - -- [Set up Windows 10](set-up-windows-10.md) -- [Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md) -- [Provision student PCs with apps](set-up-students-pcs-with-apps.md) -- [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md) - -## July 2016 - -| New or changed topic | Description| -| --- | --- | -| [Windows 10 editions for education customers](windows-editions-for-education-customers.md) | New. Learn about the two editions in Windows 10, version 1607 that's designed for the needs of K-12 institutions. | -|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New. Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, AD DS, and Microsoft Azure AD, use Configuration Manager, Intune, and Group Policy to manage devices. | - -## June 2016 - -| New or changed topic | Description | -|----------------------|-------------| -| [Get Minecraft Education Edition](get-minecraft-for-education.md)
[For teachers: get Minecraft Education Edition](teacher-get-minecraft.md)
[For IT administrators: get Minecraft Education Edition](school-get-minecraft.md) | New. Learn how to get and distribute Minecraft: Education Edition. | - -## May 2016 - -| New or changed topic | Description | -|----------------------|-------------| -| [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | New. Learn how the Set up School PCs app works and how to use it. | -| [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md) | New. Describes the changes that the Set up School PCs app makes to a PC. | -| [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md)
[Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md)
[Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md)
[Take a Test app technical reference (Preview)](take-a-test-app-technical.md) | New. Learn how to set up and use the Take a Test app. | -| [Chromebook migration guide](chromebook-migration-guide.md) | Moved from [Windows 10 and Windows 10 Mobile](/windows/deployment/planning/) library, originally published in November 2015 | -| [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) | Moved from [Windows 10 and Windows 10 Mobile](/windows/deployment/planning/) library, originally published in May 2016 | \ No newline at end of file diff --git a/education/windows/change-home-to-edu.md b/education/windows/change-home-to-edu.md index bb3a601ed0..d6aa215ab3 100644 --- a/education/windows/change-home-to-edu.md +++ b/education/windows/change-home-to-edu.md @@ -2,15 +2,11 @@ title: Upgrade Windows Home to Windows Education on student-owned devices description: Learn how IT Pros can upgrade student-owned devices from Windows Home to Windows Education using Mobile Device Management or Kivuto OnTheHub with qualifying subscriptions. ms.date: 08/10/2022 -ms.prod: windows -ms.technology: windows ms.topic: how-to -ms.localizationpriority: medium author: scottbreenmsft ms.author: scbree ms.reviewer: paoloma manager: jeffbu -ms.collection: education appliesto: - ✅ Windows 10 - ✅ Windows 11 diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md index 4b5676f845..0fb9122497 100644 --- a/education/windows/change-to-pro-education.md +++ b/education/windows/change-to-pro-education.md @@ -1,18 +1,8 @@ --- title: Change to Windows 10 Education from Windows 10 Pro description: Learn how IT Pros can opt into changing to Windows 10 Pro Education from Windows 10 Pro. -keywords: change, free change, Windows 10 Pro to Windows 10 Pro Education, Windows 10 Pro to Windows 10 Pro Education, education customers, Windows 10 Pro Education, Windows 10 Pro -ms.prod: windows -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: how-to ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md index 6893cd17a9..0c08e17617 100644 --- a/education/windows/chromebook-migration-guide.md +++ b/education/windows/chromebook-migration-guide.md @@ -1,15 +1,8 @@ --- title: Chromebook migration guide (Windows 10) -description: In this guide, you'll learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. -ms.prod: windows-client -ms.technology: itpro-edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +description: Learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. +ms.topic: how-to ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md index a10edc3964..2318393a4e 100644 --- a/education/windows/configure-windows-for-education.md +++ b/education/windows/configure-windows-for-education.md @@ -1,18 +1,8 @@ --- title: Windows 10 configuration recommendations for education customers -description: Provides guidance on ways to configure the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, so that Windows is ready for your school. -keywords: Windows 10 deployment, recommendations, privacy settings, school, education, configurations, accessibility, assistive technology -ms.mktglfcycl: plan -ms.sitesec: library -ms.prod: windows -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +description: Learn how to configure the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, so that Windows is ready for your school. +ms.topic: how-to ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md index 6f72f69d44..6d13cc8c9d 100644 --- a/education/windows/deploy-windows-10-in-a-school-district.md +++ b/education/windows/deploy-windows-10-in-a-school-district.md @@ -1,18 +1,8 @@ --- title: Deploy Windows 10 in a school district (Windows 10) description: Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD), use Microsoft Endpoint Configuration Manager, Intune, and Group Policy to manage devices. -keywords: configure, tools, device, school district, deploy Windows 10 -ms.prod: windows -ms.mktglfcycl: plan -ms.pagetype: edu -ms.sitesec: library -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: how-to ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md index ee97678d29..cb598bc6fd 100644 --- a/education/windows/deploy-windows-10-in-a-school.md +++ b/education/windows/deploy-windows-10-in-a-school.md @@ -1,18 +1,8 @@ --- title: Deploy Windows 10 in a school (Windows 10) description: Learn how to integrate your school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD). Deploy Windows 10 and apps to new devices or upgrade existing devices to Windows 10. Manage faculty, students, and devices by using Microsoft Intune and Group Policy. -keywords: configure, tools, device, school, deploy Windows 10 -ms.prod: windows -ms.mktglfcycl: plan -ms.pagetype: edu -ms.sitesec: library -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: how-to ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- diff --git a/education/windows/deploy-windows-10-overview.md b/education/windows/deploy-windows-10-overview.md index 7fe730e070..8b772d160c 100644 --- a/education/windows/deploy-windows-10-overview.md +++ b/education/windows/deploy-windows-10-overview.md @@ -1,18 +1,8 @@ --- title: Windows 10 for Education (Windows 10) description: Learn how to use Windows 10 in schools. -keywords: Windows 10, education -ms.prod: windows -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: how-to ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- @@ -47,7 +37,7 @@ Learn how to customize the OS privacy settings, Skype, and Xbox for Windows-base Minecraft Education Edition is built for learning. Learn how to get early access and add it to your Microsoft Store for Business for distribution. -**[Take tests in Windows 10](take-tests-in-windows-10.md)** +**[Take tests in Windows](take-tests-in-windows.md)** Take a Test is a new app that lets you create the right environment for taking tests. Learn how to use and get it set up. diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md index 62d41af22e..983f31ed85 100644 --- a/education/windows/edu-deployment-recommendations.md +++ b/education/windows/edu-deployment-recommendations.md @@ -1,17 +1,8 @@ --- title: Deployment recommendations for school IT administrators description: Provides guidance on ways to customize the OS privacy settings, and some of the apps, for Windows-based devices used in schools so that you can choose what information is shared with Microsoft. -keywords: Windows 10 deployment, recommendations, privacy settings, school -ms.mktglfcycl: plan -ms.sitesec: library -ms.prod: windows -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: guide ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- diff --git a/education/windows/edu-stickers.md b/education/windows/edu-stickers.md index f2bb99a869..cde45e1466 100644 --- a/education/windows/edu-stickers.md +++ b/education/windows/edu-stickers.md @@ -1,16 +1,8 @@ --- title: Configure Stickers for Windows 11 SE -description: Description of the Stickers feature and how to configure it via Intune and provisioning package. +description: Learn about the Stickers feature and how to configure it via Intune and provisioning package. ms.date: 09/15/2022 -ms.prod: windows -ms.technology: windows ms.topic: how-to -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: -manager: aaroncz -ms.collection: education appliesto: - ✅ Windows 11 SE, version 22H2 --- @@ -37,23 +29,23 @@ Stickers aren't enabled by default. Follow the instructions below to configure y #### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune) -To enable Stickers using Microsoft Intune, [create a custom profile][MEM-1] with the following settings: +To configure devices using Microsoft Intune, create a [custom policy][MEM-1] with the following settings: | Setting | |--------| |
  • OMA-URI: **`./Vendor/MSFT/Policy/Config/Stickers/EnableStickers`**
  • Data type: **Integer**
  • Value: **1**
    • | -Assign the policy to a security group that contains as members the devices or users that you want to enable Stickers on. +Assign the policy to a security group that contains as members the devices or users that you want to configure. #### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg) -To configure Stickers using a provisioning package, use the following settings: +To configure devices using a provisioning package, [create a provisioning package][WIN-1] using Windows Configuration Designer (WCD) with the following settings: | Setting | |--------| |
  • Path: **`Education/AllowStickers`**
  • Value: **True**
    • | -Apply the provisioning package to the devices that you want to enable Stickers on. +Follow the steps in [Apply a provisioning package][WIN-2] to apply the package that you created. --- @@ -74,4 +66,7 @@ Select the *X button* at the top of the screen to save your progress and close t ----------- -[MEM-1]: /mem/intune/configuration/custom-settings-windows-10 \ No newline at end of file +[MEM-1]: /mem/intune/configuration/custom-settings-windows-10 + +[WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package +[WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package \ No newline at end of file diff --git a/education/windows/edu-take-a-test-kiosk-mode.md b/education/windows/edu-take-a-test-kiosk-mode.md new file mode 100644 index 0000000000..a3d8944c42 --- /dev/null +++ b/education/windows/edu-take-a-test-kiosk-mode.md @@ -0,0 +1,227 @@ +--- +title: Configure Take a Test in kiosk mode +description: Learn how to configure Windows to execute the Take a Test app in kiosk mode, using Intune and provisioning packages. +ms.date: 09/30/2022 +ms.topic: how-to +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Windows 11 SE +--- + +# Configure Take a Test in kiosk mode + +Executing Take a Test in kiosk mode is the recommended option for high stakes assessments, such as mid-term exams. In this mode, Windows will execute Take a Test in a lock-down mode, preventing the execution of any applications other than Take a Test. Students must sign in using a test-taking account. + +The configuration of Take a Test in kiosk mode can be done using: + +- Microsoft Intune/MDM +- a provisioning package (PPKG) +- PowerShell +- the Settings app + +When using the Settings app, you can configure Take a Test in kiosk mode using a local account only. This option is recommended for devices that aren't managed. +The other options allow you to configure Take a Test in kiosk mode using a local account, an account defined in the directory, or a guest account. + +> [!TIP] +> While you could create a single account in the directory to be the dedicated test-taking account, it is recommended to use a guest account. This way, you don't get into a scenario where the testing account is locked out due to bad password attempts or other factors. +> +> An additional benefit of using a guest account, is that your students don't have to type a password to access the test. + +Follow the instructions below to configure your devices, selecting the option that best suits your needs. + +#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune) + +You can use Intune for Education or a custom profile in Microsoft Intune: + +- Intune for Education provides a simpler experience +- A custom profile provides more flexibility and controls over the configuration + +> [!IMPORTANT] +> Currently, the policy created in Intune for Education is applicable to Windows 10 and Windows 11 only. **It will not apply to Windows 11 SE devices.** +> +> If you want to configure Take a Test for Windows 11 SE devices, you must use a custom policy. + +### Configure Take a Test from Intune for Education + +To configure devices using Intune for Education, follow these steps: + +1. Sign in to the Intune for Education portal +1. Select **Groups** > Pick a group to configure Take a Test for +1. Select **Windows device settings** +1. Expand the **Take a Test profiles** category and select **+ Assign new Take a Test profile** +1. Specify a **Profile Name**, **Account Name**, **Assessment URL** and, optionally, **Description** and options allowed during the test +1. Select **Create and assign profile** + +:::image type="content" source="./images/takeatest/intune-education-take-a-test-profile.png" alt-text="Intune for Education - creation of a Take a Test profile." lightbox="./images/takeatest/intune-education-take-a-test-profile.png" border="true"::: + +### Configure Take a Test with a custom policy + +To configure devices using Microsoft Intune, create a [custom policy][MEM-1] with the following settings: + +| Setting | +|--------| +|
  • OMA-URI: **`./Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn`**
  • Data type: **Integer**
  • Value: **1**
    • | +|
  • OMA-URI: **`./Vendor/MSFT/Policy/Config/WindowsLogon/HideFastUserSwitching`**
  • Data type: **Integer**
  • Value: **1**
    • | +|
  • OMA-URI: **`./Vendor/MSFT/SharedPC/AccountModel`**
  • Data type: **Integer**
  • Value: **1**
    • | +|
  • OMA-URI: **`./Vendor/MSFT/SharedPC/EnableAccountManager`**
  • Data type: **Boolean**
  • Value: **True**
    • | +|
  • OMA-URI: **`./Vendor/MSFT/SharedPC/KioskModeAUMID`**
  • Data type: **String**
  • Value: **Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App**
    • | +|
  • OMA-URI: **`./Vendor/MSFT/SharedPC/KioskModeUserTileDisplayText`**
  • Data type: **String**
  • Value: **Take a Test** (or a string of your choice to display in the sing-in screen)
    • | +|
  • OMA-URI: **`./Vendor/MSFT/SecureAssessment/LaunchURI`**
  • Data type: **String**
  • Value: **\**
    • | + +:::image type="content" source="./images/takeatest/intune-take-a-test-custom-profile.png" alt-text="Intune portal - creation of a custom policy to configure Take a Test." lightbox="./images/takeatest/intune-take-a-test-custom-profile.png" border="true"::: + +Assign the policy to a security group that contains as members the devices or users that you want to configure. + +#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg) + +To create a provisioning package, you can either use Set up School PCs or Windows Configuration Designer: + +- Set up School PCs provides a simpler, guided experience +- Windows Configuration Designer provides more flexibility and controls over the configuration + +### Create a provisioning package using Set up School PCs + +Create a provisioning package using the Set up School PCs app, configuring the settings in the **Set up the Take a Test app** page. + +:::image type="content" source="./images/takeatest/suspcs-take-a-test.png" alt-text="Set up School PCs app - Take a test page" lightbox="./images/takeatest/suspcs-take-a-test.png" border="true"::: + +### Create a provisioning package using Windows Configuration Designer + +[Create a provisioning package][WIN-1] using Windows Configuration Designer with the following settings: + +| Setting | +|--------| +|
  • Path: **`Policies/LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn`**
  • Value: **Enabled**
    • | +|
  • Path: **`Policies/WindowsLogon/HideFastUserSwitching`**
  • Value: **True**
    • | +|
  • Path: **`SharedPC/AccountManagement/AccountModel`**
  • Value: **Domain-joined only**
    • | +|
  • Path: **`SharedPC/AccountManagement/EnableAccountManager`**
  • Value: **True**
    • | +|
  • Path: **`SharedPC/AccountManagement/KioskModeAUMID`**
  • Value: **Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App**
    • | +|
  • Path: **`SharedPC/AccountManagement/KioskModeUserTileDisplayText`**
  • Value: **Take a Test** (or a string of your choice to display in the sing-in screen)
    • | +|
  • Path: **`TakeATest/LaunchURI/`**
  • Value: **\**
    • | + +:::image type="content" source="./images/takeatest/wcd-take-a-test.png" alt-text="Windows Configuration Designer - configuration of policies to enable Take a Test to run in kiosk mode" lightbox="./images/takeatest/wcd-take-a-test.png" border="true"::: + +Follow the steps in [Apply a provisioning package][WIN-2] to apply the package that you created. + +#### [:::image type="icon" source="images/icons/powershell.svg"::: **PowerShell**](#tab/powershell) + +Configure your devices using PowerShell scripts via the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). For more information, see [Using PowerShell scripting with the WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). + +> [!TIP] +> PowerShell scripts can be executed as scheduled tasks via Group Policy. + +> [!IMPORTANT] +> For all device settings, the WMI Bridge client must be executed as SYSTEM (LocalSystem) account. +> +> To test a PowerShell script, you can: +> 1. [Download the psexec tool](/sysinternals/downloads/psexec) +> 1. Open an elevated command prompt and run: `psexec.exe -i -s powershell.exe` +> 1. Run the script in the PowerShell session + +Edit the following sample PowerShell script to: + +- Customize the assessment URL with **$testURL** +- Change the kiosk user tile name displayed in the sign-in screen with **$userTileName** + +```powershell +$testURL = "https://contoso.com/algebra-exam" +$userTileName = "Take a Test" +$namespaceName = "root\cimv2\mdm\dmmap" +$ParentID="./Vendor/MSFT/Policy/Config" + +#Configure SharedPC +$className = "MDM_SharedPC" +$instance = "SharedPC" +$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className +if (-not ($cimObject)) { + $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance} +} +$cimObject.AccountModel = 1 +$cimObject.EnableAccountManager = $true +$cimObject.KioskModeAUMID = "Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App" +$cimObject.KioskModeUserTileDisplayText = $userTileName +Set-CimInstance -CimInstance $cimObject + +#Configure SecureAssessment +$className = "MDM_SecureAssessment" +$instance = "SecureAssessment" +$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className +if (-not ($cimObject)) { + $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance} +} +$cimObject.LaunchURI= $testURL +Set-CimInstance -CimInstance $cimObject + +#Configure interactive logon +$className = "MDM_Policy_Config01_LocalPoliciesSecurityOptions02" +$instance = "LocalPoliciesSecurityOptions" +$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className +if (-not ($cimObject)) { + $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance} +} +$cimObject.InteractiveLogon_DoNotDisplayLastSignedIn = 1 +Set-CimInstance -CimInstance $cimObject + +#Configure Windows logon +$className = "MDM_Policy_Config01_WindowsLogon02" +$instance = "WindowsLogon" +$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className +if (-not ($cimObject)) { + $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance} +} +$cimObject.HideFastUserSwitching = 1 +Set-CimInstance -CimInstance $cimObject +``` + +#### [:::image type="icon" source="images/icons/windows-os.svg"::: **Settings app**](#tab/win) + +To create a local account, and configure Take a Test in kiosk mode using the Settings app: + +1. Sign into the Windows device with an administrator account +1. Open the **Settings** app and select **Accounts** > **Other Users** +1. Under **Other users**, select **Add account** > **I don't have this person's sign-in information** > **Add a user without a Microsoft account** +1. Provide a user name and password for the account that will be used for testing + :::image type="content" source="./images/takeatest/settings-accounts-create-take-a-test-account.png" alt-text="Use the Settings app to create a test-taking account." border="true"::: +1. Select **Accounts > Access work or school** +1. Select **Create a test-taking account** + :::image type="content" source="./images/takeatest/settings-accounts-set-up-take-a-test-account.png" alt-text="Use the Settings app to set up a test-taking account." border="true"::: +1. Under **Add an account for taking tests**, select **Add account** > Select the account created in step 4 + :::image type="content" source="./images/takeatest/settings-accounts-choose-take-a-test-account.png" alt-text="Use the Settings app to choose the test-taking account." border="true"::: +1. Under **Enter the tests's web address**, enter the assessment URL +1. Under **Test taking settings** select the options you want to enable during the test + - To enable printing, select **Require printing** + + > [!NOTE] + > Make sure a printer is pre-configured on the Take a Test account if you're enabling this option. + + - To enable teachers to monitor screens, select **Allow screen monitoring** + - To allow text suggestions, select **Allow text suggestions** + +1. To take the test, a student must sign in using the test-taking account selected in step 4 + :::image type="content" source="./images/takeatest/login-screen-take-a-test-single-pc.png" alt-text="Windows 11 SE login screen with the take a test account." border="true"::: + + > [!NOTE] + > To sign-in with a local account on a device that is joined to Azure AD or Active Directory, you must prefix the username with either `\` or `.\`. + +--- + +## How to use Take a Test in kiosk mode + +Once the devices are configured, a new user tile will be available in the sign-in screen. If selected, Take a Test will be executed in kiosk mode using the guest account, opening the assessment URL. + +## How to exit Take a Test + +To exit the Take a Test app at any time, press Ctrl+Alt+Delete. You'll be prompted to sign out of the test-taking account, or return to the test. Once signed out, the device will be unlocked from kiosk mode and can be used as normal. + +The following animation shows the process of signing in to the test-taking account, taking a test, and exiting the test: + +:::image type="content" source="./images/takeatest/sign-in-sign-out.gif" alt-text="Signing in and signing out with a test account" border="true"::: + +----------- + +[MEM-1]: /mem/intune/configuration/custom-settings-windows-10 +[MEM-2]: /mem/intune/configuration/settings-catalog + +[WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package +[WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package \ No newline at end of file diff --git a/education/windows/edu-themes.md b/education/windows/edu-themes.md index af6034a005..a477121ca5 100644 --- a/education/windows/edu-themes.md +++ b/education/windows/edu-themes.md @@ -1,16 +1,8 @@ --- title: Configure education themes for Windows 11 -description: Description of education themes for Windows 11 and how to configure them via Intune and provisioning package. +description: Learn about education themes for Windows 11 and how to configure them via Intune and provisioning package. ms.date: 09/15/2022 -ms.prod: windows -ms.technology: windows ms.topic: how-to -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: -manager: aaroncz -ms.collection: education appliesto: - ✅ Windows 11, version 22H2 - ✅ Windows 11 SE, version 22H2 @@ -31,23 +23,23 @@ Education themes aren't enabled by default. Follow the instructions below to con #### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune) -To enable education themes using Microsoft Intune, [create a custom profile][MEM-1] with the following settings: +To configure devices using Microsoft Intune, create a [custom policy][MEM-1] with the following settings: | Setting | |--------| |
  • OMA-URI: **`./Vendor/MSFT/Policy/Config/Education/EnableEduThemes`**
  • Data type: **Integer**
  • Value: **1**
    • | -Assign the policy to a security group that contains as members the devices or users that you want to enable education themes on. +Assign the policy to a security group that contains as members the devices or users that you want to configure. #### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg) -To configure education themes using a provisioning package, use the following settings: +To configure devices using a provisioning package, [create a provisioning package][WIN-1] using Windows Configuration Designer (WCD), with the following settings: | Setting | |--------| |
  • Path: **`Education/EnableEduThemes`**
  • Value: **True**
    • | -Apply the provisioning package to the devices that you want to enable education themes on. +Follow the steps in [Apply a provisioning package][WIN-2] to apply the package that you created. --- @@ -61,4 +53,7 @@ To change the theme, select **Settings** > **Personalization** > **Themes** > ** ----------- -[MEM-1]: /mem/intune/configuration/custom-settings-windows-10 \ No newline at end of file +[MEM-1]: /mem/intune/configuration/custom-settings-windows-10 + +[WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package +[WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package \ No newline at end of file diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md index 07ed6a6adf..cf50d7cf3e 100644 --- a/education/windows/education-scenarios-store-for-business.md +++ b/education/windows/education-scenarios-store-for-business.md @@ -1,19 +1,8 @@ --- title: Education scenarios Microsoft Store for Education description: Learn how IT admins and teachers can use Microsoft Store for Education to acquire and manage apps in schools. -keywords: school, Microsoft Store for Education, Microsoft education store -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.localizationpriority: medium -searchScope: - - Store -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: article ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 - ✅ Windows 11 diff --git a/education/windows/enable-s-mode-on-surface-go-devices.md b/education/windows/enable-s-mode-on-surface-go-devices.md index e056e38381..39f39952b6 100644 --- a/education/windows/enable-s-mode-on-surface-go-devices.md +++ b/education/windows/enable-s-mode-on-surface-go-devices.md @@ -1,18 +1,8 @@ --- title: Enable S mode on Surface Go devices for Education -description: Steps that an education customer can perform to enable S mode on Surface Go devices -keywords: Surface Go for Education, S mode -ms.prod: windows -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +description: Learn how to enable S mode on Surface Go devices. ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz +ms.topic: how-to appliesto: - ✅ Windows 10 --- diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md index fa858b7bfb..b0c3dd7f9c 100644 --- a/education/windows/get-minecraft-for-education.md +++ b/education/windows/get-minecraft-for-education.md @@ -1,19 +1,8 @@ --- title: Get Minecraft Education Edition description: Learn how to get and distribute Minecraft Education Edition. -keywords: school, Minecraft, education edition -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.localizationpriority: medium -searchScope: - - Store -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: how-to ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 - ✅ Windows 11 diff --git a/education/windows/images/takeatest/TakeATestURL.png b/education/windows/images/takeatest/TakeATestURL.png deleted file mode 100644 index b057763e8b..0000000000 Binary files a/education/windows/images/takeatest/TakeATestURL.png and /dev/null differ diff --git a/education/windows/images/takeatest/desktop-shortcuts.png b/education/windows/images/takeatest/desktop-shortcuts.png new file mode 100644 index 0000000000..fa246eb151 Binary files /dev/null and b/education/windows/images/takeatest/desktop-shortcuts.png differ diff --git a/education/windows/images/takeatest/flow-chart.png b/education/windows/images/takeatest/flow-chart.png new file mode 100644 index 0000000000..220ef54a00 Binary files /dev/null and b/education/windows/images/takeatest/flow-chart.png differ diff --git a/education/windows/images/takeatest/i4e_takeatestprofile_accountsummary.PNG b/education/windows/images/takeatest/i4e_takeatestprofile_accountsummary.PNG deleted file mode 100644 index e8feb9b5d7..0000000000 Binary files a/education/windows/images/takeatest/i4e_takeatestprofile_accountsummary.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/i4e_takeatestprofile_addnewprofile.PNG b/education/windows/images/takeatest/i4e_takeatestprofile_addnewprofile.PNG deleted file mode 100644 index 401bccef4a..0000000000 Binary files a/education/windows/images/takeatest/i4e_takeatestprofile_addnewprofile.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/i4e_takeatestprofile_changegroup_selectgroup.PNG b/education/windows/images/takeatest/i4e_takeatestprofile_changegroup_selectgroup.PNG deleted file mode 100644 index 4c8f0705ce..0000000000 Binary files a/education/windows/images/takeatest/i4e_takeatestprofile_changegroup_selectgroup.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/i4e_takeatestprofile_groupassignment_selected.PNG b/education/windows/images/takeatest/i4e_takeatestprofile_groupassignment_selected.PNG deleted file mode 100644 index 8431e1d0cf..0000000000 Binary files a/education/windows/images/takeatest/i4e_takeatestprofile_groupassignment_selected.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/i4e_takeatestprofile_groups_changegroupassignments.PNG b/education/windows/images/takeatest/i4e_takeatestprofile_groups_changegroupassignments.PNG deleted file mode 100644 index 914f0b4edd..0000000000 Binary files a/education/windows/images/takeatest/i4e_takeatestprofile_groups_changegroupassignments.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/i4e_takeatestprofile_newtestaccount.PNG b/education/windows/images/takeatest/i4e_takeatestprofile_newtestaccount.PNG deleted file mode 100644 index 1ec2f0a2e2..0000000000 Binary files a/education/windows/images/takeatest/i4e_takeatestprofile_newtestaccount.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/intune-education-take-a-test-profile.png b/education/windows/images/takeatest/intune-education-take-a-test-profile.png new file mode 100644 index 0000000000..440925d5c4 Binary files /dev/null and b/education/windows/images/takeatest/intune-education-take-a-test-profile.png differ diff --git a/education/windows/images/takeatest/intune-take-a-test-custom-profile.png b/education/windows/images/takeatest/intune-take-a-test-custom-profile.png new file mode 100644 index 0000000000..71e94646ec Binary files /dev/null and b/education/windows/images/takeatest/intune-take-a-test-custom-profile.png differ diff --git a/education/windows/images/takeatest/login-screen-take-a-test-single-pc.png b/education/windows/images/takeatest/login-screen-take-a-test-single-pc.png new file mode 100644 index 0000000000..77b4fc7bc6 Binary files /dev/null and b/education/windows/images/takeatest/login-screen-take-a-test-single-pc.png differ diff --git a/education/windows/images/takeatest/settings-accounts-choose-take-a-test-account.png b/education/windows/images/takeatest/settings-accounts-choose-take-a-test-account.png new file mode 100644 index 0000000000..03af072260 Binary files /dev/null and b/education/windows/images/takeatest/settings-accounts-choose-take-a-test-account.png differ diff --git a/education/windows/images/takeatest/settings-accounts-create-take-a-test-account.png b/education/windows/images/takeatest/settings-accounts-create-take-a-test-account.png new file mode 100644 index 0000000000..cc9c1443b2 Binary files /dev/null and b/education/windows/images/takeatest/settings-accounts-create-take-a-test-account.png differ diff --git a/education/windows/images/takeatest/settings-accounts-set-up-take-a-test-account.png b/education/windows/images/takeatest/settings-accounts-set-up-take-a-test-account.png new file mode 100644 index 0000000000..8cb28abc78 Binary files /dev/null and b/education/windows/images/takeatest/settings-accounts-set-up-take-a-test-account.png differ diff --git a/education/windows/images/takeatest/sign-in-sign-out.gif b/education/windows/images/takeatest/sign-in-sign-out.gif new file mode 100644 index 0000000000..7b4354b31c Binary files /dev/null and b/education/windows/images/takeatest/sign-in-sign-out.gif differ diff --git a/education/windows/images/takeatest/suspc_choosesettings_setuptakeatest.PNG b/education/windows/images/takeatest/suspc_choosesettings_setuptakeatest.PNG deleted file mode 100644 index 8ffc3fe3e6..0000000000 Binary files a/education/windows/images/takeatest/suspc_choosesettings_setuptakeatest.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/suspc_choosesettings_takeatest.PNG b/education/windows/images/takeatest/suspc_choosesettings_takeatest.PNG deleted file mode 100644 index 9f9f028852..0000000000 Binary files a/education/windows/images/takeatest/suspc_choosesettings_takeatest.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/suspc_choosesettings_takeatest_updated.png b/education/windows/images/takeatest/suspc_choosesettings_takeatest_updated.png deleted file mode 100644 index e44dd21207..0000000000 Binary files a/education/windows/images/takeatest/suspc_choosesettings_takeatest_updated.png and /dev/null differ diff --git a/education/windows/images/takeatest/suspc_createpackage_takeatest.png b/education/windows/images/takeatest/suspc_createpackage_takeatest.png deleted file mode 100644 index 0be05a727d..0000000000 Binary files a/education/windows/images/takeatest/suspc_createpackage_takeatest.png and /dev/null differ diff --git a/education/windows/images/takeatest/suspc_createpackage_takeatestpage.PNG b/education/windows/images/takeatest/suspc_createpackage_takeatestpage.PNG deleted file mode 100644 index df8c2cc5b5..0000000000 Binary files a/education/windows/images/takeatest/suspc_createpackage_takeatestpage.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/suspc_createpackage_takeatestpage_073117.PNG b/education/windows/images/takeatest/suspc_createpackage_takeatestpage_073117.PNG deleted file mode 100644 index 4a4ec886a5..0000000000 Binary files a/education/windows/images/takeatest/suspc_createpackage_takeatestpage_073117.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/suspcs-take-a-test.png b/education/windows/images/takeatest/suspcs-take-a-test.png new file mode 100644 index 0000000000..fca5587d78 Binary files /dev/null and b/education/windows/images/takeatest/suspcs-take-a-test.png differ diff --git a/education/windows/images/takeatest/take_a_test_flow_dark.png b/education/windows/images/takeatest/take_a_test_flow_dark.png deleted file mode 100644 index 98255e8694..0000000000 Binary files a/education/windows/images/takeatest/take_a_test_flow_dark.png and /dev/null differ diff --git a/education/windows/images/takeatest/tat_settingsapp_setupaccount_addtestaccount.PNG b/education/windows/images/takeatest/tat_settingsapp_setupaccount_addtestaccount.PNG deleted file mode 100644 index 66c28eccc7..0000000000 Binary files a/education/windows/images/takeatest/tat_settingsapp_setupaccount_addtestaccount.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/tat_settingsapp_setuptesttakingaccount.PNG b/education/windows/images/takeatest/tat_settingsapp_setuptesttakingaccount.PNG deleted file mode 100644 index 70a917d836..0000000000 Binary files a/education/windows/images/takeatest/tat_settingsapp_setuptesttakingaccount.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/tat_settingsapp_setuptesttakingaccount_1703.PNG b/education/windows/images/takeatest/tat_settingsapp_setuptesttakingaccount_1703.PNG deleted file mode 100644 index deb04f2e74..0000000000 Binary files a/education/windows/images/takeatest/tat_settingsapp_setuptesttakingaccount_1703.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/tat_settingsapp_workorschoolaccess_setuptestaccount.PNG b/education/windows/images/takeatest/tat_settingsapp_workorschoolaccess_setuptestaccount.PNG deleted file mode 100644 index c9221ed95a..0000000000 Binary files a/education/windows/images/takeatest/tat_settingsapp_workorschoolaccess_setuptestaccount.PNG and /dev/null differ diff --git a/education/windows/images/takeatest/wcd-take-a-test.png b/education/windows/images/takeatest/wcd-take-a-test.png new file mode 100644 index 0000000000..c05761dfb8 Binary files /dev/null and b/education/windows/images/takeatest/wcd-take-a-test.png differ diff --git a/education/windows/index.yml b/education/windows/index.yml index 5205e02a4a..8cf1e59688 100644 --- a/education/windows/index.yml +++ b/education/windows/index.yml @@ -83,9 +83,17 @@ landingContent: linkLists: - linkListType: concept links: - - text: Take tests and assessments - url: take-tests-in-windows-10.md + - text: Take tests and assessments in Windows + url: take-tests-in-windows.md + - text: Considerations for shared and guest devices + url: /windows/configuration/shared-devices-concepts?context=/education/context/context - text: Change Windows editions url: change-home-to-edu.md + - linkListType: how-to-guide + links: + - text: Configure Take a Test in kiosk mode + url: edu-take-a-test-kiosk-mode.md + - text: Configure Shared PC + url: /windows/configuration/set-up-shared-or-guest-pc?context=/education/context/context - text: "Deploy Minecraft: Education Edition" url: get-minecraft-for-education.md \ No newline at end of file diff --git a/education/windows/s-mode-switch-to-edu.md b/education/windows/s-mode-switch-to-edu.md index a09d48ae19..612de4cf4c 100644 --- a/education/windows/s-mode-switch-to-edu.md +++ b/education/windows/s-mode-switch-to-edu.md @@ -1,18 +1,8 @@ --- title: Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode -description: Switching out of Windows 10 Pro in S mode to Windows 10 Pro Education in S mode. The S mode switch documentation describes the requirements and process for Switching to Windows 10 Pro Education in S mode. -keywords: Windows 10 S switch, S mode Switch, switch in S mode, Switch S mode, Windows 10 Pro Education in S mode, S mode, system requirements, Overview, Windows 10 Pro in S mode, Education, EDU -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.prod: windows -ms.sitesec: library -ms.pagetype: edu -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +description: Learn how to switch out of Windows 10 Pro in S mode to Windows 10 Pro Education. +ms.topic: how-to ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md index ee9ab69a50..c9621f70a2 100644 --- a/education/windows/school-get-minecraft.md +++ b/education/windows/school-get-minecraft.md @@ -1,22 +1,10 @@ --- title: For IT administrators get Minecraft Education Edition description: Learn how IT admins can get and distribute Minecraft in their schools. -keywords: Minecraft, Education Edition, IT admins, acquire -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.localizationpriority: medium -searchScope: - - Store -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: how-to ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 -ms.topic: conceptual --- # For IT administrators - get Minecraft: Education Edition diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md index 428ea7ffa1..6eba776f7d 100644 --- a/education/windows/set-up-school-pcs-azure-ad-join.md +++ b/education/windows/set-up-school-pcs-azure-ad-join.md @@ -1,18 +1,8 @@ --- title: Azure AD Join with Set up School PCs app -description: Describes how Azure AD Join is configured in the Set up School PCs app. -keywords: shared PC, school, set up school pcs -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +description: Learn how Azure AD Join is configured in the Set up School PCs app. +ms.topic: article ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- @@ -86,13 +76,7 @@ Automated Azure AD tokens expire after 180 days. The expiration date for each to ## Next steps Learn more about setting up devices with the Set up School PCs app. * [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md) -* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md) * [Set up School PCs technical reference](set-up-school-pcs-technical.md) * [Set up Windows 10 devices for education](set-up-windows-10.md) -When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md). - - - - - +When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md). \ No newline at end of file diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md index feb7da1b70..ffee7c5880 100644 --- a/education/windows/set-up-school-pcs-provisioning-package.md +++ b/education/windows/set-up-school-pcs-provisioning-package.md @@ -1,29 +1,20 @@ --- title: What's in Set up School PCs provisioning package -description: Lists the provisioning package settings that are configured in the Set up School PCs app. -keywords: shared PC, school, set up school pcs -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +description: List of the provisioning package settings that are configured in the Set up School PCs app. ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz +ms.topic: reference appliesto: - ✅ Windows 10 --- # What's in my provisioning package? -The Set up School PCs app builds a specialized provisioning package with school-optimized settings. -A key feature of the provisioning package is Shared PC mode. To view the technical framework of Shared PC mode, including the description of each setting, see the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp) article. +The Set up School PCs app builds a specialized provisioning package with school-optimized settings. + +A key feature of the provisioning package is Shared PC mode. To view the technical framework of Shared PC mode, including the description of each setting, see the [Manage multi-user and guest Windows devices with Shared PC](/windows/configuration/shared-pc-technical) article. ## Shared PC Mode policies -This table outlines the policies applied to devices in shared PC mode. If you [selected to optimize a device for use by a single student](set-up-school-pcs-shared-pc-mode.md#optimize-device-for-use-by-a-single-student), the table notes the differences. Specifically, you'll see differences in the following policies: +This table outlines the policies applied to devices in shared PC mode. If you select to optimize a device for use by a single student, you'll see differences in the following policies: * Disk level deletion * Inactive threshold * Restrict local storage @@ -128,7 +119,6 @@ Review the table below to estimate your expected provisioning time. A package th ## Next steps Learn more about setting up devices with the Set up School PCs app. * [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md) -* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md) * [Set up School PCs technical reference](set-up-school-pcs-technical.md) * [Set up Windows 10 devices for education](set-up-windows-10.md) diff --git a/education/windows/set-up-school-pcs-shared-pc-mode.md b/education/windows/set-up-school-pcs-shared-pc-mode.md deleted file mode 100644 index fa010834d5..0000000000 --- a/education/windows/set-up-school-pcs-shared-pc-mode.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: Shared PC mode for school devices -description: Describes how shared PC mode is set for devices set up with the Set up School PCs app. -keywords: shared PC, school, set up school pcs -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz -appliesto: -- ✅ Windows 10 ---- - -# Shared PC mode for school devices - -Shared PC mode optimizes Windows 10 for shared use scenarios, such as classrooms and school libraries. A Windows 10 PC in shared PC mode requires minimal to zero maintenance and management. Update settings are optimized for classroom settings, so that they automatically occur outside of school hours. - -Shared PC mode can be applied on devices running: -* Windows 10 Pro -* Windows 10 Pro Education -* Windows 10 Education -* Windows 10 Enterprise - -To learn more about how to set up a device in shared PC mode, see [Set up a shared or guest PC with Windows 10](/windows/configuration/set-up-shared-or-guest-pc). - -## Windows Updates -Shared PC mode configures power and Windows Update settings so that computers update regularly. Computers that are set up through the Set up School PCs app are configured to: -* Wake nightly. -* Check for and install updates. -* Forcibly reboot, when necessary, to complete updates. - -These configurations reduce the need to update and reboot computers during daytime work hours. Notifications about needed updates are also blocked from disrupting students. - -## Default admin accounts in Azure Active Directory -By default, the account that joins your computer to Azure AD will be given admin permissions on the computer. Global administrators in the joined Azure AD domain will also have admin permissions when signed in to the joined computer. - -An Azure AD Premium subscription lets you specify the accounts that get admin accounts on a computer. These accounts are configured in Intune in the Azure portal. - -## Account deletion policies -This section describes the deletion behavior for the accounts configured in shared PC mode. A delete policy makes sure that outdated or stale accounts are regularly removed to make room for new accounts. - -### Azure AD accounts - -The default deletion policy is set to automatically cache accounts. Cached accounts are automatically deleted when disk space gets too low, or when there's an extended period of inactivity. Accounts continue to delete until the computer reclaims sufficient disk space. Deletion policies behave the same for Azure AD and Active Directory domain accounts. - -### Guest and Kiosk accounts -Guest accounts and accounts created through Kiosk are deleted after they sign out of their account. - -### Local accounts -Local accounts that you created before enabling shared PC mode aren't deleted. Local accounts that you create through the following path, after enabling PC mode, are not deleted: **Settings** app > **Accounts** > **Other people** > **Add someone** - -## Create custom Windows images -Shared PC mode is compatible with custom Windows images. - -To create a compatible image, first create your custom Windows image with all software, updates, and drivers. Then use the System Preparation (Sysprep) tool with the `/oobe` flag to create the SharedPC-compatible version. For example, `sysrep/oobe`. - -Teachers can then run the Set up School PCs package on the computer. - -## Optimize device for use by a single student -Shared PC mode is enabled by default. This mode optimizes device settings for schools where PCs are shared by students. The Set up School PCs app also offers the option to configure settings for devices that aren't shared. - -If you select this setting, the app modifies shared PC mode so that it's appropriate for a single device. To see how the settings differ, refer to the Shared PC mode policy table in the article [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md) -1. In the app, go to the **Create package** > **Settings** step. -2. Select **Optimize device for a single student, instead of a shared cart or lab**. - -## Next steps -Learn more about setting up devices with the Set up School PCs app. -* [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md) -* [Set up School PCs technical reference](set-up-school-pcs-technical.md) -* [What's in my provisioning package](set-up-school-pcs-provisioning-package.md) -* [Set up Windows 10 devices for education](set-up-windows-10.md) - -When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md). \ No newline at end of file diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md index 21c1721e3a..9f2ecc9d8e 100644 --- a/education/windows/set-up-school-pcs-technical.md +++ b/education/windows/set-up-school-pcs-technical.md @@ -1,32 +1,19 @@ --- title: Set up School PCs app technical reference overview description: Describes the purpose of the Set up School PCs app for Windows 10 devices. -keywords: shared PC, school, set up school pcs -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: conceptual ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- # What is Set up School PCs? -The **Set up School PCs** app helps you configure new Windows 10 PCs for school use. The -app, which is available for Windows 10 version 1703 and later, configures and saves -school-optimized settings, apps, and policies into a single provisioning package. You can then save the package to a USB drive and distribute it to your school PCs. +The **Set up School PCs** app helps you configure new Windows 10 PCs for school use. The app, which is available for Windows 10 version 1703 and later, configures and saves school-optimized settings, apps, and policies into a single provisioning package. You can then save the package to a USB drive and distribute it to your school PCs. If your school uses Azure Active Directory (Azure AD) or Office 365, the Set up School PCs app will create a setup file. This file joins the PC to your Azure Active Directory tenant. The app also helps set up PCs for use with or without Internet connectivity. - ## Join PC to Azure Active Directory If your school uses Azure Active Directory (Azure AD) or Office 365, the Set up School PCs app creates a setup file that joins your PC to your Azure Active @@ -37,24 +24,24 @@ The app also helps set up PCs for use with or without Internet connectivity. ## List of Set up School PCs features The following table describes the Set up School PCs app features and lists each type of Intune subscription. An X indicates that the feature is available with the specific subscription. -| Feature | No Internet | Azure AD | Office 365 | Azure AD Premium | -|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|----------|------------|------------------| -| **Fast sign-in** | X | X | X | X | -| Students sign in and start using the computer in under a minute, even on initial sign-in. | | | | | -| **Custom Start experience** | X | X | X | X | -| Necessary classroom apps are pinned to Start and unnecessary apps are removed. | | | | | -| **Guest account, no sign-in required** | X | X | X | X | -| Set up computers for use by anyone with or without an account. | | | | | -| **School policies** | X | X | X | X | -| Settings create a relevant, useful learning environment and optimal computer performance. | | | | | -| **Azure AD Join** | | X | X | X | -| Computers join with your existing Azure AD or Office 365 subscription for centralized management. | | | | | -| **Single sign-on to Office 365** | | | X | X | -| Students sign in with their IDs to access all Office 365 web apps or installed Office apps. | | | | | -| **Take a Test app** | | | | X | -| Administer quizzes and assessments through test providers such as Smarter Balanced. | | | | | -| [Settings roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) **via Azure AD** | | | | X | -| Synchronize student and application data across devices for a personalized experience. | | | | | +| Feature | No Internet | Azure AD | Office 365 | Azure AD Premium | +|--------------------------------------------------------------------------------------------------------|-------------|----------|------------|------------------| +| **Fast sign-in** | X | X | X | X | +| Students sign in and start using the computer in under a minute, even on initial sign-in. | | | | | +| **Custom Start experience** | X | X | X | X | +| Necessary classroom apps are pinned to Start and unnecessary apps are removed. | | | | | +| **Guest account, no sign-in required** | X | X | X | X | +| Set up computers for use by anyone with or without an account. | | | | | +| **School policies** | X | X | X | X | +| Settings create a relevant, useful learning environment and optimal computer performance. | | | | | +| **Azure AD Join** | | X | X | X | +| Computers join with your existing Azure AD or Office 365 subscription for centralized management. | | | | | +| **Single sign-on to Office 365** | | | X | X | +| Students sign in with their IDs to access all Office 365 web apps or installed Office apps. | | | | | +| **Take a Test app** | | | | X | +| Administer quizzes and assessments through test providers such as Smarter Balanced. | | | | | +| [Settings roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) **via Azure AD** | | | | X | +| Synchronize student and application data across devices for a personalized experience. | | | | | > [!NOTE] > If your school uses Active Directory, use [Windows Configuration @@ -62,12 +49,9 @@ The following table describes the Set up School PCs app features and lists each > to configure your PCs to join the domain. You can only use the Set up School > PCs app to set up PCs that are connected to Azure AD. - - ## Next steps Learn more about setting up devices with the Set up School PCs app. * [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md) -* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md) * [What's in my provisioning package](set-up-school-pcs-provisioning-package.md) * [Set up Windows 10 devices for education](set-up-windows-10.md) diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md index d83fe32329..c36b901f8f 100644 --- a/education/windows/set-up-school-pcs-whats-new.md +++ b/education/windows/set-up-school-pcs-whats-new.md @@ -1,18 +1,8 @@ --- title: What's new in the Windows Set up School PCs app description: Find out about app updates and new features in Set up School PCs. -keywords: shared PC, school, set up school pcs -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: whats-new ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 - ✅ Windows 11 @@ -104,7 +94,6 @@ The Skype and Messaging apps are part of a selection of apps that are, by defaul ## Next steps Learn how to create provisioning packages and set up devices in the app. * [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md) -* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md) * [Set up School PCs technical reference](set-up-school-pcs-technical.md) * [Set up Windows 10 devices for education](set-up-windows-10.md) diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md index 1c1d1ba1e1..16f670b6fa 100644 --- a/education/windows/set-up-students-pcs-to-join-domain.md +++ b/education/windows/set-up-students-pcs-to-join-domain.md @@ -1,17 +1,8 @@ --- title: Set up student PCs to join domain -description: Learn how to use Configuration Designer to provision student devices to join Active Directory. -keywords: school, student PC setup, Windows Configuration Designer -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +description: Learn how to use Windows Configuration Designer to provision student devices to join Active Directory. +ms.topic: how-to ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- @@ -64,9 +55,5 @@ Follow the steps in [Provision PCs with common settings for initial deployment ( > [!IMPORTANT] > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. - ## Apply package -Follow the steps in [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) to apply the package that you created. - - - +Follow the steps in [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) to apply the package that you created. \ No newline at end of file diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md index 0e02a8d5c5..679bb7206f 100644 --- a/education/windows/set-up-students-pcs-with-apps.md +++ b/education/windows/set-up-students-pcs-with-apps.md @@ -1,14 +1,8 @@ --- title: Provision student PCs with apps -description: Learn how to use Configuration Designer to easily provision student devices to join Active Directory. -ms.prod: windows -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +description: Learn how to use Windows Configuration Designer to easily provision student devices to join Active Directory. +ms.topic: how-to ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- diff --git a/education/windows/set-up-windows-10.md b/education/windows/set-up-windows-10.md index 92e12acb44..c137703898 100644 --- a/education/windows/set-up-windows-10.md +++ b/education/windows/set-up-windows-10.md @@ -1,18 +1,8 @@ --- title: Set up Windows devices for education description: Decide which option for setting up Windows 10 is right for you. -keywords: school, Windows device setup, education device setup -ms.prod: windows -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: article ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- @@ -29,7 +19,6 @@ You can use the following diagram to compare the tools. ![Which tool to use to set up Windows 10.](images/suspcs/suspc_wcd_featureslist.png) - ## In this section - [Use the Set up School PCs app](use-set-up-school-pcs-app.md) @@ -37,12 +26,7 @@ You can use the following diagram to compare the tools. - [Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md) - [Provision student PCs with apps](set-up-students-pcs-with-apps.md) - ## Related topics -[Take tests in Windows 10](take-tests-in-windows-10.md) - -[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) - - - +[Take tests in Windows](take-tests-in-windows.md) +[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) \ No newline at end of file diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md index dd064677bf..9b5498d558 100644 --- a/education/windows/take-a-test-app-technical.md +++ b/education/windows/take-a-test-app-technical.md @@ -1,41 +1,34 @@ --- title: Take a Test app technical reference -description: The policies and settings applied by the Take a Test app. -keywords: take a test, test taking, school, policies -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz +description: List of policies and settings applied by the Take a Test app. +ms.date: 09/30/2022 +ms.topic: reference appliesto: - ✅ Windows 10 +- ✅ Windows 11 +- ✅ Windows 11 SE --- -# Take a Test app technical reference +# Take a Test app technical reference -Take a Test is an app that locks down the PC and displays an online assessment web page. +Take a Test is an application that locks down a device and displays an online assessment web page. -Whether you're a teacher or IT administrator, you can easily configure Take a Test to meet your testing needs. For high-stakes tests, the app creates a browser-based, locked-down environment for more secure online assessments. This environment means that students taking the tests that don’t have copy/paste privileges, can’t access to files and applications, and are free from distractions. For simple tests and quizzes, Take a Test can be configured to use the teacher’s preferred assessment website to deliver digital assessments +Whether you're a teacher or IT administrator, you can configure Take a Test to meet your testing needs. For high-stakes tests, the app creates a browser-based, locked-down environment. This environment means that students taking the tests that don't have copy/paste privileges, can't access to files and applications, and are free from distractions. For simple tests and quizzes, Take a Test can be configured to use the teacher's preferred assessment website to deliver digital assessments. Assessment vendors can use Take a Test as a platform to lock down the operating system. Take a Test supports the [SBAC browser API standard](https://www.smarterapp.org/documents/SecureBrowserRequirementsSpecifications_0-3.pdf) for high stakes common core testing. For more information, see [Take a Test Javascript API](/windows/uwp/apps-for-education/take-a-test-api). -## PC lockdown for assessment +## PC lock-down for assessment - When the assessment page initiates lock down, the student’s desktop will be locked and the app will be launched above the Windows lock screen to provide a sandbox that ensures the student can only interact with the Take a Test app . After transitioning to the lock screen, Take a Test will apply local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lockdown. The lockdown process is atomic, which means that if any part of the lockdown operation fails, the app won't be above lock and won't have any of the policies applied. + When the assessment page initiates lock-down, the student's desktop will be locked and the app will be launched above the Windows lock screen to provide a sandbox that ensures the student can only interact with the Take a Test app. After transitioning to the lock screen, Take a Test will apply local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lock-down. The lock-down process is atomic, which means that if any part of the lock-down operation fails, the app won't be above lock and won't have any of the policies applied. When running above the lock screen: -- The app runs full screen with no chrome -- The hardware print screen button is disabled -- Depending on the parameter you set through the schema or dedicated account, content within the app will show up as black in screen capturing/sharing software -- System clipboard is cleared -- Web apps can query the processes currently running in the user’s device -- Extended display shows up as black + +- The app runs full screen with no chrome +- The hardware print screen button is disabled +- Depending on the parameter you set through the schema or dedicated account, content within the app will show up as black in screen capturing/sharing software +- System clipboard is cleared +- Web apps can query the processes currently running in the user's device +- Extended display shows up as black - Auto-fill is disabled ## Mobile device management (MDM) policies @@ -45,7 +38,7 @@ When Take a Test is running, the following MDM policies are applied to lock down | Policy | Description | Value | |---|---|---| | AllowToasts | Disables toast notifications from being shown | 0 | -| AllowAppStoreAutoUpdate | Disables automatic updates for Microsoft Store apps that are installed on the PC | 0 | +| AllowAppStoreAutoUpdate | Disables automatic updates for Store apps that are installed on the PC | 0 | | AllowDeviceDiscovery | Disables UI for screen sharing | 0 | | AllowInput Panel | Disables the onscreen keyboard, which will disable auto-fill | 0 | | AllowCortana | Disables Cortana functionality | 0 | @@ -67,41 +60,42 @@ To ensure Take a Test activates correctly, make sure the following Group Policy When Take a Test is running, the following functionality is available to students: -- Assistive technology that is configured to run above the lock screen should run as expected -- Narrator is available through Windows key + Enter -- Magnifier is available through Windows key + "+" key - - - Full screen mode is compatible - -- The student can press Alt+Tab when locked down. This key press results in the student being able to switch between the following elements: - - - Take a Test - - Assistive technology that may be running +- Assistive technology that is configured to run above the lock screen should run as expected +- Narrator is available through Win+Enter +- Magnifier is available through Win++ +- The student can press Alt+Tab when locked down. This key press results in the student being able to switch between the following elements: + - Take a Test + - Assistive technology that may be running - Lock screen (not available if student is using a dedicated test account) - > [!NOTE] - > The app will exit if the student signs in to an account from the lock screen. Progress made in the test may be lost or invalidated. - -- The student can exit the test by pressing one of the following key combinations: - - - Ctrl+Alt+Del - - On Windows 10 Enterprise or Windows 10 Education versions, IT admins can choose to block this functionality by configuring a [keyboard filter](/windows-hardware/customize/enterprise/keyboardfilter). - - - Alt+F4 (Take a Test will restart if the student is using a dedicated test account) - - > [!NOTE] - > Alt+F4 is disabled in Windows 10, version 1703 (Creators Update) and later. + > [!NOTE] + > The app will exit if the student signs in to an account from the lock screen. + > Progress made in the test may be lost or invalidated. +- The student can exit the test by pressing Ctrl+Alt+Delete ## Permissive mode -Starting with Windows 10, version 1709 (Fall Creators Update), assessments can now run in permissive mode. This mode enables students who need access to other apps, like accessibility tools, to use the apps. +This mode enables students who need access to other apps, like accessibility tools, to use the apps. -When permissive mode is triggered in lockdown mode, Take a Test transitions from lockdown mode to running windows mode on the user's desktop. The student can then run allowed apps during the test. +When permissive mode is triggered in lock-down mode, Take a Test transitions from lock-down mode to running windows mode on the user's desktop. The student can then run allowed apps during the test. When running tests in this mode, keep the following points in mind: -- Permissive mode isn't supported in kiosk mode (dedicated test account). -- Permissive mode can be triggered from the web app running within Take a Test. Alternatively, you can create a link or shortcut without "#enforcelockdown" and it will launch in permissive mode. +- Permissive mode isn't supported in kiosk mode (dedicated test account) +- Permissive mode can be triggered from the web app running within Take a Test. Alternatively, you can create a link or shortcut without "#enforcelockdown" and it will launch in permissive mode + +## Troubleshoot Take a Test with the event viewer + +You can use the Event Viewer to view Take a Test events and errors. Take a Test logs events when a lock-down request has been received, device enrollment has succeeded, lock-down policies were successfully applied, and more. + +To enable viewing events in the Event Viewer: + +1. Open the `Event Viewer` +1. Navigate to `Applications and Services Logs > Microsoft > Windows > Management-SecureAssessment` +1. Select `Operational` > `Enable Log` + +To save the event logs: + +1. Select `Operational` > `Save All Events As…` ## Learn more diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md deleted file mode 100644 index 25de4845e6..0000000000 --- a/education/windows/take-a-test-multiple-pcs.md +++ /dev/null @@ -1,272 +0,0 @@ ---- -title: Set up Take a Test on multiple PCs -description: Learn how to set up and use the Take a Test app on multiple PCs. -keywords: take a test, test taking, school, set up on multiple PCs -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE ---- - -# Set up Take a Test on multiple PCs - -Many schools use online testing for formative and summation assessments. It's critical that students use a secure browser that prevents them from using other computer or Internet resources during the test. - -Follow the guidance in this topic to set up Take a Test on multiple PCs. - -## Set up a dedicated test account -To configure a dedicated test account on multiple PCs, select any of the following methods: -- [Provisioning package created through the Set up School PCs app](#set-up-a-test-account-in-the-set-up-school-pcs-app) -- [Configuration in Intune for Education](#set-up-a-test-account-in-intune-for-education) -- [Mobile device management (MDM) or Microsoft Endpoint Configuration Manager](#set-up-a-test-account-in-mdm-or-configuration-manager) -- [Provisioning package created through Windows Configuration Designer](#set-up-a-test-account-through-windows-configuration-designer) -- [Group Policy to deploy a scheduled task that runs a PowerShell script](#create-a-scheduled-task-in-group-policy) - -### Set up a test account in the Set up School PCs app -If you want to set up a test account using the Set up School PCs app, configure the settings in the **Set up the Take a Test app** page in the Set up School PCs app. Follow the instructions in [Use the Set up School PCs app](use-set-up-school-pcs-app.md) to configure the test-taking account and create a provisioning package. - -If you set up Take a Test, the **Take a Test** button is added on the student PC's sign-in screen. Windows will also lock down the student PC so that students can't access anything else while taking the test. - -**Figure 1** - Configure Take a Test in the Set up School PCs app - -![Configure Take a Test in the Set up School PCs app.](images/takeatest/suspc_choosesettings_setuptakeatest.png) - -### Set up a test account in Intune for Education -You can set up a test-taking account in Intune for Education. To do this, follow these steps: - -1. In Intune for Education, select **Take a Test profiles** from the menu. -2. Click **+ Add Test Profile** to create an account. - - **Figure 2** - Add a test profile in Intune for Education - - ![Add a test profile in Intune for Education.](images/takeatest/i4e_takeatestprofile_addnewprofile.png) - -3. In the new profile page: - 1. Enter a name for the profile. - 2. Enter the assessment URL. - 3. Toggle the switch to **Allow screen capture**. - 4. Select a user account to use as the test-taking account. - 5. Click **Save**. - - **Figure 3** - Add information about the test profile - - ![Add information about the test profile.](images/takeatest/i4e_takeatestprofile_newtestaccount.png) - - After you save the test profile, you'll see a summary of the settings that you configured for Take a Test. Next, you'll need to assign the test profile to a group that will be using the test account. - -4. In the test account page, click **Groups**. - - **Figure 4** - Assign the test account to a group - - ![Assign the test account to a group.](images/takeatest/i4e_takeatestprofile_accountsummary.png) - -5. In the **Groups** page, click **Change group assignments**. - - **Figure 5** - Change group assignments - - ![Change group assignments.](images/takeatest/i4e_takeatestprofile_groups_changegroupassignments.png) - -6. In the **Change group assignments** page: - 1. Select a group from the right column and click **Add Members** to select the group and assign the test-taking account to that group. You can select more than one group. - 2. Click **OK** when you're done making your selection. - - **Figure 6** - Select the group(s) that will use the test account - - ![Select the groups that will use the test account.](images/takeatest/i4e_takeatestprofile_groupassignment_selected.png) - -And that's it! When the students from the selected group sign in to the student PCs using the Take a Test user name that you selected, the PC will be locked down and Take a Test will open the assessment URL and students can start taking tests. - -### Set up a test account in MDM or Configuration Manager -You can configure a dedicated testing account through MDM or Configuration Manager by specifying a single account in the directory to be the test-taking account. Devices that have the test-taking policies can sign into the specified account to take the test. - -**Best practice** -- Create a single account in the directory specifically for test taking - - Active Directory example: Contoso\TestAccount - - Azure Active Directory example: testaccount@contoso.com - -- Deploy the policies to the group of test-taking devices - -**To enable this configuration** - -1. Launch your management console. -2. Create a policy to set up single app kiosk mode using the following values: - - - **Custom OMA-DM URI** = ./Vendor/MSFT/AssignedAccess/KioskModeApp - - **String value** = {"*Account*":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "} - - *Account* can be in one of the following formats: - - username (not recommended) - - domain\username - - computer name\\username (not recommended) - - username@tenant.com - -3. Create a policy to configure the assessment URL using the following values: - - - **Custom OMA-DM URI** = ./Vendor/MSFT/SecureAssessment/LaunchURI - - **String value** = *assessment URL* - -4. Create a policy that associates the assessment URL to the account using the following values: - - - **Custom OMA-DM URI** = ./Vendor/MSFT/SecureAssessment/TesterAccount - - **String value** = Enter the account that you specified in step 2, using the same account format. - -5. Deploy the policies to the test-taking devices. -6. To take the test, the student signs in to the test account. - -### Set up a test account through Windows Configuration Designer -To set up a test account through Windows Configuration Designer, follow these steps. - -1. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd). -2. Create a provisioning package by following the steps in [Provision PCs with common settings for initial deployment (desktop wizard)](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment). However, make a note of these other settings to customize the test account. - 1. After you're done with the wizard, don't click **Create**. Instead, click the **Switch to advanced editor** to switch the project to the advanced editor to see all the available **Runtime settings**. - 2. Under **Runtime settings**, go to **AssignedAccess > AssignedAccessSettings**. - 3. Enter **{"Account":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}**, using the account that you want to set up. - - **Figure 7** - Add the account to use for test-taking - - ![Add the account to use for test-taking.](images/wcd/wcd_settings_assignedaccess.png) - - The account can be in one of the following formats: - - username - - domain\username - - computer name\\username - - username@tenant.com - - 4. Under **Runtime settings**, go to **TakeATest** and configure the following settings: - - In **LaunchURI**, enter the assessment URL. - - In **TesterAccount**, enter the test account you entered in step 3. - -3. Follow the steps to [build a package](/windows/configuration/provisioning-packages/provisioning-create-package#build-package). - - - You'll see the file path for your provisioning package. By default, this is set to %windir%\Users\*your_username\Windows Imaging and Configuration Designer (WICD)\*Project name). - - Copy the provisioning package to a USB drive. - -4. Follow the steps in [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) to apply the package that you created. - -### Set up a tester account in Group Policy -To set up a tester account using Group Policy, first create a PowerShell script that configures the tester account and assessment URL, and then create a scheduled task to run the script. - -#### Create a PowerShell script -This sample PowerShell script configures the tester account and the assessment URL. Edit the sample to: - -- Use your assessment URL for **$obj.LaunchURI** -- Use your tester account for **$obj.TesterAccount** -- Use your tester account for **-UserName** - ->[!NOTE] ->The account that you specify for the tester account must already exist on the device. For steps to create the tester account, see [Set up a dedicated test account](./take-a-test-single-pc.md#set-up-a-dedicated-test-account). - -```powershell -$obj = get-wmiobject -namespace root/cimv2/mdm/dmmap -class MDM_SecureAssessment -filter "InstanceID='SecureAssessment' AND ParentID='./Vendor/MSFT'"; -$obj.LaunchURI='https://www.foo.com'; -$obj.TesterAccount='TestAccount'; -$obj.put() -Set-AssignedAccess -AppUserModelId Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App -UserName TestAccount -``` - -#### Create a scheduled task in Group Policy -1. Open the Group Policy Management Console. -2. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click **Edit**. -3. In the console tree under **Computer Configuration** or **User Configuration**, go to **Preferences** > **Control Panel Settings**. -4. Right-click **Scheduled Tasks**, point to **New**, and select **Scheduled Task**. -5. In the **New Scheduled Task Properties** dialog box, click **Change User or Group**. -6. In the **Select User or Group** dialog box, click **Advanced**. -7. In the **Advanced** dialog box, click **Find Now**. -8. Select **System** in the search results -9. Go back to the **Properties** dialog box and select **Run with highest privileges** under **Security options**. -10. Specify the operating system in the **Configure for** field. -11. Navigate to the **Actions** tab. -12. Create a new **Action**. -13. Configure the action to **Start a program**. -14. In the **Program/script** field, enter **powershell**. -15. In the **Add arguments** field, enter **-file "\"**. -16. Click **OK**. -17. Navigate to the **Triggers** tab and create a new trigger. -18. Specify the trigger to be **On a schedule**. -19. Specify the trigger to be **One time**. -20. Specify the time the trigger should start. -21. Click **OK**. -22. In the **Settings** tab, select **Run task as soon as possible after a scheduled start is missed**. -23. Click **OK**. - -## Provide link to test -Anything hosted on the web can be presented in a locked down manner, not just assessments. To lock down online content, just embed a URL with a specific prefix and devices will be locked down when users follow the link. We recommend using this method for lower stakes assessments. - -**To provide a link to the test** - -1. Create the link to the test using schema activation. - - Create a link using a web UI - - For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this option for teachers. - - To get started, navigate to: [Create a link using a web UI](https://aka.ms/create-a-take-a-test-link). - - - Create a link using schema activation - - You can accomplish the same thing as the first option (using a web UI), by manually embedding a URL with a specific prefix. You can select parameters depending on what you want to enable. - - For more info, see [Create a link using schema activation](#create-a-link-using-schema-activation). - -2. Distribute the link. - - Once the links are created, you can distribute them through the web, email, OneNote, or any other method of your choosing. You can also create shortcuts to distribute the link. For more info, see [Create a shortcut for the test link](#create-a-shortcut-for-the-test-link). - -3. To take the test, have the students click on the link and provide user consent. - -### Create a link using schema activation -One of the ways you can present content in a locked down manner is by embedding a URL with a specific prefix. Once users click the URL, devices will be locked down. - -**To enable schema activation for assessment URLs** - -1. Embed a link or create a desktop shortcut with: - - ```http - ms-edu-secureassessment:#enforceLockdown - ``` - -2. To enable printing, screen capture, or both, use the above link and append one of these parameters: - - - `&enableTextSuggestions` - Enables text suggestions - - `&requirePrinting` - Enables printing - - `&enableScreenCapture` - Enables screen capture - - `&requirePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&requirePrinting`, and `&enableScreenCapture` if you want to enable more than one capability. - - If you exclude these parameters, the default behavior is disabled. - - For tests that utilize the Windows lockdown API, which checks for running processes before locking down, remove `enforceLockdown`. Removing `enforceLockdown` will result in the app not locking down immediately, which allows you to close apps that aren't allowed to run during lockdown. The test web application may lock down the device once you've closed the apps. - - > [!NOTE] - > The Windows 10, version 1607 legacy configuration, `ms-edu-secureassessment:!enforcelockdown` is still supported, but not in combination with the new parameters. - -3. To enable permissive mode, don't include `enforceLockdown` in the schema parameters. - - For more information, see [Permissive mode](take-a-test-app-technical.md#permissive-mode). - -### Create a shortcut for the test link -You can also distribute the test link by creating a shortcut. To create the shortcut, create the link to the test by either using the [web UI](https://aka.ms/create-a-take-a-test-link) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps: - -1. On a device running Windows, right-click on the desktop and then select **New > Shortcut**. -2. In the **Create Shortcut** window, paste the assessment URL in the field under **Type the location of the item**. -3. Click **Next**. -4. Type a name for the shortcut and then click **Finish**. - -Once the shortcut is created, you can copy it and distribute it to students. - -## Related topics - -[Take tests in Windows](take-tests-in-windows-10.md) - -[Set up Take a Test on a single PC](take-a-test-single-pc.md) - -[Take a Test app technical reference](take-a-test-app-technical.md) diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md deleted file mode 100644 index bf7fd7c439..0000000000 --- a/education/windows/take-a-test-single-pc.md +++ /dev/null @@ -1,136 +0,0 @@ ---- -title: Set up Take a Test on a single PC -description: Learn how to set up and use the Take a Test app on a single PC. -keywords: take a test, test taking, school, set up on single PC -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE ---- -# Set up Take a Test on a single PC - -To configure [Take a Test](take-tests-in-windows-10.md) on a single PC, follow the guidance in this topic. - -## Set up a dedicated test account -To configure the assessment URL and a dedicated testing account on a single PC, follow these steps. - -1. Sign into the Windows device with an administrator account. -2. Open the **Settings** app and go to **Accounts > Access work or school**. -3. Click **Set up an account for taking tests**. - - **Figure 1** - Use the Settings app to set up a test-taking account - - ![Use the Settings app to set up a test-taking account.](images/takeatest/tat_settingsapp_workorschoolaccess_setuptestaccount.png) - -4. In the **Set up an account for taking tests** window, choose an existing account to use as the dedicated testing account. - - **Figure 2** - Choose the test-taking account - - ![Choose the test-taking account.](images/takeatest/tat_settingsapp_setuptesttakingaccount_1703.png) - - > [!NOTE] - > If you don't have an account on the device, you can create a new account. To do this, go to **Settings > Accounts > Other people > Add someone else to this PC > I don’t have this person’s sign-in information > Add a user without a Microsoft account**. - -5. In the **Set up an account for taking tests**, enter the assessment URL in the field under **Enter the test's web address**. -6. Select the options you want to enable during the test. - - To enable printing, select **Require printing**. - - > [!NOTE] - > Make sure a printer is preconfigured on the Take a Test account if you're enabling this option. - - - To enable teachers to monitor screens, select **Allow screen monitoring**. - - To allow text suggestions, select **Allow text suggestions**. - -7. Click **Save**. -8. To take the test, the student must sign in using the test-taking account that you created. - -## Provide a link to the test -Anything hosted on the web can be presented in a locked down manner, not just assessments. To lock down online content, just embed a URL with a specific prefix and devices will be locked down when users follow the link. We recommend using this method for lower stakes assessments. - -**To provide a link to the test** - -1. Create the link to the test. - - There are different ways you can do this: - - Create a link using a web UI - - For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this for option for teachers. - - To get started, go here: [Create a link using a web UI](https://aka.ms/create-a-take-a-test-link). - - - Create a link using schema activation - - You can accomplish the same thing as the first option (using a web UI), by manually embedding a URL with a specific prefix. You can select parameters depending on what you want to enable. - - For more info, see [Create a link using schema activation](#create-a-link-using-schema-activation). - -2. Distribute the link. - - Once the links are created, you can distribute them through the web, email, OneNote, or any other method of your choosing. - - You can also create shortcuts to distribute the link. For more info, see [Create a shortcut for the test link](#create-a-shortcut-for-the-test-link). - -3. To take the test, have the students click on the link and provide user consent. - - > [!NOTE] - > If you enabled printing, the printer must be preconfigured for the account before the student takes the test. - - -### Create a link using schema activation -One of the ways you can present content in a locked down manner is by embedding a URL with a specific prefix. Once users click the URL, devices will be locked down. - -**To enable schema activation for assessment URLs** - -1. Embed a link or create a desktop shortcut with: - - ``` - ms-edu-secureassessment:#enforceLockdown - ``` - -2. To enable printing, screen capture, or both, use the above link and append one of these parameters: - - - `&enableTextSuggestions` - Enables text suggestions - - `&requirePrinting` - Enables printing - - `&enableScreenCapture` - Enables screen capture - - `&requirePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&requirePrinting`, and `&enableScreenCapture` if you want to enable more than one capability. - - If you exclude these parameters, the default behavior is disabled. - - For tests that utilizes the Windows lockdown API, which checks for running processes before locking down, remove `enforceLockdown`. Removing `enforceLockdown` will result in the app not locking down immediately, which allows you to close apps that are not allowed to run during lockdown. The test web application may lock down the device once you have closed the apps. - - > [!NOTE] - > The Windows 10, version 1607 legacy configuration, `ms-edu-secureassessment:!enforcelockdown` is still supported, but not in combination with the new parameters. - -3. To enable permissive mode, do not include `enforceLockdown` in the schema parameters. - - For more information, see [Permissive mode](take-a-test-app-technical.md#permissive-mode). - - -### Create a shortcut for the test link -You can also distribute the test link by creating a shortcut. To do this, create the link to the test by either using the [web UI](https://aka.ms/create-a-take-a-test-link) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps: - -1. On a device running Windows, right-click on the desktop and then select **New > Shortcut**. -2. In the **Create Shortcut** window, paste the assessment URL in the field under **Type the location of the item**. -3. Click **Next**. -4. Type a name for the shortcut and then click **Finish**. - -Once the shortcut is created, you can copy it and distribute it to students. - - -## Related topics -[Take tests in Windows](take-tests-in-windows-10.md) - -[Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md) - -[Take a Test app technical reference](take-a-test-app-technical.md) diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md deleted file mode 100644 index 3bff38fdc6..0000000000 --- a/education/windows/take-tests-in-windows-10.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: Take tests in Windows -description: Learn how to set up and use the Take a Test app. -keywords: take a test, test taking, school, how to, use Take a Test -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE ---- - -# Take tests in Windows - -Many schools use online testing for formative and summative assessments. It's critical that students use a secure browser that prevents them from using other computer or Internet resources during the test. The **Take a Test** app in Windows creates the right environment for taking a test: - -- Take a Test shows just the test and nothing else. -- Take a Test clears the clipboard. -- Students aren’t able to go to other websites. -- Students can’t open or access other apps. -- Students can't share, print, or record their screens unless enabled by the teacher or IT administrator -- Students can’t change settings, extend their display, see notifications, get updates, or use autofill features. -- Cortana is turned off. - -## How to use Take a Test - -![Set up and user flow for the Take a Test app.](images/takeatest/take_a_test_flow_dark.png) - -There are several ways to configure devices for assessments, depending on your use case: - -- For higher stakes testing such as mid-term exams, you can set up a device with a dedicated testing account and URL. -- For lower stakes assessments such as a quick quiz in a class, you can quickly create and distribute the assessment URL through any method of your choosing. - -1. **Configure an assessment URL and a dedicated testing account** - - In this configuration, a user signs into in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing. - - There are different methods to configure the assessment URL and a dedicated testing account depending on whether you're setting up Take a Test on a single PC or multiple PCs. - - - **For a single PC** - - You can use the Windows **Settings** application. For more info, see [Set up Take a Test on a single PC](take-a-test-single-pc.md). - - - **For multiple PCs** - - You can use any of these methods: - - Mobile device management (MDM) or Microsoft Endpoint Configuration Manager - - A provisioning package created in Windows Configuration Designer - - Group Policy to deploy a scheduled task that runs a Powershell script - - You can also configure Take a Test using these options: - - Set up School PCs app - - Intune for Education - - For more info about these methods, see [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md). - -2. **Create and distribute the assessment URL through the web, email, OneNote, or any other method** - - This allows teachers and test administrators an easier way to deploy assessments quickly and simply. We recommend this method for lower stakes assessments. You can also create shortcuts to distribute the link. - - You can enable this using a schema activation. - - -## How to exit Take a Test -To exit the Take a Test app at any time, press Ctrl+Alt+Delete. - - -## Get more info -- Teachers can use Microsoft Forms to create tests. See [Create tests using Microsoft Forms](https://support.microsoft.com/office/create-a-quiz-with-microsoft-forms-a082a018-24a1-48c1-b176-4b3616cdc83d) to find out how. -- To learn more about the policies and settings set by the Take a Test app, see [Take a Test app technical reference](take-a-test-app-technical.md). diff --git a/education/windows/take-tests-in-windows.md b/education/windows/take-tests-in-windows.md new file mode 100644 index 0000000000..68472404be --- /dev/null +++ b/education/windows/take-tests-in-windows.md @@ -0,0 +1,92 @@ +--- +title: Take tests and assessments in Windows +description: Learn about the built-in Take a Test app for Windows and how to use it. +ms.date: 09/30/2022 +ms.topic: conceptual +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Windows 11 SE +--- + +# Take tests and assessments in Windows + +Many schools use online testing for formative and summation assessments. It's critical that students use a secure browser that prevents them from using other computer or Internet resources during the test. To help schools with testing, Windows provides an application called **Take a Test**. The application is a secure browser that provides different features to help with testing, and can be configured to only allow access a specific URL or a list of URLs. When using Take a Test, students can't: + +- print, use screen capture, or text suggestions (unless enabled by the teacher or administrator) +- access other applications +- change system settings, such as display extension, notifications, updates +- access Cortana +- access content copied to the clipboard + +## How to use Take a Test + +There are different ways to use Take a Test, depending on the use case: + +- For lower stakes assessments, such a quick quiz in a class, a teacher can generate a *secure assessment URL* and share it with the students. Students can then open the URL to access the assessment through Take a Test. To learn more, see the next section: [Create a secure assessment link](#create-a-secure-assessment-link) +- For higher stakes assessments, you can configure Windows devices to use a dedicated account for testing and execute Take a Test in a locked-down mode, called **kiosk mode**. Once signed in with the dedicated account, Windows will execute Take a Test in a lock-down mode, preventing the execution of any applications other than Take a Test. For more information, see [Configure Take a Test in kiosk mode](edu-take-a-test-kiosk-mode.md) + +:::image type="content" source="./images/takeatest/flow-chart.png" alt-text="Set up and user flow for the Take a Test app." border="false"::: + +## Create a secure assessment link + +Anything hosted on the web can be presented in a locked down manner using the Take a Test app, not just assessments. To lock down online content, a URL must be embedded with a specific prefix and devices will be locked down when users open the link. + +To create a secure assessment link to the test, there are two options: + +- Create a link using a web application +- Create a link using schema activation + +### Create a link using a web application + +For this option, copy the assessment URL and open the web application Customize your assessment URL, where you can: + +- Paste the link to the assessment URL +- Select the options you want to allow during the test +- Generate the link by selecting the button Create link + +This is an ideal option for teachers who want to create a link to a specific assessment and share it with students using OneNote, for example. + +### Create a link using schema activation + +For this option, you embed a URL with a specific prefix and specify parameters depending on what you want to allow during the test. +The URL must be in the following format: + +``` +ms-edu-secureassessment:#enforceLockdown +``` + +To enable printing, screen capture, or both, use the above link and append one of these parameters: + +- `&enableTextSuggestions` - Enables text suggestions +- `&requirePrinting` - Enables printing +- `&enableScreenCapture` - Enables screen capture +- `&requirePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&requirePrinting`, and `&enableScreenCapture` if you want to enable more than one capability. + +If these parameters aren't included, the default behavior is to disable the capabilities. + +For tests that utilize the Windows lockdown API, which checks for running processes before locking down, remove `enforceLockdown`. Removing `enforceLockdown` will result in the app not locking down immediately, which allows you to close apps that aren't allowed to run during lockdown. Take a Test will lock down the device once the applications are closed. + +To enable permissive mode, don't include `enforceLockdown` in the schema parameters. For more information, see [Permissive mode](take-a-test-app-technical.md#permissive-mode). + +## Distribute the secure assessment link + +Once the link is created, it can be distributed through the web, email, OneNote, or any other method of your choosing. + +For example, you can create and copy the shortcut to the assessment URL to the students' desktop. + +To take the test, have the students open the link. + +> [!NOTE] +> If you enabled printing, the printer must be pre-configured for the account before the student takes the test. + +:::image type="content" source="./images/takeatest/desktop-shortcuts.png" alt-text="Windows 11 SE desktop showing two shortcuts to assessment URLs." border="true"::: + +> [!NOTE] +> If using `enforceLockdown`, to exit the Take a Test app at any time, press Ctrl+Alt+Delete. Students will be prompted to type their password to get back to their desktop. + +## Additional information + +Teachers can use **Microsoft Forms** to create tests. For more information, see [Create tests using Microsoft Forms](https://support.microsoft.com/en-us/office/create-a-quiz-with-microsoft-forms-a082a018-24a1-48c1-b176-4b3616cdc83d). + +To learn more about the policies and settings set by the Take a Test app, see [Take a Test app technical reference](take-a-test-app-technical.md). \ No newline at end of file diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md index 47f90a01c2..0e90fa8952 100644 --- a/education/windows/teacher-get-minecraft.md +++ b/education/windows/teacher-get-minecraft.md @@ -1,19 +1,8 @@ --- title: For teachers get Minecraft Education Edition -description: Learn how teachers can get and distribute Minecraft. -keywords: school, Minecraft, Education Edition, educators, teachers, acquire, distribute -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.localizationpriority: medium -searchScope: - - Store -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +description: Learn how teachers can obtain and distribute Minecraft. +ms.topic: how-to ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 - ✅ Windows 11 diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md index e76136de39..605fd2df0e 100644 --- a/education/windows/test-windows10s-for-edu.md +++ b/education/windows/test-windows10s-for-edu.md @@ -1,14 +1,8 @@ --- title: Test Windows 10 in S mode on existing Windows 10 education devices description: Provides guidance on downloading and testing Windows 10 in S mode for existing Windows 10 education devices. -ms.prod: windows -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: guide ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- diff --git a/education/windows/tutorial-school-deployment/configure-device-apps.md b/education/windows/tutorial-school-deployment/configure-device-apps.md index ab88e770c4..694a87c643 100644 --- a/education/windows/tutorial-school-deployment/configure-device-apps.md +++ b/education/windows/tutorial-school-deployment/configure-device-apps.md @@ -1,16 +1,8 @@ --- title: Configure applications with Microsoft Intune -description: Configure applications with Microsoft Intune in preparation to device deployment +description: Learn how to configure applications with Microsoft Intune in preparation for device deployment. ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows ms.topic: tutorial -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education appliesto: - ✅ Windows 10 - ✅ Windows 11 diff --git a/education/windows/tutorial-school-deployment/configure-device-settings.md b/education/windows/tutorial-school-deployment/configure-device-settings.md index 333618e34c..d2f56961ab 100644 --- a/education/windows/tutorial-school-deployment/configure-device-settings.md +++ b/education/windows/tutorial-school-deployment/configure-device-settings.md @@ -1,16 +1,8 @@ --- title: Configure and secure devices with Microsoft Intune -description: Configure policies with Microsoft Intune in preparation to device deployment +description: Learn how to configure policies with Microsoft Intune in preparation for device deployment. ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows ms.topic: tutorial -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education appliesto: - ✅ Windows 10 - ✅ Windows 11 @@ -62,7 +54,7 @@ Settings that are commonly configured for student devices include: - Wallpaper and lock screen background. See: [Lock screen and desktop][INT-7] - Wi-Fi connections. See: [Add Wi-Fi profiles][INT-8] -- Enablement of the integrated testing and assessment solution *Take a test*. See: [Add Take a Test profile][INT-9] +- Enablement of the integrated testing and assessment solution *Take a Test*. See: [Add Take a Test profile][INT-9] For more information, see [Windows device settings in Intune for Education][INT-3]. diff --git a/education/windows/tutorial-school-deployment/configure-devices-overview.md b/education/windows/tutorial-school-deployment/configure-devices-overview.md index bea37bf92b..32b237ce5a 100644 --- a/education/windows/tutorial-school-deployment/configure-devices-overview.md +++ b/education/windows/tutorial-school-deployment/configure-devices-overview.md @@ -1,16 +1,8 @@ --- title: Configure devices with Microsoft Intune -description: Configure policies and applications in preparation to device deployment +description: Learn how to configure policies and applications in preparation for device deployment. ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows ms.topic: tutorial -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education appliesto: - ✅ Windows 10 - ✅ Windows 11 diff --git a/education/windows/tutorial-school-deployment/enroll-aadj.md b/education/windows/tutorial-school-deployment/enroll-aadj.md index 5747c986a4..829124e264 100644 --- a/education/windows/tutorial-school-deployment/enroll-aadj.md +++ b/education/windows/tutorial-school-deployment/enroll-aadj.md @@ -1,16 +1,8 @@ --- title: Enrollment in Intune with standard out-of-box experience (OOBE) -description: how to join Azure AD for OOBE and automatically get the device enrolled in Intune +description: Learn how to join devices to Azure AD from OOBE and automatically get them enrolled in Intune. ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows ms.topic: tutorial -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education appliesto: - ✅ Windows 10 - ✅ Windows 11 diff --git a/education/windows/tutorial-school-deployment/enroll-autopilot.md b/education/windows/tutorial-school-deployment/enroll-autopilot.md index a64a7590e3..85c838b402 100644 --- a/education/windows/tutorial-school-deployment/enroll-autopilot.md +++ b/education/windows/tutorial-school-deployment/enroll-autopilot.md @@ -1,16 +1,8 @@ --- title: Enrollment in Intune with Windows Autopilot -description: how to join Azure AD and enroll in Intune using Windows Autopilot +description: Learn how to join Azure AD and enroll in Intune using Windows Autopilot. ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows ms.topic: tutorial -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education appliesto: - ✅ Windows 10 - ✅ Windows 11 diff --git a/education/windows/tutorial-school-deployment/enroll-overview.md b/education/windows/tutorial-school-deployment/enroll-overview.md index 1a0048e8b2..52fb94bc7a 100644 --- a/education/windows/tutorial-school-deployment/enroll-overview.md +++ b/education/windows/tutorial-school-deployment/enroll-overview.md @@ -1,16 +1,8 @@ --- title: Device enrollment overview -description: Options to enroll Windows devices in Microsoft Intune +description: Learn about the different options to enroll Windows devices in Microsoft Intune ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows ms.topic: overview -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education appliesto: - ✅ Windows 10 - ✅ Windows 11 @@ -33,15 +25,10 @@ This [table][INT-1] describes the ideal scenarios for using either option. It's :::image type="content" source="./images/enroll.png" alt-text="The device lifecycle for Intune-managed devices - enrollment" border="false"::: Select one of the following options to learn the next steps about the enrollment method you chose: - -> [!div class="nextstepaction"] -> [Next: Automatic Intune enrollment via Azure AD join >](enroll-aadj.md) - -> [!div class="nextstepaction"] -> [Next: Bulk enrollment with provisioning packages >](enroll-package.md) - -> [!div class="nextstepaction"] -> [Next: Enroll devices with Windows Autopilot >](enroll-autopilot.md) +> [!div class="op_single_selector"] +> - [Automatic Intune enrollment via Azure AD join](enroll-aadj.md) +> - [Bulk enrollment with provisioning packages](enroll-package.md) +> - [Enroll devices with Windows Autopilot ](enroll-autopilot.md) diff --git a/education/windows/tutorial-school-deployment/enroll-package.md b/education/windows/tutorial-school-deployment/enroll-package.md index 35f640ae75..2021ec3ff0 100644 --- a/education/windows/tutorial-school-deployment/enroll-package.md +++ b/education/windows/tutorial-school-deployment/enroll-package.md @@ -1,16 +1,8 @@ --- title: Enrollment of Windows devices with provisioning packages -description: options how to enroll Windows devices with provisioning packages using SUSPCs and Windows Configuration Designer +description: Learn about how to enroll Windows devices with provisioning packages using SUSPCs and Windows Configuration Designer. ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows ms.topic: tutorial -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education appliesto: - ✅ Windows 10 - ✅ Windows 11 diff --git a/education/windows/tutorial-school-deployment/index.md b/education/windows/tutorial-school-deployment/index.md index d68fd2fd82..14f76929f4 100644 --- a/education/windows/tutorial-school-deployment/index.md +++ b/education/windows/tutorial-school-deployment/index.md @@ -1,16 +1,8 @@ --- -title: Introduction -description: Introduction to deployment and management of Windows devices in education environments +title: Introduction to the tutorial deploy and manage Windows devices in a school +description: Introduction to deployment and management of Windows devices in education environments. ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows ms.topic: conceptual -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education --- # Tutorial: deploy and manage Windows devices in a school diff --git a/education/windows/tutorial-school-deployment/manage-overview.md b/education/windows/tutorial-school-deployment/manage-overview.md index 6be402a17d..db77a8606f 100644 --- a/education/windows/tutorial-school-deployment/manage-overview.md +++ b/education/windows/tutorial-school-deployment/manage-overview.md @@ -2,15 +2,7 @@ title: Manage devices with Microsoft Intune description: Overview of device management capabilities in Intune for Education, including remote actions, remote assistance and inventory/reporting. ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows ms.topic: tutorial -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education appliesto: - ✅ Windows 10 - ✅ Windows 11 diff --git a/education/windows/tutorial-school-deployment/manage-surface-devices.md b/education/windows/tutorial-school-deployment/manage-surface-devices.md index c8d8f1a1c3..7b888d8adb 100644 --- a/education/windows/tutorial-school-deployment/manage-surface-devices.md +++ b/education/windows/tutorial-school-deployment/manage-surface-devices.md @@ -1,16 +1,8 @@ --- title: Management functionalities for Surface devices -description: Management capabilities offered to Surface devices, including firmware management and the Surface Management Portal +description: Learn about the management capabilities offered to Surface devices, including firmware management and the Surface Management Portal. ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows ms.topic: tutorial -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education appliesto: - ✅ Surface devices --- diff --git a/education/windows/tutorial-school-deployment/reset-wipe.md b/education/windows/tutorial-school-deployment/reset-wipe.md index ca8bac240d..7a404f7ecf 100644 --- a/education/windows/tutorial-school-deployment/reset-wipe.md +++ b/education/windows/tutorial-school-deployment/reset-wipe.md @@ -1,16 +1,8 @@ --- title: Reset and wipe Windows devices -description: Reset and wipe options for Windows devices using Intune for Education, including scenarios when to delete devices +description: Learn about the reset and wipe options for Windows devices using Intune for Education, including scenarios when to delete devices. ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows ms.topic: tutorial -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education appliesto: - ✅ Windows 10 - ✅ Windows 11 diff --git a/education/windows/tutorial-school-deployment/set-up-azure-ad.md b/education/windows/tutorial-school-deployment/set-up-azure-ad.md index efe5fa2545..d27616f71e 100644 --- a/education/windows/tutorial-school-deployment/set-up-azure-ad.md +++ b/education/windows/tutorial-school-deployment/set-up-azure-ad.md @@ -1,17 +1,8 @@ --- title: Set up Azure Active Directory -description: How to create and prepare your Azure AD tenant for an education environment +description: Learn how to create and prepare your Azure AD tenant for an education environment. ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows ms.topic: tutorial -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education -#appliesto: --- # Set up Azure Active Directory diff --git a/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md b/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md index a75509b502..f4d3b44e2e 100644 --- a/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md +++ b/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md @@ -1,17 +1,8 @@ --- title: Set up device management -description: How to configure the Intune service and set up the environment for education. +description: Learn how to configure the Intune service and set up the environment for education. ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows ms.topic: tutorial -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education -#appliesto: --- # Set up Microsoft Intune diff --git a/education/windows/tutorial-school-deployment/troubleshoot-overview.md b/education/windows/tutorial-school-deployment/troubleshoot-overview.md index 9b4a442ee2..1bf462b5f7 100644 --- a/education/windows/tutorial-school-deployment/troubleshoot-overview.md +++ b/education/windows/tutorial-school-deployment/troubleshoot-overview.md @@ -1,16 +1,8 @@ --- title: Troubleshoot Windows devices -description: How to troubleshoot Windows devices from Intune and contact Microsoft Support for issues related to Intune and other Endpoint Manager services +description: Learn how to troubleshoot Windows devices from Intune and contact Microsoft Support for issues related to Intune and other Endpoint Manager services. ms.date: 08/31/2022 -ms.prod: windows -ms.technology: windows -ms.topic: conceptual #reference troubleshooting how-to end-user-help overview (more in contrib guide) -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -#ms.reviewer: -manager: aaroncz -ms.collection: education +ms.topic: tutorial appliesto: - ✅ Windows 10 - ✅ Windows 11 diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md index 44298d51a2..c54a5ce446 100644 --- a/education/windows/use-set-up-school-pcs-app.md +++ b/education/windows/use-set-up-school-pcs-app.md @@ -1,18 +1,8 @@ --- title: Use Set up School PCs app description: Learn how to use the Set up School PCs app and apply the provisioning package. -keywords: shared PC, school, Set up School PCs, overview, how to use -ms.prod: windows -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: how-to ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- diff --git a/education/windows/windows-11-se-faq.yml b/education/windows/windows-11-se-faq.yml new file mode 100644 index 0000000000..36582145e0 --- /dev/null +++ b/education/windows/windows-11-se-faq.yml @@ -0,0 +1,68 @@ +### YamlMime:FAQ +metadata: + title: Windows 11 SE Frequently Asked Questions (FAQ) + description: Use these frequently asked questions (FAQ) to learn important details about Windows 11 SE. + ms.prod: windows + ms.technology: windows + author: paolomatarazzo + ms.author: paoloma + manager: aaroncz + ms.reviewer: + ms.collection: education + ms.topic: faq + localizationpriority: medium + ms.date: 09/14/2022 + appliesto: + - ✅ Windows 11 SE + +title: Common questions about Windows 11 SE +summary: Windows 11 SE combines the power and privacy of Windows 11 with educator feedback to create a simplified experience on devices built for education. This Frequently Asked Questions (FAQ) article is intended to help you learn more about Windows 11 SE so you can get to what matters most. + +sections: + - name: General + questions: + - question: What is Windows 11 SE? + answer: | + Windows 11 SE is a new cloud-first operating system that offers the power and reliability of Windows 11 with a simplified design and tools specially designed for schools. + To learn more, see [Windows 11 SE Overview](/education/windows/windows-11-se-overview). + - question: Who is the Windows 11 SE designed for? + answer: | + Windows 11 SE is designed for students in grades K-8 who use a laptop provided by their school, in a 1:1 scenario. + - question: What are the major differences between Windows 11 and Windows 11 SE? + answer: | + Windows 11 SE was created based on feedback from educators who wanted a distraction-free experience for their students. Here are some of the differences that you'll find in Windows 11 SE: + - Experience a simplified user interface so you can stay focused on the important stuff + - Only IT admins can install apps. Users will not be able to access the Microsoft Store or download apps from the internet + - Use Snap Assist to maximize screen space on smaller screens with two-window snapping + - Store your Desktop, Documents, and Photos folders in the cloud using OneDrive, so your work is backed up and easy to find + - Express yourself and celebrate accomplishments with the *emoji and GIF panel* and *Stickers* + - name: Deployment + questions: + - question: Can I load Windows 11 SE on any hardware? + answer: | + Windows 11 SE is only available on devices that are built for education. To learn more, see [Windows 11 SE Overview](/education/windows/windows-11-se-overview). + - name: Applications and settings + questions: + - question: How can I install applications on Windows 11 SE? + answer: | + You can use Microsoft Intune to install applications on Windows 11 SE. + For more information, see [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps). + - question: What apps will work on Windows 11 SE? + answer: | + Windows 11 SE supports all web applications and a curated list of desktop applications. You can prepare and add a desktop app to Microsoft Intune as a Win32 app from the [approved app list](/education/windows/windows-11-se-overview), then distribute it. + For more information, see [Considerations for Windows 11 SE](/education/windows/tutorial-school-deployment/configure-device-apps#considerations-for-windows-11-se). + - question: Why there's no application store on Windows 11 SE? + answer: | + IT Admins can manage system settings (including application installation and the application store) to ensure all students have a safe, distraction-free experience. On Windows SE devices, you have pre-installed apps from Microsoft, from your IT admin, and from your device manufacturer. You can continue to use web apps on the Microsoft Edge browser, as web apps do not require installation. + For more information, see [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps). + - question: What does the error 0x87D300D9 mean in the Intune for Education portal? + answer: | + This error means that the app you are trying to install is not supported on Windows 11 SE. If you have an app that fails with this error, then: + - Make sure the app is on the [available applications list](/education/windows/windows-11-se-overview#available-applications). Or, make sure your app is [approved for Windows 11 SE](/education/windows/windows-11-se-overview#add-your-own-applications) + - If the app is approved, then it's possible the app is not packaged correctly. For more information, [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps) + - If the app isn't approved, then it won't run on Windows 11 SE. To get apps approved, see [Add your own applications](/education/windows/windows-11-se-overview#add-your-own-applications). Or, use an app that runs in a web browser, such as a web app or PWA + - name: Out-of-box experience (OOBE) + questions: + - question: My Windows 11 SE device is stuck in OOBE, how can I troubleshoot it? + answer: | + To access the Settings application during OOBE on a Windows 11 SE device, press Shift+F10, then select the accessibility icon :::image type="icon" source="images/icons/accessibility.svg"::: on the bottom-right corner of the screen. From the Settings application, you can troubleshoot the OOBE process and, optionally, trigger a device reset. diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index 5141fbd618..2e65e17494 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -1,16 +1,8 @@ --- title: Windows 11 SE Overview -description: Learn more about Windows 11 SE, and the apps that are included with the operating system. Read about the features IT professionals and administrators should know about Windows 11 SE. Add and deploy your apps using Microsoft Intune for Education. -ms.prod: windows -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: mobile -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +description: Learn about Windows 11 SE, and the apps that are included with the operating system. +ms.topic: article ms.date: 09/12/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 11 SE --- @@ -88,11 +80,11 @@ The following applications can also run on Windows 11 SE, and can be deployed us |-----------------------------------------|-------------------|----------|------------------------------| | AirSecure | 8.0.0 | Win32 | AIR | | Alertus Desktop | 5.4.44.0 | Win32 | Alertus technologies | -| Brave Browser | 1.34.80 | Win32 | Brave | +| Brave Browser | 106.0.5249.65 | Win32 | Brave | | Bulb Digital Portfolio | 0.0.7.0 | Store | Bulb | | CA Secure Browser | 14.0.0 | Win32 | Cambium Development | | Cisco Umbrella | 3.0.110.0 | Win32 | Cisco | -| CKAuthenticator | 3.6 | Win32 | Content Keeper | +| CKAuthenticator | 3.6+ | Win32 | Content Keeper | | Class Policy | 114.0.0 | Win32 | Class Policy | | Classroom.cloud | 1.40.0004 | Win32 | NetSupport | | CoGat Secure Browser | 11.0.0.19 | Win32 | Riverside Insights | @@ -167,14 +159,6 @@ When the app is ready, Microsoft will update you. Then, you add the app to the I For more information on Intune requirements for adding education apps, see [Configure applications with Microsoft Intune][EDUWIN-1]. -### 0x87D300D9 error with an app - -When you deploy an app using Intune for Education, you may get a `0x87D300D9` error code with a `Failed` state in the [Intune for Education portal](https://intuneeducation.portal.azure.com). If you have an app that fails with this error, then: - -- Make sure the app is on the [available applications list](#available-applications). Or, make sure your app is [approved for Windows 11 SE](#add-your-own-applications) -- If the app is approved, then it's possible the app is packaged wrong. For more information, see [Add your own apps](#add-your-own-applications) and [Configure applications with Microsoft Intune][EDUWIN-1] -- If the app isn't approved, then it won't run on Windows 11 SE. To get apps approved, see [Add your own apps](#add-your-own-applications). Or, use an app that runs in a web browser, such as a web app or PWA - ## Related articles - [Tutorial: deploy and manage Windows devices in a school][EDUWIN-2] diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md index 0dda7bbc35..7cd1a683ce 100644 --- a/education/windows/windows-11-se-settings-list.md +++ b/education/windows/windows-11-se-settings-list.md @@ -1,23 +1,15 @@ --- title: Windows 11 SE settings list description: Windows 11 SE automatically configures settings in the operating system. Learn more about the settings you can control and manage, and the settings you can't change. -ms.prod: windows -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: mobile -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +ms.topic: article ms.date: 09/12/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 11 SE --- # Windows 11 SE for Education settings list -Windows 11 SE automatically configures settings and features in the operating system. These settings use the Configuration Service Provider (CSPs) provided by Microsoft. You can use an MDM provider to configure these settings. +Windows 11 SE automatically configures certain settings and features in the operating system. You can use Microsoft Intune to customize these settings. This article lists the settings automatically configured. For more information on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md). @@ -61,45 +53,6 @@ The following settings can't be changed. | Administrative tools | Administrative tools, such as the command prompt and Windows PowerShell, can't be opened. Windows PowerShell scripts deployed using Microsoft Endpoint Manager can run. | | Apps | Only certain apps are allowed to run on Windows 11 SE. For more info on what apps can run on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md). | -## What's available in the Settings app - -On Windows 11 SE devices, the Settings app shows the following setting pages. Depending on the hardware, some setting pages might not be shown. - -- Accessibility - -- Accounts - - Email & accounts - -- Apps - -- Bluetooth & devices - - Bluetooth - - Printers & scanners - - Mouse - - Touchpad - - Typing - - Pen - - AutoPlay - -- Network & internet - - WiFi - - VPN - -- Personalization - - Taskbar - -- Privacy & security - -- System - - Display - - Notifications - - Tablet mode - - Multitasking - - Projecting to this PC - -- Time & Language - - Language & region - ## Next steps [Windows 11 SE for Education overview](windows-11-se-overview.md) diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md index 172f1e3c6c..90b399237d 100644 --- a/education/windows/windows-editions-for-education-customers.md +++ b/education/windows/windows-editions-for-education-customers.md @@ -1,18 +1,8 @@ --- title: Windows 10 editions for education customers -description: Provides an overview of the two Windows 10 editions that are designed for the needs of K-12 institutions. -keywords: Windows 10 Pro Education, Windows 10 Education, Windows 10 editions, education customers -ms.prod: windows -ms.mktglfcycl: plan -ms.sitesec: library -ms.pagetype: edu -ms.localizationpriority: medium -ms.collection: education -author: paolomatarazzo -ms.author: paoloma +description: Learn about the two Windows 10 editions that are designed for the needs of education institutions. +ms.topic: article ms.date: 08/10/2022 -ms.reviewer: -manager: aaroncz appliesto: - ✅ Windows 10 --- @@ -21,7 +11,7 @@ appliesto: Windows 10, version 1607 (Anniversary Update) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](/windows/security/security-foundations) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620). -Beginning with version 1607, Windows 10 offers various new features and functionality, such as simplified provisioning with the [Set up School PCs app](./use-set-up-school-pcs-app.md) or [Windows Configuration Designer](./set-up-students-pcs-to-join-domain.md), easier delivery of digital assessments with [Take a Test](./take-tests-in-windows-10.md), and faster sign-in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/). +Beginning with version 1607, Windows 10 offers various new features and functionality, such as simplified provisioning with the [Set up School PCs app](./use-set-up-school-pcs-app.md) or [Windows Configuration Designer](./set-up-students-pcs-to-join-domain.md), easier delivery of digital assessments with [Take a Test](./take-tests-in-windows.md), and faster sign-in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/). Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments. diff --git a/store-for-business/acquire-apps-microsoft-store-for-business.md b/store-for-business/acquire-apps-microsoft-store-for-business.md index 9922255c06..d6bbee15ca 100644 --- a/store-for-business/acquire-apps-microsoft-store-for-business.md +++ b/store-for-business/acquire-apps-microsoft-store-for-business.md @@ -1,7 +1,6 @@ --- title: Acquire apps in Microsoft Store for Business (Windows 10) description: As an admin, you can acquire apps from the Microsoft Store for Business for your employees. Some apps are free, and some have a price. For info on app types that are supported, see Apps in the Microsoft Store for Business. -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md index 01fcc41871..4ea7713429 100644 --- a/store-for-business/add-profile-to-devices.md +++ b/store-for-business/add-profile-to-devices.md @@ -1,7 +1,6 @@ --- title: Manage Windows device deployment with Windows Autopilot Deployment description: Add an Autopilot profile to devices. Autopilot profiles control what is included in Windows set up experience for your employees. -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/add-unsigned-app-to-code-integrity-policy.md b/store-for-business/add-unsigned-app-to-code-integrity-policy.md index 58ca7bff3e..a8b8b8d0a5 100644 --- a/store-for-business/add-unsigned-app-to-code-integrity-policy.md +++ b/store-for-business/add-unsigned-app-to-code-integrity-policy.md @@ -3,7 +3,6 @@ title: Add unsigned app to code integrity policy (Windows 10) description: When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device. ms.assetid: 580E18B1-2FFD-4EE4-8CC5-6F375BE224EA ms.reviewer: -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store, security diff --git a/store-for-business/app-inventory-management-microsoft-store-for-business.md b/store-for-business/app-inventory-management-microsoft-store-for-business.md index c3dd51ee67..3555366945 100644 --- a/store-for-business/app-inventory-management-microsoft-store-for-business.md +++ b/store-for-business/app-inventory-management-microsoft-store-for-business.md @@ -4,7 +4,6 @@ description: You can manage all apps that you've acquired on your Apps & Softwar ms.assetid: 44211937-801B-4B85-8810-9CA055CDB1B2 ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/apps-in-microsoft-store-for-business.md b/store-for-business/apps-in-microsoft-store-for-business.md index c721a02787..f59d3fa018 100644 --- a/store-for-business/apps-in-microsoft-store-for-business.md +++ b/store-for-business/apps-in-microsoft-store-for-business.md @@ -4,7 +4,6 @@ description: Microsoft Store for Business has thousands of apps from many differ ms.assetid: CC5641DA-3CEA-4950-AD81-1AF1AE876926 ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/assign-apps-to-employees.md b/store-for-business/assign-apps-to-employees.md index b17921f3b5..7225de9903 100644 --- a/store-for-business/assign-apps-to-employees.md +++ b/store-for-business/assign-apps-to-employees.md @@ -4,7 +4,6 @@ description: Administrators can assign online-licensed apps to employees and stu ms.assetid: A0DF4EC2-BE33-41E1-8832-DBB0EBECA31A ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/billing-payments-overview.md b/store-for-business/billing-payments-overview.md index 64489e2d0d..a258d9af7e 100644 --- a/store-for-business/billing-payments-overview.md +++ b/store-for-business/billing-payments-overview.md @@ -2,7 +2,6 @@ title: Billing and payments overview description: Find topics about billing and payment support in Microsoft Store for Business. keywords: billing, payment methods, invoices, credit card, debit card -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/billing-profile.md b/store-for-business/billing-profile.md index 866fc5fa17..77f5fa0713 100644 --- a/store-for-business/billing-profile.md +++ b/store-for-business/billing-profile.md @@ -2,7 +2,6 @@ title: Understand billing profiles description: Learn how billing profiles support invoices keywords: billing profile, invoices, charges, managed charges -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/billing-understand-your-invoice-msfb.md b/store-for-business/billing-understand-your-invoice-msfb.md index 70f8c3d15d..d3b06dbe77 100644 --- a/store-for-business/billing-understand-your-invoice-msfb.md +++ b/store-for-business/billing-understand-your-invoice-msfb.md @@ -1,7 +1,6 @@ --- title: Understand your Microsoft Customer Agreement invoice description: Learn how to read and understand your MCA bill -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md index 151722f51a..70adfcef94 100644 --- a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md +++ b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md @@ -4,7 +4,6 @@ description: For companies or organizations using mobile device management (MDM) ms.assetid: B3A45C8C-A96C-4254-9659-A9B364784673 ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/device-guard-signing-portal.md b/store-for-business/device-guard-signing-portal.md index 4c49b31308..b74d000f43 100644 --- a/store-for-business/device-guard-signing-portal.md +++ b/store-for-business/device-guard-signing-portal.md @@ -4,7 +4,6 @@ description: Device Guard signing is a Device Guard feature that is available in ms.assetid: 8D9CD2B9-5FC6-4C3D-AA96-F135AFEEBB78 ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store, security diff --git a/store-for-business/distribute-apps-from-your-private-store.md b/store-for-business/distribute-apps-from-your-private-store.md index 343c57ed38..2cc25547e0 100644 --- a/store-for-business/distribute-apps-from-your-private-store.md +++ b/store-for-business/distribute-apps-from-your-private-store.md @@ -4,7 +4,6 @@ description: The private store is a feature in Microsoft Store for Business and ms.assetid: C4644035-845C-4C84-87F0-D87EA8F5BA19 ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md b/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md index de94448f75..39518d2c87 100644 --- a/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md +++ b/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md @@ -4,7 +4,6 @@ description: Distribute apps to your employees from Microsoft Store for Business ms.assetid: E591497C-6DFA-49C1-8329-4670F2164E9E ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/distribute-apps-with-management-tool.md b/store-for-business/distribute-apps-with-management-tool.md index 0e41f26d57..8bde8ed28d 100644 --- a/store-for-business/distribute-apps-with-management-tool.md +++ b/store-for-business/distribute-apps-with-management-tool.md @@ -4,7 +4,6 @@ description: You can configure a mobile device management (MDM) tool to synchron ms.assetid: 006F5FB1-E688-4769-BD9A-CFA6F5829016 ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md index e431ad264f..b1b43828f9 100644 --- a/store-for-business/distribute-offline-apps.md +++ b/store-for-business/distribute-offline-apps.md @@ -4,7 +4,6 @@ description: Offline licensing is a new licensing option for Windows 10. ms.assetid: 6B9F6876-AA66-4EE4-A448-1371511AC95E ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json index 953ad15d25..9388758a6c 100644 --- a/store-for-business/docfx.json +++ b/store-for-business/docfx.json @@ -35,7 +35,7 @@ "breadcrumb_path": "/microsoft-store/breadcrumb/toc.json", "ms.author": "trudyha", "audience": "ITPro", - "ms.technology": "windows", + "ms.service": "store-for-business", "ms.topic": "article", "ms.date": "05/09/2017", "searchScope": [ @@ -60,7 +60,8 @@ "AngelaMotherofDragons", "dstrome", "v-dihans", - "garycentric" + "garycentric", + "v-stsavell" ] }, "fileMetadata": {}, diff --git a/store-for-business/find-and-acquire-apps-overview.md b/store-for-business/find-and-acquire-apps-overview.md index 1ae93064e6..0a239cee50 100644 --- a/store-for-business/find-and-acquire-apps-overview.md +++ b/store-for-business/find-and-acquire-apps-overview.md @@ -4,7 +4,6 @@ description: Use the Microsoft Store for Business and Education to find apps for ms.assetid: 274A5003-5F15-4635-BB8B-953953FD209A ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/index.md b/store-for-business/index.md index 03852f5eee..82901c7ebe 100644 --- a/store-for-business/index.md +++ b/store-for-business/index.md @@ -2,7 +2,6 @@ title: Microsoft Store for Business and Education (Windows 10) description: Welcome to the Microsoft Store for Business and Education. You can use Microsoft Store, to find, acquire, distribute, and manage apps for your organization or school. ms.assetid: 527E611E-4D47-44F0-9422-DCC2D1ACBAB8 -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/manage-access-to-private-store.md b/store-for-business/manage-access-to-private-store.md index 9983264ab6..84c39959bb 100644 --- a/store-for-business/manage-access-to-private-store.md +++ b/store-for-business/manage-access-to-private-store.md @@ -4,7 +4,6 @@ description: You can manage access to your private store in Microsoft Store for ms.assetid: 4E00109C-2782-474D-98C0-02A05BE613A5 ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/manage-apps-microsoft-store-for-business-overview.md b/store-for-business/manage-apps-microsoft-store-for-business-overview.md index 04e2434086..855e3839ed 100644 --- a/store-for-business/manage-apps-microsoft-store-for-business-overview.md +++ b/store-for-business/manage-apps-microsoft-store-for-business-overview.md @@ -4,7 +4,6 @@ description: Manage apps, software, devices, products and services in Microsoft ms.assetid: 2F65D4C3-B02C-41CC-92F0-5D9937228202 ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/manage-orders-microsoft-store-for-business.md b/store-for-business/manage-orders-microsoft-store-for-business.md index 4988dab4d4..4b6f8bd99e 100644 --- a/store-for-business/manage-orders-microsoft-store-for-business.md +++ b/store-for-business/manage-orders-microsoft-store-for-business.md @@ -1,7 +1,6 @@ --- title: Manage app orders in Microsoft Store for Business or Microsoft Store for Education (Windows 10) description: You can view your order history with Microsoft Store for Business or Microsoft Store for Education. -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/manage-private-store-settings.md b/store-for-business/manage-private-store-settings.md index 87d79fbe9d..b7765c7ea3 100644 --- a/store-for-business/manage-private-store-settings.md +++ b/store-for-business/manage-private-store-settings.md @@ -4,7 +4,6 @@ description: The private store is a feature in the Microsoft Store for Business ms.assetid: 2D501538-0C6E-4408-948A-2BF5B05F7A0C ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/manage-settings-microsoft-store-for-business.md b/store-for-business/manage-settings-microsoft-store-for-business.md index 12534f788b..37505459c3 100644 --- a/store-for-business/manage-settings-microsoft-store-for-business.md +++ b/store-for-business/manage-settings-microsoft-store-for-business.md @@ -4,7 +4,6 @@ description: You can add users and groups, as well as update some of the setting ms.assetid: E3283D77-4DB2-40A9-9479-DDBC33D5A895 ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md index a57e52bfd5..de70959d59 100644 --- a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md +++ b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md @@ -4,7 +4,6 @@ description: Microsoft Store for Business and Microsoft Store for Education mana ms.assetid: 5E7FA071-CABD-4ACA-8AAE-F549EFCE922F ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md index f599c5cc61..a5149c0b1e 100644 --- a/store-for-business/microsoft-store-for-business-education-powershell-module.md +++ b/store-for-business/microsoft-store-for-business-education-powershell-module.md @@ -1,7 +1,6 @@ --- title: Microsoft Store for Business and Education PowerShell module - preview description: Preview version of PowerShell module -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md index 06da85f98c..6516ad323c 100644 --- a/store-for-business/microsoft-store-for-business-overview.md +++ b/store-for-business/microsoft-store-for-business-overview.md @@ -3,7 +3,6 @@ title: Microsoft Store for Business and Microsoft Store for Education overview ( description: With Microsoft Store for Business and Microsoft Store for Education, organizations and schools can make volume purchases of Windows apps. ms.assetid: 9DA71F6B-654D-4121-9A40-D473CC654A1C ms.reviewer: -ms.prod: w10 ms.pagetype: store ms.mktglfcycl: manage ms.sitesec: library diff --git a/store-for-business/notifications-microsoft-store-business.md b/store-for-business/notifications-microsoft-store-business.md index 916cb00349..548f8ecce0 100644 --- a/store-for-business/notifications-microsoft-store-business.md +++ b/store-for-business/notifications-microsoft-store-business.md @@ -5,7 +5,6 @@ keywords: notifications, alerts ms.assetid: ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/payment-methods.md b/store-for-business/payment-methods.md index 1ccc6c81fd..b0d445d780 100644 --- a/store-for-business/payment-methods.md +++ b/store-for-business/payment-methods.md @@ -2,7 +2,6 @@ title: Payment methods for commercial customers description: Learn what payment methods are available in Store for Business and M365 admin center keywords: payment method, credit card, debit card, add credit card, update payment method -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/prerequisites-microsoft-store-for-business.md b/store-for-business/prerequisites-microsoft-store-for-business.md index 99e6061d97..59d4c2b19b 100644 --- a/store-for-business/prerequisites-microsoft-store-for-business.md +++ b/store-for-business/prerequisites-microsoft-store-for-business.md @@ -3,7 +3,6 @@ title: Prerequisites for Microsoft Store for Business and Education (Windows 10) description: There are a few prerequisites for using Microsoft Store for Business or Microsoft Store for Education. ms.assetid: CEBC6870-FFDD-48AD-8650-8B0DC6B2651D ms.reviewer: -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md index 4ced84898d..5d9ea05e6c 100644 --- a/store-for-business/release-history-microsoft-store-business-education.md +++ b/store-for-business/release-history-microsoft-store-business-education.md @@ -1,7 +1,6 @@ --- title: Microsoft Store for Business and Education release history description: Know the release history of Microsoft Store for Business and Microsoft Store for Education. -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/roles-and-permissions-microsoft-store-for-business.md b/store-for-business/roles-and-permissions-microsoft-store-for-business.md index 83baa7d2d3..6b9ac86995 100644 --- a/store-for-business/roles-and-permissions-microsoft-store-for-business.md +++ b/store-for-business/roles-and-permissions-microsoft-store-for-business.md @@ -4,7 +4,6 @@ description: The first person to sign in to Microsoft Store for Business or Micr keywords: roles, permissions ms.assetid: CB6281E1-37B1-4B8B-991D-BC5ED361F1EE ms.reviewer: -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/settings-reference-microsoft-store-for-business.md b/store-for-business/settings-reference-microsoft-store-for-business.md index 3bbc577f09..4a44723dd6 100644 --- a/store-for-business/settings-reference-microsoft-store-for-business.md +++ b/store-for-business/settings-reference-microsoft-store-for-business.md @@ -4,7 +4,6 @@ description: The Microsoft Store for Business and Education has a group of setti ms.assetid: 34F7FA2B-B848-454B-AC00-ECA49D87B678 ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/sfb-change-history.md b/store-for-business/sfb-change-history.md index 08e7950bb0..0bd887f0d4 100644 --- a/store-for-business/sfb-change-history.md +++ b/store-for-business/sfb-change-history.md @@ -1,7 +1,6 @@ --- title: Change history for Microsoft Store for Business and Education description: Summary of topic changes for Microsoft Store for Business and Microsoft Store for Education. -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md index 5de355b03c..f9fdb79f49 100644 --- a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md +++ b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md @@ -4,7 +4,6 @@ description: Signing code integrity policies prevents policies from being tamper ms.assetid: 63B56B8B-2A40-44B5-B100-DC50C43D20A9 ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store, security diff --git a/store-for-business/sign-up-microsoft-store-for-business-overview.md b/store-for-business/sign-up-microsoft-store-for-business-overview.md index 5303f4a421..32cdba4b8f 100644 --- a/store-for-business/sign-up-microsoft-store-for-business-overview.md +++ b/store-for-business/sign-up-microsoft-store-for-business-overview.md @@ -3,7 +3,6 @@ title: Sign up and get started (Windows 10) description: IT admins can sign up for the Microsoft Store for Business or Microsoft Store for Education and get started working with apps. ms.assetid: 87C6FA60-3AB9-4152-A85C-6A1588A20C7B ms.reviewer: -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/troubleshoot-microsoft-store-for-business.md b/store-for-business/troubleshoot-microsoft-store-for-business.md index 48cfe3c2fc..074a34eb0f 100644 --- a/store-for-business/troubleshoot-microsoft-store-for-business.md +++ b/store-for-business/troubleshoot-microsoft-store-for-business.md @@ -4,7 +4,6 @@ description: Troubleshooting topics for Microsoft Store for Business. ms.assetid: 243755A3-9B20-4032-9A77-2207320A242A ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/update-microsoft-store-for-business-account-settings.md b/store-for-business/update-microsoft-store-for-business-account-settings.md index 55f5f4fc07..b277705e60 100644 --- a/store-for-business/update-microsoft-store-for-business-account-settings.md +++ b/store-for-business/update-microsoft-store-for-business-account-settings.md @@ -2,7 +2,6 @@ title: Update your Billing account settings description: The billing account page in Microsoft Store for Business and Microsoft Store for Education, and M365 admin center shows information about your organization that you can update, including country or region, organization contact info, agreements with Microsoft and admin approvals. keywords: billing accounts, organization info -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md index 86cbbe0beb..ee29b9c93f 100644 --- a/store-for-business/whats-new-microsoft-store-business-education.md +++ b/store-for-business/whats-new-microsoft-store-business-education.md @@ -1,7 +1,6 @@ --- title: Whats new in Microsoft Store for Business and Education description: Learn about newest features in Microsoft Store for Business and Microsoft Store for Education. -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/store-for-business/working-with-line-of-business-apps.md b/store-for-business/working-with-line-of-business-apps.md index de2e4d050a..92b489f6ab 100644 --- a/store-for-business/working-with-line-of-business-apps.md +++ b/store-for-business/working-with-line-of-business-apps.md @@ -4,7 +4,6 @@ description: Your company or school can make line-of-business (LOB) applications ms.assetid: 95EB7085-335A-447B-84BA-39C26AEB5AC7 ms.reviewer: manager: dansimp -ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/add-an-azure-ad-tenant-and-azure-ad-subscription.md similarity index 100% rename from windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md rename to windows/client-management/add-an-azure-ad-tenant-and-azure-ad-subscription.md diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md index 5260e5f1db..ce8d8ebf38 100644 --- a/windows/client-management/administrative-tools-in-windows-10.md +++ b/windows/client-management/administrative-tools-in-windows-10.md @@ -24,11 +24,11 @@ ms.collection: highpri The following graphic shows the **Windows Tools** folder in Windows 11: -:::image type="content" source="media/win11-control-panel-windows-tools.png" alt-text="Screenshot of the Control Panel in Windows 11, highlighting the Administrative Tools folder." lightbox="media/win11-control-panel-windows-tools.png"::: +:::image type="content" source="images/win11-control-panel-windows-tools.png" alt-text="Screenshot of the Control Panel in Windows 11, highlighting the Administrative Tools folder." lightbox="images/win11-control-panel-windows-tools.png"::: The tools in the folder might vary depending on which edition of Windows you use. -:::image type="content" source="media/win11-windows-tools.png" alt-text="Screenshot of the contents of the Windows Tools folder in Windows 11." lightbox="media/win11-windows-tools.png"::: +:::image type="content" source="images/win11-windows-tools.png" alt-text="Screenshot of the contents of the Windows Tools folder in Windows 11." lightbox="images/win11-windows-tools.png"::: ## Administrative Tools folder (Windows 10) diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/appv-deploy-and-config.md similarity index 94% rename from windows/client-management/mdm/appv-deploy-and-config.md rename to windows/client-management/appv-deploy-and-config.md index a407704b93..89619b8a39 100644 --- a/windows/client-management/mdm/appv-deploy-and-config.md +++ b/windows/client-management/appv-deploy-and-config.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 06/26/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -21,7 +21,7 @@ manager: aaroncz ### EnterpriseAppVManagement CSP node structure -[EnterpriseAppVManagement CSP reference](./enterpriseappvmanagement-csp.md) +[EnterpriseAppVManagement CSP reference](mdm/enterpriseappvmanagement-csp.md) The following example shows the EnterpriseAppVManagement configuration service provider in tree format. @@ -72,7 +72,7 @@ EnterpriseAppVManagement

    Sync command:

    -[App-V Sync protocol reference]( https://msdn.microsoft.com/enus/library/mt739986.aspx) +[App-V Sync protocol reference](https://msdn.microsoft.com/enus/library/mt739986.aspx)

    AppVDynamicPolicy - A read/write node that contains the App-V dynamic configuration for an MDM device (applied globally to all users for that device) or a specific MDM user.

    @@ -85,7 +85,7 @@ EnterpriseAppVManagement

    Dynamic policy examples:

    -[Dynamic configuration processing](/windows/application-management/app-v/appv-application-publishing-and-client-interaction#bkmk-dynamic-config">Dynamic configuration processing) +[Dynamic configuration processing](/windows/application-management/app-v/appv-application-publishing-and-client-interaction#dynamic-configuration-processing)

    AppVPackageManagement - Primarily read-only App-V package inventory data for MDM servers to query current packages.

    @@ -114,9 +114,9 @@ EnterpriseAppVManagement

    A complete list of App-V policies can be found here:

    -[ADMX-backed policy reference](./policy-configuration-service-provider.md) +[ADMX-backed policy reference](mdm/policy-configuration-service-provider.md) -[EnterpriseAppVManagement CSP reference](./enterpriseappvmanagement-csp.md) +[EnterpriseAppVManagement CSP reference](mdm/enterpriseappvmanagement-csp.md) ### SyncML examples @@ -147,24 +147,24 @@ EnterpriseAppVManagement

    This example shows how to allow package scripts to run during package operations (publish, run, and unpublish). Allowing package scripts helps package deployments (add and publish of App-V apps).

    ```xml - - $CmdID$ - - - chr - text/plain - - - ./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowPackageScripts - - - - + + $CmdID$ + + + chr + text/plain + + + ./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowPackageScripts + + + + ```

    Complete list of App-V policies can be found here:

    -[Policy CSP](./policy-configuration-service-provider.md) +[Policy CSP](mdm/policy-configuration-service-provider.md) #### SyncML with package published for a device (global to all users for that device) @@ -199,11 +199,11 @@ EnterpriseAppVManagement - + - + ```

    *PackageUrl can be a UNC or HTTP/HTTPS endpoint.

    @@ -236,7 +236,7 @@ EnterpriseAppVManagement [{ProgramFilesX86}]\Skype\Phone\Skype.exe [{Windows}]\Installer\{FC965A47-4839-40CA-B61818F486F042C6}\SkypeIcon.exe.0.ico - [{ProgramFilesX86}]\Skype\ + [{ProgramFilesX86}]\Skype\ Skype.Desktop.Application Launch Skype 1 @@ -339,8 +339,8 @@ EnterpriseAppVManagement - -``` + +``` #### SyncML for publishing mixed-mode connection group containing global and user-published packages @@ -403,7 +403,7 @@ EnterpriseAppVManagement - + @@ -419,7 +419,7 @@ EnterpriseAppVManagement - + ``` #### Unpublish example SyncML for all global packages @@ -481,5 +481,5 @@ EnterpriseAppVManagement ./User/Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement?list=StructData - + ``` \ No newline at end of file diff --git a/windows/client-management/mdm/assign-seats.md b/windows/client-management/assign-seats.md similarity index 100% rename from windows/client-management/mdm/assign-seats.md rename to windows/client-management/assign-seats.md diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/azure-active-directory-integration-with-mdm.md similarity index 100% rename from windows/client-management/mdm/azure-active-directory-integration-with-mdm.md rename to windows/client-management/azure-active-directory-integration-with-mdm.md diff --git a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md similarity index 100% rename from windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md rename to windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/bulk-assign-and-reclaim-seats-from-user.md similarity index 100% rename from windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md rename to windows/client-management/bulk-assign-and-reclaim-seats-from-user.md diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md similarity index 97% rename from windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md rename to windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md index c54261ccfa..8da354f72a 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md @@ -1,10 +1,10 @@ --- title: Bulk enrollment description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices. In Windows 10 and Windows 11. -MS-HAID: +MS-HAID: - 'p\_phdevicemgmt.bulk\_enrollment' - 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool' -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -16,7 +16,7 @@ ms.date: 06/26/2017 # Bulk enrollment -Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices. In Windows 10 and 11 desktop devices, you can use the [Provisioning CSP](provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario. +Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices. In Windows 10 and 11 desktop devices, you can use the [Provisioning CSP](mdm/provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario. ## Typical use cases @@ -69,9 +69,9 @@ Using the WCD, create a provisioning package using the enrollment information re - **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank. - **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank. - **Secret** - Password - For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md). + For detailed descriptions of these settings, see [Provisioning CSP](mdm/provisioning-csp.md). Here's the screenshot of the WCD at this point. - + ![bulk enrollment screenshot.](images/bulk-enrollment.png) 9. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (for example, **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**). 10. When you're done adding all the settings, on the **File** menu, click **Save**. @@ -118,7 +118,7 @@ Using the WCD, create a provisioning package using the enrollment information re - **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank. - **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank. - **Secret** - the certificate thumbprint. - For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md). + For detailed descriptions of these settings, see [Provisioning CSP](mdm/provisioning-csp.md). 8. Configure the other settings, such as the Wi-Fi connection so that the device can join a network before joining MDM (for example, **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**). 9. When you're done adding all the settings, on the **File** menu, click **Save**. 10. Export and build the package (steps 10-13 in the procedure above). diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/certificate-authentication-device-enrollment.md similarity index 100% rename from windows/client-management/mdm/certificate-authentication-device-enrollment.md rename to windows/client-management/certificate-authentication-device-enrollment.md diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/certificate-renewal-windows-mdm.md similarity index 95% rename from windows/client-management/mdm/certificate-renewal-windows-mdm.md rename to windows/client-management/certificate-renewal-windows-mdm.md index 96a2369975..692158038e 100644 --- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md +++ b/windows/client-management/certificate-renewal-windows-mdm.md @@ -1,10 +1,10 @@ --- title: Certificate Renewal description: Learn how to find all the resources that you need to provide continuous access to client certificates. -MS-HAID: +MS-HAID: - 'p\_phdevicemgmt.certificate\_renewal' - 'p\_phDeviceMgmt.certificate\_renewal\_windows\_mdm' -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -30,18 +30,18 @@ Windows supports automatic certificate renewal, also known as Renew On Behalf Of Auto certificate renewal is the only supported MDM client certificate renewal method for the device that's enrolled using WAB authentication. Meaning, the AuthPolicy is set to Federated. It also means if the server supports WAB authentication, then the MDM certificate enrollment server MUST also support client TLS to renew the MDM client certificate. -For Windows devices, during the MDM client certificate enrollment phase or during MDM management section, the enrollment server or MDM server could configure the device to support automatic MDM client certificate renewal using [CertificateStore CSP’s](certificatestore-csp.md) ROBOSupport node under CertificateStore/My/WSTEP/Renew URL. +For Windows devices, during the MDM client certificate enrollment phase or during MDM management section, the enrollment server or MDM server could configure the device to support automatic MDM client certificate renewal using [CertificateStore CSP’s](mdm/certificatestore-csp.md) ROBOSupport node under CertificateStore/My/WSTEP/Renew URL. With automatic renewal, the PKCS\#7 message content isn’t b64 encoded separately. With manual certificate renewal, there's an additional b64 encoding for PKCS\#7 message content. -During the automatic certificate renewal process, if the root certificate isn’t trusted by the device, the authentication will fail. Use one of device pre-installed root certificates, or configure the root cert over a DM session using the [CertificateStore CSP](certificatestore-csp.md). +During the automatic certificate renewal process, if the root certificate isn’t trusted by the device, the authentication will fail. Use one of device pre-installed root certificates, or configure the root cert over a DM session using the [CertificateStore CSP](mdm/certificatestore-csp.md). During the automatic certificate renew process, the device will deny HTTP redirect request from the server. It won't deny the request if the same redirect URL that the user accepted during the initial MDM enrollment process is used. The following example shows the details of an automatic renewal request. ```xml - @@ -62,7 +62,7 @@ The following example shows the details of an automatic renewal request. user@contoso.com + "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"> @@ -73,9 +73,9 @@ The following example shows the details of an automatic renewal request. http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken http://docs.oasis-open.org/ws-sx/ws-trust/200512/Renew - BinarySecurityTokenInsertedHere diff --git a/windows/client-management/change-history-for-mdm-documentation.md b/windows/client-management/change-history-for-mdm-documentation.md new file mode 100644 index 0000000000..3d5f9da9d8 --- /dev/null +++ b/windows/client-management/change-history-for-mdm-documentation.md @@ -0,0 +1,317 @@ +--- +title: Change history for MDM documentation +description: This article lists new and updated articles for Mobile Device Management. +author: vinaypamnani-msft +ms.author: vinpa +ms.reviewer: +manager: aaroncz +ms.topic: article +ms.prod: w10 +ms.technology: windows +ms.localizationpriority: medium +ms.date: 11/06/2020 +--- + +# Change history for Mobile Device Management documentation + +As of November 2020 This page will no longer be updated. This article lists new and updated articles for the Mobile Device Management (MDM) documentation. Updated articles are those articles that had content addition, removal, or corrections—minor fixes, such as correction of typos, style, or formatting issues aren't listed. + +## November 2020 + +|New or updated article | Description| +|--- | ---| +| [Policy CSP](mdm/policy-configuration-service-provider.md) | Added the following new policy:
    - [Multitasking/BrowserAltTabBlowout](mdm/policy-csp-multitasking.md#multitasking-browseralttabblowout) | +| [SurfaceHub CSP](mdm/surfacehub-csp.md) | Added the following new node:
    -Properties/SleepMode | + +## October 2020 + +|New or updated article | Description| +|--- | ---| +| [Policy CSP](mdm/policy-configuration-service-provider.md) | Added the following new policies
    - [Experience/DisableCloudOptimizedContent](mdm/policy-csp-experience.md#experience-disablecloudoptimizedcontent)
    - [LocalUsersAndGroups/Configure](mdm/policy-csp-localusersandgroups.md#localusersandgroups-configure)
    - [MixedReality/AADGroupMembershipCacheValidityInDays](mdm/policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
    - [MixedReality/BrightnessButtonDisabled](mdm/policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
    - [MixedReality/FallbackDiagnostics](mdm/policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
    - [MixedReality/MicrophoneDisabled](mdm/policy-csp-mixedreality.md#mixedreality-microphonedisabled)
    - [MixedReality/VolumeButtonDisabled](mdm/policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
    - [Update/DisableWUfBSafeguards](mdm/policy-csp-update.md#update-disablewufbsafeguards)
    - [WindowsSandbox/AllowAudioInput](mdm/policy-csp-windowssandbox.md#windowssandbox-allowaudioinput)
    - [WindowsSandbox/AllowClipboardRedirection](mdm/policy-csp-windowssandbox.md#windowssandbox-allowclipboardredirection)
    - [WindowsSandbox/AllowNetworking](mdm/policy-csp-windowssandbox.md#windowssandbox-allownetworking)
    - [WindowsSandbox/AllowPrinterRedirection](mdm/policy-csp-windowssandbox.md#windowssandbox-allowprinterredirection)
    - [WindowsSandbox/AllowVGPU](mdm/policy-csp-windowssandbox.md#windowssandbox-allowvgpu)
    - [WindowsSandbox/AllowVideoInput](mdm/policy-csp-windowssandbox.md#windowssandbox-allowvideoinput) | + +## September 2020 + +|New or updated article | Description| +|--- | ---| +|[NetworkQoSPolicy CSP](mdm/networkqospolicy-csp.md)|Updated support information of the NetworkQoSPolicy CSP.| +|[Policy CSP - LocalPoliciesSecurityOptions](mdm/policy-csp-localpoliciessecurityoptions.md)|Removed the following unsupported LocalPoliciesSecurityOptions policy settings from the documentation:
    - RecoveryConsole_AllowAutomaticAdministrativeLogon
    - DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways
    - DomainMember_DigitallyEncryptSecureChannelDataWhenPossible
    - DomainMember_DisableMachineAccountPasswordChanges
    - SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems
    | + +## August 2020 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - System](mdm/policy-csp-system.md)|Removed the following policy settings:
    - System/AllowDesktopAnalyticsProcessing
    - System/AllowMicrosoftManagedDesktopProcessing
    - System/AllowUpdateComplianceProcessing
    - System/AllowWUfBCloudProcessing
    | + +## July 2020 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - System](mdm/policy-csp-system.md)|Added the following new policy settings:
    - System/AllowDesktopAnalyticsProcessing
    - System/AllowMicrosoftManagedDesktopProcessing
    - System/AllowUpdateComplianceProcessing
    - System/AllowWUfBCloudProcessing


    Updated the following policy setting:
    - System/AllowCommercialDataPipeline
    | + +## June 2020 + +|New or updated article | Description| +|--- | ---| +|[BitLocker CSP](mdm/bitlocker-csp.md)|Added SKU support table for **AllowStandardUserEncryption**.| +|[Policy CSP - NetworkIsolation](mdm/policy-csp-networkisolation.md)|Updated the description from Boolean to Integer for the following policy settings:
    EnterpriseIPRangesAreAuthoritative, EnterpriseProxyServersAreAuthoritative.| + +## May 2020 + +|New or updated article | Description| +|--- | ---| +|[BitLocker CSP](mdm/bitlocker-csp.md)|Added the bitmask table for the Status/DeviceEncryptionStatus node.| +|[Policy CSP - RestrictedGroups](mdm/policy-csp-restrictedgroups.md)| Updated the topic with more details. Added policy timeline table. + +## February 2020 + +|New or updated article | Description| +|--- | ---| +|[CertificateStore CSP](mdm/certificatestore-csp.md)
    [ClientCertificateInstall CSP](mdm/clientcertificateinstall-csp.md)|Added details about SubjectName value.| + +## January 2020 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - Defender](mdm/policy-csp-defender.md)|Added descriptions for supported actions for Defender/ThreatSeverityDefaultAction.| + +## November 2019 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - DeliveryOptimization](mdm/policy-csp-deliveryoptimization.md)|Added option 5 in the supported values list for DeliveryOptimization/DOGroupIdSource.| +|[DiagnosticLog CSP](mdm/diagnosticlog-csp.md)|Added substantial updates to this CSP doc.| + +## October 2019 + +|New or updated article | Description| +|--- | ---| +|[BitLocker CSP](mdm/bitlocker-csp.md)|Added the following new nodes:
    ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.| +|[Defender CSP](mdm/defender-csp.md)|Added the following new nodes:
    Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.| + +## September 2019 + +|New or updated article | Description| +|--- | ---| +|[EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md)|Added the following new node:
    IsStub.| +|[Policy CSP - Defender](mdm/policy-csp-defender.md)|Updated the supported value list for Defender/ScheduleScanDay policy.| +|[Policy CSP - DeviceInstallation](mdm/policy-csp-deviceinstallation.md)|Added the following new policies:
    DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs, DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs.| + +## August 2019 + +|New or updated article | Description| +|--- | ---| +|[DiagnosticLog CSP](mdm/diagnosticlog-csp.md)
    [DiagnosticLog DDF](mdm/diagnosticlog-ddf.md)|Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes:
    Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelName/MaximumFileSize, Policy/Channels/ChannelName/SDDL, Policy/Channels/ChannelName/ActionWhenFull, Policy/Channels/ChannelName/Enabled, DiagnosticArchive, DiagnosticArchive/ArchiveDefinition, DiagnosticArchive/ArchiveResults.| +|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Enhanced the article to include more reference links and the following two topics:
    Verify auto-enrollment requirements and settings, Troubleshoot auto-enrollment of devices.| + +## July 2019 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following list:
    Policies supported by HoloLens 2| +|[ApplicationControl CSP](mdm/applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.| +|[PassportForWork CSP](mdm/passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903:
    SecurityKey, SecurityKey/UseSecurityKeyForSignin| +|[Policy CSP - Privacy](mdm/policy-csp-privacy.md)|Added the following new policies:
    LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock| +|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs isn't currently supported:
    Create a custom configuration service provider
    Design a custom configuration service provider
    IConfigServiceProvider2
    IConfigServiceProvider2::ConfigManagerNotification
    IConfigServiceProvider2::GetNode
    ICSPNode
    ICSPNode::Add
    ICSPNode::Clear
    ICSPNode::Copy
    ICSPNode::DeleteChild
    ICSPNode::DeleteProperty
    ICSPNode::Execute
    ICSPNode::GetChildNodeNames
    ICSPNode::GetProperty
    ICSPNode::GetPropertyIdentifiers
    ICSPNode::GetValue
    ICSPNode::Move
    ICSPNode::SetProperty
    ICSPNode::SetValue
    ICSPNodeTransactioning
    ICSPValidate
    Samples for writing a custom configuration service provider.| + +## June 2019 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - DeviceHealthMonitoring](mdm/policy-csp-devicehealthmonitoring.md)|Added the following new policies:
    AllowDeviceHealthMonitoring, ConfigDeviceHealthMonitoringScope, ConfigDeviceHealthMonitoringUploadDestination.| +|[Policy CSP - TimeLanguageSettings](mdm/policy-csp-timelanguagesettings.md)|Added the following new policy:
    ConfigureTimeZone.| + +## May 2019 + +|New or updated article | Description| +|--- | ---| +|[DeviceStatus CSP](mdm/devicestatus-csp.md)|Updated description of the following nodes:
    DeviceStatus/Antivirus/SignatureStatus, DeviceStatus/Antispyware/SignatureStatus.| +|[EnrollmentStatusTracking CSP](mdm/enrollmentstatustracking-csp.md)|Added new CSP in Windows 10, version 1903.| +|[Policy CSP - DeliveryOptimization](mdm/policy-csp-deliveryoptimization.md)|Added the following new policies:
    DODelayCacheServerFallbackBackground, DODelayCacheServerFallbackForeground.

    Updated description of the following policies:
    DOMinRAMAllowedToPeer, DOMinFileSizeToCache, DOMinDiskSizeAllowedToPeer.| +|[Policy CSP - Experience](mdm/policy-csp-experience.md)|Added the following new policy:
    ShowLockOnUserTile.| +|[Policy CSP - InternetExplorer](mdm/policy-csp-internetexplorer.md)|Added the following new policies:
    AllowEnhancedSuggestionsInAddressBar, DisableActiveXVersionListAutoDownload, DisableCompatView, DisableFeedsBackgroundSync, DisableGeolocation, DisableWebAddressAutoComplete, NewTabDefaultPage.| +|[Policy CSP - Power](mdm/policy-csp-power.md)|Added the following new policies:
    EnergySaverBatteryThresholdOnBattery, EnergySaverBatteryThresholdPluggedIn, SelectLidCloseActionOnBattery, SelectLidCloseActionPluggedIn, SelectPowerButtonActionOnBattery, SelectPowerButtonActionPluggedIn, SelectSleepButtonActionOnBattery, SelectSleepButtonActionPluggedIn, TurnOffHybridSleepOnBattery, TurnOffHybridSleepPluggedIn, UnattendedSleepTimeoutOnBattery, UnattendedSleepTimeoutPluggedIn.| +|[Policy CSP - Search](mdm/policy-csp-search.md)|Added the following new policy:
    AllowFindMyFiles.| +|[Policy CSP - ServiceControlManager](mdm/policy-csp-servicecontrolmanager.md)|Added the following new policy:
    SvchostProcessMitigation.| +|[Policy CSP - System](mdm/policy-csp-system.md)|Added the following new policies:
    AllowCommercialDataPipeline, TurnOffFileHistory.| +|[Policy CSP - Troubleshooting](mdm/policy-csp-troubleshooting.md)|Added the following new policy:
    AllowRecommendations.| +|[Policy CSP - Update](mdm/policy-csp-update.md)|Added the following new policies:
    AutomaticMaintenanceWakeUp, ConfigureDeadlineForFeatureUpdates, ConfigureDeadlineForQualityUpdates, ConfigureDeadlineGracePeriod, ConfigureDeadlineNoAutoReboot.| +|[Policy CSP - WindowsLogon](mdm/policy-csp-windowslogon.md)|Added the following new policies:
    AllowAutomaticRestartSignOn, ConfigAutomaticRestartSignOn, EnableFirstLogonAnimation.

    Removed the following policy:
    SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart. This policy is replaced by AllowAutomaticRestartSignOn.| + +## April 2019 + +| New or updated article | Description | +|-------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) | Added the following warning at the end of the Overview section:
    Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it doesn't. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined. | +| [Policy CSP - UserRights](mdm/policy-csp-userrights.md) | Added a note stating if you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag () to wrap the data fields. | + +## March 2019 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - Storage](mdm/policy-csp-storage.md)|Updated ADMX Info of the following policies:
    AllowStorageSenseGlobal, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseCloudContentDehydrationThreshold, ConfigStorageSenseDownloadsCleanupThreshold, ConfigStorageSenseGlobalCadence, ConfigStorageSenseRecycleBinCleanupThreshold.

    Updated description of ConfigStorageSenseDownloadsCleanupThreshold.| + +## February 2019 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP](mdm/policy-configuration-service-provider.md)|Updated supported policies for Holographic.| + +## January 2019 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - Storage](mdm/policy-csp-storage.md)|Added the following new policies: AllowStorageSenseGlobal, ConfigStorageSenseGlobalCadence, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseRecycleBinCleanupThreshold, ConfigStorageSenseDownloadsCleanupThreshold, and ConfigStorageSenseCloudContentCleanupThreshold.| +|[SharedPC CSP](mdm/sharedpc-csp.md)|Updated values and supported operations.| +|[Mobile device management](mdm/index.yml)|Updated information about MDM Security Baseline.| + +## December 2018 + +|New or updated article | Description| +|--- | ---| +|[BitLocker CSP](mdm/bitlocker-csp.md)|Updated AllowWarningForOtherDiskEncryption policy description to describe silent and non-silent encryption scenarios, as well as where and how the recovery key is backed up for each scenario.| + +## September 2018 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - DeviceGuard](mdm/policy-csp-deviceguard.md) | Updated ConfigureSystemGuardLaunch policy and replaced EnableSystemGuard with it.| + +## August 2018 + +|New or updated article|Description| +|--- |--- | +|[BitLocker CSP](mdm/bitlocker-csp.md)|Added support for Windows 10 Pro starting in the version 1809.| +|[Office CSP](mdm/office-csp.md)|Added FinalStatus setting in Windows 10, version 1809.| +|[RemoteWipe CSP](mdm/remotewipe-csp.md)|Added new settings in Windows 10, version 1809.| +|[TenantLockdown CSP](mdm/tenantlockdown-csp.md)|Added new CSP in Windows 10, version 1809.| +|[WindowsDefenderApplicationGuard CSP](mdm/windowsdefenderapplicationguard-csp.md)|Added new settings in Windows 10, version 1809.| +|[Policy DDF file](mdm/policy-ddf-file.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.| +|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
  • Browser/AllowFullScreenMode
  • Browser/AllowPrelaunch
  • Browser/AllowPrinting
  • Browser/AllowSavingHistory
  • Browser/AllowSideloadingOfExtensions
  • Browser/AllowTabPreloading
  • Browser/AllowWebContentOnNewTabPage
  • Browser/ConfigureFavoritesBar
  • Browser/ConfigureHomeButton
  • Browser/ConfigureKioskMode
  • Browser/ConfigureKioskResetAfterIdleTimeout
  • Browser/ConfigureOpenMicrosoftEdgeWith
  • Browser/ConfigureTelemetryForMicrosoft365Analytics
  • Browser/PreventCertErrorOverrides
  • Browser/SetHomeButtonURL
  • Browser/SetNewTabPageURL
  • Browser/UnlockHomeButton
  • Experience/DoNotSyncBrowserSettings
  • Experience/PreventUsersFromTurningOnBrowserSyncing
  • Kerberos/UPNNameHints
  • Privacy/AllowCrossDeviceClipboard
  • Privacy
  • DisablePrivacyExperience
  • Privacy/UploadUserActivities
  • System/AllowDeviceNameInDiagnosticData
  • System/ConfigureMicrosoft365UploadEndpoint
  • System/DisableDeviceDelete
  • System/DisableDiagnosticDataViewer
  • Storage/RemovableDiskDenyWriteAccess
  • Update/UpdateNotificationLevel

    Start/DisableContextMenus - added in Windows 10, version 1803.

    RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.| + +## July 2018 + +|New or updated article|Description| +|--- |--- | +|[AssignedAccess CSP](mdm/assignedaccess-csp.md)|Added the following note:

    You can only assign one single app kiosk profile to an individual user account on a device. The single app profile doesn't support domain groups.| +|[PassportForWork CSP](mdm/passportforwork-csp.md)|Added new settings in Windows 10, version 1809.| +|[EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md)|Added NonRemovable setting under AppManagement node in Windows 10, version 1809.| +|[Win32CompatibilityAppraiser CSP](mdm/win32compatibilityappraiser-csp.md)|Added new configuration service provider in Windows 10, version 1809.| +|[WindowsLicensing CSP](mdm/windowslicensing-csp.md)|Added S mode settings and SyncML examples in Windows 10, version 1809.| +|[SUPL CSP](mdm/supl-csp.md)|Added three new certificate nodes in Windows 10, version 1809.| +|[Defender CSP](mdm/defender-csp.md)|Added a new node Health/ProductStatus in Windows 10, version 1809.| +|[BitLocker CSP](mdm/bitlocker-csp.md)|Added a new node AllowStandardUserEncryption in Windows 10, version 1809.| +|[DevDetail CSP](mdm/devdetail-csp.md)|Added a new node SMBIOSSerialNumber in Windows 10, version 1809.| +|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
  • ApplicationManagement/LaunchAppAfterLogOn
  • ApplicationManagement/ScheduleForceRestartForUpdateFailures
  • Authentication/EnableFastFirstSignIn (Preview mode only)
  • Authentication/EnableWebSignIn (Preview mode only)
  • Authentication/PreferredAadTenantDomainName
  • Defender/CheckForSignaturesBeforeRunningScan
  • Defender/DisableCatchupFullScan
  • Defender/DisableCatchupQuickScan
  • Defender/EnableLowCPUPriority
  • Defender/SignatureUpdateFallbackOrder
  • Defender/SignatureUpdateFileSharesSources
  • DeviceGuard/ConfigureSystemGuardLaunch
  • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
  • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
  • DeviceInstallation/PreventDeviceMetadataFromNetwork
  • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
  • DmaGuard/DeviceEnumerationPolicy
  • Experience/AllowClipboardHistory
  • Security/RecoveryEnvironmentAuthentication
  • TaskManager/AllowEndTask
  • WindowsDefenderSecurityCenter/DisableClearTpmButton
  • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
  • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
  • WindowsLogon/DontDisplayNetworkSelectionUI

    Recent changes:
  • DataUsage/SetCost3G - deprecated in Windows 10, version 1809.| + +## June 2018 + +|New or updated article|Description| +|--- |--- | +|[Wifi CSP](mdm/wifi-csp.md)|Added a new node WifiCost in Windows 10, version 1809.| +|[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)|Recent changes:
  • Added procedure for collecting logs remotely from Windows 10 Holographic.
  • Added procedure for downloading the MDM Diagnostic Information log.| +|[BitLocker CSP](mdm/bitlocker-csp.md)|Added new node AllowStandardUserEncryption in Windows 10, version 1809.| +|[Policy CSP](mdm/policy-configuration-service-provider.md)|Recent changes:
  • AccountPoliciesAccountLockoutPolicy
  • AccountLockoutDuration - removed from docs. Not supported.
  • AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
  • AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
  • LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
  • System/AllowFontProviders isn't supported in HoloLens (first gen) Commercial Suite.
  • Security/RequireDeviceEncryption is supported in the Home SKU.
  • Start/StartLayout - added a table of SKU support information.
  • Start/ImportEdgeAssets - added a table of SKU support information.

    Added the following new policies in Windows 10, version 1809:
  • Update/EngagedRestartDeadlineForFeatureUpdates
  • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
  • Update/EngagedRestartTransitionScheduleForFeatureUpdates
  • Update/SetDisablePauseUXAccess
  • Update/SetDisableUXWUAccess| +|[WiredNetwork CSP](mdm/wirednetwork-csp.md)|New CSP added in Windows 10, version 1809.| + +## May 2018 + +|New or updated article|Description| +|--- |--- | +|[Policy DDF file](mdm/policy-ddf-file.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.
  • [Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
  • [Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)| + +## April 2018 + +|New or updated article|Description| +|--- |--- | +|[WindowsDefenderApplicationGuard CSP](mdm/windowsdefenderapplicationguard-csp.md)|Added the following node in Windows 10, version 1803:
  • Settings/AllowVirtualGPU
  • Settings/SaveFilesToHost| +|[NetworkProxy CSP](mdm/networkproxy-csp.md)|Added the following node in Windows 10, version 1803:
  • ProxySettingsPerUser| +|[Accounts CSP](mdm/accounts-csp.md)|Added a new CSP in Windows 10, version 1803.| +|[CSP DDF files download](mdm/configuration-service-provider-ddf.md)|Added the DDF download of Windows 10, version 1803 configuration service providers.| +|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • Bluetooth/AllowPromptedProximalConnections
  • KioskBrowser/EnableEndSessionButton
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers| + +## March 2018 + +|New or updated article|Description| +|--- |--- | +|[eUICCs CSP](mdm/euiccs-csp.md)|Added the following node in Windows 10, version 1803:
  • IsEnabled| +|[DeviceStatus CSP](mdm/devicestatus-csp.md)|Added the following node in Windows 10, version 1803:
  • OS/Mode| +|[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)|Added the following videos:
  • [How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune](https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121)
  • [How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)| +|[AccountManagement CSP](mdm/accountmanagement-csp.md)|Added a new CSP in Windows 10, version 1803.| +|[RootCATrustedCertificates CSP](mdm/rootcacertificates-csp.md)|Added the following node in Windows 10, version 1803:
  • UntrustedCertificates| +|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • ApplicationDefaults/EnableAppUriHandlers
  • ApplicationManagement/MSIAllowUserControlOverInstall
  • ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
  • Connectivity/AllowPhonePCLinking
  • Notifications/DisallowCloudNotification
  • Notifications/DisallowTileNotification
  • RestrictedGroups/ConfigureGroupMembership

    The following existing policies were updated:
  • Browser/AllowCookies - updated the supported values. There are three values - 0, 1, 2.
  • InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
  • TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.

    Added a new section:
  • [[Policies in Policy CSP supported by Group Policy](mdm/policies-in-policy-csp-supported-by-group-policy.md) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.| +|[Policy CSP - Bluetooth](mdm/policy-csp-bluetooth.md)|Added new section [ServicesAllowedList usage guide](mdm/policy-csp-bluetooth.md#servicesallowedlist-usage-guide).| +|[MultiSIM CSP](mdm/multisim-csp.md)|Added SyncML examples and updated the settings descriptions.| +|[RemoteWipe CSP](mdm/remotewipe-csp.md)|Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.| + +## February 2018 + +|New or updated article|Description| +|--- |--- | +|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • Display/DisablePerProcessDpiForApps
  • Display/EnablePerProcessDpi
  • Display/EnablePerProcessDpiForApps
  • Experience/AllowWindowsSpotlightOnSettings
  • TextInput/ForceTouchKeyboardDockedState
  • TextInput/TouchKeyboardDictationButtonAvailability
  • TextInput/TouchKeyboardEmojiButtonAvailability
  • TextInput/TouchKeyboardFullModeAvailability
  • TextInput/TouchKeyboardHandwritingModeAvailability
  • TextInput/TouchKeyboardNarrowModeAvailability
  • TextInput/TouchKeyboardSplitModeAvailability
  • TextInput/TouchKeyboardWideModeAvailability| +|[VPNv2 ProfileXML XSD](mdm/vpnv2-profile-xsd.md)|Updated the XSD and Plug-in profile example for VPNv2 CSP.| +|[AssignedAccess CSP](mdm/assignedaccess-csp.md)|Added the following nodes in Windows 10, version 1803:
  • Status
  • ShellLauncher
  • StatusConfiguration

    Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (first gen) Commercial Suite. Added example for HoloLens (first gen) Commercial Suite.| +|[MultiSIM CSP](mdm/multisim-csp.md)|Added a new CSP in Windows 10, version 1803.| +|[EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md)|Added the following node in Windows 10, version 1803:
  • MaintainProcessorArchitectureOnUpdate| + +## January 2018 + +|New or updated article|Description| +|--- |--- | +|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • Browser/AllowConfigurationUpdateForBooksLibrary
  • Browser/AlwaysEnableBooksLibrary
  • Browser/EnableExtendedBooksTelemetry
  • Browser/UseSharedFolderForBooks
  • DeliveryOptimization/DODelayBackgroundDownloadFromHttp
  • DeliveryOptimization/DODelayForegroundDownloadFromHttp
  • DeliveryOptimization/DOGroupIdSource
  • DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
  • DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
  • DeliveryOptimization/DORestrictPeerSelectionBy
  • DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
  • DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
  • KioskBrowser/BlockedUrlExceptions
  • KioskBrowser/BlockedUrls
  • KioskBrowser/DefaultURL
  • KioskBrowser/EnableHomeButton
  • KioskBrowser/EnableNavigationButtons
  • KioskBrowser/RestartOnIdleTime
  • LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
  • LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
  • LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
  • LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
  • LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
  • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
  • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
  • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
  • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
  • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
  • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
  • LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
  • LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
  • LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
  • LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
  • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
  • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
  • LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
  • LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
  • RestrictedGroups/ConfigureGroupMembership
  • Search/AllowCortanaInAAD
  • Search/DoNotUseWebResults
  • Security/ConfigureWindowsPasswords
  • System/FeedbackHubAlwaysSaveDiagnosticsLocally
  • SystemServices/ConfigureHomeGroupListenerServiceStartupMode
  • SystemServices/ConfigureHomeGroupProviderServiceStartupMode
  • SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
  • SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
  • SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
  • SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
  • TaskScheduler/EnableXboxGameSaveTask
  • TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
  • Update/ConfigureFeatureUpdateUninstallPeriod
  • UserRights/AccessCredentialManagerAsTrustedCaller
  • UserRights/AccessFromNetwork
  • UserRights/ActAsPartOfTheOperatingSystem
  • UserRights/AllowLocalLogOn
  • UserRights/BackupFilesAndDirectories
  • UserRights/ChangeSystemTime
  • UserRights/CreateGlobalObjects
  • UserRights/CreatePageFile
  • UserRights/CreatePermanentSharedObjects
  • UserRights/CreateSymbolicLinks
  • UserRights/CreateToken
  • UserRights/DebugPrograms
  • UserRights/DenyAccessFromNetwork
  • UserRights/DenyLocalLogOn
  • UserRights/DenyRemoteDesktopServicesLogOn
  • UserRights/EnableDelegation
  • UserRights/GenerateSecurityAudits
  • UserRights/ImpersonateClient
  • UserRights/IncreaseSchedulingPriority
  • UserRights/LoadUnloadDeviceDrivers
  • UserRights/LockMemory
  • UserRights/ManageAuditingAndSecurityLog
  • UserRights/ManageVolume
  • UserRights/ModifyFirmwareEnvironment
  • UserRights/ModifyObjectLabel
  • UserRights/ProfileSingleProcess
  • UserRights/RemoteShutdown
  • UserRights/RestoreFilesAndDirectories
  • UserRights/TakeOwnership
  • WindowsDefenderSecurityCenter/DisableAccountProtectionUI
  • WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
  • WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
  • WindowsDefenderSecurityCenter/HideSecureBoot
  • WindowsDefenderSecurityCenter/HideTPMTroubleshooting

    Added the following policies in Windows 10, version 1709
  • DeviceLock/MinimumPasswordAge
  • Settings/AllowOnlineTips
  • System/DisableEnterpriseAuthProxy

    Security/RequireDeviceEncryption - updated to show it's supported in desktop.| +|[BitLocker CSP](mdm/bitlocker-csp.md)|Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.| +|[EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md)|Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.| +|[DMClient CSP](mdm/dmclient-csp.md)|Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:
  • AADSendDeviceToken
  • BlockInStatusPage
  • AllowCollectLogsButton
  • CustomErrorText
  • SkipDeviceStatusPage
  • SkipUserStatusPage| +|[Defender CSP](mdm/defender-csp.md)|Added new node (OfflineScan) in Windows 10, version 1803.| +|[UEFI CSP](mdm/uefi-csp.md)|Added a new CSP in Windows 10, version 1803.| +|[Update CSP](mdm/update-csp.md)|Added the following nodes in Windows 10, version 1803:
  • Rollback
  • Rollback/FeatureUpdate
  • Rollback/QualityUpdateStatus
  • Rollback/FeatureUpdateStatus| + +## December 2017 + +|New or updated article|Description| +|--- |--- | +|[Configuration service provider reference](mdm/index.yml)|Added new section [CSP DDF files download](mdm/configuration-service-provider-ddf.md)| + +## November 2017 + +|New or updated article|Description| +|--- |--- | +|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following policies for Windows 10, version 1709:
  • Authentication/AllowFidoDeviceSignon
  • Cellular/LetAppsAccessCellularData
  • Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
  • Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
  • Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
  • Start/HidePeopleBar
  • Storage/EnhancedStorageDevices
  • Update/ManagePreviewBuilds
  • WirelessDisplay/AllowMdnsAdvertisement
  • WirelessDisplay/AllowMdnsDiscovery

    Added missing policies from previous releases:
  • Connectivity/DisallowNetworkConnectivityActiveTest
  • Search/AllowWindowsIndexer| + +## October 2017 + +| New or updated article | Description | +| --- | --- | +| [Policy DDF file](mdm/policy-ddf-file.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. | +| [Policy CSP](mdm/policy-configuration-service-provider.md) | Updated the following policies:

    - Defender/ControlledFolderAccessAllowedApplications - string separator is `|`
    - Defender/ControlledFolderAccessProtectedFolders - string separator is `|` | +| [eUICCs CSP](mdm/euiccs-csp.md) | Added new CSP in Windows 10, version 1709. | +| [AssignedAccess CSP](mdm/assignedaccess-csp.md) | Added SyncML examples for the new Configuration node. | +| [DMClient CSP](mdm/dmclient-csp.md) | Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics. | + +## September 2017 + +|New or updated article|Description| +|--- |--- | +|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
  • Authentication/AllowAadPasswordReset
  • Handwriting/PanelDefaultModeDocked
  • Search/AllowCloudSearch
  • System/LimitEnhancedDiagnosticDataWindowsAnalytics

    Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.| +|[AssignedAccess CSP](mdm/assignedaccess-csp.md)|Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.| +|Microsoft Store for Business and Microsoft Store|Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.| +|The [[MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)|The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:
  • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
  • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
  • DomainName - fully qualified domain name if the device is domain-joined.

    For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.| +|[EnterpriseAPN CSP](mdm/enterpriseapn-csp.md)|Added a SyncML example.| +|[VPNv2 CSP](mdm/vpnv2-csp.md)|Added RegisterDNS setting in Windows 10, version 1709.| +|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Added new topic to introduce a new Group Policy for automatic MDM enrollment.| +|[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)|New features in the Settings app:
  • User sees installation progress of critical policies during MDM enrollment.
  • User knows what policies, profiles, apps MDM has configured
  • IT helpdesk can get detailed MDM diagnostic information using client tools

    For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)| + +## August 2017 + +|New or updated article|Description| +|--- |--- | +|[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)|Added new step-by-step guide to enable ADMX-backed policies.| +|[Mobile device enrollment](mobile-device-enrollment.md)|Added the following statement:

    Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.| +|[CM_CellularEntries CSP](mdm/cm-cellularentries-csp.md)|Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.| +|[EnterpriseDataProtection CSP](mdm/enterprisedataprotection-csp.md)|Updated the Settings/EDPEnforcementLevel values to the following values:
  • 0 (default) – Off / No protection (decrypts previously protected data).
  • 1 – Silent mode (encrypt and audit only).
  • 2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
  • 3 – Hides overrides (encrypt, prompt but hide overrides, and audit).| +|[AppLocker CSP](mdm/applocker-csp.md)|Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in [Allowlist examples](mdm/applocker-csp.md#allow-list-examples).| +|[DeviceManageability CSP](mdm/devicemanageability-csp.md)|Added the following settings in Windows 10, version 1709:
  • Provider/ProviderID/ConfigInfo
  • Provider/ProviderID/EnrollmentInfo| +|[Office CSP](mdm/office-csp.md)|Added the following setting in Windows 10, version 1709:
  • Installation/CurrentStatus| +|[BitLocker CSP](mdm/bitlocker-csp.md)|Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to four digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.| +|[Firewall CSP](mdm/firewall-csp.md)|Updated the CSP and DDF topics. Here are the changes:
  • Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.
  • Changed some data types from integer to bool.
  • Updated the list of supported operations for some settings.
  • Added default values.| +|[Policy DDF file](mdm/policy-ddf-file.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:
  • Browser/AllowMicrosoftCompatibilityList
  • Update/DisableDualScan
  • Update/FillEmptyContentUrls| +|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
  • Browser/ProvisionFavorites
  • Browser/LockdownFavorites
  • ExploitGuard/ExploitProtectionSettings
  • Games/AllowAdvancedGamingServices
  • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
  • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
  • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
  • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
  • LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
  • LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
  • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
  • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
  • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
  • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
  • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
  • LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
  • LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
  • Privacy/EnableActivityFeed
  • Privacy/PublishUserActivities
  • Update/DisableDualScan
  • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork

    Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.

    Changed the names of the following policies:
  • Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
  • Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
  • Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess

    Added links to the extra [ADMX-backed BitLocker policies](mdm/policy-csp-bitlocker.md).

    There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:
  • Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
  • Start/HideAppList| diff --git a/windows/client-management/mdm/config-lock.md b/windows/client-management/config-lock.md similarity index 64% rename from windows/client-management/mdm/config-lock.md rename to windows/client-management/config-lock.md index a9339f8e76..8f6d53b7b7 100644 --- a/windows/client-management/mdm/config-lock.md +++ b/windows/client-management/config-lock.md @@ -81,50 +81,50 @@ Config lock is designed to ensure that a secured-core PC isn't unintentionally m |**CSPs** | |-----| -|[BitLocker](bitlocker-csp.md) | -|[PassportForWork](passportforwork-csp.md) | -|[WindowsDefenderApplicationGuard](windowsdefenderapplicationguard-csp.md) | -|[ApplicationControl](applicationcontrol-csp.md) +|[BitLocker](mdm/bitlocker-csp.md) | +|[PassportForWork](mdm/passportforwork-csp.md) | +|[WindowsDefenderApplicationGuard](mdm/windowsdefenderapplicationguard-csp.md) | +|[ApplicationControl](mdm/applicationcontrol-csp.md) |**MDM policies** | **Supported by Group Policy** | |-----|-----| -|[DataProtection/AllowDirectMemoryAccess](policy-csp-dataprotection.md) | No | -|[DataProtection/LegacySelectiveWipeID](policy-csp-dataprotection.md) | No | -|[DeviceGuard/ConfigureSystemGuardLaunch](policy-csp-deviceguard.md) | Yes | -|[DeviceGuard/EnableVirtualizationBasedSecurity](policy-csp-deviceguard.md) | Yes | -|[DeviceGuard/LsaCfgFlags](policy-csp-deviceguard.md) | Yes | -|[DeviceGuard/RequirePlatformSecurityFeatures](policy-csp-deviceguard.md) | Yes | -|[DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](policy-csp-deviceinstallation.md) | Yes | -|[DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md) | Yes | -|[DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](policy-csp-deviceinstallation.md) | Yes | -|[DeviceInstallation/PreventDeviceMetadataFromNetwork](policy-csp-deviceinstallation.md) | Yes | -|[DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](policy-csp-deviceinstallation.md) | Yes | -|[DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](policy-csp-deviceinstallation.md) | Yes | -|[DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md) | Yes | -|[DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](policy-csp-deviceinstallation.md) | Yes | -|[DmaGuard/DeviceEnumerationPolicy](policy-csp-dmaguard.md) | Yes | -|[WindowsDefenderSecurityCenter/CompanyName](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/DisableAccountProtectionUI](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/DisableAppBrowserUI](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/DisableClearTpmButton](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/DisableEnhancedNotifications](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/DisableFamilyUI](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/DisableHealthUI](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/DisableNetworkUI](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/DisableNotifications](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](policy-csp-windowsdefendersecuritycenter.md)| Yes | -|[WindowsDefenderSecurityCenter/DisableVirusUI](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/Email](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/EnableCustomizedToasts](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/EnableInAppCustomization](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/HideSecureBoot](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/HideTPMTroubleshooting](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/Phone](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[WindowsDefenderSecurityCenter/URL](policy-csp-windowsdefendersecuritycenter.md) | Yes | -|[SmartScreen/EnableAppInstallControl](policy-csp-smartscreen.md)| Yes | -|[SmartScreen/EnableSmartScreenInShell](policy-csp-smartscreen.md) | Yes | -|[SmartScreen/PreventOverrideForFilesInShell](policy-csp-smartscreen.md) | Yes | +|[DataProtection/AllowDirectMemoryAccess](mdm/policy-csp-dataprotection.md) | No | +|[DataProtection/LegacySelectiveWipeID](mdm/policy-csp-dataprotection.md) | No | +|[DeviceGuard/ConfigureSystemGuardLaunch](mdm/policy-csp-deviceguard.md) | Yes | +|[DeviceGuard/EnableVirtualizationBasedSecurity](mdm/policy-csp-deviceguard.md) | Yes | +|[DeviceGuard/LsaCfgFlags](mdm/policy-csp-deviceguard.md) | Yes | +|[DeviceGuard/RequirePlatformSecurityFeatures](mdm/policy-csp-deviceguard.md) | Yes | +|[DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](mdm/policy-csp-deviceinstallation.md) | Yes | +|[DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](mdm/policy-csp-deviceinstallation.md) | Yes | +|[DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](mdm/policy-csp-deviceinstallation.md) | Yes | +|[DeviceInstallation/PreventDeviceMetadataFromNetwork](mdm/policy-csp-deviceinstallation.md) | Yes | +|[DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](mdm/policy-csp-deviceinstallation.md) | Yes | +|[DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](mdm/policy-csp-deviceinstallation.md) | Yes | +|[DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](mdm/policy-csp-deviceinstallation.md) | Yes | +|[DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](mdm/policy-csp-deviceinstallation.md) | Yes | +|[DmaGuard/DeviceEnumerationPolicy](mdm/policy-csp-dmaguard.md) | Yes | +|[WindowsDefenderSecurityCenter/CompanyName](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/DisableAccountProtectionUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/DisableAppBrowserUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/DisableClearTpmButton](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/DisableEnhancedNotifications](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/DisableFamilyUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/DisableHealthUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/DisableNetworkUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/DisableNotifications](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](mdm/policy-csp-windowsdefendersecuritycenter.md)| Yes | +|[WindowsDefenderSecurityCenter/DisableVirusUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/Email](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/EnableCustomizedToasts](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/EnableInAppCustomization](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/HideSecureBoot](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/HideTPMTroubleshooting](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/Phone](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[WindowsDefenderSecurityCenter/URL](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes | +|[SmartScreen/EnableAppInstallControl](mdm/policy-csp-smartscreen.md)| Yes | +|[SmartScreen/EnableSmartScreenInShell](mdm/policy-csp-smartscreen.md) | Yes | +|[SmartScreen/PreventOverrideForFilesInShell](mdm/policy-csp-smartscreen.md) | Yes | diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/data-structures-windows-store-for-business.md similarity index 100% rename from windows/client-management/mdm/data-structures-windows-store-for-business.md rename to windows/client-management/data-structures-windows-store-for-business.md diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/device-update-management.md similarity index 98% rename from windows/client-management/mdm/device-update-management.md rename to windows/client-management/device-update-management.md index bd5f317fc2..e63e9da775 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/device-update-management.md @@ -1,7 +1,7 @@ --- title: Mobile device management MDM for device updates description: Windows 10 provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -12,7 +12,7 @@ ms.date: 11/15/2017 ms.collection: highpri --- -# Mobile device management (MDM) for device updates +# Mobile device management (MDM) for device updates >[!TIP] >If you're not a developer or administrator, you'll find more helpful information in the [Windows Update: Frequently Asked Questions](https://support.microsoft.com/help/12373/windows-update-faq). @@ -36,7 +36,7 @@ In Windows 10, the MDM protocol has been extended to better enable IT admins to The OMA DM APIs for specifying update approvals and getting compliance status refer to updates by using an Update ID. The Update ID is a GUID that identifies a particular update. The MDM will want to show IT-friendly information about the update, instead of a raw GUID, including the update’s title, description, KB, update type, like a security update or service pack. For more information, see [\[MS-WSUSSS\]: Windows Update Services: Server-Server Protocol](/openspecs/windows_protocols/ms-wsusss/f49f0c3e-a426-4b4b-b401-9aeb2892815c). -For more information about the CSPs, see [Update CSP](update-csp.md) and the update policy area of the [Policy CSP](policy-configuration-service-provider.md). +For more information about the CSPs, see [Update CSP](mdm/update-csp.md) and the update policy area of the [Policy CSP](mdm/policy-configuration-service-provider.md). The following diagram provides a conceptual overview of how this works: @@ -130,11 +130,11 @@ The following list describes a suggested model for applying updates. 2. In the Test group, just let all updates flow. 3. In the All Group, set up Quality Update deferral for seven days. Then, Quality Updates will be auto approved after the seven days. Definition Updates are excluded from Quality Update deferrals, and will be auto approved when they're available. This schedule can be done by setting Update/DeferQualityUpdatesPeriodInDays to seven, and just letting updates flow after seven days or pushing Pause if any issues. -Updates are configured using a combination of the [Update CSP](update-csp.md), and the update portion of the [Policy CSP](policy-configuration-service-provider.md). +Updates are configured using a combination of the [Update CSP](mdm/update-csp.md), and the update portion of the [Policy CSP](mdm/policy-configuration-service-provider.md). ### Update policies -The enterprise IT can configure auto-update policies via OMA DM using the [Policy CSP](policy-configuration-service-provider.md) (this functionality isn't supported in Windows 10 Home). Here's the CSP diagram for the Update node in Policy CSP. +The enterprise IT can configure auto-update policies via OMA DM using the [Policy CSP](mdm/policy-configuration-service-provider.md) (this functionality isn't supported in Windows 10 Home). Here's the CSP diagram for the Update node in Policy CSP. The following information shows the Update policies in a tree format. @@ -179,7 +179,7 @@ Policy **Update/ActiveHoursEnd** > [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education +> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education Added in Windows 10, version 1607. When used with **Update/ActiveHoursStart**, it allows the IT admin to manage a range of active hours where update reboots aren't scheduled. This value sets the end time. There's a 12-hour maximum from start time. @@ -193,7 +193,7 @@ The default is 17 (5 PM). **Update/ActiveHoursMaxRange** > [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. +> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time. @@ -235,7 +235,7 @@ The following list shows the supported values: > [!IMPORTANT] > This option should be used only for systems under regulatory compliance, as you will not get security updates as well. - + If the policy isn't configured, end users get the default behavior (Auto install and restart). @@ -312,7 +312,7 @@ The following list shows the supported values: **Update/BranchReadinessLevel** > [!NOTE] -> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education +> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. @@ -680,7 +680,7 @@ Value type is string and the default value is an empty string. If the setting is ### Update management -The enterprise IT can configure the set of approved updates and get compliance status via OMA DM using the [Update CSP](update-csp.md). The following information shows the Update CSP in tree format. +The enterprise IT can configure the set of approved updates and get compliance status via OMA DM using the [Update CSP](mdm/update-csp.md). The following information shows the Update CSP in tree format. ```console ./Vendor/MSFT @@ -731,7 +731,7 @@ The update approval list enables IT to approve individual updates and update cla > [!NOTE] > For the Windows 10 build, the client may need to reboot after additional updates are added. - + Supported operations are Get and Add. @@ -835,7 +835,7 @@ Supported operation is Get. ## Windows 10, version 1607 for update management -Here are the new policies added in Windows 10, version 1607 in [Policy CSP](policy-configuration-service-provider.md). Use these policies for the Windows 10, version 1607 devices. +Here are the new policies added in Windows 10, version 1607 in [Policy CSP](mdm/policy-configuration-service-provider.md). Use these policies for the Windows 10, version 1607 devices. - Update/ActiveHoursEnd - Update/ActiveHoursStart diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/diagnose-mdm-failures-in-windows-10.md similarity index 94% rename from windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md rename to windows/client-management/diagnose-mdm-failures-in-windows-10.md index b28a49b37e..68e7e7b72b 100644 --- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md +++ b/windows/client-management/diagnose-mdm-failures-in-windows-10.md @@ -1,7 +1,7 @@ --- title: Diagnose MDM failures in Windows 10 description: Learn how to collect MDM logs. Examining these logs can help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -19,10 +19,10 @@ To help diagnose enrollment or device management issues in Windows 10 devices ma ## Download the MDM Diagnostic Information log from Windows 10 PCs 1. On your managed device, go to **Settings** > **Accounts** > **Access work or school**. -1. Click your work or school account, then click **Info.** +1. Click your work or school account, then click **Info.** ![Access work or school page in Settings.](images/diagnose-mdm-failures15.png) -1. At the bottom of the **Settings** page, click **Create report**. +1. At the bottom of the **Settings** page, click **Create report**. ![Access work or school page and then Create report.](images/diagnose-mdm-failures16.png) 1. A window opens that shows the path to the log files. Click **Export**. @@ -89,7 +89,7 @@ You can open the log files (.evtx files) in the Event Viewer on a Windows 10 PC ## Collect logs remotely from Windows 10 PCs -When the PC is already enrolled in MDM, you can remotely collect logs from the PC through the MDM channel if your MDM server supports this facility. The [DiagnosticLog CSP](diagnosticlog-csp.md) can be used to enable an event viewer channel by full name. Here are the Event Viewer names for the Admin and Debug channels: +When the PC is already enrolled in MDM, you can remotely collect logs from the PC through the MDM channel if your MDM server supports this facility. The [DiagnosticLog CSP](mdm/diagnosticlog-csp.md) can be used to enable an event viewer channel by full name. Here are the Event Viewer names for the Admin and Debug channels: - Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FAdmin - Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FDebug @@ -137,7 +137,7 @@ Example: Export the Debug logs ## Collect logs remotely from Windows 10 Holographic -For holographic already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](diagnosticlog-csp.md). +For holographic already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](mdm/diagnosticlog-csp.md). You can use the DiagnosticLog CSP to enable the ETW provider. The provider ID is 3DA494E4-0FE2-415C-B895-FB5265C5C83B. The following examples show how to enable the ETW provider: @@ -231,7 +231,7 @@ Stop collector trace logging ``` -After the logs are collected on the device, you can retrieve the files through the MDM channel using the FileDownload portion of the DiagnosticLog CSP. For details, see [DiagnosticLog CSP](diagnosticlog-csp.md). +After the logs are collected on the device, you can retrieve the files through the MDM channel using the FileDownload portion of the DiagnosticLog CSP. For details, see [DiagnosticLog CSP](mdm/diagnosticlog-csp.md). ## View logs @@ -263,7 +263,7 @@ For best results, ensure that the PC or VM on which you're viewing logs matches ## Collect device state data -Here's an example of how to collect current MDM device state data using the [DiagnosticLog CSP](diagnosticlog-csp.md), version 1.3, which was added in Windows 10, version 1607. You can collect the file from the device using the same FileDownload node in the CSP as you do for the etl files. +Here's an example of how to collect current MDM device state data using the [DiagnosticLog CSP](mdm/diagnosticlog-csp.md), version 1.3, which was added in Windows 10, version 1607. You can collect the file from the device using the same FileDownload node in the CSP as you do for the etl files. ```xml diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/disconnecting-from-mdm-unenrollment.md similarity index 100% rename from windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md rename to windows/client-management/disconnecting-from-mdm-unenrollment.md diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/enable-admx-backed-policies-in-mdm.md similarity index 89% rename from windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md rename to windows/client-management/enable-admx-backed-policies-in-mdm.md index a8fdcc53b2..f90ba236e4 100644 --- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md +++ b/windows/client-management/enable-admx-backed-policies-in-mdm.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 11/01/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,10 +17,10 @@ manager: aaroncz Here's how to configure Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM). -Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of [selected set of Group Policy administrative templates (ADMX policies)](./policies-in-policy-csp-admx-backed.md) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX policies in Policy CSP is different from the typical way you configure a traditional MDM policy. +Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of [selected set of Group Policy administrative templates (ADMX policies)](mdm/policies-in-policy-csp-admx-backed.md) for Windows PCs via the [Policy configuration service provider (CSP)](mdm/policy-configuration-service-provider.md). Configuring ADMX policies in Policy CSP is different from the typical way you configure a traditional MDM policy. Summary of steps to enable a policy: -- Find the policy from the list ADMX policies. +- Find the policy from the list ADMX policies. - Find the Group Policy related information from the MDM policy description. - Use the Group Policy Editor to determine whether there are parameters necessary to enable the policy. - Create the data payload for the SyncML. @@ -33,9 +33,9 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/ ## Enable a policy > [!NOTE] -> See [Understanding ADMX policies in Policy CSP](./understanding-admx-backed-policies.md). +> See [Understanding ADMX policies in Policy CSP](understanding-admx-backed-policies.md). -1. Find the policy from the list [ADMX policies](./policies-in-policy-csp-admx-backed.md). You need the following information listed in the policy description. +1. Find the policy from the list [ADMX policies](mdm/policies-in-policy-csp-admx-backed.md). You need the following information listed in the policy description. - GP Friendly name - GP name - GP ADMX file name @@ -43,25 +43,25 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/ 2. Use the Group Policy Editor to determine whether you need additional information to enable the policy. Run GPEdit.msc - 1. Click **Start**, then in the text box type **gpedit**. + 1. Click **Start**, then in the text box type **gpedit**. + + 2. Under **Best match**, click **Edit group policy** to launch it. - 2. Under **Best match**, click **Edit group policy** to launch it. - ![GPEdit search.](images/admx-gpedit-search.png) - 3. In **Local Computer Policy** navigate to the policy you want to configure. - + 3. In **Local Computer Policy** navigate to the policy you want to configure. + In this example, navigate to **Administrative Templates > System > App-V**. ![App-V policies.](images/admx-appv.png) - 4. Double-click **Enable App-V Client**. + 4. Double-click **Enable App-V Client**. The **Options** section is empty, which means there are no parameters necessary to enable the policy. If the **Options** section isn't empty, follow the procedure in [Enable a policy that requires parameters](#enable-a-policy-that-requires-parameters) ![Enable App-V client.](images/admx-appv-enableapp-vclient.png) -3. Create the SyncML to enable the policy that doesn't require any parameter. +3. Create the SyncML to enable the policy that doesn't require any parameter. In this example, you configure **Enable App-V Client** to **Enabled**. @@ -90,7 +90,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/ ``` -## Enable a policy that requires parameters +## Enable a policy that requires parameters 1. Create the SyncML to enable the policy that requires parameters. @@ -105,7 +105,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/ 2. Find the variable names of the parameters in the ADMX file. - You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](policy-configuration-service-provider.md#appvirtualization-publishingallowserver2). + You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](mdm/policy-configuration-service-provider.md#appvirtualization-publishingallowserver2). ![Publishing server 2 policy description.](images/admx-appv-policy-description.png) @@ -115,13 +115,13 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/ 5. Under **policy name="Publishing_Server2_Policy"** you can see the \ listed. The *text id* and *enum id* represent the *data id* you need to include in the SyncML data payload. They correspond to the fields you see in the Group Policy Editor. - + Here's the snippet from appv.admx: ```xml - @@ -139,7 +139,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/ - + @@ -151,7 +151,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/ - + @@ -164,7 +164,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/ - + @@ -188,7 +188,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/ - + @@ -201,7 +201,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/ - + ``` @@ -209,7 +209,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/ 6. From the **\** tag, copy all of the *text id* and *enum id* and create an XML with *data id* and *value* fields. The *value* field contains the configuration settings that you would enter in the Group Policy Editor. Here's the example XML for Publishing_Server2_Policy: - + ```xml @@ -221,12 +221,12 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/ - ``` + ``` - 7. Create the SyncML to enable the policy. Payload contains \ and name/value pairs. + 7. Create the SyncML to enable the policy. Payload contains \ and name/value pairs. Here's the example for **AppVirtualization/PublishingAllowServer2**: - + > [!NOTE] > The \ payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type. @@ -245,15 +245,15 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/ ./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2 - ]]> diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md similarity index 100% rename from windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md rename to windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/enterprise-app-management.md similarity index 95% rename from windows/client-management/mdm/enterprise-app-management.md rename to windows/client-management/enterprise-app-management.md index d2dc640f22..146e8c5529 100644 --- a/windows/client-management/mdm/enterprise-app-management.md +++ b/windows/client-management/enterprise-app-management.md @@ -1,7 +1,7 @@ --- title: Enterprise app management description: This article covers one of the key mobile device management (MDM) features in Windows 10 for managing the lifecycle of apps across all of Windows. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -30,7 +30,7 @@ Windows 10 offers the ability for management servers to: ## Inventory your apps -Windows 10 lets you inventory all apps deployed to a user, and inventory all apps for all users of a device on Windows 10 for desktop editions. The [EnterpriseModernAppManagement](enterprisemodernappmanagement-csp.md) configuration service provider (CSP) inventories packaged apps and doesn't include traditional Win32 apps installed via MSI or executables. When the apps are inventoried, they're separated based on the following app classifications: +Windows 10 lets you inventory all apps deployed to a user, and inventory all apps for all users of a device on Windows 10 for desktop editions. The [EnterpriseModernAppManagement](mdm/enterprisemodernappmanagement-csp.md) configuration service provider (CSP) inventories packaged apps and doesn't include traditional Win32 apps installed via MSI or executables. When the apps are inventoried, they're separated based on the following app classifications: - Store - Apps that are from the Microsoft Store. Apps can be directly installed from the Store or delivered with the enterprise from the Store for Business - nonStore - Apps that weren't acquired from the Microsoft Store. @@ -41,7 +41,7 @@ These classifications are represented as nodes in the EnterpriseModernAppManagem The following information shows the EnterpriseModernAppManagement CSP in a tree format: ```console -./Device/Vendor/MSFT +./Device/Vendor/MSFT or ./User/Vendor/MSFT EnterpriseAppManagement @@ -164,7 +164,7 @@ Here are the nodes for each package full name: - Users - IsProvisioned -For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md). +For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md). ### App inventory @@ -210,7 +210,7 @@ Here are the nodes for each license ID: - LicenseUsage - RequestedID -For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md). +For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md). > [!NOTE] > The LicenseID in the CSP is the content ID for the license. @@ -253,7 +253,7 @@ To deploy apps that aren't from the Microsoft Store, you must configure the Appl The AllowAllTrustedApps policy enables the installation apps that are trusted by a certificate in the Trusted People on the device, or a root certificate in the Trusted Root of the device. The policy isn't configured by default, which means only apps from the Microsoft Store can be installed. If the management server implicitly sets the value to off, the setting is disabled in the settings panel on the device. -For more information about the AllowAllTrustedApps policy, see [Policy CSP](policy-configuration-service-provider.md). +For more information about the AllowAllTrustedApps policy, see [Policy CSP](mdm/policy-configuration-service-provider.md). Here are some examples. @@ -271,14 +271,14 @@ Here are some examples. 2 - + ./Vendor/MSFT/Policy/Config/ApplicationManagement/AllowAllTrustedApps - - int - text/plain - - 1 + + int + text/plain + + 1 ``` @@ -291,7 +291,7 @@ AllowDeveloperUnlock policy enables the development mode on the device. The Allo Deployment of apps to Windows 10 for desktop editions requires that there's a chain to a certificate on the device. The app can be signed with a root certificate on the device (such as Symantec Enterprise), an enterprise owned root certificate, or a peer trust certificate deployed on the device. -For more information about the AllowDeveloperUnlock policy, see [Policy CSP](policy-configuration-service-provider.md). +For more information about the AllowDeveloperUnlock policy, see [Policy CSP](mdm/policy-configuration-service-provider.md). Here's an example. @@ -309,21 +309,21 @@ Here's an example. 2 - + ./Vendor/MSFT/Policy/Config/ApplicationManagement/AllowDeveloperUnlock - - int - text/plain - - 1 + + int + text/plain + + 1 ``` ## Install your apps -You can install apps to a specific user or to all users of a device. Apps are installed directly from the Microsoft Store. Or, they're installed from a host location, such as a local disk, UNC path, or HTTPS location. Use the AppInstallation node of the [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) to install apps. +You can install apps to a specific user or to all users of a device. Apps are installed directly from the Microsoft Store. Or, they're installed from a host location, such as a local disk, UNC path, or HTTPS location. Use the AppInstallation node of the [EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md) to install apps. ### Deploy apps to user from the Store @@ -381,7 +381,7 @@ Here's an example of an offline license installation. 1 - + ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppLicenses/StoreLicenses/{LicenseID}/AddLicense @@ -420,7 +420,7 @@ Here's an example of a line-of-business app installation. ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName} - + 1 @@ -447,7 +447,7 @@ Here's an example of an app installation with dependencies. ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName - + 1 @@ -481,7 +481,7 @@ Here's an example of an app installation with dependencies and optional packages ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName - + 1 @@ -499,9 +499,9 @@ Here's an example of an app installation with dependencies and optional packages - - @@ -542,7 +542,7 @@ Here's an example of app installation. ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName - + 1 @@ -579,7 +579,7 @@ Here's an example of app installation with dependencies. ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName - + 1 @@ -626,7 +626,7 @@ Here's an example of a query for a specific app installation. 2 - + ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName}?list=StructData @@ -640,7 +640,7 @@ Here's an example of a query for all app installations. 2 - + ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation?list=StructData @@ -659,7 +659,7 @@ Here's an example of an alert. 1226 - ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName}/HostedInstall + ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName}/HostedInstall Reversed-Domain-Name:com.microsoft.mdm.EnterpriseHostedAppInstall.result @@ -723,7 +723,7 @@ You can remove provisioned apps from a device for a specific version, or for all > [!NOTE] > You can only remove an app that has an inventory value IsProvisioned = 1. - + Removing provisioned app occurs in the device context. Here's an example for removing a provisioned app from a device. @@ -889,7 +889,7 @@ The Universal Windows app can share application data between the users of the de > [!NOTE] > This is only applicable to multi-user devices. -The AllowSharedUserAppData policy in [Policy CSP](policy-configuration-service-provider.md) enables or disables app packages to share data between app packages when there are multiple users. If you enable this policy, applications can share data between packages in their package family. Data can be shared through ShareLocal folder for that package family and local machine. This folder is available through the Windows.Storage API. +The AllowSharedUserAppData policy in [Policy CSP](mdm/policy-configuration-service-provider.md) enables or disables app packages to share data between app packages when there are multiple users. If you enable this policy, applications can share data between packages in their package family. Data can be shared through ShareLocal folder for that package family and local machine. This folder is available through the Windows.Storage API. If you disable this policy, applications can't share user application data among multiple users. However, pre-written shared data will persist. The clean pre-written shared data, use DISM ((/Get-ProvisionedAppxPackage to detect if there's any shared data, and /Remove-SharedAppxData to remove it). @@ -911,14 +911,14 @@ Here's an example. 2 - + ./Vendor/MSFT/Policy/Config/ApplicationManagement/AllowSharedUserAppData - - int - text/plain - - 1 + + int + text/plain + + 1 ``` diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/esim-enterprise-management.md similarity index 100% rename from windows/client-management/mdm/esim-enterprise-management.md rename to windows/client-management/esim-enterprise-management.md diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/federated-authentication-device-enrollment.md similarity index 100% rename from windows/client-management/mdm/federated-authentication-device-enrollment.md rename to windows/client-management/federated-authentication-device-enrollment.md diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/get-inventory.md similarity index 100% rename from windows/client-management/mdm/get-inventory.md rename to windows/client-management/get-inventory.md diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/get-localized-product-details.md similarity index 100% rename from windows/client-management/mdm/get-localized-product-details.md rename to windows/client-management/get-localized-product-details.md diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/get-offline-license.md similarity index 100% rename from windows/client-management/mdm/get-offline-license.md rename to windows/client-management/get-offline-license.md diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/get-product-details.md similarity index 100% rename from windows/client-management/mdm/get-product-details.md rename to windows/client-management/get-product-details.md diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/get-product-package.md similarity index 100% rename from windows/client-management/mdm/get-product-package.md rename to windows/client-management/get-product-package.md diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/get-product-packages.md similarity index 100% rename from windows/client-management/mdm/get-product-packages.md rename to windows/client-management/get-product-packages.md diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/get-seat.md similarity index 100% rename from windows/client-management/mdm/get-seat.md rename to windows/client-management/get-seat.md diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/get-seats-assigned-to-a-user.md similarity index 100% rename from windows/client-management/mdm/get-seats-assigned-to-a-user.md rename to windows/client-management/get-seats-assigned-to-a-user.md diff --git a/windows/client-management/mdm/get-seats.md b/windows/client-management/get-seats.md similarity index 100% rename from windows/client-management/mdm/get-seats.md rename to windows/client-management/get-seats.md diff --git a/windows/client-management/images/aadj1.jpg b/windows/client-management/images/aadj1.jpg deleted file mode 100644 index 2348fc4c84..0000000000 Binary files a/windows/client-management/images/aadj1.jpg and /dev/null differ diff --git a/windows/client-management/images/aadj2.jpg b/windows/client-management/images/aadj2.jpg deleted file mode 100644 index 39486bfc66..0000000000 Binary files a/windows/client-management/images/aadj2.jpg and /dev/null differ diff --git a/windows/client-management/images/aadj3.jpg b/windows/client-management/images/aadj3.jpg deleted file mode 100644 index 80e1f5762f..0000000000 Binary files a/windows/client-management/images/aadj3.jpg and /dev/null differ diff --git a/windows/client-management/images/aadj4.jpg b/windows/client-management/images/aadj4.jpg deleted file mode 100644 index 0db2910012..0000000000 Binary files a/windows/client-management/images/aadj4.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjbrowser.jpg b/windows/client-management/images/aadjbrowser.jpg deleted file mode 100644 index c8d909688e..0000000000 Binary files a/windows/client-management/images/aadjbrowser.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjcal.jpg b/windows/client-management/images/aadjcal.jpg deleted file mode 100644 index 1858886f5f..0000000000 Binary files a/windows/client-management/images/aadjcal.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjcalmail.jpg b/windows/client-management/images/aadjcalmail.jpg deleted file mode 100644 index 5a5661259a..0000000000 Binary files a/windows/client-management/images/aadjcalmail.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjmail1.jpg b/windows/client-management/images/aadjmail1.jpg deleted file mode 100644 index 89b1fcc3b7..0000000000 Binary files a/windows/client-management/images/aadjmail1.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjmail2.jpg b/windows/client-management/images/aadjmail2.jpg deleted file mode 100644 index 0608010c6a..0000000000 Binary files a/windows/client-management/images/aadjmail2.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjmail3.jpg b/windows/client-management/images/aadjmail3.jpg deleted file mode 100644 index d7154a7e0e..0000000000 Binary files a/windows/client-management/images/aadjmail3.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjonedrive.jpg b/windows/client-management/images/aadjonedrive.jpg deleted file mode 100644 index 6fb1196d5f..0000000000 Binary files a/windows/client-management/images/aadjonedrive.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjonenote.jpg b/windows/client-management/images/aadjonenote.jpg deleted file mode 100644 index 4ccd207f9f..0000000000 Binary files a/windows/client-management/images/aadjonenote.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjonenote2.jpg b/windows/client-management/images/aadjonenote2.jpg deleted file mode 100644 index 1b6941e638..0000000000 Binary files a/windows/client-management/images/aadjonenote2.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjonenote3.jpg b/windows/client-management/images/aadjonenote3.jpg deleted file mode 100644 index 3ac6911046..0000000000 Binary files a/windows/client-management/images/aadjonenote3.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjpin.jpg b/windows/client-management/images/aadjpin.jpg deleted file mode 100644 index dac6cfec30..0000000000 Binary files a/windows/client-management/images/aadjpin.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjppt.jpg b/windows/client-management/images/aadjppt.jpg deleted file mode 100644 index 268d5fe662..0000000000 Binary files a/windows/client-management/images/aadjppt.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjverify.jpg b/windows/client-management/images/aadjverify.jpg deleted file mode 100644 index 7b30210f39..0000000000 Binary files a/windows/client-management/images/aadjverify.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjword.jpg b/windows/client-management/images/aadjword.jpg deleted file mode 100644 index db2a58406e..0000000000 Binary files a/windows/client-management/images/aadjword.jpg and /dev/null differ diff --git a/windows/client-management/images/aadjwsfb.jpg b/windows/client-management/images/aadjwsfb.jpg deleted file mode 100644 index 428f1a26d4..0000000000 Binary files a/windows/client-management/images/aadjwsfb.jpg and /dev/null differ diff --git a/windows/client-management/mdm/images/admx-app-v-enablepublishingserver2settings.png b/windows/client-management/images/admx-app-v-enablepublishingserver2settings.png similarity index 100% rename from windows/client-management/mdm/images/admx-app-v-enablepublishingserver2settings.png rename to windows/client-management/images/admx-app-v-enablepublishingserver2settings.png diff --git a/windows/client-management/mdm/images/admx-appv-enableapp-vclient.png b/windows/client-management/images/admx-appv-enableapp-vclient.png similarity index 100% rename from windows/client-management/mdm/images/admx-appv-enableapp-vclient.png rename to windows/client-management/images/admx-appv-enableapp-vclient.png diff --git a/windows/client-management/mdm/images/admx-appv-policy-description.png b/windows/client-management/images/admx-appv-policy-description.png similarity index 100% rename from windows/client-management/mdm/images/admx-appv-policy-description.png rename to windows/client-management/images/admx-appv-policy-description.png diff --git a/windows/client-management/mdm/images/admx-appv-publishingserver2.png b/windows/client-management/images/admx-appv-publishingserver2.png similarity index 100% rename from windows/client-management/mdm/images/admx-appv-publishingserver2.png rename to windows/client-management/images/admx-appv-publishingserver2.png diff --git a/windows/client-management/mdm/images/admx-appv.png b/windows/client-management/images/admx-appv.png similarity index 100% rename from windows/client-management/mdm/images/admx-appv.png rename to windows/client-management/images/admx-appv.png diff --git a/windows/client-management/mdm/images/admx-gpedit-search.png b/windows/client-management/images/admx-gpedit-search.png similarity index 100% rename from windows/client-management/mdm/images/admx-gpedit-search.png rename to windows/client-management/images/admx-gpedit-search.png diff --git a/windows/client-management/mdm/images/auto-enrollment-activation-verification-less-entries.png b/windows/client-management/images/auto-enrollment-activation-verification-less-entries.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-activation-verification-less-entries.png rename to windows/client-management/images/auto-enrollment-activation-verification-less-entries.png diff --git a/windows/client-management/mdm/images/auto-enrollment-activation-verification.png b/windows/client-management/images/auto-enrollment-activation-verification.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-activation-verification.png rename to windows/client-management/images/auto-enrollment-activation-verification.png diff --git a/windows/client-management/mdm/images/auto-enrollment-azureadprt-verification.png b/windows/client-management/images/auto-enrollment-azureadprt-verification.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-azureadprt-verification.png rename to windows/client-management/images/auto-enrollment-azureadprt-verification.png diff --git a/windows/client-management/mdm/images/auto-enrollment-device-status-result.png b/windows/client-management/images/auto-enrollment-device-status-result.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-device-status-result.png rename to windows/client-management/images/auto-enrollment-device-status-result.png diff --git a/windows/client-management/mdm/images/auto-enrollment-enrollment-of-windows-devices.png b/windows/client-management/images/auto-enrollment-enrollment-of-windows-devices.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-enrollment-of-windows-devices.png rename to windows/client-management/images/auto-enrollment-enrollment-of-windows-devices.png diff --git a/windows/client-management/mdm/images/auto-enrollment-event-id-102.png b/windows/client-management/images/auto-enrollment-event-id-102.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-event-id-102.png rename to windows/client-management/images/auto-enrollment-event-id-102.png diff --git a/windows/client-management/mdm/images/auto-enrollment-event-id-107.png b/windows/client-management/images/auto-enrollment-event-id-107.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-event-id-107.png rename to windows/client-management/images/auto-enrollment-event-id-107.png diff --git a/windows/client-management/mdm/images/auto-enrollment-intune-license-verification.png b/windows/client-management/images/auto-enrollment-intune-license-verification.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-intune-license-verification.png rename to windows/client-management/images/auto-enrollment-intune-license-verification.png diff --git a/windows/client-management/mdm/images/auto-enrollment-mdm-discovery-url.png b/windows/client-management/images/auto-enrollment-mdm-discovery-url.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-mdm-discovery-url.png rename to windows/client-management/images/auto-enrollment-mdm-discovery-url.png diff --git a/windows/client-management/mdm/images/auto-enrollment-microsoft-intune-setting.png b/windows/client-management/images/auto-enrollment-microsoft-intune-setting.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-microsoft-intune-setting.png rename to windows/client-management/images/auto-enrollment-microsoft-intune-setting.png diff --git a/windows/client-management/mdm/images/auto-enrollment-outdated-enrollment-entries.png b/windows/client-management/images/auto-enrollment-outdated-enrollment-entries.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-outdated-enrollment-entries.png rename to windows/client-management/images/auto-enrollment-outdated-enrollment-entries.png diff --git a/windows/client-management/mdm/images/auto-enrollment-task-scheduler.png b/windows/client-management/images/auto-enrollment-task-scheduler.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-task-scheduler.png rename to windows/client-management/images/auto-enrollment-task-scheduler.png diff --git a/windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-75.png b/windows/client-management/images/auto-enrollment-troubleshooting-event-id-75.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-75.png rename to windows/client-management/images/auto-enrollment-troubleshooting-event-id-75.png diff --git a/windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-76.png b/windows/client-management/images/auto-enrollment-troubleshooting-event-id-76.png similarity index 100% rename from windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-76.png rename to windows/client-management/images/auto-enrollment-troubleshooting-event-id-76.png diff --git a/windows/client-management/mdm/images/autoenrollment-2-factor-auth.png b/windows/client-management/images/autoenrollment-2-factor-auth.png similarity index 100% rename from windows/client-management/mdm/images/autoenrollment-2-factor-auth.png rename to windows/client-management/images/autoenrollment-2-factor-auth.png diff --git a/windows/client-management/mdm/images/autoenrollment-gpedit.png b/windows/client-management/images/autoenrollment-gpedit.png similarity index 100% rename from windows/client-management/mdm/images/autoenrollment-gpedit.png rename to windows/client-management/images/autoenrollment-gpedit.png diff --git a/windows/client-management/mdm/images/autoenrollment-mdm-policies.png b/windows/client-management/images/autoenrollment-mdm-policies.png similarity index 100% rename from windows/client-management/mdm/images/autoenrollment-mdm-policies.png rename to windows/client-management/images/autoenrollment-mdm-policies.png diff --git a/windows/client-management/mdm/images/autoenrollment-policy.png b/windows/client-management/images/autoenrollment-policy.png similarity index 100% rename from windows/client-management/mdm/images/autoenrollment-policy.png rename to windows/client-management/images/autoenrollment-policy.png diff --git a/windows/client-management/mdm/images/autoenrollment-scheduled-task.png b/windows/client-management/images/autoenrollment-scheduled-task.png similarity index 100% rename from windows/client-management/mdm/images/autoenrollment-scheduled-task.png rename to windows/client-management/images/autoenrollment-scheduled-task.png diff --git a/windows/client-management/mdm/images/autoenrollment-settings-work-school.png b/windows/client-management/images/autoenrollment-settings-work-school.png similarity index 100% rename from windows/client-management/mdm/images/autoenrollment-settings-work-school.png rename to windows/client-management/images/autoenrollment-settings-work-school.png diff --git a/windows/client-management/mdm/images/autoenrollment-task-schedulerapp.png b/windows/client-management/images/autoenrollment-task-schedulerapp.png similarity index 100% rename from windows/client-management/mdm/images/autoenrollment-task-schedulerapp.png rename to windows/client-management/images/autoenrollment-task-schedulerapp.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant1.png b/windows/client-management/images/azure-ad-add-tenant1.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant1.png rename to windows/client-management/images/azure-ad-add-tenant1.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant10.png b/windows/client-management/images/azure-ad-add-tenant10.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant10.png rename to windows/client-management/images/azure-ad-add-tenant10.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant11.png b/windows/client-management/images/azure-ad-add-tenant11.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant11.png rename to windows/client-management/images/azure-ad-add-tenant11.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant12.png b/windows/client-management/images/azure-ad-add-tenant12.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant12.png rename to windows/client-management/images/azure-ad-add-tenant12.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant13.png b/windows/client-management/images/azure-ad-add-tenant13.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant13.png rename to windows/client-management/images/azure-ad-add-tenant13.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant14.png b/windows/client-management/images/azure-ad-add-tenant14.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant14.png rename to windows/client-management/images/azure-ad-add-tenant14.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant15.png b/windows/client-management/images/azure-ad-add-tenant15.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant15.png rename to windows/client-management/images/azure-ad-add-tenant15.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant2.png b/windows/client-management/images/azure-ad-add-tenant2.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant2.png rename to windows/client-management/images/azure-ad-add-tenant2.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant3-b.png b/windows/client-management/images/azure-ad-add-tenant3-b.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant3-b.png rename to windows/client-management/images/azure-ad-add-tenant3-b.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant3.png b/windows/client-management/images/azure-ad-add-tenant3.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant3.png rename to windows/client-management/images/azure-ad-add-tenant3.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant4.png b/windows/client-management/images/azure-ad-add-tenant4.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant4.png rename to windows/client-management/images/azure-ad-add-tenant4.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant5.png b/windows/client-management/images/azure-ad-add-tenant5.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant5.png rename to windows/client-management/images/azure-ad-add-tenant5.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant6.png b/windows/client-management/images/azure-ad-add-tenant6.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant6.png rename to windows/client-management/images/azure-ad-add-tenant6.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant7.png b/windows/client-management/images/azure-ad-add-tenant7.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant7.png rename to windows/client-management/images/azure-ad-add-tenant7.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant8.png b/windows/client-management/images/azure-ad-add-tenant8.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant8.png rename to windows/client-management/images/azure-ad-add-tenant8.png diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant9.png b/windows/client-management/images/azure-ad-add-tenant9.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-add-tenant9.png rename to windows/client-management/images/azure-ad-add-tenant9.png diff --git a/windows/client-management/mdm/images/azure-ad-app-gallery.png b/windows/client-management/images/azure-ad-app-gallery.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-app-gallery.png rename to windows/client-management/images/azure-ad-app-gallery.png diff --git a/windows/client-management/mdm/images/azure-ad-device-list.png b/windows/client-management/images/azure-ad-device-list.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-device-list.png rename to windows/client-management/images/azure-ad-device-list.png diff --git a/windows/client-management/mdm/images/azure-ad-enrollment-flow.png b/windows/client-management/images/azure-ad-enrollment-flow.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-enrollment-flow.png rename to windows/client-management/images/azure-ad-enrollment-flow.png diff --git a/windows/client-management/mdm/images/azure-ad-unenrollment.png b/windows/client-management/images/azure-ad-unenrollment.png similarity index 100% rename from windows/client-management/mdm/images/azure-ad-unenrollment.png rename to windows/client-management/images/azure-ad-unenrollment.png diff --git a/windows/client-management/mdm/images/azure-intune-configure-scope.png b/windows/client-management/images/azure-intune-configure-scope.png similarity index 100% rename from windows/client-management/mdm/images/azure-intune-configure-scope.png rename to windows/client-management/images/azure-intune-configure-scope.png diff --git a/windows/client-management/mdm/images/azure-mdm-intune.png b/windows/client-management/images/azure-mdm-intune.png similarity index 100% rename from windows/client-management/mdm/images/azure-mdm-intune.png rename to windows/client-management/images/azure-mdm-intune.png diff --git a/windows/client-management/mdm/images/bulk-enrollment.png b/windows/client-management/images/bulk-enrollment.png similarity index 100% rename from windows/client-management/mdm/images/bulk-enrollment.png rename to windows/client-management/images/bulk-enrollment.png diff --git a/windows/client-management/mdm/images/bulk-enrollment2.png b/windows/client-management/images/bulk-enrollment2.png similarity index 100% rename from windows/client-management/mdm/images/bulk-enrollment2.png rename to windows/client-management/images/bulk-enrollment2.png diff --git a/windows/client-management/mdm/images/bulk-enrollment3.png b/windows/client-management/images/bulk-enrollment3.png similarity index 100% rename from windows/client-management/mdm/images/bulk-enrollment3.png rename to windows/client-management/images/bulk-enrollment3.png diff --git a/windows/client-management/mdm/images/bulk-enrollment4.png b/windows/client-management/images/bulk-enrollment4.png similarity index 100% rename from windows/client-management/mdm/images/bulk-enrollment4.png rename to windows/client-management/images/bulk-enrollment4.png diff --git a/windows/client-management/mdm/images/bulk-enrollment5.png b/windows/client-management/images/bulk-enrollment5.png similarity index 100% rename from windows/client-management/mdm/images/bulk-enrollment5.png rename to windows/client-management/images/bulk-enrollment5.png diff --git a/windows/client-management/mdm/images/bulk-enrollment6.png b/windows/client-management/images/bulk-enrollment6.png similarity index 100% rename from windows/client-management/mdm/images/bulk-enrollment6.png rename to windows/client-management/images/bulk-enrollment6.png diff --git a/windows/client-management/mdm/images/bulk-enrollment7.png b/windows/client-management/images/bulk-enrollment7.png similarity index 100% rename from windows/client-management/mdm/images/bulk-enrollment7.png rename to windows/client-management/images/bulk-enrollment7.png diff --git a/windows/client-management/mdm/images/bulk-enrollment8.png b/windows/client-management/images/bulk-enrollment8.png similarity index 100% rename from windows/client-management/mdm/images/bulk-enrollment8.png rename to windows/client-management/images/bulk-enrollment8.png diff --git a/windows/client-management/mdm/images/businessstoreportalservices2.png b/windows/client-management/images/businessstoreportalservices2.png similarity index 100% rename from windows/client-management/mdm/images/businessstoreportalservices2.png rename to windows/client-management/images/businessstoreportalservices2.png diff --git a/windows/client-management/mdm/images/businessstoreportalservices3.png b/windows/client-management/images/businessstoreportalservices3.png similarity index 100% rename from windows/client-management/mdm/images/businessstoreportalservices3.png rename to windows/client-management/images/businessstoreportalservices3.png diff --git a/windows/client-management/mdm/images/businessstoreportalservicesflow.png b/windows/client-management/images/businessstoreportalservicesflow.png similarity index 100% rename from windows/client-management/mdm/images/businessstoreportalservicesflow.png rename to windows/client-management/images/businessstoreportalservicesflow.png diff --git a/windows/client-management/images/certfiltering1.png b/windows/client-management/images/certfiltering1.png new file mode 100644 index 0000000000..0e84f433bc Binary files /dev/null and b/windows/client-management/images/certfiltering1.png differ diff --git a/windows/client-management/images/certfiltering2.png b/windows/client-management/images/certfiltering2.png new file mode 100644 index 0000000000..8e08b29641 Binary files /dev/null and b/windows/client-management/images/certfiltering2.png differ diff --git a/windows/client-management/images/certfiltering3.png b/windows/client-management/images/certfiltering3.png new file mode 100644 index 0000000000..ce5aae1f63 Binary files /dev/null and b/windows/client-management/images/certfiltering3.png differ diff --git a/windows/client-management/mdm/images/configlock-mem-createprofile.png b/windows/client-management/images/configlock-mem-createprofile.png similarity index 100% rename from windows/client-management/mdm/images/configlock-mem-createprofile.png rename to windows/client-management/images/configlock-mem-createprofile.png diff --git a/windows/client-management/mdm/images/configlock-mem-dev.png b/windows/client-management/images/configlock-mem-dev.png similarity index 100% rename from windows/client-management/mdm/images/configlock-mem-dev.png rename to windows/client-management/images/configlock-mem-dev.png diff --git a/windows/client-management/mdm/images/configlock-mem-devstatus.png b/windows/client-management/images/configlock-mem-devstatus.png similarity index 100% rename from windows/client-management/mdm/images/configlock-mem-devstatus.png rename to windows/client-management/images/configlock-mem-devstatus.png diff --git a/windows/client-management/mdm/images/configlock-mem-editrow.png b/windows/client-management/images/configlock-mem-editrow.png similarity index 100% rename from windows/client-management/mdm/images/configlock-mem-editrow.png rename to windows/client-management/images/configlock-mem-editrow.png diff --git a/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png b/windows/client-management/images/configlock-mem-firmwareprotect.png similarity index 100% rename from windows/client-management/mdm/images/configlock-mem-firmwareprotect.png rename to windows/client-management/images/configlock-mem-firmwareprotect.png diff --git a/windows/client-management/mdm/images/deeplinkenrollment1.png b/windows/client-management/images/deeplinkenrollment1.png similarity index 100% rename from windows/client-management/mdm/images/deeplinkenrollment1.png rename to windows/client-management/images/deeplinkenrollment1.png diff --git a/windows/client-management/mdm/images/deeplinkenrollment3.png b/windows/client-management/images/deeplinkenrollment3.png similarity index 100% rename from windows/client-management/mdm/images/deeplinkenrollment3.png rename to windows/client-management/images/deeplinkenrollment3.png diff --git a/windows/client-management/mdm/images/deeplinkenrollment4.png b/windows/client-management/images/deeplinkenrollment4.png similarity index 100% rename from windows/client-management/mdm/images/deeplinkenrollment4.png rename to windows/client-management/images/deeplinkenrollment4.png diff --git a/windows/client-management/images/device-installation-usb-properties.png b/windows/client-management/images/device-installation-usb-properties.png deleted file mode 100644 index 823294fd95..0000000000 Binary files a/windows/client-management/images/device-installation-usb-properties.png and /dev/null differ diff --git a/windows/client-management/mdm/images/deviceupdateprocess2.png b/windows/client-management/images/deviceupdateprocess2.png similarity index 100% rename from windows/client-management/mdm/images/deviceupdateprocess2.png rename to windows/client-management/images/deviceupdateprocess2.png diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot1.png b/windows/client-management/images/deviceupdatescreenshot1.png similarity index 100% rename from windows/client-management/mdm/images/deviceupdatescreenshot1.png rename to windows/client-management/images/deviceupdatescreenshot1.png diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot2.png b/windows/client-management/images/deviceupdatescreenshot2.png similarity index 100% rename from windows/client-management/mdm/images/deviceupdatescreenshot2.png rename to windows/client-management/images/deviceupdatescreenshot2.png diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot3.png b/windows/client-management/images/deviceupdatescreenshot3.png similarity index 100% rename from windows/client-management/mdm/images/deviceupdatescreenshot3.png rename to windows/client-management/images/deviceupdatescreenshot3.png diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot4.png b/windows/client-management/images/deviceupdatescreenshot4.png similarity index 100% rename from windows/client-management/mdm/images/deviceupdatescreenshot4.png rename to windows/client-management/images/deviceupdatescreenshot4.png diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot5.png b/windows/client-management/images/deviceupdatescreenshot5.png similarity index 100% rename from windows/client-management/mdm/images/deviceupdatescreenshot5.png rename to windows/client-management/images/deviceupdatescreenshot5.png diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot6.png b/windows/client-management/images/deviceupdatescreenshot6.png similarity index 100% rename from windows/client-management/mdm/images/deviceupdatescreenshot6.png rename to windows/client-management/images/deviceupdatescreenshot6.png diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot7.png b/windows/client-management/images/deviceupdatescreenshot7.png similarity index 100% rename from windows/client-management/mdm/images/deviceupdatescreenshot7.png rename to windows/client-management/images/deviceupdatescreenshot7.png diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot8.png b/windows/client-management/images/deviceupdatescreenshot8.png similarity index 100% rename from windows/client-management/mdm/images/deviceupdatescreenshot8.png rename to windows/client-management/images/deviceupdatescreenshot8.png diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot9.png b/windows/client-management/images/deviceupdatescreenshot9.png similarity index 100% rename from windows/client-management/mdm/images/deviceupdatescreenshot9.png rename to windows/client-management/images/deviceupdatescreenshot9.png diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures1.png b/windows/client-management/images/diagnose-mdm-failures1.png similarity index 100% rename from windows/client-management/mdm/images/diagnose-mdm-failures1.png rename to windows/client-management/images/diagnose-mdm-failures1.png diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures10.png b/windows/client-management/images/diagnose-mdm-failures10.png similarity index 100% rename from windows/client-management/mdm/images/diagnose-mdm-failures10.png rename to windows/client-management/images/diagnose-mdm-failures10.png diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures11.png b/windows/client-management/images/diagnose-mdm-failures11.png similarity index 100% rename from windows/client-management/mdm/images/diagnose-mdm-failures11.png rename to windows/client-management/images/diagnose-mdm-failures11.png diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures12.png b/windows/client-management/images/diagnose-mdm-failures12.png similarity index 100% rename from windows/client-management/mdm/images/diagnose-mdm-failures12.png rename to windows/client-management/images/diagnose-mdm-failures12.png diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures13.png b/windows/client-management/images/diagnose-mdm-failures13.png similarity index 100% rename from windows/client-management/mdm/images/diagnose-mdm-failures13.png rename to windows/client-management/images/diagnose-mdm-failures13.png diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures14.png b/windows/client-management/images/diagnose-mdm-failures14.png similarity index 100% rename from windows/client-management/mdm/images/diagnose-mdm-failures14.png rename to windows/client-management/images/diagnose-mdm-failures14.png diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures15.png b/windows/client-management/images/diagnose-mdm-failures15.png similarity index 100% rename from windows/client-management/mdm/images/diagnose-mdm-failures15.png rename to windows/client-management/images/diagnose-mdm-failures15.png diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures16.png b/windows/client-management/images/diagnose-mdm-failures16.png similarity index 100% rename from windows/client-management/mdm/images/diagnose-mdm-failures16.png rename to windows/client-management/images/diagnose-mdm-failures16.png diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures17.png b/windows/client-management/images/diagnose-mdm-failures17.png similarity index 100% rename from windows/client-management/mdm/images/diagnose-mdm-failures17.png rename to windows/client-management/images/diagnose-mdm-failures17.png diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures9.png b/windows/client-management/images/diagnose-mdm-failures9.png similarity index 100% rename from windows/client-management/mdm/images/diagnose-mdm-failures9.png rename to windows/client-management/images/diagnose-mdm-failures9.png diff --git a/windows/client-management/mdm/images/enterprise-workflow.png b/windows/client-management/images/enterprise-workflow.png similarity index 100% rename from windows/client-management/mdm/images/enterprise-workflow.png rename to windows/client-management/images/enterprise-workflow.png diff --git a/windows/client-management/mdm/images/faq-max-devices.png b/windows/client-management/images/faq-max-devices.png similarity index 100% rename from windows/client-management/mdm/images/faq-max-devices.png rename to windows/client-management/images/faq-max-devices.png diff --git a/windows/client-management/mdm/images/group-policy-editor.png b/windows/client-management/images/group-policy-editor.png similarity index 100% rename from windows/client-management/mdm/images/group-policy-editor.png rename to windows/client-management/images/group-policy-editor.png diff --git a/windows/client-management/mdm/images/group-policy-publisher-server-2-settings.png b/windows/client-management/images/group-policy-publisher-server-2-settings.png similarity index 100% rename from windows/client-management/mdm/images/group-policy-publisher-server-2-settings.png rename to windows/client-management/images/group-policy-publisher-server-2-settings.png diff --git a/windows/client-management/mdm/images/implement-server-side-mobile-application-management.png b/windows/client-management/images/implement-server-side-mobile-application-management.png similarity index 100% rename from windows/client-management/mdm/images/implement-server-side-mobile-application-management.png rename to windows/client-management/images/implement-server-side-mobile-application-management.png diff --git a/windows/client-management/mdm/images/mdm-enrollment-disable-policy.png b/windows/client-management/images/mdm-enrollment-disable-policy.png similarity index 100% rename from windows/client-management/mdm/images/mdm-enrollment-disable-policy.png rename to windows/client-management/images/mdm-enrollment-disable-policy.png diff --git a/windows/client-management/mdm/images/mdm-update-sync.png b/windows/client-management/images/mdm-update-sync.png similarity index 100% rename from windows/client-management/mdm/images/mdm-update-sync.png rename to windows/client-management/images/mdm-update-sync.png diff --git a/windows/client-management/images/msinfosnip.jpg b/windows/client-management/images/msinfosnip.jpg deleted file mode 100644 index 67c65eec3c..0000000000 Binary files a/windows/client-management/images/msinfosnip.jpg and /dev/null differ diff --git a/windows/client-management/mdm/images/push-notification1.png b/windows/client-management/images/push-notification1.png similarity index 100% rename from windows/client-management/mdm/images/push-notification1.png rename to windows/client-management/images/push-notification1.png diff --git a/windows/client-management/mdm/images/push-notification10.png b/windows/client-management/images/push-notification10.png similarity index 100% rename from windows/client-management/mdm/images/push-notification10.png rename to windows/client-management/images/push-notification10.png diff --git a/windows/client-management/mdm/images/push-notification2.png b/windows/client-management/images/push-notification2.png similarity index 100% rename from windows/client-management/mdm/images/push-notification2.png rename to windows/client-management/images/push-notification2.png diff --git a/windows/client-management/mdm/images/push-notification3.png b/windows/client-management/images/push-notification3.png similarity index 100% rename from windows/client-management/mdm/images/push-notification3.png rename to windows/client-management/images/push-notification3.png diff --git a/windows/client-management/mdm/images/push-notification4.png b/windows/client-management/images/push-notification4.png similarity index 100% rename from windows/client-management/mdm/images/push-notification4.png rename to windows/client-management/images/push-notification4.png diff --git a/windows/client-management/mdm/images/push-notification5.png b/windows/client-management/images/push-notification5.png similarity index 100% rename from windows/client-management/mdm/images/push-notification5.png rename to windows/client-management/images/push-notification5.png diff --git a/windows/client-management/mdm/images/push-notification6.png b/windows/client-management/images/push-notification6.png similarity index 100% rename from windows/client-management/mdm/images/push-notification6.png rename to windows/client-management/images/push-notification6.png diff --git a/windows/client-management/mdm/images/push-notification7.png b/windows/client-management/images/push-notification7.png similarity index 100% rename from windows/client-management/mdm/images/push-notification7.png rename to windows/client-management/images/push-notification7.png diff --git a/windows/client-management/mdm/images/ssl-settings.png b/windows/client-management/images/ssl-settings.png similarity index 100% rename from windows/client-management/mdm/images/ssl-settings.png rename to windows/client-management/images/ssl-settings.png diff --git a/windows/client-management/images/systeminfo.png b/windows/client-management/images/systeminfo.png deleted file mode 100644 index 4c70bed782..0000000000 Binary files a/windows/client-management/images/systeminfo.png and /dev/null differ diff --git a/windows/client-management/images/systemproperties.png b/windows/client-management/images/systemproperties.png deleted file mode 100644 index e6e6d5677b..0000000000 Binary files a/windows/client-management/images/systemproperties.png and /dev/null differ diff --git a/windows/client-management/images/systemprops.jpg b/windows/client-management/images/systemprops.jpg deleted file mode 100644 index dfff3fb5d0..0000000000 Binary files a/windows/client-management/images/systemprops.jpg and /dev/null differ diff --git a/windows/client-management/images/tcp-ts-1.png b/windows/client-management/images/tcp-ts-1.png deleted file mode 100644 index 621235d5b3..0000000000 Binary files a/windows/client-management/images/tcp-ts-1.png and /dev/null differ diff --git a/windows/client-management/images/tcp-ts-2.png b/windows/client-management/images/tcp-ts-2.png deleted file mode 100644 index cdaada6cb6..0000000000 Binary files a/windows/client-management/images/tcp-ts-2.png and /dev/null differ diff --git a/windows/client-management/images/tcp-ts-3.png b/windows/client-management/images/tcp-ts-3.png deleted file mode 100644 index ce3072c95e..0000000000 Binary files a/windows/client-management/images/tcp-ts-3.png and /dev/null differ diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-1.png b/windows/client-management/images/unifiedenrollment-rs1-1.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-1.png rename to windows/client-management/images/unifiedenrollment-rs1-1.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-10.png b/windows/client-management/images/unifiedenrollment-rs1-10.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-10.png rename to windows/client-management/images/unifiedenrollment-rs1-10.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-11.png b/windows/client-management/images/unifiedenrollment-rs1-11.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-11.png rename to windows/client-management/images/unifiedenrollment-rs1-11.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-12.png b/windows/client-management/images/unifiedenrollment-rs1-12.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-12.png rename to windows/client-management/images/unifiedenrollment-rs1-12.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-13.png b/windows/client-management/images/unifiedenrollment-rs1-13.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-13.png rename to windows/client-management/images/unifiedenrollment-rs1-13.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-14.png b/windows/client-management/images/unifiedenrollment-rs1-14.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-14.png rename to windows/client-management/images/unifiedenrollment-rs1-14.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-15.png b/windows/client-management/images/unifiedenrollment-rs1-15.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-15.png rename to windows/client-management/images/unifiedenrollment-rs1-15.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-16.png b/windows/client-management/images/unifiedenrollment-rs1-16.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-16.png rename to windows/client-management/images/unifiedenrollment-rs1-16.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-17.png b/windows/client-management/images/unifiedenrollment-rs1-17.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-17.png rename to windows/client-management/images/unifiedenrollment-rs1-17.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-18.png b/windows/client-management/images/unifiedenrollment-rs1-18.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-18.png rename to windows/client-management/images/unifiedenrollment-rs1-18.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-19.png b/windows/client-management/images/unifiedenrollment-rs1-19.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-19.png rename to windows/client-management/images/unifiedenrollment-rs1-19.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-2.png b/windows/client-management/images/unifiedenrollment-rs1-2.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-2.png rename to windows/client-management/images/unifiedenrollment-rs1-2.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-20.png b/windows/client-management/images/unifiedenrollment-rs1-20.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-20.png rename to windows/client-management/images/unifiedenrollment-rs1-20.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-21-b.png b/windows/client-management/images/unifiedenrollment-rs1-21-b.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-21-b.png rename to windows/client-management/images/unifiedenrollment-rs1-21-b.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-23-b.png b/windows/client-management/images/unifiedenrollment-rs1-23-b.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-23-b.png rename to windows/client-management/images/unifiedenrollment-rs1-23-b.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-24-b.png b/windows/client-management/images/unifiedenrollment-rs1-24-b.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-24-b.png rename to windows/client-management/images/unifiedenrollment-rs1-24-b.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-25-b.png b/windows/client-management/images/unifiedenrollment-rs1-25-b.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-25-b.png rename to windows/client-management/images/unifiedenrollment-rs1-25-b.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-26.png b/windows/client-management/images/unifiedenrollment-rs1-26.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-26.png rename to windows/client-management/images/unifiedenrollment-rs1-26.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-27.png b/windows/client-management/images/unifiedenrollment-rs1-27.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-27.png rename to windows/client-management/images/unifiedenrollment-rs1-27.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-28.png b/windows/client-management/images/unifiedenrollment-rs1-28.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-28.png rename to windows/client-management/images/unifiedenrollment-rs1-28.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-29.png b/windows/client-management/images/unifiedenrollment-rs1-29.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-29.png rename to windows/client-management/images/unifiedenrollment-rs1-29.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-3.png b/windows/client-management/images/unifiedenrollment-rs1-3.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-3.png rename to windows/client-management/images/unifiedenrollment-rs1-3.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-30.png b/windows/client-management/images/unifiedenrollment-rs1-30.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-30.png rename to windows/client-management/images/unifiedenrollment-rs1-30.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-31.png b/windows/client-management/images/unifiedenrollment-rs1-31.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-31.png rename to windows/client-management/images/unifiedenrollment-rs1-31.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-32.png b/windows/client-management/images/unifiedenrollment-rs1-32.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-32.png rename to windows/client-management/images/unifiedenrollment-rs1-32.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-33-b.png b/windows/client-management/images/unifiedenrollment-rs1-33-b.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-33-b.png rename to windows/client-management/images/unifiedenrollment-rs1-33-b.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-34-b.png b/windows/client-management/images/unifiedenrollment-rs1-34-b.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-34-b.png rename to windows/client-management/images/unifiedenrollment-rs1-34-b.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-35-b.png b/windows/client-management/images/unifiedenrollment-rs1-35-b.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-35-b.png rename to windows/client-management/images/unifiedenrollment-rs1-35-b.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-37-c.png b/windows/client-management/images/unifiedenrollment-rs1-37-c.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-37-c.png rename to windows/client-management/images/unifiedenrollment-rs1-37-c.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-4.png b/windows/client-management/images/unifiedenrollment-rs1-4.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-4.png rename to windows/client-management/images/unifiedenrollment-rs1-4.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-5.png b/windows/client-management/images/unifiedenrollment-rs1-5.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-5.png rename to windows/client-management/images/unifiedenrollment-rs1-5.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-6.png b/windows/client-management/images/unifiedenrollment-rs1-6.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-6.png rename to windows/client-management/images/unifiedenrollment-rs1-6.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-7.png b/windows/client-management/images/unifiedenrollment-rs1-7.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-7.png rename to windows/client-management/images/unifiedenrollment-rs1-7.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-8.png b/windows/client-management/images/unifiedenrollment-rs1-8.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-8.png rename to windows/client-management/images/unifiedenrollment-rs1-8.png diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-9.png b/windows/client-management/images/unifiedenrollment-rs1-9.png similarity index 100% rename from windows/client-management/mdm/images/unifiedenrollment-rs1-9.png rename to windows/client-management/images/unifiedenrollment-rs1-9.png diff --git a/windows/client-management/images/wifistackcomponents.png b/windows/client-management/images/wifistackcomponents.png deleted file mode 100644 index 7971a3d9bf..0000000000 Binary files a/windows/client-management/images/wifistackcomponents.png and /dev/null differ diff --git a/windows/client-management/media/win11-control-panel-windows-tools.png b/windows/client-management/images/win11-control-panel-windows-tools.png similarity index 100% rename from windows/client-management/media/win11-control-panel-windows-tools.png rename to windows/client-management/images/win11-control-panel-windows-tools.png diff --git a/windows/client-management/media/win11-windows-tools.png b/windows/client-management/images/win11-windows-tools.png similarity index 100% rename from windows/client-management/media/win11-windows-tools.png rename to windows/client-management/images/win11-windows-tools.png diff --git a/windows/client-management/images/windows-10-management-gp-intune-flow.png b/windows/client-management/images/windows-10-management-gp-intune-flow.png deleted file mode 100644 index c9e3f2ea31..0000000000 Binary files a/windows/client-management/images/windows-10-management-gp-intune-flow.png and /dev/null differ diff --git a/windows/client-management/images/winsearchbar.jpg b/windows/client-management/images/winsearchbar.jpg deleted file mode 100644 index 7f27bd8805..0000000000 Binary files a/windows/client-management/images/winsearchbar.jpg and /dev/null differ diff --git a/windows/client-management/images/winversnip.jpg b/windows/client-management/images/winversnip.jpg deleted file mode 100644 index c2f2be1bb2..0000000000 Binary files a/windows/client-management/images/winversnip.jpg and /dev/null differ diff --git a/windows/client-management/images/wiredautoconfig.png b/windows/client-management/images/wiredautoconfig.png deleted file mode 100644 index cede26ce74..0000000000 Binary files a/windows/client-management/images/wiredautoconfig.png and /dev/null differ diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/implement-server-side-mobile-application-management.md similarity index 86% rename from windows/client-management/mdm/implement-server-side-mobile-application-management.md rename to windows/client-management/implement-server-side-mobile-application-management.md index 9d71b7234b..84db62f27f 100644 --- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md +++ b/windows/client-management/implement-server-side-mobile-application-management.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/03/2022 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -57,7 +57,7 @@ MAM enrollment is based on the MAM extension of [[MS-MDE2] protocol](/openspecs/ Below are protocol changes for MAM enrollment:  - MDM discovery isn't supported. -- APPAUTH node in [DMAcc CSP](dmacc-csp.md) is optional. +- APPAUTH node in [DMAcc CSP](mdm/dmacc-csp.md) is optional. - MAM enrollment variation of [MS-MDE2] protocol doesn't support the client authentication certificate, and therefore doesn't support the [MS-XCEP] protocol. Servers must use an Azure AD token for client authentication during policy syncs. Policy sync sessions must be performed over one-way SSL using server certificate authentication. Here's an example provisioning XML for MAM enrollment. @@ -74,26 +74,26 @@ Here's an example provisioning XML for MAM enrollment. ``` -Since the [Poll](dmclient-csp.md#provider-providerid-poll) node isn’t provided above, the device would default to once every 24 hours. +Since the [Poll](mdm/dmclient-csp.md#provider-providerid-poll) node isn’t provided above, the device would default to once every 24 hours. ## Supported CSPs MAM on Windows supports the following configuration service providers (CSPs). All other CSPs will be blocked. Note the list may change later based on customer feedback: -- [AppLocker CSP](applocker-csp.md) for configuration of Windows Information Protection enterprise allowed apps. -- [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) for installing VPN and Wi-Fi certs. -- [DeviceStatus CSP](devicestatus-csp.md) required for Conditional Access support (starting with Windows 10, version 1703). -- [DevInfo CSP](devinfo-csp.md). -- [DMAcc CSP](dmacc-csp.md). -- [DMClient CSP](dmclient-csp.md) for polling schedules configuration and MDM discovery URL. -- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) has Windows Information Protection policies. -- [Health Attestation CSP](healthattestation-csp.md) required for Conditional Access support (starting with Windows 10, version 1703). -- [PassportForWork CSP](passportforwork-csp.md) for Windows Hello for Business PIN management. -- [Policy CSP](policy-configuration-service-provider.md) specifically for NetworkIsolation and DeviceLock areas. -- [Reporting CSP](reporting-csp.md) for retrieving Windows Information Protection logs. -- [RootCaTrustedCertificates CSP](rootcacertificates-csp.md). -- [VPNv2 CSP](vpnv2-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM. -- [WiFi CSP](wifi-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM. +- [AppLocker CSP](mdm/applocker-csp.md) for configuration of Windows Information Protection enterprise allowed apps. +- [ClientCertificateInstall CSP](mdm/clientcertificateinstall-csp.md) for installing VPN and Wi-Fi certs. +- [DeviceStatus CSP](mdm/devicestatus-csp.md) required for Conditional Access support (starting with Windows 10, version 1703). +- [DevInfo CSP](mdm/devinfo-csp.md). +- [DMAcc CSP](mdm/dmacc-csp.md). +- [DMClient CSP](mdm/dmclient-csp.md) for polling schedules configuration and MDM discovery URL. +- [EnterpriseDataProtection CSP](mdm/enterprisedataprotection-csp.md) has Windows Information Protection policies. +- [Health Attestation CSP](mdm/healthattestation-csp.md) required for Conditional Access support (starting with Windows 10, version 1703). +- [PassportForWork CSP](mdm/passportforwork-csp.md) for Windows Hello for Business PIN management. +- [Policy CSP](mdm/policy-configuration-service-provider.md) specifically for NetworkIsolation and DeviceLock areas. +- [Reporting CSP](mdm/reporting-csp.md) for retrieving Windows Information Protection logs. +- [RootCaTrustedCertificates CSP](mdm/rootcacertificates-csp.md). +- [VPNv2 CSP](mdm/vpnv2-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM. +- [WiFi CSP](mdm/wifi-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM. ## Device lock policies and EAS diff --git a/windows/client-management/index.yml b/windows/client-management/index.yml index 4dd2469b3f..acc76961f9 100644 --- a/windows/client-management/index.yml +++ b/windows/client-management/index.yml @@ -29,24 +29,53 @@ landingContent: linkLists: - linkListType: overview links: + - text: Mobile device management (MDM) overview + url: mdm-overview.md + - linkListType: concept + links: + - text: MDM for device updates + url: device-update-management.md + - text: Enterprise settings, policies, and app management + url: windows-mdm-enterprise-settings.md - text: Windows Tools/Administrative Tools url: administrative-tools-in-windows-10.md - text: Create mandatory user profiles url: mandatory-user-profile.md - - text: Mobile device management (MDM) - url: mdm/index.yml - - text: MDM for device updates - url: mdm/device-update-management.md - - text: Mobile device enrollment - url: mdm/mobile-device-enrollment.md - # Card (optional) - - title: CSP reference documentation + - title: Device enrollment linkLists: - linkListType: overview links: - - text: Configuration service provider reference - url: mdm/configuration-service-provider-reference.md + - text: Mobile device enrollment + url: mobile-device-enrollment.md + - linkListType: concept + links: + - text: Enroll Windows devices + url: mdm-enrollment-of-windows-devices.md + - text: Automatic enrollment using Azure AD + url: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md + - text: Automatic enrollment using group policy + url: enroll-a-windows-10-device-automatically-using-group-policy.md + - text: Bulk enrollment + url: bulk-enrollment-using-windows-provisioning-tool.md + + # Card (optional) + - title: Configuration service provider reference + linkLists: + - linkListType: overview + links: + - text: CSP reference + url: mdm/index.yml + - linkListType: concept + links: + - text: Understanding ADMX policies + url: understanding-admx-backed-policies.md + - text: WMI Bridge Provider + url: using-powershell-scripting-with-the-wmi-bridge-provider.md + - text: OMA DM protocol support + url: oma-dm-protocol-support.md + - linkListType: reference + links: - text: DynamicManagement CSP url: mdm/dynamicmanagement-csp.md - text: BitLocker CSP diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index 367392eba4..852166b3b1 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.date: 06/03/2022 author: vinaypamnani-msft ms.author: vinpa -ms.reviewer: +ms.reviewer: manager: aaroncz ms.topic: overview --- @@ -133,4 +133,4 @@ There are various steps you can take to begin the process of modernizing device - [What is Intune?](/mem/intune/fundamentals/what-is-intune) - [Windows 10 policy CSP](./mdm/policy-configuration-service-provider.md) -- [Windows 10 configuration service providers](./mdm/configuration-service-provider-reference.md) +- [Windows 10 configuration service providers](./mdm/index.yml) diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/management-tool-for-windows-store-for-business.md similarity index 100% rename from windows/client-management/mdm/management-tool-for-windows-store-for-business.md rename to windows/client-management/management-tool-for-windows-store-for-business.md diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm-enrollment-of-windows-devices.md similarity index 100% rename from windows/client-management/mdm/mdm-enrollment-of-windows-devices.md rename to windows/client-management/mdm-enrollment-of-windows-devices.md diff --git a/windows/client-management/mdm/mdm-overview.md b/windows/client-management/mdm-overview.md similarity index 95% rename from windows/client-management/mdm/mdm-overview.md rename to windows/client-management/mdm-overview.md index d0e376cd1f..bde99823e0 100644 --- a/windows/client-management/mdm/mdm-overview.md +++ b/windows/client-management/mdm-overview.md @@ -58,7 +58,6 @@ For information about the MDM policies defined in the Intune security baseline, - [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md) - [Enterprise app management](enterprise-app-management.md) - [Mobile device management (MDM) for device updates](device-update-management.md) -- [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md) - [OMA DM protocol support](oma-dm-protocol-support.md) - [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md) - [Server requirements for OMA DM](server-requirements-windows-mdm.md) @@ -66,7 +65,7 @@ For information about the MDM policies defined in the Intune security baseline, ## Learn about configuration service providers -- [Configuration service provider reference](configuration-service-provider-reference.md) - [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md) - [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md) - [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) +- [Configuration service provider reference](mdm/index.yml) diff --git a/windows/client-management/mdm/Language-pack-management-csp.md b/windows/client-management/mdm/Language-pack-management-csp.md index d4a2294c65..1fad640142 100644 --- a/windows/client-management/mdm/Language-pack-management-csp.md +++ b/windows/client-management/mdm/Language-pack-management-csp.md @@ -1,7 +1,7 @@ --- title: Language Pack Management CSP description: Language Pack Management CSP allows a direct way to provision language packs remotely in Windows 10. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -95,4 +95,4 @@ The Language Pack Management CSP allows a way to easily add languages and relate ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md index 03a75d8a7a..2f4b862917 100644 --- a/windows/client-management/mdm/accountmanagement-csp.md +++ b/windows/client-management/mdm/accountmanagement-csp.md @@ -7,11 +7,11 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 03/23/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- -# AccountManagement CSP +# AccountManagement CSP AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition. Added in Windows 10, version 1803. @@ -31,23 +31,23 @@ AccountManagement --------ProfileInactivityThreshold ``` -**./Vendor/MSFT/AccountManagement** +**./Vendor/MSFT/AccountManagement** Root node for the AccountManagement configuration service provider. -**UserProfileManagement** -Interior node. +**UserProfileManagement** +Interior node. -**UserProfileManagement/EnableProfileManager** +**UserProfileManagement/EnableProfileManager** Enable profile lifetime management for shared or communal device scenarios. Default value is false. Supported operations are Add, Get, Replace, and Delete. Value type is bool. -**UserProfileManagement/DeletionPolicy** +**UserProfileManagement/DeletionPolicy** Configures when profiles will be deleted. Default value is 1. -Valid values: +Valid values: - 0 - delete immediately when the device returns to a state with no currently active users - 1 - delete at storage capacity threshold @@ -57,25 +57,25 @@ Supported operations are Add, Get, Replace, and Delete. Value type is integer. -**UserProfileManagement/StorageCapacityStartDeletion** +**UserProfileManagement/StorageCapacityStartDeletion** Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first. Default value is 25. -Supported operations are Add, Get, Replace, and Delete. +Supported operations are Add, Get, Replace, and Delete. Value type is integer. -**UserProfileManagement/StorageCapacityStopDeletion** +**UserProfileManagement/StorageCapacityStopDeletion** Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles. Default value is 50. Supported operations are Add, Get, Replace, and Delete. Value type is integer. -**UserProfileManagement/ProfileInactivityThreshold** +**UserProfileManagement/ProfileInactivityThreshold** Start deleting profiles when they haven't been logged on during the specified period, given as number of days. Default value is 30. Supported operations are Add, Get, Replace, and Delete. Value type is integer. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md index d425503b6a..574ffb3f9c 100644 --- a/windows/client-management/mdm/accountmanagement-ddf.md +++ b/windows/client-management/mdm/accountmanagement-ddf.md @@ -7,11 +7,11 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 03/23/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- -# AccountManagement DDF file +# AccountManagement DDF file This topic shows the OMA DM device description framework (DDF) for the **AccountManagement** configuration service provider. diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md index 2623c3d235..4652e369d2 100644 --- a/windows/client-management/mdm/accounts-csp.md +++ b/windows/client-management/mdm/accounts-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 03/27/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -39,13 +39,13 @@ Accounts ------------LocalUserGroup ``` -**./Device/Vendor/MSFT/Accounts** +**./Device/Vendor/MSFT/Accounts** Root node. -**Domain** +**Domain** Interior node for the account domain information. -**Domain/ComputerName** +**Domain/ComputerName** This node specifies the DNS hostname for a device. This setting can be managed remotely, but this remote management isn't supported for devices hybrid joined to Azure Active Directory and an on-premises Active directory. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 15 characters. Available naming macros: @@ -63,23 +63,23 @@ Supported operation is Add. > [!Note] > For desktop PCs on Windows 10, version 2004 or later, use the **Ext/Microsoft/DNSComputerName** node in [DevDetail CSP](devdetail-csp.md). -**Users** +**Users** Interior node for the user account information. -**Users/_UserName_** +**Users/_UserName_** This node specifies the username for a new local user account. This setting can be managed remotely. -**Users/_UserName_/Password** +**Users/_UserName_/Password** This node specifies the password for a new local user account. This setting can be managed remotely. Supported operation is Add. GET operation isn't supported. This setting will report as failed when deployed from the Endpoint Manager. -**Users/_UserName_/LocalUserGroup** +**Users/_UserName_/LocalUserGroup** This optional node specifies the local user group that a local user account should be joined to. If the node isn't set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely. Supported operation is Add. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md index b2bffb3a42..857fa1941e 100644 --- a/windows/client-management/mdm/accounts-ddf-file.md +++ b/windows/client-management/mdm/accounts-ddf-file.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 04/17/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -42,7 +42,7 @@ The XML below is for Windows 10, version 1803 and later. - com.microsoft/1.0/MDM/Accounts + com.microsoft/1.0/MDM/Accounts diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md index d174729230..c696e1c149 100644 --- a/windows/client-management/mdm/activesync-csp.md +++ b/windows/client-management/mdm/activesync-csp.md @@ -1,7 +1,7 @@ --- title: ActiveSync CSP description: Learn how the ActiveSync configuration service provider is used to set up and change settings for Exchange ActiveSync. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -69,7 +69,7 @@ ActiveSync ``` -**./User/Vendor/MSFT/ActiveSync** +**./User/Vendor/MSFT/ActiveSync** The root node for the ActiveSync configuration service provider. > [!NOTE] @@ -81,12 +81,12 @@ The `./Vendor/MSFT/ActiveSync` path is deprecated, but will continue to work in The supported operation is Get. -**Accounts** +**Accounts** The root node for all ActiveSync accounts. The supported operation is Get. -***Account GUID*** +***Account GUID*** Defines a specific ActiveSync account. A globally unique identifier (GUID) must be generated for each ActiveSync account on the device. Supported operations are Get, Add, and Delete. @@ -109,63 +109,63 @@ For OMA DM, you must use the ASCII values of %7B and %7D for the opening and clo ``` -***Account GUID*/EmailAddress** +***Account GUID*/EmailAddress** Required. A character string that specifies the email address associated with the Exchange ActiveSync account. Supported operations are Get, Replace, and Add (can't Add after the account is created). This email address is entered by the user during setup and must be in the fully qualified email address format, for example, "someone@example.com". -***Account GUID*/Domain** +***Account GUID*/Domain** Optional for Exchange. Specifies the domain name of the Exchange server. Supported operations are Get, Replace, Add, and Delete. -***Account GUID*/AccountIcon** +***Account GUID*/AccountIcon** Required. A character string that specifies the location of the icon associated with the account. Supported operations are Get, Replace, and Add (can't Add after the account is created). The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings > email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added if desired. -***Account GUID*/AccountType** +***Account GUID*/AccountType** Required. A character string that specifies the account type. Supported operations are Get and Add (can't Add after the account is created). This value is entered during setup and can't be modified once entered. An Exchange account is indicated by the string value "Exchange". -***Account GUID*/AccountName** +***Account GUID*/AccountName** Required. A character string that specifies the name that refers to the account on the device. Supported operations are Get, Replace, and Add (can't Add after the account is created). -***Account GUID*/Password** +***Account GUID*/Password** Required. A character string that specifies the password for the account. Supported operations are Get, Replace, Add, and Delete. For the Get command, only asterisks are returned. -***Account GUID*/ServerName** +***Account GUID*/ServerName** Required. A character string that specifies the server name used by the account. Supported operations are Get, Replace, and Add (can't Add after the account is created). -***Account GUID*/UserName** +***Account GUID*/UserName** Required. A character string that specifies the user name for the account. Supported operations are Get, and Add (can't Add after the account is created). The user name can't be changed after a sync has been successfully performed. The user name can be in the fully qualified format "someone@example.com", or just "username", depending on the type of account created. For most Exchange accounts, the user name format is just "username", whereas for Microsoft, Google, Yahoo, and most POP/IMAP accounts, the user name format is "someone@example.com". -**Options** +**Options** Node for other parameters. -**Options/CalendarAgeFilter** +**Options/CalendarAgeFilter** Specifies the time window used for syncing calendar items to the device. Value type is chr. -**Options/Logging** +**Options/Logging** Required. A character string that specifies whether diagnostic logging is enabled and at what level. The default is 0 (disabled). Supported operations are Get, Replace, and Add (can't Add after the account is created). @@ -180,7 +180,7 @@ Valid values are any of the following values: Logging is set to off by default. The user might be asked to set this logging to Basic or Advanced when having a sync issue that customer support is investigating. Setting the logging level to Advanced has more of a performance impact than Basic. -**Options/MailBodyType** +**Options/MailBodyType** Indicates the email format. Valid values: - 0 - none @@ -189,13 +189,13 @@ Indicates the email format. Valid values: - 3 - RTF - 4 - MIME -**Options/MailHTMLTruncation** +**Options/MailHTMLTruncation** Specifies the size beyond which HTML-formatted email messages are truncated when they're synchronized to the mobile device. The value is specified in KB. A value of -1 disables truncation. -**Options/MailPlainTextTruncation** +**Options/MailPlainTextTruncation** This setting specifies the size beyond which text-formatted e-mail messages are truncated when they're synchronized to the mobile phone. The value is specified in KB. A value of -1 disables truncation. -**Options/UseSSL** +**Options/UseSSL** Optional. A character string that specifies whether SSL is used. Supported operations are Get, Replace, and Add (can't Add after the account is created). @@ -206,7 +206,7 @@ Valid values are: - 1 (default) - SSL is used. -**Options/Schedule** +**Options/Schedule** Required. A character string that specifies the time until the next sync is performed, in minutes. The default value is -1. Supported operations are Get and Replace. @@ -223,7 +223,7 @@ Valid values are any of the following values: - 60 - Sync every 60 minutes -**Options/MailAgeFilter** +**Options/MailAgeFilter** Required. A character string that specifies the time window used for syncing email items to the device. The default value is 3. Supported operations are Get and Replace. @@ -240,7 +240,7 @@ Valid values are any of the following values: - 5 – Email up to a month old is synced to the device. -**Options/ContentTypes/***Content Type GUID* +**Options/ContentTypes/***Content Type GUID* Defines the type of content to be individually enabled/disabled for sync. The *GUID* values allowed are any of the following values: @@ -253,7 +253,7 @@ The *GUID* values allowed are any of the following values: - Tasks: "{783ae4f6-4c12-4423-8270-66361260d4f1}" -**Options/ContentTypes/*Content Type GUID*/Enabled** +**Options/ContentTypes/*Content Type GUID*/Enabled** Required. A character string that specifies whether sync is enabled or disabled for the selected content type. The default is "1" (enabled). Supported operations are Get, Replace, and Add (can't Add after the account is created). @@ -263,7 +263,7 @@ Valid values are any of the following values: - 0 - Sync for email, contacts, calendar, or tasks are disabled. - 1 (default) - Sync is enabled. -**Options/ContentTypes/*Content Type GUID*/Name** +**Options/ContentTypes/*Content Type GUID*/Name** Required. A character string that specifies the name of the content type. > [!NOTE] @@ -273,28 +273,28 @@ Supported operations are Get, Replace, and Add (can't Add after the account is c When you use Add or Replace inside an atomic block in the SyncML, the CSP returns an error and provisioning fails. When you use Add or Replace outside of the atomic block, the error is ignored and the account is provisioned as expected. -**Policies** +**Policies** Node for mail body type and email age filter. -**Policies/MailBodyType** +**Policies/MailBodyType** Required. Specifies the email body type: HTML or plain. Value type is string. Supported operations are Add, Get, Replace, and Delete. -**Policies/MaxMailAgeFilter** +**Policies/MaxMailAgeFilter** Required. Specifies the time window used for syncing mail items to the device. Value type is string. Supported operations are Add, Get, Replace, and Delete. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) - - - - +[Configuration service provider reference](index.yml) + + + + diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md index 323fc038e9..f262c0f82b 100644 --- a/windows/client-management/mdm/activesync-ddf-file.md +++ b/windows/client-management/mdm/activesync-ddf-file.md @@ -1,7 +1,7 @@ --- title: ActiveSync DDF file description: Learn about the OMA DM device description framework (DDF) for the ActiveSync configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **ActiveSync** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md index e8aab159fb..d5a192201a 100644 --- a/windows/client-management/mdm/alljoynmanagement-csp.md +++ b/windows/client-management/mdm/alljoynmanagement-csp.md @@ -1,7 +1,7 @@ --- title: AllJoynManagement CSP description: The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -164,9 +164,9 @@ Get the firewall PrivateProfile ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) - - +[Configuration service provider reference](index.yml) + + diff --git a/windows/client-management/mdm/alljoynmanagement-ddf.md b/windows/client-management/mdm/alljoynmanagement-ddf.md index edc188feac..50808f780e 100644 --- a/windows/client-management/mdm/alljoynmanagement-ddf.md +++ b/windows/client-management/mdm/alljoynmanagement-ddf.md @@ -1,7 +1,7 @@ --- title: AllJoynManagement DDF description: Learn the OMA DM device description framework (DDF) for the AllJoynManagement configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **AllJoynManagement** configuration service provider. This CSP was added in Windows 10, version 1511. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). ```xml @@ -93,7 +93,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic - The set of Ports that this AllJoyn Object uses to communicate configuration settings through. + The set of Ports that this AllJoyn Object uses to communicate configuration settings through. Typically, only one port is used for communication, but it is possible that additional ports may be specified. @@ -186,7 +186,7 @@ For example an AllJoyn Bridge with the Microsoft specific AllJoyn Configuration - This is the Credential Store. An Administrator can set credentials for each AllJoyn device that requires authentication at this node. + This is the Credential Store. An Administrator can set credentials for each AllJoyn device that requires authentication at this node. If a SYNCML request arrives in the CSP to replace or query a configuration item on an AllJoyn Object that requires authentication, then the CSP will use the Credentials stored here during the authentication phase. diff --git a/windows/client-management/mdm/application-csp.md b/windows/client-management/mdm/application-csp.md index 466550a3e5..534477045d 100644 --- a/windows/client-management/mdm/application-csp.md +++ b/windows/client-management/mdm/application-csp.md @@ -1,7 +1,7 @@ --- title: APPLICATION CSP description: Learn how the APPLICATION configuration service provider is used to configure an application transport using Open Mobile Alliance (OMA) Client Provisioning. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -40,5 +40,5 @@ For the device to decode correctly, provisioning XML that contains the APPLICATI ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md index 62648efd94..fccbf5a409 100644 --- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md +++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md @@ -13,7 +13,7 @@ ms.date: 07/10/2019 This topic shows the OMA DM device description framework (DDF) for the **ApplicationControl** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). ```xml diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index e587cf8a3c..fbfd3ea62f 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -55,22 +55,22 @@ ApplicationControl ----DeviceID ``` -**./Vendor/MSFT/ApplicationControl** +**./Vendor/MSFT/ApplicationControl** Defines the root node for the ApplicationControl CSP. Scope is permanent. Supported operation is Get. -**ApplicationControl/Policies** +**ApplicationControl/Policies** An interior node that contains all the policies, each identified by their globally unique identifier (GUID). Scope is permanent. Supported operation is Get. -**ApplicationControl/Policies/_Policy GUID_** +**ApplicationControl/Policies/_Policy GUID_** The ApplicationControl CSP enforces that the "ID" segment of a given policy URI is the same GUID as the policy ID in the policy blob. Each *Policy GUID* node contains a Policy node and a corresponding PolicyInfo node. Scope is dynamic. Supported operation is Get. -**ApplicationControl/Policies/_Policy GUID_/Policy** +**ApplicationControl/Policies/_Policy GUID_/Policy** This node is the policy binary itself, which is encoded as base64. Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. @@ -79,19 +79,19 @@ Value type is b64. Supported value is a binary file, converted from the policy X Default value is empty. -**ApplicationControl/Policies/_Policy GUID_/PolicyInfo** +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo** An interior node that contains the nodes that describe the policy indicated by the GUID. Scope is dynamic. Supported operation is Get. -**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version** +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version** This node provides the version of the policy indicated by the GUID. Stored as a string, but when parsing uses a uint64 as the containing data type. Scope is dynamic. Supported operation is Get. Value type is char. -**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective** +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective** This node specifies whether a policy is loaded by the enforcement engine and is in effect on a system. Scope is dynamic. Supported operation is Get. @@ -101,7 +101,7 @@ Value type is bool. Supported values are as follows: - True—Indicates that the policy is loaded by the enforcement engine and is in effect on a system. - False—Indicates that the policy isn't loaded by the enforcement engine and isn't in effect on a system. This value is the default value. -**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed** +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed** This node specifies whether a policy is deployed on the system and is present on the physical machine. Scope is dynamic. Supported operation is Get. @@ -111,7 +111,7 @@ Value type is bool. Supported values are as follows: - True—Indicates that the policy is deployed on the system and is present on the physical machine. - False—Indicates that the policy isn't deployed on the system and isn't present on the physical machine. This value is the default value. -**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized** +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized** This node specifies whether the policy is authorized to be loaded by the enforcement engine on the system. If not authorized, a policy can't take effect on the system. Scope is dynamic. Supported operation is Get. @@ -136,21 +136,21 @@ The following table provides the result of this policy based on different values \* denotes a valid intermediary state; however, if an MDM transaction results in this state configuration, the `END_COMMAND_PROCESSING` will result in a fail. -**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status** +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status** This node specifies whether the deployment of the policy indicated by the GUID was successful. Scope is dynamic. Supported operation is Get. Value type is integer. Default value is 0 = OK. -**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName** +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName** This node provides the friendly name of the policy indicated by the policy GUID. Scope is dynamic. Supported operation is Get. Value type is char. -## Microsoft Endpoint Manager Intune Usage Guidance +## Microsoft Endpoint Manager Intune Usage Guidance For customers using Intune standalone or hybrid management with Microsoft Endpoint Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune). @@ -301,7 +301,7 @@ An example of Delete command is: ## PowerShell and WMI Bridge Usage Guidance -The ApplicationControl CSP can also be managed locally from PowerShell or via Configuration Manager's task sequence scripting by using the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md). +The ApplicationControl CSP can also be managed locally from PowerShell or via Configuration Manager's task sequence scripting by using the [WMI Bridge Provider](../using-powershell-scripting-with-the-wmi-bridge-provider.md). ### Setup for using the WMI Bridge @@ -331,4 +331,4 @@ Get-CimInstance -Namespace $namespace -ClassName $policyClassName ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](index.yml) \ No newline at end of file diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index abccc814e8..7b723a1a61 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -1,7 +1,7 @@ --- title: AppLocker CSP description: Learn how the AppLocker configuration service provider is used to specify which applications are allowed or disallowed. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -75,10 +75,10 @@ AppLocker ----------------Policy ----------------EnforcementMode ``` -**./Vendor/MSFT/AppLocker** +**./Vendor/MSFT/AppLocker** Defines the root node for the AppLocker configuration service provider. -**AppLocker/ApplicationLaunchRestrictions** +**AppLocker/ApplicationLaunchRestrictions** Defines restrictions for applications. > [!NOTE] @@ -89,123 +89,123 @@ Defines restrictions for applications. > [!NOTE] > The AppLocker CSP will schedule a reboot when a policy is applied or when a deletion occurs using the AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy URI. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_** Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it's to determine what their purpose is, and to not conflict with other identifiers that they define. Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE** Defines restrictions for launching executable applications. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/Policy** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/Policy** Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. Data type is string. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/EnforcementMode** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/EnforcementMode** The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). The data type is a string. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/NonInteractiveProcessEnforcement** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/NonInteractiveProcessEnforcement** The data type is a string. Supported operations are Add, Delete, Get, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI** Defines restrictions for executing Windows Installer files. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/Policy** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/Policy** Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. -Data type is string. +Data type is string. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/EnforcementMode** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/EnforcementMode** The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). -The data type is a string. +The data type is a string. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script** Defines restrictions for running scripts. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/Policy** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/Policy** Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. -Data type is string. +Data type is string. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/EnforcementMode** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/EnforcementMode** The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). The data type is a string. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps** Defines restrictions for running apps from the Microsoft Store. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/Policy** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/Policy** Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. Data type is string. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/EnforcementMode** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/EnforcementMode** The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). The data type is a string. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL** Defines restrictions for processing DLL files. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/Policy** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/Policy** Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. Data type is string. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/EnforcementMode** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/EnforcementMode** The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). The data type is a string. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/NonInteractiveProcessEnforcement** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/NonInteractiveProcessEnforcement** The data type is a string. Supported operations are Add, Delete, Get, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity** -This node is only supported on the desktop. +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity** +This node is only supported on the desktop. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy** Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. Data type is Base64. @@ -215,7 +215,7 @@ Supported operations are Get, Add, Delete, and Replace. > [!NOTE] > To use Code Integrity Policy, you first need to convert the policies to binary format using the `ConvertFrom-CIPolicy` cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)) command line tool) and added to the Applocker-CSP. -**AppLocker/EnterpriseDataProtection** +**AppLocker/EnterpriseDataProtection** Captures the list of apps that are allowed to handle enterprise data. Should be used with the settings in **./Device/Vendor/MSFT/EnterpriseDataProtection** in [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md). In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. Exempt applications can also access enterprise data, but the data handled by those applications aren't protected. This is because some critical enterprise applications may have compatibility problems with encrypted data. @@ -239,30 +239,30 @@ Additional information: - [Recommended blocklist for Windows Information Protection](#recommended-blocklist-for-windows-information-protection) - example for Windows 10, version 1607 that denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. This prevention ensures an administrator doesn't accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications. -**AppLocker/EnterpriseDataProtection/_Grouping_** +**AppLocker/EnterpriseDataProtection/_Grouping_** Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it's to determine what their purpose is, and to not conflict with other identifiers that they define. Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/EnterpriseDataProtection/_Grouping_/EXE** +**AppLocker/EnterpriseDataProtection/_Grouping_/EXE** Defines restrictions for launching executable applications. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/EnterpriseDataProtection/_Grouping_/EXE/Policy** +**AppLocker/EnterpriseDataProtection/_Grouping_/EXE/Policy** Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. -Data type is string. +Data type is string. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps** +**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps** Defines restrictions for running apps from the Microsoft Store. Supported operations are Get, Add, Delete, and Replace. -**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps/Policy** +**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps/Policy** Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. Data type is string. @@ -1350,7 +1350,7 @@ In this example, Contoso is the node name. We recommend using a GUID for this no - + @@ -1467,4 +1467,4 @@ In this example, Contoso is the node name. We recommend using a GUID for this no ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md index 30adaa5b15..b0fe07ddc8 100644 --- a/windows/client-management/mdm/applocker-ddf-file.md +++ b/windows/client-management/mdm/applocker-ddf-file.md @@ -1,7 +1,7 @@ --- title: AppLocker DDF file description: Learn about the OMA DM device description framework (DDF) for the AppLocker DDF file configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **AppLocker** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). ```xml diff --git a/windows/client-management/mdm/applocker-xsd.md b/windows/client-management/mdm/applocker-xsd.md index 4c9943e332..a49de5a7aa 100644 --- a/windows/client-management/mdm/applocker-xsd.md +++ b/windows/client-management/mdm/applocker-xsd.md @@ -1,7 +1,7 @@ --- title: AppLocker XSD description: View the XSD for the AppLocker CSP. The AppLocker CSP XSD provides an example of how the schema is organized. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -16,1267 +16,1267 @@ ms.date: 06/26/2017 Here's the XSD for the AppLocker CSP. ```xml - + - + version="1.0"> - - - + - + - - type="PolicyType"> + + type="PolicyType"> - + - + - + - + - + - + - + - + - + - - - + - + - + - - type="RuleCollectionType" + - minOccurs="0" + + type="RuleCollectionType" - + minOccurs="0" - - type="PolicyExtensionsType" + - minOccurs="0" + + type="PolicyExtensionsType" - + minOccurs="0" - + maxOccurs="1"> - - type="PolicyVersionType" + - use="required"/> + + type="PolicyVersionType" - + use="required"/> - + - - - + - + - + - + - + - + - + - - - + - - maxOccurs="unbounded"> + - - type="FilePublisherRuleType" + - minOccurs="0" + + maxOccurs="unbounded"> - + - maxOccurs="unbounded"> + - + - maxOccurs="unbounded"> + - + + type="FileHashRuleType" - - minOccurs="0" + - maxOccurs="1"> + - + + type="RuleCollectionExtensionsType" - - use="required"/> + - - type="EnforcementModeType" + + type="xs:string" - + use="required"/> - + + type="EnforcementModeType" - + use="optional"/> - + - - - - type="ThresholdPolicyExtensionsType" + - minOccurs="1" + - maxOccurs="1" /> + - - minOccurs="0" + + type="ThresholdPolicyExtensionsType" - + minOccurs="1" - + maxOccurs="1" /> - + + minOccurs="0" - + maxOccurs="unbounded" /> - + - + - - - minOccurs="1" + - maxOccurs="1"> + - + - + - + - + - + - + + minOccurs="0" - + maxOccurs="unbounded" /> - + - + - - - + - + - + - + - + - + - + - + - + - - type="FilePublisherRuleConditionsType" - minOccurs="1" - maxOccurs="1" /> + - - type="FilePublisherRuleExceptionsType" + - minOccurs="0" + - maxOccurs="1" /> + - + + type="FilePublisherRuleConditionsType" - + minOccurs="1" - + maxOccurs="1" /> - + + type="FilePublisherRuleExceptionsType" - + minOccurs="0" - + maxOccurs="1" /> - + - - type="FilePathRuleConditionsType" + - minOccurs="1" - maxOccurs="1" /> - - type="FilePathRuleExceptionsType" + - minOccurs="0" + - maxOccurs="1" /> + - + - + + type="FilePathRuleConditionsType" - + minOccurs="1" - + maxOccurs="1" /> - + + type="FilePathRuleExceptionsType" - + minOccurs="0" - + maxOccurs="1" /> - - type="FileHashRuleConditionsType" + - minOccurs="1" + - maxOccurs="1" /> - - + - + - + - + - + - + + type="FileHashRuleConditionsType" - + minOccurs="1" - - type="FilePublisherConditionType" + - minOccurs="1" + - maxOccurs="1"/> + - - - + - + - + - + - + - + + minOccurs="1" - - type="FilePublisherConditionType" + - minOccurs="0" + - maxOccurs="unbounded"/> - - minOccurs="0" + - maxOccurs="unbounded"/> + - - type="FileHashConditionType" + - minOccurs="0" + + maxOccurs="unbounded"> - + + type="FilePublisherConditionType" - + minOccurs="0" - + maxOccurs="unbounded"/> - + + type="FilePathConditionType" - + minOccurs="0" - + maxOccurs="unbounded"/> - + - maxOccurs="1"/> + - + - + - - - + - + - + - + - - maxOccurs="unbounded"> + - maxOccurs="unbounded"/> + - - type="FilePublisherConditionType" - minOccurs="0" - maxOccurs="unbounded"/> + - - type="FileHashConditionType" + - minOccurs="0" + - maxOccurs="unbounded"/> + - + + maxOccurs="unbounded"> - + + minOccurs="0" - + maxOccurs="unbounded"/> - + + type="FilePublisherConditionType" - + minOccurs="0" - - type="FileHashConditionType" + + minOccurs="0" - + maxOccurs="unbounded"/> - + - + - + - - - + - - type="GuidType" + - use="required"/> + - - type="RuleNameType" + + type="FileHashConditionType" - - use="required"/> + - - type="SidType" - use="required"/> - - type="RuleActionType" + - use="required"/> + - + - + + type="GuidType" - + use="required"/> - + + type="RuleNameType" - + use="required"/> - + + type="RuleDescriptionType" - + use="required"/> - + + use="required"/> - + + type="RuleActionType" - + use="required"/> - + - - - + - + - + - + - + - + - + - + - + - - - + - + - + - + - + - + - + - - type="FileVersionRangeType" + - minOccurs="1" - maxOccurs="1" /> - + - - type="PublisherNameType" + - use="required"/> + - - type="ProductNameType" + - use="required"/> + - - type="BinaryNameType" + - use="required"/> - - + - + - + - + - + - + + type="FileVersionRangeType" - + minOccurs="1" - + maxOccurs="1" /> - + - + + type="PublisherNameType" - + use="required"/> - + + type="ProductNameType" - + use="required"/> - + + use="required"/> - + - - - + - + - + - + - + - + - + - + - + - - type="FileVersionType" + - use="required"/> + - + - + - + - - - + - + - + - + - + - + - + - - - + - + - + - + - + + type="FileVersionType" - + use="required"/> - + + type="FileVersionType" - + use="required"/> - + - - - + - + - + - + - - type="FilePathType" + - use="required"/> - - + - + - + - + - + - + - + - + - - - + - + - + - + - + - + - - type="FileHashType" + - minOccurs="1" - maxOccurs="unbounded"/> - + - + - + - + - + + type="FilePathType" - + use="required"/> - - type="HashType" - use="required"/> - - type="HashDataType" + - use="required"/> + - - type="xs:string" + - use="optional"/> + - - type="xs:integer" + - use="optional"/> + - - - + - + - + - + - + - + + type="FileHashType" - + minOccurs="1" - + maxOccurs="unbounded"/> - + - + - - - + - + - + - + - + + type="HashType" - + use="required"/> - + + type="HashDataType" - + use="required"/> - + + type="xs:string" - + use="optional"/> - + + type="xs:integer" - + use="optional"/> - + - - - + - + - + - + - + - + - + - + - + - + - - - + - + - + - + - + - + - - - use="required"/> + - + - + - + - - - + - + - - type="ServicesType" + - minOccurs="0" + - maxOccurs="1" /> - - + - + - + - + - + - - - - type="PluginsType" + - minOccurs="0" + - maxOccurs="1" /> + - + - + - + - + - + - - type="PluginType" - minOccurs="0" - maxOccurs="unbounded" /> + - + - + - + - + + type="ServicesEnforcementModeType" - - type="ExecutionCategoriesType" + - minOccurs="1" - maxOccurs="1" /> - + - + - + - + - + - + + type="ServicesType" - - minOccurs="1" + - maxOccurs="unbounded" /> + - - - + - + - + - - type="PluginPoliciesType" + - minOccurs="0" + + type="PluginsType" - + minOccurs="0" - - type="GuidType" /> + - - type="AttributeListType" - use="optional" /> - + - + - + + type="PluginType" - + minOccurs="0" - + maxOccurs="unbounded" /> - + - + - - - + - + - + + minOccurs="1" - + maxOccurs="1" /> - - type="PluginPolicyType" + - minOccurs="0" + - maxOccurs="unbounded" /> + - - - + - + - + type="ExecutionCategoryType" - + minOccurs="1" - + maxOccurs="unbounded" /> - + - + - - - + - + - + + type="PluginPoliciesType" - + minOccurs="0" - + maxOccurs="1" /> - + - + + type="GuidType" /> - + + type="AttributeListType" - + use="optional" /> - + - - - + - + - + - - - + - + - + - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - ``` diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index c0085b11e0..788379dddb 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -1,7 +1,7 @@ --- title: AssignedAccess CSP description: The AssignedAccess configuration service provider (CSP) is used set the device to run in kiosk mode. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -45,7 +45,7 @@ The following example shows the AssignedAccess configuration service provider in ./Vendor/MSFT AssignedAccess ----KioskModeApp -----Configuration (Added in Windows 10, version 1709) +----Configuration (Added in Windows 10, version 1709) ----Status (Added in Windows 10, version 1803) ----ShellLauncher (Added in Windows 10, version 1803) ----StatusConfiguration (Added in Windows 10, version 1803) @@ -67,7 +67,7 @@ For more information, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Educ > [!Note] > You can't set both KioskModeApp and ShellLauncher at the same time on the device. -Starting in Windows 10, version 1607, you can use a provisioned app to configure the kiosk mode. For more information about how to remotely provision an app, see [Enterprise app management](enterprise-app-management.md). +Starting in Windows 10, version 1607, you can use a provisioned app to configure the kiosk mode. For more information about how to remotely provision an app, see [Enterprise app management](../enterprise-app-management.md). Here's an example: @@ -358,7 +358,7 @@ The schema below is for AssignedAccess Configuration up to Windows 10 20H2 relea - + @@ -533,7 +533,7 @@ Schema for Windows 10 prerelease - + @@ -1090,7 +1090,7 @@ Status Get ## ShellLauncherConfiguration XSD -Shell Launcher V2 uses a separate XSD and namespace for backward compatibility. The original V1 XSD has a reference to the V2 XSD. +Shell Launcher V2 uses a separate XSD and namespace for backward compatibility. The original V1 XSD has a reference to the V2 XSD. ```xml @@ -1420,12 +1420,12 @@ ShellLauncher V2 Add - - - - - - + + + + + + @@ -1597,4 +1597,4 @@ This example configures the following apps: Skype, Learning, Feedback Hub, and C ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md index 36b3670dac..9bfd832c7c 100644 --- a/windows/client-management/mdm/assignedaccess-ddf.md +++ b/windows/client-management/mdm/assignedaccess-ddf.md @@ -1,7 +1,7 @@ --- title: AssignedAccess DDF description: Learn how the OMA DM device description framework (DDF) for the AssignedAccess configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 1334adc13d..81943c2b4e 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 02/04/2022 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.collection: highpri --- @@ -19,7 +19,7 @@ The BitLocker configuration service provider (CSP) is used by the enterprise to > [!NOTE] > Settings are enforced only at the time encryption is started. Encryption isn't restarted with settings changes. -> +> > You must send all the settings together in a single SyncML to be effective. A `Get` operation on any of the settings, except for `RequireDeviceEncryption` and `RequireStorageCardEncryption`, returns the setting configured by the admin. @@ -61,13 +61,13 @@ BitLocker ``` > [!TIP] -> Some of the policies here are ADMX-backed policies. For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md). +> Some of the policies here are ADMX-backed policies. For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](../enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). -**./Device/Vendor/MSFT/BitLocker** +**./Device/Vendor/MSFT/BitLocker** Defines the root node for the BitLocker configuration service provider. -**RequireDeviceEncryption** +**RequireDeviceEncryption** Allows the administrator to require encryption that needs to be turned on by using BitLocker\Device Encryption. @@ -100,7 +100,7 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix The following list shows the supported values: - 0 (default): Disable. If the policy setting isn't set or is set to 0, the device's enforcement status isn't checked. The policy doesn't enforce encryption and it doesn't decrypt encrypted volumes. -- 1: Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy). +- 1: Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy). If you want to disable this policy, use the following SyncML: @@ -120,7 +120,7 @@ If you want to disable this policy, use the following SyncML: - + ``` > [!NOTE] @@ -178,9 +178,9 @@ If you disable or don't configure this policy setting, BitLocker will use the de - 7 = XTS-AES 256 > [!NOTE] -> When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status. +> When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status. - If you want to disable this policy, use the following SyncML: + If you want to disable this policy, use the following SyncML: ```xml @@ -202,7 +202,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. -**IdentificationField** +**IdentificationField** Allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. @@ -260,7 +260,7 @@ If you disable or don't configure this setting, the identification field isn't r -**SystemDrivesEnablePreBootPinExceptionOnDECapableDevice** +**SystemDrivesEnablePreBootPinExceptionOnDECapableDevice** Allows users on devices that are compliant with InstantGo or the Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for preboot authentication. @@ -300,7 +300,7 @@ If this policy is disabled, the options of "Require additional authentication at -**SystemDrivesEnhancedPIN** +**SystemDrivesEnhancedPIN** Allows users to configure whether or not enhanced startup PINs are used with BitLocker. @@ -343,7 +343,7 @@ If you disable or don't configure this policy setting, enhanced PINs won't be us -**SystemDrivesDisallowStandardUsersCanChangePIN** +**SystemDrivesDisallowStandardUsersCanChangePIN** Allows you to configure whether standard users are allowed to change BitLocker PIN or password that is used to protect the operating system drive. @@ -386,7 +386,7 @@ Sample value for this node to disable this policy is: -**SystemDrivesEnablePrebootInputProtectorsOnSlates** +**SystemDrivesEnablePrebootInputProtectorsOnSlates** Allows users to enable authentication options that require user input from the preboot environment, even if the platform indicates a lack of preboot input capability. @@ -436,7 +436,7 @@ When the Windows Recovery Environment isn't enabled and this policy isn't enable -**SystemDrivesEncryptionType** +**SystemDrivesEncryptionType** Allows you to configure the encryption type that is used by BitLocker. @@ -477,14 +477,14 @@ Sample value for this node to enable this policy is: If this policy is disabled, the BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker. >[!Note] ->This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method. +>This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method. >For example, when a drive that's using Used Space Only encryption is expanded, the new free space isn't wiped as it would be for a drive that uses Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: `manage-bde -w`. If the volume is shrunk, no action is taken for the new free space. For more information about the tool to manage BitLocker, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde). -**SystemDrivesRequireStartupAuthentication** +**SystemDrivesRequireStartupAuthentication** This setting is a direct mapping to the BitLocker Group Policy "Require additional authentication at startup". @@ -529,7 +529,7 @@ If you disable or don't configure this setting, users can configure only basic o > [!NOTE] > If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard. -> [!NOTE] +> [!NOTE] > Devices that pass Hardware Security Testability Specification (HSTI) validation or Modern Standby devices won't be able to configure a Startup PIN using this CSP. Users are required to manually configure the PIN. Sample value for this node to enable this policy is: @@ -576,13 +576,13 @@ Disabling the policy will let the system choose the default behaviors. If you wa ``` -Data type is string. +Data type is string. Supported operations are Add, Get, Replace, and Delete. -**SystemDrivesMinimumPINLength** +**SystemDrivesMinimumPINLength** This setting is a direct mapping to the BitLocker Group Policy "Configure minimum PIN length for startup". @@ -611,7 +611,7 @@ ADMX Info: This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of six digits and can have a maximum length of 20 digits. > [!NOTE] -> In Windows 10, version 1703 release B, you can use a minimum PIN length of 4 digits. +> In Windows 10, version 1703 release B, you can use a minimum PIN length of 4 digits. > >In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This doesn't apply to TPM 1.2. @@ -642,13 +642,13 @@ Disabling the policy will let the system choose the default behaviors. If you wa ``` -Data type is string. +Data type is string. Supported operations are Add, Get, Replace, and Delete. -**SystemDrivesRecoveryMessage** +**SystemDrivesRecoveryMessage** This setting is a direct mapping to the BitLocker Group Policy "Configure pre-boot recovery message and URL" (PrebootRecoveryInfo_Name). @@ -721,12 +721,12 @@ Disabling the policy will let the system choose the default behaviors. If you w > [!NOTE] > Not all characters and languages are supported in pre-boot. It's strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen. -Data type is string. +Data type is string. Supported operations are Add, Get, Replace, and Delete. -**SystemDrivesRecoveryOptions** +**SystemDrivesRecoveryOptions** This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name). @@ -777,18 +777,18 @@ Sample value for this node to enable this policy is: ``` -The possible values for 'xx' are: +The possible values for 'xx' are: - true = Explicitly allow - false = Policy not set -The possible values for 'yy' are: +The possible values for 'yy' are: - 2 = Allowed - 1 = Required - 0 = Disallowed -The possible values for 'zz' are: +The possible values for 'zz' are: - 2 = Store recovery passwords only. - 1 = Store recovery passwords and key packages. @@ -810,12 +810,12 @@ Disabling the policy will let the system choose the default behaviors. If you wa ``` -Data type is string. +Data type is string. Supported operations are Add, Get, Replace, and Delete. -**FixedDrivesRecoveryOptions** +**FixedDrivesRecoveryOptions** This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" (). @@ -902,12 +902,12 @@ Disabling the policy will let the system choose the default behaviors. If you wa ``` -Data type is string. +Data type is string. Supported operations are Add, Get, Replace, and Delete. -**FixedDrivesRequireEncryption** +**FixedDrivesRequireEncryption** This setting is a direct mapping to the BitLocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name). @@ -960,12 +960,12 @@ If you disable or don't configure this setting, all fixed data drives on the com ``` -Data type is string. +Data type is string. Supported operations are Add, Get, Replace, and Delete. -**FixedDrivesEncryptionType** +**FixedDrivesEncryptionType** Allows you to configure the encryption type on fixed data drives that is used by BitLocker. @@ -1006,14 +1006,14 @@ Sample value for this node to enable this policy is: If this policy is disabled, the BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker. >[!Note] ->This policy is ignored when you're shrinking or expanding a volume and the BitLocker driver uses the current encryption method. +>This policy is ignored when you're shrinking or expanding a volume and the BitLocker driver uses the current encryption method. >For example, when a drive that's using Used Space Only encryption is expanded, the new free space isn't wiped as it would be for a drive that's using Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: `manage-bde -w`. If the volume is shrunk, no action is taken for the new free space. For more information about the tool to manage BitLocker, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde). -**RemovableDrivesRequireEncryption** +**RemovableDrivesRequireEncryption** This setting is a direct mapping to the BitLocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name). @@ -1080,7 +1080,7 @@ Disabling the policy will let the system choose the default behaviors. If you wa ``` -**RemovableDrivesEncryptionType** +**RemovableDrivesEncryptionType** Allows you to configure the encryption type that is used by BitLocker. @@ -1122,7 +1122,7 @@ If this policy is disabled or not configured, the BitLocker Setup Wizard asks th -**RemovableDrivesConfigureBDE** +**RemovableDrivesConfigureBDE** Allows you to control the use of BitLocker on removable data drives. @@ -1174,7 +1174,7 @@ If you don't configure this policy setting, users can use BitLocker on removable -**AllowWarningForOtherDiskEncryption** +**AllowWarningForOtherDiskEncryption** Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is set to 1. @@ -1276,10 +1276,10 @@ If you want to disable this policy, use the following SyncML: -**ConfigureRecoveryPasswordRotation** +**ConfigureRecoveryPasswordRotation** -This setting initiates a client-driven recovery password refresh after an OS drive recovery (either by using bootmgr or WinRE) and recovery password unlock on a Fixed data drive. This setting will refresh the specific recovery password that was used, and other unused passwords on the volume will remain unchanged. If the initialization of the refresh fails, the device will retry the refresh during the next reboot. When password refresh is initiated, the client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure. After the recovery password has been successfully backed up to Azure AD, the recovery key that was used locally will be removed. This setting refreshes only the used key and retains other unused keys. +This setting initiates a client-driven recovery password refresh after an OS drive recovery (either by using bootmgr or WinRE) and recovery password unlock on a Fixed data drive. This setting will refresh the specific recovery password that was used, and other unused passwords on the volume will remain unchanged. If the initialization of the refresh fails, the device will retry the refresh during the next reboot. When password refresh is initiated, the client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure. After the recovery password has been successfully backed up to Azure AD, the recovery key that was used locally will be removed. This setting refreshes only the used key and retains other unused keys. @@ -1296,7 +1296,7 @@ This setting initiates a client-driven recovery password refresh after an OS dri -Value type is int. +Value type is int. Supported operations are Add, Delete, Get, and Replace. @@ -1305,7 +1305,7 @@ Supported operations are Add, Delete, Get, and Replace. Supported values are: - 0 – Refresh off (default). -- 1 – Refresh on for Azure AD-joined devices. +- 1 – Refresh on for Azure AD-joined devices. - 2 – Refresh on for both Azure AD-joined and hybrid-joined devices. @@ -1313,20 +1313,20 @@ Supported values are: -**RotateRecoveryPasswords** +**RotateRecoveryPasswords** This setting refreshes all recovery passwords for OS and fixed drives (removable drives aren't included so they can be shared between users). All recovery passwords for all drives will be refreshed and only one password per volume is retained. If errors occur, an error code will be returned so that server can take appropriate action to remediate. -The client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure. +The client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure. -Policy type is Execute. When “Execute Policy” is pushed, the client sets the status as Pending and initiates an asynchronous rotation operation. After refresh is complete, pass or fail status is updated. The client won't retry, but if needed, the server can reissue the execute request. +Policy type is Execute. When “Execute Policy” is pushed, the client sets the status as Pending and initiates an asynchronous rotation operation. After refresh is complete, pass or fail status is updated. The client won't retry, but if needed, the server can reissue the execute request. -Server can call Get on the RotateRecoveryPasswordsRotationStatus node to query the status of the refresh. +Server can call Get on the RotateRecoveryPasswordsRotationStatus node to query the status of the refresh. -Recovery password refresh will only occur for devices that are joined to Azure AD or joined to both Azure AD and on-premises (hybrid Azure AD-joined) that run a Windows 10 edition with the BitLocker CSP (Pro/Enterprise). Devices can't refresh recovery passwords if they're only registered in Azure AD (also known as workplace-joined) or signed in with a Microsoft account. +Recovery password refresh will only occur for devices that are joined to Azure AD or joined to both Azure AD and on-premises (hybrid Azure AD-joined) that run a Windows 10 edition with the BitLocker CSP (Pro/Enterprise). Devices can't refresh recovery passwords if they're only registered in Azure AD (also known as workplace-joined) or signed in with a Microsoft account. Each server-side recovery key rotation is represented by a request ID. The server can query the following nodes to make sure it reads status/result for same rotation request. - RotateRecoveryPasswordsRequestID: Returns request ID of last request processed. @@ -1351,7 +1351,7 @@ Supported operation is Execute. Request ID is expected as a parameter. > [!NOTE] > Key rotation is supported only on these enrollment types. For more information, see [deviceEnrollmentType enum](/graph/api/resources/intune-devices-deviceenrollmenttype). > - windowsAzureADJoin. -> - windowsBulkAzureDomainJoin. +> - windowsBulkAzureDomainJoin. > - windowsAzureADJoinUsingDeviceAuth. > - windowsCoManagement. @@ -1365,7 +1365,7 @@ Supported operation is Execute. Request ID is expected as a parameter. > - FDVRequireActiveDirectoryBackup_Name is set to 1 = ("Required"). > - FDVActiveDirectoryBackup_Name is set to true. -**Status** +**Status** Interior node. Supported operation is Get. @@ -1373,9 +1373,9 @@ Supported operation is Get. -**Status/DeviceEncryptionStatus** +**Status/DeviceEncryptionStatus** -This node reports compliance state of device encryption on the system. +This node reports compliance state of device encryption on the system. @@ -1391,11 +1391,11 @@ This node reports compliance state of device encryption on the system. -Value type is int. +Value type is int. Supported operation is Get. -Supported values: +Supported values: - 0 - Indicates that the device is compliant. - Any non-zero value - Indicates that the device isn't compliant. This value represents a bitmask with each bit and the corresponding error code described in the following table: @@ -1426,13 +1426,13 @@ Supported values: -**Status/RotateRecoveryPasswordsStatus** +**Status/RotateRecoveryPasswordsStatus** -This node reports the status of RotateRecoveryPasswords request. +This node reports the status of RotateRecoveryPasswords request. -Status code can be one of the following values: +Status code can be one of the following values: - 2 – Not started - 1 - Pending @@ -1451,7 +1451,7 @@ Status code can be one of the following values: -Value type is int. +Value type is int. Supported operation is Get. @@ -1459,10 +1459,10 @@ Supported operation is Get. -**Status/RotateRecoveryPasswordsRequestID** +**Status/RotateRecoveryPasswordsRequestID** -This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus. +This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus. This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus to ensure the status is correctly matched to the request ID. @@ -1478,7 +1478,7 @@ This node needs to be queried in synchronization with RotateRecoveryPasswordsSta -Value type is string. +Value type is string. Supported operation is Get. @@ -1517,7 +1517,7 @@ The following example is provided to show proper format and shouldn't be taken a - + $CmdID$ @@ -1650,4 +1650,4 @@ The following example is provided to show proper format and shouldn't be taken a ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md index 663e7d623f..76982b7918 100644 --- a/windows/client-management/mdm/bitlocker-ddf-file.md +++ b/windows/client-management/mdm/bitlocker-ddf-file.md @@ -8,17 +8,17 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/30/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # BitLocker DDF file -This topic shows the OMA DM device description framework (DDF) for the **BitLocker** configuration service provider. +This topic shows the OMA DM device description framework (DDF) for the **BitLocker** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). -The XML below is the current version for this CSP. +The XML below is the current version for this CSP. ```xml @@ -642,11 +642,11 @@ The XML below is the current version for this CSP. require reinstallation of Windows. Note: This policy takes effect only if "RequireDeviceEncryption" policy is set to 1. The format is integer. - The expected values for this policy are: + The expected values for this policy are: 1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed. - 0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, - the value 0 only takes affect on Azure Active Directory-joined devices. + 0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update, + the value 0 only takes affect on Azure Active Directory-joined devices. Windows will attempt to silently enable BitLocker for value 0. If you want to disable this policy use the following SyncML: @@ -695,7 +695,7 @@ The XML below is the current version for this CSP. If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user is the current logged on user in the system. - The expected values for this policy are: + The expected values for this policy are: 1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user. 0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy @@ -745,17 +745,17 @@ The XML below is the current version for this CSP. Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on Azure Active Directory and Hybrid domain joined devices. - When not configured, Rotation is turned on by default for Azure AD only and off on Hybrid. The Policy will be effective only when + When not configured, Rotation is turned on by default for Azure AD only and off on Hybrid. The Policy will be effective only when Active Directory back up for recovery password is configured to required. For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives" For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives" - + Supported Values: 0 - Numeric Recovery Passwords rotation OFF. 1 - Numeric Recovery Passwords Rotation upon use ON for Azure Active Directory-joined devices. Default value 2 - Numeric Recovery Passwords Rotation upon use ON for both Azure AD and Hybrid devices - + If you want to disable this policy use the following SyncML: - + 112 @@ -797,20 +797,20 @@ The XML below is the current version for this CSP. Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Azure Active Directory or hybrid-joined device. This policy is Execute type and rotates all numeric passwords when issued from MDM tools. - + The policy only comes into effect when Active Directory backup for a recovery password is configured to "required." * For OS drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives." *For fixed drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives." - - Client returns status DM_S_ACCEPTED_FOR_PROCESSING to indicate the rotation has started. Server can query status with the following status nodes: - -* status\RotateRecoveryPasswordsStatus - * status\RotateRecoveryPasswordsRequestID - - + Client returns status DM_S_ACCEPTED_FOR_PROCESSING to indicate the rotation has started. Server can query status with the following status nodes: + +* status\RotateRecoveryPasswordsStatus + * status\RotateRecoveryPasswordsRequestID + + + Supported Values: String form of request ID. Example format of request ID is GUID. Server can choose the format as needed according to the management tools.\ - + 113 @@ -888,10 +888,10 @@ Supported Values: String form of request ID. Example format of request ID is GUI - This Node reports the status of RotateRecoveryPasswords request. + This Node reports the status of RotateRecoveryPasswords request. Status code can be one of the following: - NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure - + NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure + @@ -914,10 +914,10 @@ Supported Values: String form of request ID. Example format of request ID is GUI - This Node reports the RequestID corresponding to RotateRecoveryPasswordsStatus. + This Node reports the RequestID corresponding to RotateRecoveryPasswordsStatus. This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus - To ensure the status is correctly matched to the request ID. - + To ensure the status is correctly matched to the request ID. + diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md index 6c97d9489d..5502b5db31 100644 --- a/windows/client-management/mdm/cellularsettings-csp.md +++ b/windows/client-management/mdm/cellularsettings-csp.md @@ -1,7 +1,7 @@ --- title: CellularSettings CSP description: Learn how the CellularSettings configuration service provider is used to configure cellular settings on a mobile device. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -37,7 +37,7 @@ CellularSettings ----DataRoam ``` -**DataRoam** +**DataRoam**

    Optional. Integer. Specifies the default roaming value. Valid values are:

    |Value|Setting| @@ -48,4 +48,4 @@ CellularSettings ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index 585bfdba94..16ba0d5338 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -1,7 +1,7 @@ --- title: CertificateStore CSP description: Use the CertificateStore configuration service provider (CSP) to add secure socket layers (SSL), intermediate, and self-signed certificates. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -114,7 +114,7 @@ CertificateStore ----------------TemplateName ``` -**Root/System** +**Root/System** Defines the certificate store that contains root, or self-signed, certificates. Supported operation is Get. @@ -122,7 +122,7 @@ Supported operation is Get. > [!NOTE] > Root/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing root certificates. -**CA/System** +**CA/System** Defines the certificate store that contains cryptographic information, including intermediary certification authorities. Supported operation is Get. @@ -130,7 +130,7 @@ Supported operation is Get. > [!NOTE] > CA/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing CA certificates. -**My/User** +**My/User** Defines the certificate store that contains public keys for client certificates. This certificate store is only used by enterprise servers to push down the public key of a client certificate. The client certificate is used by the device client to authenticate itself to the enterprise server for device management and downloading enterprise applications. Supported operation is Get. @@ -138,7 +138,7 @@ Supported operation is Get. > [!NOTE] > My/User is case sensitive. -**My/System** +**My/System** Defines the certificate store that contains public key for client certificate. This certificate store is only used by enterprise server to push down the public key of the client cert. The client cert is used by the device to authenticate itself to the enterprise server for device management and enterprise app downloading. Supported operation is Get. @@ -146,42 +146,42 @@ Supported operation is Get. > [!NOTE] > My/System is case sensitive. -***CertHash*** +***CertHash*** Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. Supported operations are Get, Delete, and Replace. -***CertHash*/EncodedCertificate** +***CertHash*/EncodedCertificate** Required. Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. Supported operations are Get, Add, Delete, and Replace. -***CertHash*/IssuedBy** +***CertHash*/IssuedBy** Required. Returns the name of the certificate issuer. This name is equivalent to the *Issuer* member in the CERT\_INFO data structure. Supported operation is Get. -***CertHash*/IssuedTo** +***CertHash*/IssuedTo** Required. Returns the name of the certificate subject. This name is equivalent to the *Subject* member in the CERT\_INFO data structure. Supported operation is Get. -***CertHash*/ValidFrom** +***CertHash*/ValidFrom** Required. Returns the starting date of the certificate's validity. This date is equivalent to the *NotBefore* member in the CERT\_INFO structure. Supported operation is Get. -***CertHash*/ValidTo** +***CertHash*/ValidTo** Required. Returns the expiration date of the certificate. This expiration date is equivalent to the *NotAfter* member in the CERT\_INFO structure. Supported operation is Get. -***CertHash*/TemplateName** +***CertHash*/TemplateName** Required. Returns the certificate template name. Supported operation is Get. -**My/SCEP** +**My/SCEP** Required for Simple Certificate Enrollment Protocol (SCEP) certificate enrollment. The parent node grouping the SCEP certificate related settings. Supported operation is Get. @@ -189,12 +189,12 @@ Supported operation is Get. > [!NOTE] > Please use the ClientCertificateInstall CSP to install SCEP certificates moving forward. All enhancements to SCEP will happen in that CSP. -**My/SCEP/***UniqueID* +**My/SCEP/***UniqueID* Required for SCEP certificate enrollment. A unique ID to differentiate certificate enrollment requests. Format is node. Supported operations are Get, Add, Replace, and Delete. -**My/SCEP/*UniqueID*/Install** +**My/SCEP/*UniqueID*/Install** Required for SCEP certificate enrollment. Parent node to group SCEP certificate installs related request. Format is node. Supported operations are Add, Replace, and Delete. @@ -202,30 +202,30 @@ Supported operations are Add, Replace, and Delete. > [!NOTE] > Though the children nodes under Install support Replace commands, after the Exec command is sent to the device, the device takes the values that are set when the Exec command is accepted. You should not expect the node value change that occurs after the Exec command is accepted to impact the current undergoing enrollment. You should check the Status node value and make sure that the device is not at an unknown stage before changing the children node values. -**My/SCEP/*UniqueID*/Install/ServerURL** +**My/SCEP/*UniqueID*/Install/ServerURL** Required for SCEP certificate enrollment. Specifies the certificate enrollment server. The server could specify multiple server URLs separated by a semicolon. Value type is string. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/Challenge** +**My/SCEP/*UniqueID*/Install/Challenge** Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. Value type is chr. Supported operations are Get, Add, Replace, and Delete. Challenge will be deleted shortly after the Exec command is accepted. -**My/SCEP/*UniqueID*/Install/EKUMapping** +**My/SCEP/*UniqueID*/Install/EKUMapping** Required. Specifies the extended key usages and subject to SCEP server configuration. The list of OIDs is separated by a plus sign **+**, such as OID1+OID2+OID3. Value type is chr. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/KeyUsage** +**My/SCEP/*UniqueID*/Install/KeyUsage** Required for enrollment. Specifies the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have second (0x20) or fourth (0x80) or both bits set. If the value doesn't have those bits set, configuration will fail. Value type is an integer. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/SubjectName** -Required. Specifies the subject name. +**My/SCEP/*UniqueID*/Install/SubjectName** +Required. Specifies the subject name. The SubjectName value is quoted if it contains leading or trailing white space or one of the following characters: (“,” “=” “+” “;”). @@ -235,7 +235,7 @@ Value type is chr. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/KeyProtection** +**My/SCEP/*UniqueID*/Install/KeyProtection** Optional. Specifies the location of the private key. Although the private key is protected by TPM, it isn't protected with TPM PIN. SCEP enrolled certificate doesn't support TPM PIN protection. Supported values are one of the following values: @@ -250,17 +250,17 @@ Value type is an integer. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/RetryDelay** +**My/SCEP/*UniqueID*/Install/RetryDelay** Optional. Specifies the device retry waiting time in minutes when the SCEP server sends the pending status. Default value is 5 and the minimum value is 1. Value type is an integer. Supported operations are Get, Add, and Delete. -**My/SCEP/*UniqueID*/Install/RetryCount** +**My/SCEP/*UniqueID*/Install/RetryCount** Optional. Special to SCEP. Specifies the device retry times when the SCEP server sends pending status. Value type is an integer. Default value is 3. Max value can't be larger than 30. If it's larger than 30, the device will use 30. The min value is 0, which means no retry. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/TemplateName** +**My/SCEP/*UniqueID*/Install/TemplateName** Optional. OID of certificate template name. > [!Note] @@ -268,29 +268,29 @@ Optional. OID of certificate template name. Supported operations are Get, Add, and Delete. -**My/SCEP/*UniqueID*/Install/KeyLength** +**My/SCEP/*UniqueID*/Install/KeyLength** Required for enrollment. Specifies private key length (RSA). Value type is an integer. Valid values are 1024, 2048, 4096. NGC key lengths supported should be specified. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/HashAlgorithm** +**My/SCEP/*UniqueID*/Install/HashAlgorithm** Required for enrollment. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by the MDM server. If multiple hash algorithm families are specified, they must be separated with +. Value type is chr. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/CAThumbprint** +**My/SCEP/*UniqueID*/Install/CAThumbprint** Required. Specifies the root CA thumbprint. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates the SCEP server, it checks CA certificate from SCEP server for a match with this certificate. If it doesn't match, the authentication fails. Value type is chr. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/SubjectAlternativeNames** +**My/SCEP/*UniqueID*/Install/SubjectAlternativeNames** Optional. Specifies the subject alternative name. Multiple alternative names can be specified. Each name is the combination of name format+actual name. Refer to the name type definition in MSDN. Each pair is separated by semicolon. For example, multiple subject alternative names are presented in the format *\*+*\*;*\*+*\*. Value type is chr. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/ValidPeriod** +**My/SCEP/*UniqueID*/Install/ValidPeriod** Optional. Specifies the units for the valid period. Value type is chr. Supported operations are Get, Add, Delete, and Replace. @@ -304,7 +304,7 @@ Valid values are one of the following values: > [!NOTE] > The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server. -**My/SCEP/*UniqueID*/Install/ValidPeriodUnits** +**My/SCEP/*UniqueID*/Install/ValidPeriodUnits** Optional. Specifies desired number of units used in validity period and subject to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. The valid period specified by MDM overwrites the valid period specified in the certificate template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. Value type is an integer. Supported operations are Get, Add, Delete, and Replace. @@ -312,17 +312,17 @@ Supported operations are Get, Add, Delete, and Replace. > [!NOTE] > The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server. -**My/SCEP/*UniqueID*/Install/Enroll** +**My/SCEP/*UniqueID*/Install/Enroll** Required. Triggers the device to start the certificate enrollment. The MDM server can later query the device to find out whether the new certificate is added. Value type is null, which means that this node doesn't contain a value. Supported operation is Exec. -**My/WSTEP/CertThumbprint** +**My/WSTEP/CertThumbprint** Optional. Returns the current MDM client certificate thumbprint. If renewal succeeds, it shows the renewed certificate thumbprint. If renewal fails or is in progress, it shows the thumbprint of the cert that needs to be renewed. Value type is chr. Supported operation is Get. -**My/SCEP/*UniqueID*/Status** +**My/SCEP/*UniqueID*/Status** Required. Specifies the latest status for the certificate due to enrollment request. Value type is chr. Supported operation is Get. @@ -337,32 +337,32 @@ Valid values are one of the following values: - 32 – Unknown. -**My/SCEP/*UniqueID*/ErrorCode** +**My/SCEP/*UniqueID*/ErrorCode** Optional. The integer value that indicates the HRESULT of the last enrollment error code. Supported operation is Get. -**My/SCEP/*UniqueID*/CertThumbprint** +**My/SCEP/*UniqueID*/CertThumbprint** Optional. Specifies the current certificate thumbprint if certificate enrollment succeeds. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. Value type is chr. Supported operation is Get. -**My/SCEP/*UniqueID*/RespondentServerUrl** +**My/SCEP/*UniqueID*/RespondentServerUrl** Required. Returns the URL of the SCEP server that responded to the enrollment request. Value type is string. Supported operation is Get. -**My/WSTEP** +**My/WSTEP** Required for MDM enrolled device. Specifies the parent node that hosts the MDM enrollment client certificate related settings that are enrolled via WSTEP. The nodes under WSTEP are mostly for MDM client certificate renew requests. Value type is node. Supported operation is Get. -**My/WSTEP/Renew** +**My/WSTEP/Renew** Optional. The parent node to group renewal related settings. Supported operation is Get. -**My/WSTEP/Renew/ServerURL** +**My/WSTEP/Renew/ServerURL** Optional. Specifies the URL of certificate renewal server. If this node doesn't exist, the client uses the initial certificate enrollment URL. > [!NOTE] @@ -370,7 +370,7 @@ Optional. Specifies the URL of certificate renewal server. If this node doesn't Supported operations are Add, Get, Delete, and Replace. -**My/WSTEP/Renew/RenewalPeriod** +**My/WSTEP/Renew/RenewalPeriod** Optional. The time (in days) to trigger the client to initiate the MDM client certificate renew process before the MDM certificate expires. The MDM server can't set and update the renewal period. This parameter applies to both manual certificate renewal and request on behalf of (ROBO) certificate renewal. It's recommended that the renew period is set a couple of months before the certificate expires to ensure that the certificate gets renewed successfully with data connectivity. The default value is 42 and the valid values are 1 – 1000. Value type is an integer. @@ -380,7 +380,7 @@ Supported operations are Add, Get, Delete, and Replace. > [!NOTE] > When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands. -**My/WSTEP/Renew/RetryInterval** +**My/WSTEP/Renew/RetryInterval** Optional. Specifies the retry interval (in days) when the previous renewal failed. It applies to both manual certificate renewal and ROBO automatic certificate renewal. The retry schedule stops at the certificate expiration date. For ROBO renewal failure, the client retries the renewal periodically until the device reaches the certificate expiration date. This parameter specifies the waiting period for ROBO renewal retries. @@ -394,7 +394,7 @@ Supported operations are Add, Get, Delete, and Replace. > [!NOTE] > When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands. -**My/WSTEP/Renew/ROBOSupport** +**My/WSTEP/Renew/ROBOSupport** Optional. Notifies the client if the MDM enrollment server supports ROBO auto certificate renewal. Value type is bool. ROBO is the only supported renewal method for Windows 10. This value is ignored and always considered to be true. @@ -404,7 +404,7 @@ Supported operations are Add, Get, Delete, and Replace. > [!NOTE] > When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands. -**My/WSTEP/Renew/Status** +**My/WSTEP/Renew/Status** Required. Shows the latest action status for this certificate. Value type is an integer. Supported operation is Get. @@ -416,22 +416,22 @@ Supported values are one of the following values: - 2 – Renewal succeeded. - 3 – Renewal failed. -**My/WSTEP/Renew/ErrorCode** +**My/WSTEP/Renew/ErrorCode** Optional. If certificate renewal fails, this integer value indicates the HRESULT of the last error code during the renewal process. Value type is an integer. Supported operation is Get. -**My/WSTEP/Renew/LastRenewalAttemptTime** +**My/WSTEP/Renew/LastRenewalAttemptTime** Added in Windows 10, version 1607. Specifies the time of the last attempted renewal. Supported operation is Get. -**My/WSTEP/Renew/RenewNow** +**My/WSTEP/Renew/RenewNow** Added in Windows 10, version 1607. Initiates a renewal now. Supported operation is Execute. -**My/WSTEP/Renew/RetryAfterExpiryInterval** +**My/WSTEP/Renew/RetryAfterExpiryInterval** Added in Windows 10, version 1703. Specifies how long after the enrollment certificate has expired before trying to renew. Supported operations are Add, Get, and Replace. @@ -706,7 +706,7 @@ Configure the device to automatically renew an MDM client certificate with the s ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) + - diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md index a99edbb1e3..f24438d464 100644 --- a/windows/client-management/mdm/certificatestore-ddf-file.md +++ b/windows/client-management/mdm/certificatestore-ddf-file.md @@ -1,7 +1,7 @@ --- title: CertificateStore DDF file description: Learn about OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used with OMA DM provisioning XML. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **CertificateStore** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. @@ -1115,7 +1115,7 @@ The XML below is the current version for this CSP. - + RenewPeriod @@ -1318,7 +1318,7 @@ The XML below is the current version for this CSP. - + diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md deleted file mode 100644 index a01ff5b853..0000000000 --- a/windows/client-management/mdm/change-history-for-mdm-documentation.md +++ /dev/null @@ -1,317 +0,0 @@ ---- -title: Change history for MDM documentation -description: This article lists new and updated articles for Mobile Device Management. -author: vinaypamnani-msft -ms.author: vinpa -ms.reviewer: -manager: aaroncz -ms.topic: article -ms.prod: w10 -ms.technology: windows -ms.localizationpriority: medium -ms.date: 10/19/2020 ---- - -# Change history for Mobile Device Management documentation - -This article lists new and updated articles for the Mobile Device Management (MDM) documentation. Updated articles are those articles that had content addition, removal, or corrections—minor fixes, such as correction of typos, style, or formatting issues aren't listed. - -## November 2020 - -|New or updated article | Description| -|--- | ---| -| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policy:
    - [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) | -| [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node:
    -Properties/SleepMode | - -## October 2020 - -|New or updated article | Description| -|--- | ---| -| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies
    - [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
    - [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
    - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
    - [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
    - [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
    - [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
    - [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
    - [Update/DisableWUfBSafeguards](policy-csp-update.md#update-disablewufbsafeguards)
    - [WindowsSandbox/AllowAudioInput](policy-csp-windowssandbox.md#windowssandbox-allowaudioinput)
    - [WindowsSandbox/AllowClipboardRedirection](policy-csp-windowssandbox.md#windowssandbox-allowclipboardredirection)
    - [WindowsSandbox/AllowNetworking](policy-csp-windowssandbox.md#windowssandbox-allownetworking)
    - [WindowsSandbox/AllowPrinterRedirection](policy-csp-windowssandbox.md#windowssandbox-allowprinterredirection)
    - [WindowsSandbox/AllowVGPU](policy-csp-windowssandbox.md#windowssandbox-allowvgpu)
    - [WindowsSandbox/AllowVideoInput](policy-csp-windowssandbox.md#windowssandbox-allowvideoinput) | - -## September 2020 - -|New or updated article | Description| -|--- | ---| -|[NetworkQoSPolicy CSP](networkqospolicy-csp.md)|Updated support information of the NetworkQoSPolicy CSP.| -|[Policy CSP - LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)|Removed the following unsupported LocalPoliciesSecurityOptions policy settings from the documentation:
    - RecoveryConsole_AllowAutomaticAdministrativeLogon
    - DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways
    - DomainMember_DigitallyEncryptSecureChannelDataWhenPossible
    - DomainMember_DisableMachineAccountPasswordChanges
    - SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems
    | - -## August 2020 - -|New or updated article | Description| -|--- | ---| -|[Policy CSP - System](policy-csp-system.md)|Removed the following policy settings:
    - System/AllowDesktopAnalyticsProcessing
    - System/AllowMicrosoftManagedDesktopProcessing
    - System/AllowUpdateComplianceProcessing
    - System/AllowWUfBCloudProcessing
    | - -## July 2020 - -|New or updated article | Description| -|--- | ---| -|[Policy CSP - System](policy-csp-system.md)|Added the following new policy settings:
    - System/AllowDesktopAnalyticsProcessing
    - System/AllowMicrosoftManagedDesktopProcessing
    - System/AllowUpdateComplianceProcessing
    - System/AllowWUfBCloudProcessing


    Updated the following policy setting:
    - System/AllowCommercialDataPipeline
    | - -## June 2020 - -|New or updated article | Description| -|--- | ---| -|[BitLocker CSP](bitlocker-csp.md)|Added SKU support table for **AllowStandardUserEncryption**.| -|[Policy CSP - NetworkIsolation](policy-csp-networkisolation.md)|Updated the description from Boolean to Integer for the following policy settings:
    EnterpriseIPRangesAreAuthoritative, EnterpriseProxyServersAreAuthoritative.| - -## May 2020 - -|New or updated article | Description| -|--- | ---| -|[BitLocker CSP](bitlocker-csp.md)|Added the bitmask table for the Status/DeviceEncryptionStatus node.| -|[Policy CSP - RestrictedGroups](policy-csp-restrictedgroups.md)| Updated the topic with more details. Added policy timeline table. - -## February 2020 - -|New or updated article | Description| -|--- | ---| -|[CertificateStore CSP](certificatestore-csp.md)
    [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)|Added details about SubjectName value.| - -## January 2020 - -|New or updated article | Description| -|--- | ---| -|[Policy CSP - Defender](policy-csp-defender.md)|Added descriptions for supported actions for Defender/ThreatSeverityDefaultAction.| - -## November 2019 - -|New or updated article | Description| -|--- | ---| -|[Policy CSP - DeliveryOptimization](policy-csp-deliveryoptimization.md)|Added option 5 in the supported values list for DeliveryOptimization/DOGroupIdSource.| -|[DiagnosticLog CSP](diagnosticlog-csp.md)|Added substantial updates to this CSP doc.| - -## October 2019 - -|New or updated article | Description| -|--- | ---| -|[BitLocker CSP](bitlocker-csp.md)|Added the following new nodes:
    ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.| -|[Defender CSP](defender-csp.md)|Added the following new nodes:
    Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.| - -## September 2019 - -|New or updated article | Description| -|--- | ---| -|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following new node:
    IsStub.| -|[Policy CSP - Defender](policy-csp-defender.md)|Updated the supported value list for Defender/ScheduleScanDay policy.| -|[Policy CSP - DeviceInstallation](policy-csp-deviceinstallation.md)|Added the following new policies:
    DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs, DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs.| - -## August 2019 - -|New or updated article | Description| -|--- | ---| -|[DiagnosticLog CSP](diagnosticlog-csp.md)
    [DiagnosticLog DDF](diagnosticlog-ddf.md)|Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes:
    Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelName/MaximumFileSize, Policy/Channels/ChannelName/SDDL, Policy/Channels/ChannelName/ActionWhenFull, Policy/Channels/ChannelName/Enabled, DiagnosticArchive, DiagnosticArchive/ArchiveDefinition, DiagnosticArchive/ArchiveResults.| -|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Enhanced the article to include more reference links and the following two topics:
    Verify auto-enrollment requirements and settings, Troubleshoot auto-enrollment of devices.| - -## July 2019 - -|New or updated article | Description| -|--- | ---| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following list:
    Policies supported by HoloLens 2| -|[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.| -|[PassportForWork CSP](passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903:
    SecurityKey, SecurityKey/UseSecurityKeyForSignin| -|[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:
    LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock| -|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs isn't currently supported:
    Create a custom configuration service provider
    Design a custom configuration service provider
    IConfigServiceProvider2
    IConfigServiceProvider2::ConfigManagerNotification
    IConfigServiceProvider2::GetNode
    ICSPNode
    ICSPNode::Add
    ICSPNode::Clear
    ICSPNode::Copy
    ICSPNode::DeleteChild
    ICSPNode::DeleteProperty
    ICSPNode::Execute
    ICSPNode::GetChildNodeNames
    ICSPNode::GetProperty
    ICSPNode::GetPropertyIdentifiers
    ICSPNode::GetValue
    ICSPNode::Move
    ICSPNode::SetProperty
    ICSPNode::SetValue
    ICSPNodeTransactioning
    ICSPValidate
    Samples for writing a custom configuration service provider.| - -## June 2019 - -|New or updated article | Description| -|--- | ---| -|[Policy CSP - DeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md)|Added the following new policies:
    AllowDeviceHealthMonitoring, ConfigDeviceHealthMonitoringScope, ConfigDeviceHealthMonitoringUploadDestination.| -|[Policy CSP - TimeLanguageSettings](policy-csp-timelanguagesettings.md)|Added the following new policy:
    ConfigureTimeZone.| - -## May 2019 - -|New or updated article | Description| -|--- | ---| -|[DeviceStatus CSP](devicestatus-csp.md)|Updated description of the following nodes:
    DeviceStatus/Antivirus/SignatureStatus, DeviceStatus/Antispyware/SignatureStatus.| -|[EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md)|Added new CSP in Windows 10, version 1903.| -|[Policy CSP - DeliveryOptimization](policy-csp-deliveryoptimization.md)|Added the following new policies:
    DODelayCacheServerFallbackBackground, DODelayCacheServerFallbackForeground.

    Updated description of the following policies:
    DOMinRAMAllowedToPeer, DOMinFileSizeToCache, DOMinDiskSizeAllowedToPeer.| -|[Policy CSP - Experience](policy-csp-experience.md)|Added the following new policy:
    ShowLockOnUserTile.| -|[Policy CSP - InternetExplorer](policy-csp-internetexplorer.md)|Added the following new policies:
    AllowEnhancedSuggestionsInAddressBar, DisableActiveXVersionListAutoDownload, DisableCompatView, DisableFeedsBackgroundSync, DisableGeolocation, DisableWebAddressAutoComplete, NewTabDefaultPage.| -|[Policy CSP - Power](policy-csp-power.md)|Added the following new policies:
    EnergySaverBatteryThresholdOnBattery, EnergySaverBatteryThresholdPluggedIn, SelectLidCloseActionOnBattery, SelectLidCloseActionPluggedIn, SelectPowerButtonActionOnBattery, SelectPowerButtonActionPluggedIn, SelectSleepButtonActionOnBattery, SelectSleepButtonActionPluggedIn, TurnOffHybridSleepOnBattery, TurnOffHybridSleepPluggedIn, UnattendedSleepTimeoutOnBattery, UnattendedSleepTimeoutPluggedIn.| -|[Policy CSP - Search](policy-csp-search.md)|Added the following new policy:
    AllowFindMyFiles.| -|[Policy CSP - ServiceControlManager](policy-csp-servicecontrolmanager.md)|Added the following new policy:
    SvchostProcessMitigation.| -|[Policy CSP - System](policy-csp-system.md)|Added the following new policies:
    AllowCommercialDataPipeline, TurnOffFileHistory.| -|[Policy CSP - Troubleshooting](policy-csp-troubleshooting.md)|Added the following new policy:
    AllowRecommendations.| -|[Policy CSP - Update](policy-csp-update.md)|Added the following new policies:
    AutomaticMaintenanceWakeUp, ConfigureDeadlineForFeatureUpdates, ConfigureDeadlineForQualityUpdates, ConfigureDeadlineGracePeriod, ConfigureDeadlineNoAutoReboot.| -|[Policy CSP - WindowsLogon](policy-csp-windowslogon.md)|Added the following new policies:
    AllowAutomaticRestartSignOn, ConfigAutomaticRestartSignOn, EnableFirstLogonAnimation.

    Removed the following policy:
    SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart. This policy is replaced by AllowAutomaticRestartSignOn.| - -## April 2019 - -| New or updated article | Description | -|-------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) | Added the following warning at the end of the Overview section:
    Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it doesn't. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined. | -| [Policy CSP - UserRights](policy-csp-userrights.md) | Added a note stating if you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag () to wrap the data fields. | - -## March 2019 - -|New or updated article | Description| -|--- | ---| -|[Policy CSP - Storage](policy-csp-storage.md)|Updated ADMX Info of the following policies:
    AllowStorageSenseGlobal, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseCloudContentDehydrationThreshold, ConfigStorageSenseDownloadsCleanupThreshold, ConfigStorageSenseGlobalCadence, ConfigStorageSenseRecycleBinCleanupThreshold.

    Updated description of ConfigStorageSenseDownloadsCleanupThreshold.| - -## February 2019 - -|New or updated article | Description| -|--- | ---| -|[Policy CSP](policy-configuration-service-provider.md)|Updated supported policies for Holographic.| - -## January 2019 - -|New or updated article | Description| -|--- | ---| -|[Policy CSP - Storage](policy-csp-storage.md)|Added the following new policies: AllowStorageSenseGlobal, ConfigStorageSenseGlobalCadence, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseRecycleBinCleanupThreshold, ConfigStorageSenseDownloadsCleanupThreshold, and ConfigStorageSenseCloudContentCleanupThreshold.| -|[SharedPC CSP](sharedpc-csp.md)|Updated values and supported operations.| -|[Mobile device management](index.yml)|Updated information about MDM Security Baseline.| - -## December 2018 - -|New or updated article | Description| -|--- | ---| -|[BitLocker CSP](bitlocker-csp.md)|Updated AllowWarningForOtherDiskEncryption policy description to describe silent and non-silent encryption scenarios, as well as where and how the recovery key is backed up for each scenario.| - -## September 2018 - -|New or updated article | Description| -|--- | ---| -|[Policy CSP - DeviceGuard](policy-csp-deviceguard.md) | Updated ConfigureSystemGuardLaunch policy and replaced EnableSystemGuard with it.| - -## August 2018 - -|New or updated article|Description| -|--- |--- | -|[BitLocker CSP](bitlocker-csp.md)|Added support for Windows 10 Pro starting in the version 1809.| -|[Office CSP](office-csp.md)|Added FinalStatus setting in Windows 10, version 1809.| -|[RemoteWipe CSP](remotewipe-csp.md)|Added new settings in Windows 10, version 1809.| -|[TenantLockdown CSP](tenantlockdown-csp.md)|Added new CSP in Windows 10, version 1809.| -|[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added new settings in Windows 10, version 1809.| -|[Policy DDF file](policy-ddf-file.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
  • Browser/AllowFullScreenMode
  • Browser/AllowPrelaunch
  • Browser/AllowPrinting
  • Browser/AllowSavingHistory
  • Browser/AllowSideloadingOfExtensions
  • Browser/AllowTabPreloading
  • Browser/AllowWebContentOnNewTabPage
  • Browser/ConfigureFavoritesBar
  • Browser/ConfigureHomeButton
  • Browser/ConfigureKioskMode
  • Browser/ConfigureKioskResetAfterIdleTimeout
  • Browser/ConfigureOpenMicrosoftEdgeWith
  • Browser/ConfigureTelemetryForMicrosoft365Analytics
  • Browser/PreventCertErrorOverrides
  • Browser/SetHomeButtonURL
  • Browser/SetNewTabPageURL
  • Browser/UnlockHomeButton
  • Experience/DoNotSyncBrowserSettings
  • Experience/PreventUsersFromTurningOnBrowserSyncing
  • Kerberos/UPNNameHints
  • Privacy/AllowCrossDeviceClipboard
  • Privacy
  • DisablePrivacyExperience
  • Privacy/UploadUserActivities
  • System/AllowDeviceNameInDiagnosticData
  • System/ConfigureMicrosoft365UploadEndpoint
  • System/DisableDeviceDelete
  • System/DisableDiagnosticDataViewer
  • Storage/RemovableDiskDenyWriteAccess
  • Update/UpdateNotificationLevel

    Start/DisableContextMenus - added in Windows 10, version 1803.

    RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.| - -## July 2018 - -|New or updated article|Description| -|--- |--- | -|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following note:

    You can only assign one single app kiosk profile to an individual user account on a device. The single app profile doesn't support domain groups.| -|[PassportForWork CSP](passportforwork-csp.md)|Added new settings in Windows 10, version 1809.| -|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added NonRemovable setting under AppManagement node in Windows 10, version 1809.| -|[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)|Added new configuration service provider in Windows 10, version 1809.| -|[WindowsLicensing CSP](windowslicensing-csp.md)|Added S mode settings and SyncML examples in Windows 10, version 1809.| -|[SUPL CSP](supl-csp.md)|Added three new certificate nodes in Windows 10, version 1809.| -|[Defender CSP](defender-csp.md)|Added a new node Health/ProductStatus in Windows 10, version 1809.| -|[BitLocker CSP](bitlocker-csp.md)|Added a new node AllowStandardUserEncryption in Windows 10, version 1809.| -|[DevDetail CSP](devdetail-csp.md)|Added a new node SMBIOSSerialNumber in Windows 10, version 1809.| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
  • ApplicationManagement/LaunchAppAfterLogOn
  • ApplicationManagement/ScheduleForceRestartForUpdateFailures
  • Authentication/EnableFastFirstSignIn (Preview mode only)
  • Authentication/EnableWebSignIn (Preview mode only)
  • Authentication/PreferredAadTenantDomainName
  • Defender/CheckForSignaturesBeforeRunningScan
  • Defender/DisableCatchupFullScan
  • Defender/DisableCatchupQuickScan
  • Defender/EnableLowCPUPriority
  • Defender/SignatureUpdateFallbackOrder
  • Defender/SignatureUpdateFileSharesSources
  • DeviceGuard/ConfigureSystemGuardLaunch
  • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
  • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
  • DeviceInstallation/PreventDeviceMetadataFromNetwork
  • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
  • DmaGuard/DeviceEnumerationPolicy
  • Experience/AllowClipboardHistory
  • Security/RecoveryEnvironmentAuthentication
  • TaskManager/AllowEndTask
  • WindowsDefenderSecurityCenter/DisableClearTpmButton
  • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
  • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
  • WindowsLogon/DontDisplayNetworkSelectionUI

    Recent changes:
  • DataUsage/SetCost3G - deprecated in Windows 10, version 1809.| - -## June 2018 - -|New or updated article|Description| -|--- |--- | -|[Wifi CSP](wifi-csp.md)|Added a new node WifiCost in Windows 10, version 1809.| -|[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)|Recent changes:
  • Added procedure for collecting logs remotely from Windows 10 Holographic.
  • Added procedure for downloading the MDM Diagnostic Information log.| -|[BitLocker CSP](bitlocker-csp.md)|Added new node AllowStandardUserEncryption in Windows 10, version 1809.| -|[Policy CSP](policy-configuration-service-provider.md)|Recent changes:
  • AccountPoliciesAccountLockoutPolicy
  • AccountLockoutDuration - removed from docs. Not supported.
  • AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
  • AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
  • LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
  • System/AllowFontProviders isn't supported in HoloLens (first gen) Commercial Suite.
  • Security/RequireDeviceEncryption is supported in the Home SKU.
  • Start/StartLayout - added a table of SKU support information.
  • Start/ImportEdgeAssets - added a table of SKU support information.

    Added the following new policies in Windows 10, version 1809:
  • Update/EngagedRestartDeadlineForFeatureUpdates
  • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
  • Update/EngagedRestartTransitionScheduleForFeatureUpdates
  • Update/SetDisablePauseUXAccess
  • Update/SetDisableUXWUAccess| -|[WiredNetwork CSP](wirednetwork-csp.md)|New CSP added in Windows 10, version 1809.| - -## May 2018 - -|New or updated article|Description| -|--- |--- | -|[Policy DDF file](policy-ddf-file.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.
  • [Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
  • [Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)| - -## April 2018 - -|New or updated article|Description| -|--- |--- | -|[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added the following node in Windows 10, version 1803:
  • Settings/AllowVirtualGPU
  • Settings/SaveFilesToHost| -|[NetworkProxy CSP](networkproxy-csp.md)|Added the following node in Windows 10, version 1803:
  • ProxySettingsPerUser| -|[Accounts CSP](accounts-csp.md)|Added a new CSP in Windows 10, version 1803.| -|[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)|Added the DDF download of Windows 10, version 1803 configuration service providers.| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • Bluetooth/AllowPromptedProximalConnections
  • KioskBrowser/EnableEndSessionButton
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers| - -## March 2018 - -|New or updated article|Description| -|--- |--- | -|[eUICCs CSP](euiccs-csp.md)|Added the following node in Windows 10, version 1803:
  • IsEnabled| -|[DeviceStatus CSP](devicestatus-csp.md)|Added the following node in Windows 10, version 1803:
  • OS/Mode| -|[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)|Added the following videos:
  • [How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune](https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121)
  • [How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)| -|[AccountManagement CSP](accountmanagement-csp.md)|Added a new CSP in Windows 10, version 1803.| -|[RootCATrustedCertificates CSP](rootcacertificates-csp.md)|Added the following node in Windows 10, version 1803:
  • UntrustedCertificates| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • ApplicationDefaults/EnableAppUriHandlers
  • ApplicationManagement/MSIAllowUserControlOverInstall
  • ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
  • Connectivity/AllowPhonePCLinking
  • Notifications/DisallowCloudNotification
  • Notifications/DisallowTileNotification
  • RestrictedGroups/ConfigureGroupMembership

    The following existing policies were updated:
  • Browser/AllowCookies - updated the supported values. There are three values - 0, 1, 2.
  • InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
  • TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.

    Added a new section:
  • [[Policies in Policy CSP supported by Group Policy](/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.| -|[Policy CSP - Bluetooth](policy-csp-bluetooth.md)|Added new section [ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide).| -|[MultiSIM CSP](multisim-csp.md)|Added SyncML examples and updated the settings descriptions.| -|[RemoteWipe CSP](remotewipe-csp.md)|Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.| - -## February 2018 - -|New or updated article|Description| -|--- |--- | -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • Display/DisablePerProcessDpiForApps
  • Display/EnablePerProcessDpi
  • Display/EnablePerProcessDpiForApps
  • Experience/AllowWindowsSpotlightOnSettings
  • TextInput/ForceTouchKeyboardDockedState
  • TextInput/TouchKeyboardDictationButtonAvailability
  • TextInput/TouchKeyboardEmojiButtonAvailability
  • TextInput/TouchKeyboardFullModeAvailability
  • TextInput/TouchKeyboardHandwritingModeAvailability
  • TextInput/TouchKeyboardNarrowModeAvailability
  • TextInput/TouchKeyboardSplitModeAvailability
  • TextInput/TouchKeyboardWideModeAvailability| -|[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)|Updated the XSD and Plug-in profile example for VPNv2 CSP.| -|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following nodes in Windows 10, version 1803:
  • Status
  • ShellLauncher
  • StatusConfiguration

    Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (first gen) Commercial Suite. Added example for HoloLens (first gen) Commercial Suite.| -|[MultiSIM CSP](multisim-csp.md)|Added a new CSP in Windows 10, version 1803.| -|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following node in Windows 10, version 1803:
  • MaintainProcessorArchitectureOnUpdate| - -## January 2018 - -|New or updated article|Description| -|--- |--- | -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • Browser/AllowConfigurationUpdateForBooksLibrary
  • Browser/AlwaysEnableBooksLibrary
  • Browser/EnableExtendedBooksTelemetry
  • Browser/UseSharedFolderForBooks
  • DeliveryOptimization/DODelayBackgroundDownloadFromHttp
  • DeliveryOptimization/DODelayForegroundDownloadFromHttp
  • DeliveryOptimization/DOGroupIdSource
  • DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
  • DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
  • DeliveryOptimization/DORestrictPeerSelectionBy
  • DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
  • DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
  • KioskBrowser/BlockedUrlExceptions
  • KioskBrowser/BlockedUrls
  • KioskBrowser/DefaultURL
  • KioskBrowser/EnableHomeButton
  • KioskBrowser/EnableNavigationButtons
  • KioskBrowser/RestartOnIdleTime
  • LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
  • LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
  • LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
  • LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
  • LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
  • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
  • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
  • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
  • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
  • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
  • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
  • LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
  • LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
  • LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
  • LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
  • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
  • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
  • LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
  • LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
  • RestrictedGroups/ConfigureGroupMembership
  • Search/AllowCortanaInAAD
  • Search/DoNotUseWebResults
  • Security/ConfigureWindowsPasswords
  • System/FeedbackHubAlwaysSaveDiagnosticsLocally
  • SystemServices/ConfigureHomeGroupListenerServiceStartupMode
  • SystemServices/ConfigureHomeGroupProviderServiceStartupMode
  • SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
  • SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
  • SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
  • SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
  • TaskScheduler/EnableXboxGameSaveTask
  • TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
  • Update/ConfigureFeatureUpdateUninstallPeriod
  • UserRights/AccessCredentialManagerAsTrustedCaller
  • UserRights/AccessFromNetwork
  • UserRights/ActAsPartOfTheOperatingSystem
  • UserRights/AllowLocalLogOn
  • UserRights/BackupFilesAndDirectories
  • UserRights/ChangeSystemTime
  • UserRights/CreateGlobalObjects
  • UserRights/CreatePageFile
  • UserRights/CreatePermanentSharedObjects
  • UserRights/CreateSymbolicLinks
  • UserRights/CreateToken
  • UserRights/DebugPrograms
  • UserRights/DenyAccessFromNetwork
  • UserRights/DenyLocalLogOn
  • UserRights/DenyRemoteDesktopServicesLogOn
  • UserRights/EnableDelegation
  • UserRights/GenerateSecurityAudits
  • UserRights/ImpersonateClient
  • UserRights/IncreaseSchedulingPriority
  • UserRights/LoadUnloadDeviceDrivers
  • UserRights/LockMemory
  • UserRights/ManageAuditingAndSecurityLog
  • UserRights/ManageVolume
  • UserRights/ModifyFirmwareEnvironment
  • UserRights/ModifyObjectLabel
  • UserRights/ProfileSingleProcess
  • UserRights/RemoteShutdown
  • UserRights/RestoreFilesAndDirectories
  • UserRights/TakeOwnership
  • WindowsDefenderSecurityCenter/DisableAccountProtectionUI
  • WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
  • WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
  • WindowsDefenderSecurityCenter/HideSecureBoot
  • WindowsDefenderSecurityCenter/HideTPMTroubleshooting

    Added the following policies in Windows 10, version 1709
  • DeviceLock/MinimumPasswordAge
  • Settings/AllowOnlineTips
  • System/DisableEnterpriseAuthProxy

    Security/RequireDeviceEncryption - updated to show it's supported in desktop.| -|[BitLocker CSP](bitlocker-csp.md)|Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.| -|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.| -|[DMClient CSP](dmclient-csp.md)|Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:
  • AADSendDeviceToken
  • BlockInStatusPage
  • AllowCollectLogsButton
  • CustomErrorText
  • SkipDeviceStatusPage
  • SkipUserStatusPage| -|[Defender CSP](defender-csp.md)|Added new node (OfflineScan) in Windows 10, version 1803.| -|[UEFI CSP](uefi-csp.md)|Added a new CSP in Windows 10, version 1803.| -|[Update CSP](update-csp.md)|Added the following nodes in Windows 10, version 1803:
  • Rollback
  • Rollback/FeatureUpdate
  • Rollback/QualityUpdateStatus
  • Rollback/FeatureUpdateStatus| - -## December 2017 - -|New or updated article|Description| -|--- |--- | -|[Configuration service provider reference](configuration-service-provider-reference.md)|Added new section [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)| - -## November 2017 - -|New or updated article|Description| -|--- |--- | -|[Policy CSP](policy-configuration-service-provider.md)|Added the following policies for Windows 10, version 1709:
  • Authentication/AllowFidoDeviceSignon
  • Cellular/LetAppsAccessCellularData
  • Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
  • Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
  • Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
  • Start/HidePeopleBar
  • Storage/EnhancedStorageDevices
  • Update/ManagePreviewBuilds
  • WirelessDisplay/AllowMdnsAdvertisement
  • WirelessDisplay/AllowMdnsDiscovery

    Added missing policies from previous releases:
  • Connectivity/DisallowNetworkConnectivityActiveTest
  • Search/AllowWindowsIndexer| - -## October 2017 - -| New or updated article | Description | -| --- | --- | -| [Policy DDF file](policy-ddf-file.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. | -| [Policy CSP](policy-configuration-service-provider.md) | Updated the following policies:

    - Defender/ControlledFolderAccessAllowedApplications - string separator is `|`
    - Defender/ControlledFolderAccessProtectedFolders - string separator is `|` | -| [eUICCs CSP](euiccs-csp.md) | Added new CSP in Windows 10, version 1709. | -| [AssignedAccess CSP](assignedaccess-csp.md) | Added SyncML examples for the new Configuration node. | -| [DMClient CSP](dmclient-csp.md) | Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics. | - -## September 2017 - -|New or updated article|Description| -|--- |--- | -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
  • Authentication/AllowAadPasswordReset
  • Handwriting/PanelDefaultModeDocked
  • Search/AllowCloudSearch
  • System/LimitEnhancedDiagnosticDataWindowsAnalytics

    Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.| -|[AssignedAccess CSP](assignedaccess-csp.md)|Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.| -|Microsoft Store for Business and Microsoft Store|Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.| -|The [[MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)|The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:
  • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
  • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
  • DomainName - fully qualified domain name if the device is domain-joined.

    For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.| -|[EnterpriseAPN CSP](enterpriseapn-csp.md)|Added a SyncML example.| -|[VPNv2 CSP](vpnv2-csp.md)|Added RegisterDNS setting in Windows 10, version 1709.| -|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Added new topic to introduce a new Group Policy for automatic MDM enrollment.| -|[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)|New features in the Settings app:
  • User sees installation progress of critical policies during MDM enrollment.
  • User knows what policies, profiles, apps MDM has configured
  • IT helpdesk can get detailed MDM diagnostic information using client tools

    For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)| - -## August 2017 - -|New or updated article|Description| -|--- |--- | -|[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)|Added new step-by-step guide to enable ADMX-backed policies.| -|[Mobile device enrollment](mobile-device-enrollment.md)|Added the following statement:

    Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.| -|[CM_CellularEntries CSP](cm-cellularentries-csp.md)|Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.| -|[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)|Updated the Settings/EDPEnforcementLevel values to the following values:
  • 0 (default) – Off / No protection (decrypts previously protected data).
  • 1 – Silent mode (encrypt and audit only).
  • 2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
  • 3 – Hides overrides (encrypt, prompt but hide overrides, and audit).| -|[AppLocker CSP](applocker-csp.md)|Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in [Allowlist examples](applocker-csp.md#allow-list-examples).| -|[DeviceManageability CSP](devicemanageability-csp.md)|Added the following settings in Windows 10, version 1709:
  • Provider/ProviderID/ConfigInfo
  • Provider/ProviderID/EnrollmentInfo| -|[Office CSP](office-csp.md)|Added the following setting in Windows 10, version 1709:
  • Installation/CurrentStatus| -|[BitLocker CSP](bitlocker-csp.md)|Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to four digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.| -|[Firewall CSP](firewall-csp.md)|Updated the CSP and DDF topics. Here are the changes:
  • Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.
  • Changed some data types from integer to bool.
  • Updated the list of supported operations for some settings.
  • Added default values.| -|[Policy DDF file](policy-ddf-file.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:
  • Browser/AllowMicrosoftCompatibilityList
  • Update/DisableDualScan
  • Update/FillEmptyContentUrls| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
  • Browser/ProvisionFavorites
  • Browser/LockdownFavorites
  • ExploitGuard/ExploitProtectionSettings
  • Games/AllowAdvancedGamingServices
  • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
  • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
  • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
  • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
  • LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
  • LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
  • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
  • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
  • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
  • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
  • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
  • LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
  • LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
  • Privacy/EnableActivityFeed
  • Privacy/PublishUserActivities
  • Update/DisableDualScan
  • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork

    Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.

    Changed the names of the following policies:
  • Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
  • Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
  • Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess

    Added links to the extra [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).

    There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:
  • Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
  • Start/HideAppList| diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md index 74cd9636c7..2d45bfb0be 100644 --- a/windows/client-management/mdm/cleanpc-csp.md +++ b/windows/client-management/mdm/cleanpc-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 06/26/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -35,19 +35,19 @@ CleanPC ----CleanPCRetainingUserData ``` -**./Device/Vendor/MSFT/CleanPC** +**./Device/Vendor/MSFT/CleanPC**

    The root node for the CleanPC configuration service provider.

    -**CleanPCWithoutRetainingUserData** +**CleanPCWithoutRetainingUserData**

    An integer specifying a CleanPC operation without any retention of user data.

    The only supported operation is Execute. -**CleanPCRetainingUserData** -

    An integer specifying a CleanPC operation with retention of user data. +**CleanPCRetainingUserData** +

    An integer specifying a CleanPC operation with retention of user data.

    The only supported operation is Execute. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md index 9677737584..3c1dc09f96 100644 --- a/windows/client-management/mdm/cleanpc-ddf.md +++ b/windows/client-management/mdm/cleanpc-ddf.md @@ -1,7 +1,7 @@ --- title: CleanPC DDF description: Learn about the OMA DM device description framework (DDF) for the CleanPC configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **CleanPC** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. @@ -50,7 +50,7 @@ The XML below is the current version for this CSP. CleanPCWithoutRetainingUserData - + CleanPC operation without any retention of User data. @@ -62,7 +62,7 @@ The XML below is the current version for this CSP. - + text/plain diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index faff015660..caba758dda 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -1,7 +1,7 @@ --- title: ClientCertificateInstall CSP description: The ClientCertificateInstall configuration service provider (CSP) enables the enterprise to install client certificates. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -77,18 +77,18 @@ ClientCertificateInstall ------------RespondentServerUrl ``` -**Device or User** +**Device or User** For device certificates, use ./Device/Vendor/MSFT path and for user certificates use ./User/Vendor/MSFT path. -**ClientCertificateInstall** +**ClientCertificateInstall** The root node for the ClientCertificateInstaller configuration service provider. -**ClientCertificateInstall/PFXCertInstall** +**ClientCertificateInstall/PFXCertInstall** Required for PFX certificate installation. The parent node grouping the PFX certificate related settings. Supported operation is Get. -**ClientCertificateInstall/PFXCertInstall/***UniqueID* +**ClientCertificateInstall/PFXCertInstall/***UniqueID* Required for PFX certificate installation. A unique ID to differentiate different certificate install requests. The data type format is node. @@ -97,12 +97,12 @@ Supported operations are Get, Add, and Replace. Calling Delete on this node should delete the certificates and the keys that were installed by the corresponding PFX blob. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/KeyLocation** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/KeyLocation** Required for PFX certificate installation. Indicates the KeyStorage provider to target the private key installation to. Supported operations are Get, Add, and Replace. -The data type is an integer corresponding to one of the following values: +The data type is an integer corresponding to one of the following values: | Value | Description | |-------|---------------------------------------------------------------------------------------------------------------| @@ -111,14 +111,14 @@ The data type is an integer corresponding to one of the following values: | 3 | Install to software. | | 4 | Install to Windows Hello for Business (formerly known as Microsoft Passport for Work) whose name is specified. | -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/ContainerName** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/ContainerName** Optional. Specifies the Windows Hello for Business (formerly known as Microsoft Passport for Work) container name (if Windows Hello for Business storage provider (KSP) is chosen for the KeyLocation). If this node isn't specified when Windows Hello for Business KSP is chosen, enrollment will fail. Date type is string. Supported operations are Get, Add, Delete, and Replace. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertBlob** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertBlob** CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. The Add operation triggers the addition to the PFX certificate. This Add operation requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, KeyExportable) are present before the Add operation is called. This trigger for addition also sets the Status node to the current Status of the operation. The data type format is binary. @@ -131,14 +131,14 @@ If Add is called on this node for a new PFX, the certificate will be added. When In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT_DATA_BLOB, which can be found in [CRYPT\_INTEGER\_BLOB](/previous-versions/windows/desktop/legacy/aa381414(v=vs.85)). -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPassword** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPassword** Password that protects the PFX blob. This is required if the PFX is password protected. Data Type is a string. Supported operations are Get, Add, and Replace. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionType** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionType** Optional. Used to specify whether the PFX certificate password is encrypted with the MDM certificate by the MDM server. The data type is int. Valid values: @@ -151,7 +151,7 @@ When PFXCertPasswordEncryptionType =2, you must specify the store name in PFXCer Supported operations are Get, Add, and Replace. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXKeyExportable** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXKeyExportable** Optional. Used to specify if the private key installed is exportable (and can be exported later). The PFX isn't exportable when it's installed to TPM. > [!Note] @@ -161,37 +161,37 @@ The data type bool. Supported operations are Get, Add, and Replace. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Thumbprint** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Thumbprint** Returns the thumbprint of the installed PFX certificate. The datatype is a string. Supported operation is Get. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Status** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Status** Required. Returns the error code of the PFX installation from the GetLastError command called after the PfxImportCertStore. Data type is an integer. Supported operation is Get. -**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionStore** +**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionStore** Added in Windows 10, version 1511. When PFXCertPasswordEncryptionType = 2, it specifies the store name of the certificate used for decrypting the PFXCertPassword. Data type is string. Supported operations are Add, Get, and Replace. -**ClientCertificateInstall/SCEP** +**ClientCertificateInstall/SCEP** Node for SCEP. > [!Note] > An alert is sent after the SCEP certificate is installed. -**ClientCertificateInstall/SCEP/***UniqueID* +**ClientCertificateInstall/SCEP/***UniqueID* A unique ID to differentiate different certificate installation requests. -**ClientCertificateInstall/SCEP/*UniqueID*/Install** +**ClientCertificateInstall/SCEP/*UniqueID*/Install** A node required for SCEP certificate enrollment. Parent node to group SCEP cert installation related requests. Supported operations are Get, Add, Replace, and Delete. @@ -199,29 +199,29 @@ Supported operations are Get, Add, Replace, and Delete. > [!Note] > Although the child nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values that are set when the Exec command is accepted. The server should not expect the node value change after Exec command is accepted, as it will impact the current enrollment underway. The server should check the Status node value and ensure the device isn't at an unknown state before changing child node values. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/ServerURL** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/ServerURL** Required for SCEP certificate enrollment. Specifies the certificate enrollment server. Multiple server URLs can be listed, separated by semicolons. Data type is string. Supported operations are Get, Add, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/Challenge** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/Challenge** Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. Challenge is deleted shortly after the Exec command is accepted. Data type is string. Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/EKUMapping** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/EKUMapping** Required. Specifies extended key usages. Subject to SCEP server configuration. The list of OIDs is separated by a plus +. For example, OID1+OID2+OID3. Data type is string. Supported operations are Get, Add, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectName** -Required. Specifies the subject name. +**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectName** +Required. Specifies the subject name. The SubjectName value is quoted if it contains leading or trailing white space or one of the following characters: (“,” “=” “+” “;”). @@ -231,13 +231,13 @@ Data type is string. Supported operations are Add, Get, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyProtection** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyProtection** Optional. Specifies where to keep the private key. > [!Note] > Even if the private key is protected by TPM, it isn't protected with a TPM PIN. -The data type is an integer corresponding to one of the following values: +The data type is an integer corresponding to one of the following values: | Value | Description | |---|---| @@ -248,14 +248,14 @@ The data type is an integer corresponding to one of the following values: Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyUsage** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyUsage** Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have second (0x20) or forth (0x80) or both bits set. If the value doesn’t have those bits set, configuration will fail. Data type is int. -Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryDelay** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryDelay** Optional. When the SCEP server sends a pending status, this value specifies the device retry waiting time in minutes. Data type format is an integer. @@ -266,7 +266,7 @@ The minimum value is 1. Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryCount** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryCount** Optional. Unique to SCEP. Specifies the device retry times when the SCEP server sends a pending status. Data type is integer. @@ -279,7 +279,7 @@ Minimum value is 0, which indicates no retry. Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/TemplateName** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/TemplateName** Optional. OID of certificate template name. > [!Note] @@ -289,7 +289,7 @@ Data type is string. Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyLength** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyLength** Required for enrollment. Specify private key length (RSA). Data type is integer. @@ -300,7 +300,7 @@ For Windows Hello for Business (formerly known as Microsoft Passport for Work) , Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/HashAlgorithm** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/HashAlgorithm** Required. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated with +. For Windows Hello for Business, only SHA256 is the supported algorithm. @@ -309,14 +309,14 @@ Data type is string. Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/CAThumbprint** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/CAThumbprint** Required. Specifies Root CA thumbprint. This thumbprint is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates the SCEP server, it checks the CA certificate from the SCEP server to verify a match with this certificate. If it isn't a match, the authentication will fail. Data type is string. Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectAlternativeNames** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectAlternativeNames** Optional. Specifies subject alternative names (SAN). Multiple alternative names can be specified by this node. Each name is the combination of name format+actual name. For more information, see the name type definitions in MSDN. Each pair is separated by semicolon. For example, multiple SANs are presented in the format of [name format1]+[actual name1];[name format 2]+[actual name2]. @@ -325,7 +325,7 @@ Data type is string. Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriod** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriod** Optional. Specifies the units for the valid certificate period. Data type is string. @@ -341,8 +341,8 @@ Valid values are: Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriodUnits** -Optional. Specifies the desired number of units used in the validity period. This number is subject to SCEP server configuration. Default value is 0. The unit type (days, months, or years) is defined in the ValidPeriod node. +**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriodUnits** +Optional. Specifies the desired number of units used in the validity period. This number is subject to SCEP server configuration. Default value is 0. The unit type (days, months, or years) is defined in the ValidPeriod node. > [!Note] > The valid period specified by MDM will overwrite the valid period specified in the certificate template. For example, if ValidPeriod is Days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. @@ -354,35 +354,35 @@ Data type is string. Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/ContainerName** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/ContainerName** Optional. Specifies the Windows Hello for Business container name (if Windows Hello for Business KSP is chosen for the node). If this node isn't specified when Windows Hello for Business KSP is chosen, the enrollment will fail. Data type is string. Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/CustomTextToShowInPrompt** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/CustomTextToShowInPrompt** Optional. Specifies the custom text to show on the Windows Hello for Business PIN prompt during certificate enrollment. The admin can choose to provide more contextual information in this field for why the user needs to enter the PIN and what the certificate will be used for. Data type is string. Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/Enroll** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/Enroll** Required. Triggers the device to start the certificate enrollment. The device won't notify MDM server after certificate enrollment is done. The MDM server could later query the device to find out whether new certificate is added. The date type format is Null, meaning this node doesn’t contain a value. The only supported operation is Execute. -**ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList** +**ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList** Optional. Specify the Azure Active Directory Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail. Data type is string. Supported operations are Add, Get, Delete, and Replace. -**ClientCertificateInstall/SCEP/*UniqueID*/CertThumbprint** +**ClientCertificateInstall/SCEP/*UniqueID*/CertThumbprint** Optional. Specifies the current certificate’s thumbprint if certificate enrollment succeeds. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. If the certificate on the device becomes invalid (Cert expired, Cert chain isn't valid, private key deleted) then it will return an empty string. @@ -391,7 +391,7 @@ Data type is string. The only supported operation is Get. -**ClientCertificateInstall/SCEP/*UniqueID*/Status** +**ClientCertificateInstall/SCEP/*UniqueID*/Status** Required. Specifies latest status of the certificated during the enrollment request. Data type is string. Valid values: @@ -405,7 +405,7 @@ The only supported operation is Get. | 16 | Action failed | | 32 | Unknown | -**ClientCertificateInstall/SCEP/*UniqueID*/ErrorCode** +**ClientCertificateInstall/SCEP/*UniqueID*/ErrorCode** Optional. An integer value that indicates the HRESULT of the last enrollment error code. The only supported operation is Get. @@ -714,4 +714,4 @@ Add a PFX certificate. The PFX certificate password is encrypted with a custom c ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md index 716eff3eef..b2c5d92dd8 100644 --- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md +++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md @@ -1,7 +1,7 @@ --- title: ClientCertificateInstall DDF file description: Learn about the OMA DM device description framework (DDF) for the ClientCertificateInstall configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **ClientCertificateInstall** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. @@ -78,9 +78,9 @@ The XML below is the current version for this CSP. - Required for PFX certificate installation. A unique ID to differentiate different certificate install requests. -Format is node. -Supported operations are Get, Add, Delete + Required for PFX certificate installation. A unique ID to differentiate different certificate install requests. +Format is node. +Supported operations are Get, Add, Delete Calling Delete on the this node, should delete the certificates and the keys that were installed by the corresponding PFX blob. @@ -134,7 +134,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha - Optional. + Optional. Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail. Format is chr. Supported operations are Get, Add, Delete and Replace. @@ -161,7 +161,7 @@ Supported operations are Get, Add, Delete and Replace. - Required. + Required. CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. Add on this node will trigger the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, fKeyExportable) are present before this is called. This will also set the Status node to the current Status of the operation. Format is Binary64. Supported operations are Get, Add, Replace. @@ -194,7 +194,7 @@ CRYPT_DATA_BLOB on MSDN can be found at https://msdn.microsoft.com/library/windo Required if PFX is password protected. -Password that protects the PFX blob. +Password that protects the PFX blob. Format is chr. Supported operations are Add, Get. @@ -221,7 +221,7 @@ Format is chr. Supported operations are Add, Get. 0 Optional. Used to specify if the PFX certificate password is encrypted with a certificate. -If the value is +If the value is 0 - Password is not encrypted 1- Password is encrypted using the MDM certificate by the MDM server 2 - Password is encrypted by a Custom Certificate by the MDM server. When this value is used here, also specify the custom store name in the PFXCertPasswordEncryptionStore node. @@ -271,7 +271,7 @@ Supported operations are Add, Get. Thumbprint - + Returns the thumbprint of the PFX certificate installed. Format is string.Supported operations are Get. @@ -321,8 +321,8 @@ Support operations are Get. - Optional. -When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the store name where the certificate for decrypting the PFXCertPassword is stored. + Optional. +When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the store name where the certificate for decrypting the PFXCertPassword is stored. Datatype is string, Support operation are Add, Get and Replace. @@ -370,8 +370,8 @@ Support operation are Add, Get and Replace. - Required for SCEP certificate installation. A unique ID to differentiate different certificate install requests. -Format is node. + Required for SCEP certificate installation. A unique ID to differentiate different certificate install requests. +Format is node. Supported operations are Get, Add, Delete. Calling Delete on the this node, should delete the corresponding SCEP certificate @@ -422,8 +422,8 @@ NOTE: Though the children nodes under Install support Replace commands, once the - Required for SCEP certificate enrollment. Specify the cert enrollment server. The server could specify multiple server URLs separated by semicolon. -Format is string. + Required for SCEP certificate enrollment. Specify the cert enrollment server. The server could specify multiple server URLs separated by semicolon. +Format is string. Supported operations are Get, Add, Delete, Replace. @@ -474,7 +474,7 @@ Supported operations are Get, Add, Delete, Replace. Required. Specify extended key usages. Subjected to SCEP server configuration. The list of OIDs are separated by plus “+”. Sample format: OID1+OID2+OID3. -Format is chr. +Format is chr. Supported operations are Get, Add, Delete, Replace. @@ -502,7 +502,7 @@ Supported operations are Get, Add, Delete, Replace. Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have second (0x20) or forth (0x80) or both bits set. If the value doesn’t have those bits set, configuration will fail. -Format is int. +Format is int. Supported operations are Get, Add, Delete, Replace. @@ -553,20 +553,20 @@ Supported operations are Get, Add, Delete, Replace. 3 - Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN. + Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN. -SCEP enrolled cert doesn’t support TPM PIN protection. Supported values: +SCEP enrolled cert doesn’t support TPM PIN protection. Supported values: -1 – private key protected by TPM, +1 – private key protected by TPM, -2 – private key protected by phone TPM if the device supports TPM. +2 – private key protected by phone TPM if the device supports TPM. -3 (default) – private key saved in software KSP +3 (default) – private key saved in software KSP 4 – private key protected by NGC. If this option is specified, container name should be specified, if not enrollment will fail. -Format is int. +Format is int. Supported operations are Get, Add, Delete, Replace. @@ -595,12 +595,12 @@ Supported operations are Get, Add, Delete, Replace. 5 - Optional. When the SCEP server sends pending status, specify device retry waiting time in minutes. + Optional. When the SCEP server sends pending status, specify device retry waiting time in minutes. Default value is: 5 -The min value is 1. +The min value is 1. -Format is int. +Format is int. Supported operations are Get, Add, Delete noreplace. @@ -676,7 +676,7 @@ The min value is 0 which means no retry. Supported operations are Get, Add, Dele - Required for enrollment. Specify private key length (RSA). Format is int. + Required for enrollment. Specify private key length (RSA). Format is int. Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength. @@ -704,11 +704,11 @@ Supported operations are Get, Add, Delete, Replace. - Required for enrollment. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated via +. + Required for enrollment. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated via +. For NGC, only SHA256 is supported as the supported algorithm -Format is chr. +Format is chr. Supported operations are Get, Add, Delete, Replace. @@ -733,8 +733,8 @@ Supported operations are Get, Add, Delete, Replace. - Required. Specify root CA thumbprint. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates SCEP server, it checks CA cert from SCEP server whether match with this cert. If not match, fail the authentication. -Format is chr. + Required. Specify root CA thumbprint. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates SCEP server, it checks CA cert from SCEP server whether match with this cert. If not match, fail the authentication. +Format is chr. Supported operations are Get, Add, Delete, Replace. @@ -759,9 +759,9 @@ Supported operations are Get, Add, Delete, Replace. - Optional. Specify subject alternative name. Multiple alternative names could be specified by this node. Each name is the combination of name format+actual name. Refer name type definition in MSDN. Each pair is separated by semicolon. E.g. multiple SAN are presented in the format of [nameformat1]+[actual name1];[name format 2]+[actual name2]. + Optional. Specify subject alternative name. Multiple alternative names could be specified by this node. Each name is the combination of name format+actual name. Refer name type definition in MSDN. Each pair is separated by semicolon. E.g. multiple SAN are presented in the format of [nameformat1]+[actual name1];[name format 2]+[actual name2]. -Format is chr. +Format is chr. Supported operations are Get, Add, Delete, Replace. @@ -788,8 +788,8 @@ Supported operations are Get, Add, Delete, Replace. Days - Optional. Specify the units for valid period. Valid values are: Days(Default), Months, Years. -Format is chr. + Optional. Specify the units for valid period. Valid values are: Days(Default), Months, Years. +Format is chr. Supported operations are Get, Add, Delete, Replace. NOTE: The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio) the SCEP server as part of certificate enrollment request. It is the server’s decision on how to use this valid period to create the certificate. @@ -817,9 +817,9 @@ NOTE: The device only sends the MDM server expected certificate validation perio 0 - Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note that the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. + Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note that the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. -Format is int. +Format is int. Supported operations are Get, Add, Delete, Replace. @@ -847,7 +847,7 @@ NOTE: The device only sends the MDM server expected certificate validation perio - Optional. + Optional. Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail. Format is chr. @@ -901,9 +901,9 @@ Supported operations are Get, Add, Delete and Replace. - Required. Trigger the device to start the cert enrollment. The device will not notify MDM server after cert enrollment is done. The MDM server could later query the device to find out whether new cert is added. + Required. Trigger the device to start the cert enrollment. The device will not notify MDM server after cert enrollment is done. The MDM server could later query the device to find out whether new cert is added. -Format is null, e.g. this node doesn’t contain a value. +Format is null, e.g. this node doesn’t contain a value. Supported operation is Exec. @@ -974,9 +974,9 @@ Supported operation is Exec. Required. Specify the latest status for the certificate due to enroll request. -Format is chr. +Format is chr. -Supported operation is Get. +Supported operation is Get. Valid values are: 1 – finished successfully @@ -1003,7 +1003,7 @@ Valid values are: - Optional. The integer value that indicates the HRESULT of the last enrollment error code. + Optional. The integer value that indicates the HRESULT of the last enrollment error code. Supported operation is Get. diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md index 910c3b6c31..dec02671ea 100644 --- a/windows/client-management/mdm/cm-cellularentries-csp.md +++ b/windows/client-management/mdm/cm-cellularentries-csp.md @@ -1,7 +1,7 @@ --- title: CM\_CellularEntries CSP description: Learn how to configure the General Packet Radio Service (GPRS) entries using the CM\_CellularEntries CSP. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -58,12 +58,12 @@ CM_CellularEntries --------PurposeGroups ``` -***entryname*** +***entryname*** Defines the name of the connection.

    The [CMPolicy configuration service provider](cmpolicy-csp.md) uses the value of *entryname* to identify the connection that is associated with a policy and [CM\_ProxyEntries configuration service provider](cm-proxyentries-csp.md) uses the value of *entryname* to identify the connection that is associated with a proxy.

    -**AlwaysOn** +**AlwaysOn** Type: Int. Specifies if the Connection Manager will automatically attempt to connect to the APN when a connection is available. A value of "0" specifies that AlwaysOn isn't supported, and the Connection Manager will only attempt to connect to the APN when an application requests the connection. This setting is recommended for applications that use a connection occasionally. For example, an APN that only controls MMS. @@ -72,12 +72,12 @@ A value of "1" specifies that AlwaysOn is supported, and the Connection Manager There must be at least one AlwaysOn Internet connection provisioned for the mobile operator. -**AuthType** +**AuthType** Optional. Type: String. Specifies the method of authentication used for a connection. A value of "CHAP" specifies the Challenge Handshake Application Protocol. A value of "PAP" specifies the Password Authentication Protocol. A value of "None" specifies that the UserName and Password parameters are ignored. The default value is "None". -**ConnectionType** +**ConnectionType** Optional. Type: String. Specifies the type of connection used for the APN. The following connection types are available: |Connection type|Usage| @@ -89,48 +89,48 @@ Optional. Type: String. Specifies the type of connection used for the APN. The f |Lte_iwlan|Used for GPRS type connections that may be offloaded over WiFi.| |Iwlan|Used for connections that are implemented over WiFi offload only.| -**Desc.langid** +**Desc.langid** Optional. Specifies the UI display string used by the defined language ID. A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as `Desc.0409` with a value of `"GPRS Connection"` will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no **Desc** parameter is provisioned for a given language, the system will default to the name used to create the entry. -**Enabled** +**Enabled** Specifies if the connection is enabled. A value of "0" specifies that the connection is disabled. A value of "1" specifies that the connection is enabled. -**IpHeaderCompression** +**IpHeaderCompression** Optional. Specifies if IP header compression is enabled. A value of "0" specifies that IP header compression for the connection is disabled. A value of "1" specifies that IP header compression for the connection is enabled. -**Password** +**Password** Required if AuthType is set to a value other than "None". Specifies the password used to connect to the APN. -**SwCompression** +**SwCompression** Optional. Specifies if software compression is enabled. A value of "0" specifies that software compression for the connection is disabled. A value of "1" specifies that software compression for the connection is enabled. -**UserName** +**UserName** Required if AuthType is set to a value other than "None". Specifies the user name used to connect to the APN. -**UseRequiresMappingsPolicy** +**UseRequiresMappingsPolicy** Optional. Specifies if the connection requires a corresponding mappings policy. A value of "0" specifies that the connection can be used for any general Internet communications. A value of "1" specifies that the connection is only used if a mapping policy is present. For example, if the multimedia messaging service (MMS) APN shouldn't have any other traffic except MMS, you can configure a mapping policy that sends MMS traffic to this connection. Then, you set the value of UseRequiresMappingsPolicy to be equal to "1" and Connection Manager will only use the connection for MMS traffic. Without this, Connection Manager will try to use the connection for any general purpose internet traffic. -**Version** +**Version** Type: Int. Specifies the XML version number and is used to verify that the XML is supported by Connection Manager's configuration service provider. This value must be "1" if included. -**GPRSInfoAccessPointName** +**GPRSInfoAccessPointName** Specifies the logical name to select the GPRS gateway. For more information about allowable values, see GSM specification 07.07 "10.1.1 Define PDP Context +CGDCONT". -**Roaming** +**Roaming** Optional. Type: Int. This parameter specifies the roaming conditions under which the connection should be activated. The following conditions are available: - 0 - Home network only. @@ -140,22 +140,22 @@ Optional. Type: Int. This parameter specifies the roaming conditions under which - 4 - Non-domestic roaming only. - 5 - Roaming only. -**OEMConnectionID** +**OEMConnectionID** Optional. Type: GUID. Specifies a GUID that is used to identify a specific connection in the modem. If a value isn't specified, the default value is 00000000-0000-0000-0000-000000000000. This parameter is only used on LTE devices. -**ApnId** +**ApnId** Optional. Type: Int. Specifies the purpose of the APN. If a value isn't specified, the default value is "0" (none). This parameter is only used on LTE devices. -**IPType** +**IPType** Optional. Type: String. Specifies the network protocol of the connection. Available values are "IPv4", "IPv6", "IPv4v6", and "IPv4v6xlat". If a value isn't specified, the default value is "IPv4". > [!WARNING] > Do not use IPv6 or IPv4v6xlat on a device or network that does not support IPv6. Data functionality will not work. In addition, the device will not be able to connect to a roaming network that does not support IPv6 unless you configure roaming connections with an IPType of IPv4v6. -**ExemptFromDisablePolicy** +**ExemptFromDisablePolicy** Added back in Windows 10, version 1511. Optional. Type: Int. This value should only be specified for special purpose connections whose applications directly manage their disable state (such as MMS). A value of "0" specifies that the connection is subject to the disable policy used by general purpose connections (not exempt). A value of "1" specifies that the connection is exempt. If a value isn't specified, the default value is "0" (not exempt). -To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". These settings indicate that the connection is a dedicated MMS connection and that it shouldn't be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF. +To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". These settings indicate that the connection is a dedicated MMS connection and that it shouldn't be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF. > [!Note] > Sending MMS while roaming is still not allowed. @@ -168,13 +168,13 @@ To avoid UX inconsistency with certain value combinations of ExemptFromDisablePo - Hide the toggle for AllowMmsIfDataIsOff by setting AllowMmsIfDataIsOffEnabled to 0 (default is 1) - Set AllowMMSIfDataIsOff to 1 (default is 0) -**ExemptFromRoaming** +**ExemptFromRoaming** Added back in Windows 10, version 1511. Optional. Type: Int. This value should be specified only for special purpose connections whose applications directly manage their roaming state. It should never be used with general purpose connections. A value of "0" specifies that the connection is subject to the roaming policy (not exempt). A value of "1" specifies that the connection is exempt (unaffected by the roaming policy). If a value isn't specified, the default value is "0" (not exempt). -**TetheringNAI** +**TetheringNAI** Optional. Type: Int. CDMA only. Specifies if the connection is a tethering connection. A value of "0" specifies that the connection is not a tethering connection. A value of "1" specifies that the connection is a tethering connection. If a value isn't specified, the default value is "0". -**IdleDisconnectTimeout** +**IdleDisconnectTimeout** Optional. Type: Int. Specifies how long an on-demand connection can be unused before Connection Manager tears the connection down. This value is specified in seconds. Valid value range is 5 to 60 seconds. If not specified, the default is 30 seconds. > [!IMPORTANT] @@ -183,10 +183,10 @@ Optional. Type: Int. Specifies how long an on-demand connection can be unused be > [!NOTE] > If tear-down/activation requests occur too frequently, this value should be set to greater than 5 seconds. -**SimIccId** +**SimIccId** For single SIM phones, this parm is Optional. However, it is highly recommended to include this value when creating future updates. For dual SIM phones, this parm is required. Type: String. Specifies the SIM ICCID that services the connection. -**PurposeGroups** +**PurposeGroups** Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available: - Internet - 3E5545D2-1137-4DC8-A198-33F1C657515F @@ -194,8 +194,8 @@ Required. Type: String. Specifies the purposes of the connection by a comma-sepa - MMS - 53E2C5D3-D13C-4068-AA38-9C48FF2E55A8 - IMS - 474D66ED-0E4B-476B-A455-19BB1239ED13 - SUPL - 6D42669F-52A9-408E-9493-1071DCC437BD -- Purchase - 95522B2B-A6D1-4E40-960B-05E6D3F962AB -- Administrative - 2FFD9261-C23C-4D27-8DCF-CDE4E14A3364 +- Purchase - 95522B2B-A6D1-4E40-960B-05E6D3F962AB +- Administrative - 2FFD9261-C23C-4D27-8DCF-CDE4E14A3364 - Application - 52D7654A-00A8-4140-806C-087D66705306 - eSIM provisioning - A36E171F-2377-4965-88FE-1F53EB4B47C0 @@ -207,7 +207,7 @@ To delete a connection, you must first delete any associated proxies and then de - + @@ -247,7 +247,7 @@ Configuring an LTE connection: - + ``` @@ -283,5 +283,5 @@ The following table shows the Microsoft custom elements that this configuration ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md index 38d7d17625..26f88a1e32 100644 --- a/windows/client-management/mdm/cmpolicy-csp.md +++ b/windows/client-management/mdm/cmpolicy-csp.md @@ -1,7 +1,7 @@ --- title: CMPolicy CSP description: Learn how the CMPolicy configuration service provider (CSP) is used to define rules that the Connection Manager uses to identify correct connections. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -51,10 +51,10 @@ CMPolicy ----------------Type ``` -***policyName*** +***policyName*** Defines the name of the policy. -**SID** +**SID** The value of SID depends on the ClientType. For Universal Windows Platform (UWP) app-based mapping policies, SID is the Package family name without curly brackets {}, not the application. @@ -63,7 +63,7 @@ For non-UWP application-based mapping policies, SID is the application product I For host-based mapping policies, SID must be set to `*`. -**ClientType** +**ClientType** Specifies the mapping policy type. The following list describes the available mapping policy types: @@ -72,20 +72,20 @@ The following list describes the available mapping policy types: - Host-based mapping policies are applied to all types of clients requesting connections to specified host(s). To specify this mapping type, use the value `*`. -**Host** +**Host** Specifies the name of a host pattern. The host name is matched to the connection request to select the right policy to use. The host pattern can have two wild cards, `*` and `+`. The host pattern isn't a URL pattern and there's no concept of transport or paths on the specific host. For example, the host pattern might be `*.host_name.com` to match any prefix to the `host_name.com` domains. The host pattern will match `www.host_name.com` and `mail.host_name.com`, but it won't match `host_name.com`. -**OrderedConnections** +**OrderedConnections** Specifies whether the list of connections is in preference order. A value of "0" specifies that the connections aren't listed in order of preference. A value of "1" indicates that the listed connections are in order of preference. -**Conn***XXX* +**Conn***XXX* Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits, which increment starting from "000". For example, a policy, which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". -**ConnectionID** +**ConnectionID** Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter. For `CMST_CONNECTION_NAME`, specify the connection name. For example, if you have a connection configured by using the CM\_CellularEntries configuration service provider, the connection name could be the name of the connection. If you have a NAP configured with the NAPID set to “GPRS1”, the connection name could be “GPRS1@WAP”. @@ -129,7 +129,7 @@ For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. |Bluetooth|{1D793123-701A-4fd0-B6AE-9C3C57E99C2C}| |Virtual|{EAA02CE5-9C70-4E87-97FE-55C9DEC847D4}| -**Type** +**Type** Specifies the type of connection being referenced. The following list describes the available connection types: - `CMST_CONNECTION_NAME` – A connection specified by name. @@ -166,20 +166,20 @@ Adding an application-based mapping policy. In this example, the ConnectionId fo - - + + - - + + - - + + - - + + @@ -213,20 +213,20 @@ In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the - - + + - - + + - - + + - - + + @@ -298,7 +298,7 @@ Adding an application-based mapping policy: CMST_CONNECTION_DEVICE_TYPE - + @@ -381,11 +381,11 @@ Adding a host-based mapping policy: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) - - - - +[Configuration service provider reference](index.yml) + + + + diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index 8515da3881..899a3779e8 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -1,7 +1,7 @@ --- title: CMPolicyEnterprise CSP description: Learn how the CMPolicyEnterprise CSP is used to define rules that the Connection Manager uses to identify the correct connection for a connection request. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -53,10 +53,10 @@ CMPolicy ----------------ConnectionID ----------------Type ``` -***policyName*** +***policyName*** Defines the name of the policy. -**SID** +**SID** The value of SID depends on the ClientType. For Universal Windows Platform (UWP) app-based mapping policies, SID is the Package family name without curly brackets {}, not the application. @@ -65,7 +65,7 @@ For non-UWP application-based mapping policies, SID is the application product I For host-based mapping policies, SID must be set to `*`. -**ClientType** +**ClientType** Specifies the mapping policy type. The following list describes the available mapping policy types: @@ -74,21 +74,21 @@ The following list describes the available mapping policy types: - Host-based mapping policies are applied to all types of clients requesting connections to specified host(s). To specify this mapping type, use the value `*`. -**Host** +**Host** Specifies the name of a host pattern. The host name is matched to the connection request to select the right policy to use. The host pattern can have two wild cards, "\*" and "+". The host pattern isn't a URL pattern and there's no concept of transport or paths on the specific host. For example, the host pattern might be "\*.host\_name.com" to match any prefix to the host\_name.com domains. The host pattern will match "www.host\_name.com" and "mail.host\_name.com", but it will not match "host\_name.com". -**OrderedConnections** +**OrderedConnections** Specifies whether the list of connections is in preference order. A value of "0" specifies that the connections aren't listed in order of preference. A value of "1" indicates that the listed connections are in order of preference. -**Conn***XXX* +**Conn***XXX* Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three-digits, which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". -**ConnectionID** +**ConnectionID** Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter. For `CMST_CONNECTION_NAME`, specify the connection name. For example, if you have a connection configured by using the CM\_CellularEntries configuration service provider, the connection name could be the name of the connection. If you have a NAP configured with the NAPID set to “GPRS1”, the connection name could be “GPRS1@WAP”. @@ -133,7 +133,7 @@ For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. |Bluetooth|{1D793123-701A-4fd0-B6AE-9C3C57E99C2C}| |Virtual|{EAA02CE5-9C70-4E87-97FE-55C9DEC847D4}| -**Type** +**Type** Specifies the type of connection being referenced. The following list describes the available connection types: - `CMST_CONNECTION_NAME` – A connection specified by name. @@ -170,20 +170,20 @@ Adding an application-based mapping policy. In this example, the ConnectionId fo - - + + - - + + - - + + - - + + @@ -215,20 +215,20 @@ Adding a host-based mapping policy. In this example, the ConnectionId for type C - - + + - - + + - - + + - - + + @@ -300,7 +300,7 @@ Adding an application-based mapping policy: CMST_CONNECTION_DEVICE_TYPE - + @@ -383,11 +383,11 @@ Adding a host-based mapping policy: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) - - - - +[Configuration service provider reference](index.yml) + + + + diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md index 47fd1ec39d..0b07180698 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md +++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md @@ -1,7 +1,7 @@ --- title: CMPolicyEnterprise DDF file description: Learn about the OMA DM device description framework (DDF) for the CMPolicyEnterprise configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **CMPolicyEnterprise** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/configuration-service-provider-ddf.md b/windows/client-management/mdm/configuration-service-provider-ddf.md new file mode 100644 index 0000000000..12b60500aa --- /dev/null +++ b/windows/client-management/mdm/configuration-service-provider-ddf.md @@ -0,0 +1,29 @@ +--- +title: Configuration service provider DDF files +description: Learn more about the OMA DM device description framework (DDF) for various configuration service providers +ms.reviewer: +manager: aaroncz +ms.author: vinpa +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: vinaypamnani-msft +ms.date: 09/18/2020 +ms.collection: highpri +--- + +# Configuration service provider DDF files + +This topic shows the OMA DM device description framework (DDF) for various configuration service providers. DDF files are used only with OMA DM provisioning XML. + +You can download the DDF files for various CSPs from the links below: + +- [Download all the DDF files for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/Windows10_2004_DDF_download.zip) +- [Download all the DDF files for Windows 10, version 1903](https://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip) +- [Download all the DDF files for Windows 10, version 1809](https://download.microsoft.com/download/6/A/7/6A735141-5CFA-4C1B-94F4-B292407AF662/Windows10_1809_DDF_download.zip) +- [Download all the DDF files for Windows 10, version 1803](https://download.microsoft.com/download/6/2/7/6276FE19-E3FD-4254-9C16-3C31CAA2DE50/Windows10_1803_DDF_download.zip) +- [Download all the DDF files for Windows 10, version 1709](https://download.microsoft.com/download/9/7/C/97C6CF99-F75C-475E-AF18-845F8CECCFA4/Windows10_1709_DDF_download.zip) +- [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip) +- [Download all the DDF files for Windows 10, version 1607](https://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip) + +You can download DDF file for Policy CSP from [Policy DDF file](policy-ddf-file.md). diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-support.md similarity index 90% rename from windows/client-management/mdm/configuration-service-provider-reference.md rename to windows/client-management/mdm/configuration-service-provider-support.md index b67e4c78ef..e6000e0976 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-support.md @@ -1,7 +1,7 @@ --- -title: Configuration service provider reference -description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. -ms.reviewer: +title: Configuration service provider support +description: Learn more about configuration service provider (CSP) supported scenarios. +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -12,20 +12,14 @@ ms.date: 09/18/2020 ms.collection: highpri --- -# Configuration service provider reference +# Configuration service provider support A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the device image as a `.provxml` file that is installed during boot. -For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). For CSP DDF files, see [CSP DDF files download](#csp-ddf-files-download). - - -Additional lists: -- [List of CSPs supported in HoloLens devices](#hololens) -- [List of CSPs supported in Microsoft Surface Hub](#surfacehubcspsupport) -- [List of CSPs supported in Windows 10 IoT Core](#iotcoresupport) +- For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). +- For CSP DDF files, see [CSP DDF files download](configuration-service-provider-ddf.md). -
    ## CSP support @@ -1007,18 +1001,6 @@ Additional lists:
    -## CSP DDF files download - -You can download the DDF files for various CSPs from the links below: -- [Download all the DDF files for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/Windows10_2004_DDF_download.zip) -- [Download all the DDF files for Windows 10, version 1903](https://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip) -- [Download all the DDF files for Windows 10, version 1809](https://download.microsoft.com/download/6/A/7/6A735141-5CFA-4C1B-94F4-B292407AF662/Windows10_1809_DDF_download.zip) -- [Download all the DDF files for Windows 10, version 1803](https://download.microsoft.com/download/6/2/7/6276FE19-E3FD-4254-9C16-3C31CAA2DE50/Windows10_1803_DDF_download.zip) -- [Download all the DDF files for Windows 10, version 1709](https://download.microsoft.com/download/9/7/C/97C6CF99-F75C-475E-AF18-845F8CECCFA4/Windows10_1709_DDF_download.zip) -- [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip) -- [Download all the DDF files for Windows 10, version 1607](https://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip) - - ## CSPs supported in HoloLens devices The following list shows the CSPs supported in HoloLens devices: @@ -1056,10 +1038,10 @@ The following list shows the CSPs supported in HoloLens devices: | [WiFi CSP](wifi-csp.md) | No | Yes | Yes | | [WindowsLicensing CSP](windowslicensing-csp.md) | Yes | Yes | No | - + ## CSPs supported in Microsoft Surface Hub -- [Accounts CSP](accounts-csp.md) +- [Accounts CSP](accounts-csp.md) > [!NOTE] > Support in Surface Hub is limited to **Domain\ComputerName**. - [AccountManagement CSP](accountmanagement-csp.md) @@ -1075,7 +1057,7 @@ The following list shows the CSPs supported in HoloLens devices: - [DMAcc CSP](dmacc-csp.md) - [DMClient CSP](dmclient-csp.md) - [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) -- [Firewall-CSP](firewall-csp.md) +- [Firewall-CSP](firewall-csp.md) - [HealthAttestation CSP](healthattestation-csp.md) - [NetworkProxy CSP](networkproxy-csp.md) - [NetworkQoSPolicy CSP](networkqospolicy-csp.md) @@ -1083,14 +1065,14 @@ The following list shows the CSPs supported in HoloLens devices: - [PassportForWork CSP](passportforwork-csp.md) - [Policy CSP](policy-configuration-service-provider.md) - [Reboot CSP](reboot-csp.md) -- [RemoteWipe CSP](remotewipe-csp.md) +- [RemoteWipe CSP](remotewipe-csp.md) - [Reporting CSP](reporting-csp.md) - [RootCATrustedCertificates CSP](rootcacertificates-csp.md) - [SurfaceHub CSP](surfacehub-csp.md) - [UEFI CSP](uefi-csp.md) -- [Wifi-CSP](wifi-csp.md) +- [Wifi-CSP](wifi-csp.md) - [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) -- [Wirednetwork-CSP](wirednetwork-csp.md) +- [Wirednetwork-CSP](wirednetwork-csp.md) ## CSPs supported in Windows 10 IoT Core diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md index 759f17f26a..53b1ab435d 100644 --- a/windows/client-management/mdm/customdeviceui-csp.md +++ b/windows/client-management/mdm/customdeviceui-csp.md @@ -1,7 +1,7 @@ --- title: CustomDeviceUI CSP description: Learn how the CustomDeviceUI configuration service provider (CSP) allows OEMs to implement their custom foreground application. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -27,16 +27,16 @@ CustomDeviceUI --------BackgroundTaskPackageName ``` -**./Vendor/MSFT/CustomDeviceUI** +**./Vendor/MSFT/CustomDeviceUI** The root node for the CustomDeviceUI configuration service provider. The supported operation is Get. -**StartupAppID** +**StartupAppID** AppID string value is the default appid/AUMID to launch during startup. The supported operations are Get and Replace. -**BackgroundTasksToLaunch** +**BackgroundTasksToLaunch** List of package names of background tasks that need to be launched on device startup. The supported operation is Get. -**BackgroundTasksToLaunch/***BackgroundTaskPackageName* +**BackgroundTasksToLaunch/***BackgroundTaskPackageName* Package Full Name of the application that needs to be launched in the background. This application can contain no entry points, a single entry point, or multiple entry points. The supported operations are Add, Delete, Get, and Replace. ## SyncML examples @@ -45,19 +45,19 @@ Package Full Name of the application that needs to be launched in the background ```xml - + 1 ./Vendor/MSFT/CustomDeviceUI/StartupAppID - + chr DefaultApp_cw5n1h2txyewy!App - + @@ -67,7 +67,7 @@ Package Full Name of the application that needs to be launched in the background ```xml - + 1 @@ -75,7 +75,7 @@ Package Full Name of the application that needs to be launched in the background ./Vendor/MSFT/CustomDeviceUI/BackgroundTaskstoLaunch?list=Struct - + @@ -85,7 +85,7 @@ Package Full Name of the application that needs to be launched in the background ```xml - + 1 @@ -97,15 +97,15 @@ Package Full Name of the application that needs to be launched in the background 0 - + ``` - - - + + + diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md index f847a4ba95..e77372750e 100644 --- a/windows/client-management/mdm/customdeviceui-ddf.md +++ b/windows/client-management/mdm/customdeviceui-ddf.md @@ -1,7 +1,7 @@ --- title: CustomDeviceUI DDF description: Learn about the OMA DM device description framework (DDF) for the CustomDeviceUI configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **CustomDeviceUI** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index ca3b7ea096..c95bb5bc44 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -1,7 +1,7 @@ --- title: Defender CSP description: Learn how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -88,31 +88,31 @@ Defender ----UpdateSignature ----OfflineScan (Added in Windows 10 version 1803) ``` -**Detections** +**Detections** An interior node to group all threats detected by Windows Defender. Supported operation is Get. -**Detections/***ThreatId* +**Detections/***ThreatId* The ID of a threat that has been detected by Windows Defender. Supported operation is Get. -**Detections/*ThreatId*/Name** +**Detections/*ThreatId*/Name** The name of the specific threat. The data type is a string. Supported operation is Get. -**Detections/*ThreatId*/URL** +**Detections/*ThreatId*/URL** URL link for more threat information. The data type is a string. Supported operation is Get. -**Detections/*ThreatId*/Severity** +**Detections/*ThreatId*/Severity** Threat severity ID. The data type is integer. @@ -127,7 +127,7 @@ The following list shows the supported values: Supported operation is Get. -**Detections/*ThreatId*/Category** +**Detections/*ThreatId*/Category** Threat category ID. The data type is integer. @@ -190,7 +190,7 @@ The following table describes the supported values: Supported operation is Get. -**Detections/*ThreatId*/CurrentStatus** +**Detections/*ThreatId*/CurrentStatus** Information about the current status of the threat. The data type is integer. @@ -211,7 +211,7 @@ The following list shows the supported values: Supported operation is Get. -**Detections/*ThreatId*/CurrentStatus** +**Detections/*ThreatId*/CurrentStatus** Information about the current status of the threat. The data type is integer. @@ -232,7 +232,7 @@ The following list shows the supported values: Supported operation is Get. -**Detections/*ThreatId*/ExecutionStatus** +**Detections/*ThreatId*/ExecutionStatus** Information about the execution status of the threat. The data type is integer. @@ -247,34 +247,34 @@ The following list shows the supported values: Supported operation is Get. -**Detections/*ThreatId*/InitialDetectionTime** +**Detections/*ThreatId*/InitialDetectionTime** The first time this particular threat was detected. The data type is a string. Supported operation is Get. -**Detections/*ThreatId*/LastThreatStatusChangeTime** +**Detections/*ThreatId*/LastThreatStatusChangeTime** The last time this particular threat was changed. The data type is a string. Supported operation is Get. -**Detections/*ThreatId*/NumberOfDetections** +**Detections/*ThreatId*/NumberOfDetections** Number of times this threat has been detected on a particular client. The data type is integer. Supported operation is Get. -**EnableNetworkProtection** +**EnableNetworkProtection** -The Network Protection Service is a network filter that helps to protect you against web-based malicious threats, including phishing and malware. The Network Protection service contacts the SmartScreen URL reputation service to validate the safety of connections to web resources. +The Network Protection Service is a network filter that helps to protect you against web-based malicious threats, including phishing and malware. The Network Protection service contacts the SmartScreen URL reputation service to validate the safety of connections to web resources. The acceptable values for this parameter are: - 0: Disabled. The Network Protection service won't block navigation to malicious websites, or contact the SmartScreen URL reputation service. It will still send connection metadata to the antimalware engine if behavior monitoring is enabled, to enhance AV Detections. - 1: Enabled. The Network Protection service will block connections to malicious websites based on URL Reputation from the SmartScreen URL reputation service. -- 2: AuditMode. As above, but the Network Protection service won't block connections to malicious websites, but will instead log the access to the event log. +- 2: AuditMode. As above, but the Network Protection service won't block connections to malicious websites, but will instead log the access to the event log. Accepted values: Disabled, Enabled, and AuditMode Position: Named @@ -284,7 +284,7 @@ Accept wildcard characters: False **EnableNetworkProtection/AllowNetworkProtectionDownLevel** -By default, network protection isn't allowed to be enabled on Windows versions before 1709, regardless of the setting of the EnableNetworkProtection configuration. Set this configuration to "$true" to override that behavior and allow Network Protection to be set to Enabled or Audit Mode. +By default, network protection isn't allowed to be enabled on Windows versions before 1709, regardless of the setting of the EnableNetworkProtection configuration. Set this configuration to "$true" to override that behavior and allow Network Protection to be set to Enabled or Audit Mode. - Type: Boolean - Position: Named - Default value: False @@ -401,17 +401,17 @@ Network Protection inspects TLS traffic (also known as HTTPS traffic) to see if - Accept pipeline input: False - Accept wildcard characters: False -**Health** +**Health** An interior node to group information about Windows Defender health status. Supported operation is Get. -**Health/ProductStatus** +**Health/ProductStatus** Added in Windows 10, version 1809. Provide the current state of the product. This value is a bitmask flag value that can represent one or multiple product states from below list. The data type is integer. Supported operation is Get. -Supported product status values: +Supported product status values: - No status = 0 - Service not running = 1 << 0 - Service started without any malware protection engine = 1 << 1 @@ -457,7 +457,7 @@ Example: ``` -**Health/ComputerState** +**Health/ComputerState** Provide the current state of the device. The data type is integer. @@ -473,28 +473,28 @@ The following list shows the supported values: Supported operation is Get. -**Health/DefenderEnabled** +**Health/DefenderEnabled** Indicates whether the Windows Defender service is running. The data type is a Boolean. Supported operation is Get. -**Health/RtpEnabled** +**Health/RtpEnabled** Indicates whether real-time protection is running. The data type is a Boolean. Supported operation is Get. -**Health/NisEnabled** +**Health/NisEnabled** Indicates whether network protection is running. The data type is a Boolean. Supported operation is Get. -**Health/QuickScanOverdue** +**Health/QuickScanOverdue** Indicates whether a Windows Defender quick scan is overdue for the device. A Quick scan is overdue when a scheduled Quick scan didn't complete successfully for 2 weeks and [catchup Quick scans](./policy-csp-defender.md#defender-disablecatchupquickscan) are disabled (default). @@ -503,7 +503,7 @@ The data type is a Boolean. Supported operation is Get. -**Health/FullScanOverdue** +**Health/FullScanOverdue** Indicates whether a Windows Defender full scan is overdue for the device. A Full scan is overdue when a scheduled Full scan didn't complete successfully for 2 weeks and [catchup Full scans](./policy-csp-defender.md#defender-disablecatchupfullscan) are disabled (default). @@ -512,96 +512,96 @@ The data type is a Boolean. Supported operation is Get. -**Health/SignatureOutOfDate** +**Health/SignatureOutOfDate** Indicates whether the Windows Defender signature is outdated. The data type is a Boolean. Supported operation is Get. -**Health/RebootRequired** +**Health/RebootRequired** Indicates whether a device reboot is needed. The data type is a Boolean. Supported operation is Get. -**Health/FullScanRequired** +**Health/FullScanRequired** Indicates whether a Windows Defender full scan is required. The data type is a Boolean. Supported operation is Get. -**Health/EngineVersion** +**Health/EngineVersion** Version number of the current Windows Defender engine on the device. The data type is a string. Supported operation is Get. -**Health/SignatureVersion** +**Health/SignatureVersion** Version number of the current Windows Defender signatures on the device. The data type is a string. Supported operation is Get. -**Health/DefenderVersion** +**Health/DefenderVersion** Version number of Windows Defender on the device. The data type is a string. Supported operation is Get. -**Health/QuickScanTime** +**Health/QuickScanTime** Time of the last Windows Defender quick scan of the device. The data type is a string. Supported operation is Get. -**Health/FullScanTime** +**Health/FullScanTime** Time of the last Windows Defender full scan of the device. The data type is a string. Supported operation is Get. -**Health/QuickScanSigVersion** +**Health/QuickScanSigVersion** Signature version used for the last quick scan of the device. The data type is a string. Supported operation is Get. -**Health/FullScanSigVersion** +**Health/FullScanSigVersion** Signature version used for the last full scan of the device. The data type is a string. Supported operation is Get. -**Health/TamperProtectionEnabled** +**Health/TamperProtectionEnabled** Indicates whether the Windows Defender tamper protection feature is enabled.​ The data type is a Boolean. Supported operation is Get. -**Health/IsVirtualMachine** +**Health/IsVirtualMachine** Indicates whether the device is a virtual machine. The data type is a string. Supported operation is Get. -**Configuration** +**Configuration** An interior node to group Windows Defender configuration information. Supported operation is Get. -**Configuration/TamperProtection** +**Configuration/TamperProtection** Tamper protection helps protect important security features from unwanted changes and interference. This protection includes real-time protection, behavior monitoring, and more. Accepts signed string to turn the feature on or off. Settings are configured with an MDM solution, such as Intune and is available in Windows 10 Enterprise E5 or equivalent subscriptions. @@ -612,7 +612,7 @@ The data type is a Signed BLOB. Supported operations are Add, Delete, Get, Replace. -Intune tamper protection setting UX supports three states: +Intune tamper protection setting UX supports three states: - Not configured (default): Doesn't have any impact on the default state of the device. - Enabled: Enables the tamper protection feature. - Disabled: Turns off the tamper protection feature. @@ -635,7 +635,7 @@ The data type is integer. Supported operations are Add, Delete, Get, Replace. -Valid values are: +Valid values are: - 1 – Enable. - 0 (default) – Disable. @@ -656,20 +656,20 @@ The data type is integer. Supported operations are Add, Delete, Get, and Replace. -Valid values are: +Valid values are: - 1 – Enable. - 0 (default) – Disable. -**Configuration/DisableCpuThrottleOnIdleScans**
    +**Configuration/DisableCpuThrottleOnIdleScans**
    -Indicates whether the CPU will be throttled for scheduled scans while the device is idle. This feature is enabled by default and won't throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans, this flag will have no impact and normal throttling will occur. +Indicates whether the CPU will be throttled for scheduled scans while the device is idle. This feature is enabled by default and won't throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans, this flag will have no impact and normal throttling will occur. -The data type is integer. +The data type is integer. -Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. -Valid values are: -- 1 (default) – Enable. +Valid values are: +- 1 (default) – Enable. - 0 – Disable. **Configuration/MeteredConnectionUpdates**
    @@ -701,7 +701,7 @@ The data type is string. Supported operations are Add, Delete, Get, and Replace. -**Configuration/EnableFileHashComputation** +**Configuration/EnableFileHashComputation** Enables or disables file hash computation feature. When this feature is enabled, Windows Defender will compute hashes for files it scans. @@ -709,29 +709,29 @@ The data type is integer. Supported operations are Add, Delete, Get, and Replace. -Valid values are: +Valid values are: - 1 – Enable. - 0 (default) – Disable. -**Configuration/SupportLogLocation** -The support log location setting allows the administrator to specify where the Microsoft Defender Antivirus diagnostic data collection tool (**MpCmdRun.exe**) will save the resulting log files. This setting is configured with an MDM solution, such as Intune, and is available for Windows 10 Enterprise. +**Configuration/SupportLogLocation** +The support log location setting allows the administrator to specify where the Microsoft Defender Antivirus diagnostic data collection tool (**MpCmdRun.exe**) will save the resulting log files. This setting is configured with an MDM solution, such as Intune, and is available for Windows 10 Enterprise. Data type is string. Supported operations are Add, Delete, Get, and Replace. -Intune Support log location setting UX supports three states: +Intune Support log location setting UX supports three states: -- Not configured (default) - Doesn't have any impact on the default state of the device. +- Not configured (default) - Doesn't have any impact on the default state of the device. - 1 - Enabled. Enables the Support log location feature. Requires admin to set custom file path. -- 0 - Disabled. Turns off the Support log location feature. +- 0 - Disabled. Turns off the Support log location feature. -When enabled or disabled exists on the client and admin moves the setting to not configured, it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly. +When enabled or disabled exists on the client and admin moves the setting to not configured, it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly. -More details: +More details: -- [Microsoft Defender Antivirus diagnostic data](/microsoft-365/security/defender-endpoint/collect-diagnostic-data) -- [Collect investigation package from devices](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices) +- [Microsoft Defender Antivirus diagnostic data](/microsoft-365/security/defender-endpoint/collect-diagnostic-data) +- [Collect investigation package from devices](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices) **Configuration/PlatformUpdatesChannel** Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. @@ -744,7 +744,7 @@ Current Channel (Staged): Devices will be offered updates after the monthly grad Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%). -Critical: Devices will be offered updates with a 48-hour delay. Suggested for critical environments only +Critical: Devices will be offered updates with a 48-hour delay. Suggested for critical environments only If you disable or don't configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices. @@ -761,10 +761,10 @@ Valid values are: - 6: Critical- Time Delay -More details: +More details: -- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout) -- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates) +- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout) +- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates) **Configuration/EngineUpdatesChannel** Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout. @@ -793,12 +793,12 @@ Valid values are: - 5: Current Channel (Broad) - 6: Critical- Time Delay -More details: +More details: -- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout) -- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates) +- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout) +- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates) -**Configuration/SecurityIntelligenceUpdatesChannel** +**Configuration/SecurityIntelligenceUpdatesChannel** Enable this policy to specify when devices receive daily Microsoft Defender security intelligence (definition) updates during the daily gradual rollout. Current Channel (Staged): Devices will be offered updates after the release cycle. Suggested to apply to a small, representative part of production population (~10%). @@ -815,10 +815,10 @@ Valid Values are: - 4: Current Channel (Staged) - 5: Current Channel (Broad) -More details: +More details: -- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout) -- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates) +- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout) +- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates) **Configuration/DisableGradualRelease** Enable this policy to disable gradual rollout of monthly and daily Microsoft Defender updates. @@ -837,10 +837,10 @@ Valid values are: - 1 – Enabled. - 0 (default) – Not Configured. -More details: +More details: -- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout) -- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates) +- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout) +- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates) **Configuration/PassiveRemediation** This policy setting enables or disables EDR in block mode (recommended for devices running Microsoft Defender Antivirus in passive mode). For more information, see Endpoint detection and response in block mode | Microsoft Docs. Available with platform release: 4.18.2202.X @@ -852,7 +852,7 @@ Supported values: - 0: Turn EDR in block mode off -**Scan** +**Scan** Node that can be used to start a Windows Defender scan on a device. Valid values are: @@ -861,16 +861,16 @@ Valid values are: Supported operations are Get and Execute. -**UpdateSignature** +**UpdateSignature** Node that can be used to perform signature updates for Windows Defender. Supported operations are Get and Execute. -**OfflineScan** +**OfflineScan** Added in Windows 10, version 1803. OfflineScan action starts a Microsoft Defender Offline scan on the computer where you run the command. After the next OS reboot, the device will start in Microsoft Defender Offline mode to begin the scan. Supported operations are Get and Execute. ## See also -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index 1a99f5c85b..b7851e330b 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -1,7 +1,7 @@ --- title: Defender DDF file description: Learn how the OMA DM device description framework (DDF) for the Defender configuration service provider is used. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -16,7 +16,7 @@ ms.date: 07/23/2021 This article shows the OMA DM device description framework (DDF) for the Defender configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index a1b368c716..cf12739b69 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -1,7 +1,7 @@ --- title: DevDetail CSP description: Learn how the DevDetail configuration service provider handles the management object. This CSP provides device-specific parameters to the OMA DM server. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -68,55 +68,55 @@ DevDetail --------WlanSubnetMask --------DeviceHardwareData (Added in Windows 10, version 1703) ``` -**DevTyp** +**DevTyp** Required. Returns the device model name /SystemProductName as a string. Supported operation is Get. -**OEM** +**OEM** Required. Returns the name of the Original Equipment Manufacturer (OEM) as a string, as defined in the specification SyncML Device Information, version 1.1.2. Supported operation is Get. -**FwV** +**FwV** Required. Returns the firmware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneFirmwareRevision. For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion. Supported operation is Get. -**SwV** +**SwV** Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the client device. In the future, the build numbers may converge. Supported operation is Get. -**HwV** +**HwV** Required. Returns the hardware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneRadioHardwareRevision. For Windows 10 for desktop editions, it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion. Supported operation is Get. -**LrgObj** +**LrgObj** Required. Returns whether the device uses OMA DM Large Object Handling, as defined in the specification SyncML Device Information, version 1.1.2. Supported operation is Get. -**URI/MaxDepth** +**URI/MaxDepth** Required. Returns the maximum depth of the management tree that the device supports. The default is zero (0). Supported operation is Get. This value is the maximum number of URI segments that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited depth. -**URI/MaxTotLen** +**URI/MaxTotLen** Required. Returns the maximum total length of any URI used to address a node or node property. The default is zero (0). Supported operation is Get. This value is the largest number of characters in the URI that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited length. -**URI/MaxSegLen** +**URI/MaxSegLen** Required. Returns the total length of any URI segment in a URI that addresses a node or node property. The default is zero (0). Supported operation is Get. @@ -125,7 +125,7 @@ This value is the largest number of characters that the device can support in a -**Ext/Microsoft/RadioSwV** +**Ext/Microsoft/RadioSwV** Required. Returns the radio stack software version number. Supported operation is Get. -**Ext/Microsoft/Resolution** +**Ext/Microsoft/Resolution** Required. Returns the UI screen resolution of the device (example: "480x800"). Supported operation is Get. -**Ext/Microsoft/CommercializationOperator** +**Ext/Microsoft/CommercializationOperator** Required. Returns the name of the mobile operator if it exists. Otherwise, it returns 404. Supported operation is Get. -**Ext/Microsoft/ProcessorArchitecture** +**Ext/Microsoft/ProcessorArchitecture** Required. Returns the processor architecture of the device as "arm" or "x86". Supported operation is Get. -**Ext/Microsoft/ProcessorType** +**Ext/Microsoft/ProcessorType** Required. Returns the processor type of the device as documented in SYSTEM_INFO. Supported operation is Get. -**Ext/Microsoft/OSPlatform** +**Ext/Microsoft/OSPlatform** Required. Returns the OS platform of the device. For Windows 10 for desktop editions, it returns the ProductName as defined in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName. Supported operation is Get. -**Ext/Microsoft/LocalTime** +**Ext/Microsoft/LocalTime** Required. Returns the client local time in ISO 8601 format. Supported operation is Get. -**Ext/Microsoft/DeviceName** +**Ext/Microsoft/DeviceName** Required. Contains the user-specified device name. Replace operation isn't supported in Windows client or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name doesn't take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs. @@ -178,10 +178,10 @@ Value type is string. Supported operations are Get and Replace. -**Ext/Microsoft/DNSComputerName** +**Ext/Microsoft/DNSComputerName** Added in Windows 10, version 2004. This node specifies the DNS computer name for a device. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 63 characters. This node replaces the **Domain/ComputerName** node in [Accounts CSP](accounts-csp.md). -The following are the available naming macros: +The following are the available naming macros: | Macro | Description | Example | Generated Name | | -------| -------| -------| -------| @@ -190,22 +190,22 @@ The following are the available naming macros: Value type is string. Supported operations are Get and Replace. -> [!NOTE] +> [!NOTE] > We recommend using `%SERIAL%` or `%RAND:x%` with a high character limit to reduce the chance of name collision when generating a random name. This feature doesn't check if a particular name is already present in the environment. On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the computer's serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit doesn't count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**. -**Ext/Microsoft/TotalRAM** +**Ext/Microsoft/TotalRAM** Added in Windows 10, version 1511. Integer that specifies the total available memory in MB on the device (may be less than total physical memory). Supported operation is Get. -**Ext/Microsoft/SMBIOSSerialNumber** +**Ext/Microsoft/SMBIOSSerialNumber** Added in Windows 10, version 1809. SMBIOS Serial Number of the device. Value type is string. Supported operation is Get. -**Ext/WLANMACAddress** +**Ext/WLANMACAddress** The MAC address of the active WLAN connection, as a 12-digit hexadecimal number. Supported operation is Get. @@ -213,32 +213,32 @@ Supported operation is Get. > [!NOTE] > This isn't supported in Windows 10 for desktop editions. -**Ext/VoLTEServiceSetting** +**Ext/VoLTEServiceSetting** Returns the VoLTE service to on or off. This setting is only exposed to mobile operator OMA-DM servers. Supported operation is Get. -**Ext/WlanIPv4Address** +**Ext/WlanIPv4Address** Returns the IPv4 address of the active Wi-Fi connection. This address is only exposed to enterprise OMA DM servers. Supported operation is Get. -**Ext/WlanIPv6Address** +**Ext/WlanIPv6Address** Returns the IPv6 address of the active Wi-Fi connection. This address is only exposed to enterprise OMA-DM servers. Supported operation is Get. -**Ext/WlanDnsSuffix** +**Ext/WlanDnsSuffix** Returns the DNS suffix of the active Wi-Fi connection. This suffix is only exposed to enterprise OMA-DM servers. Supported operation is Get. -**Ext/WlanSubnetMask** +**Ext/WlanSubnetMask** Returns the subnet mask for the active Wi-Fi connection. This subnet mask is only exposed to enterprise OMA-DM servers. Supported operation is Get. -**Ext/DeviceHardwareData** +**Ext/DeviceHardwareData** Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device. > [!NOTE] @@ -248,4 +248,4 @@ Supported operation is Get. ## Related articles -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md index 957eb5558f..d19d909f71 100644 --- a/windows/client-management/mdm/devdetail-ddf-file.md +++ b/windows/client-management/mdm/devdetail-ddf-file.md @@ -1,7 +1,7 @@ --- title: DevDetail DDF file description: Learn about the OMA DM device description framework (DDF) for the DevDetail configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 06/03/2020 This topic shows the OMA DM device description framework (DDF) for the **DevDetail** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md index 592432a187..033ace2ec0 100644 --- a/windows/client-management/mdm/developersetup-csp.md +++ b/windows/client-management/mdm/developersetup-csp.md @@ -1,7 +1,7 @@ --- title: DeveloperSetup CSP description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the Windows 10, version 1703. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -33,49 +33,49 @@ DeveloperSetup ------------HttpPort ------------HttpsPort ``` -**DeveloperSetup** +**DeveloperSetup**

    The root node for the DeveloperSetup configuration service provider. -**EnableDeveloperMode** +**EnableDeveloperMode**

    A Boolean value that is used to enable Developer Mode on the device. The default value is false.

    The only supported operation is Replace. -**DevicePortal** -

    The node for the Windows Device Portal. +**DevicePortal** +

    The node for the Windows Device Portal. -**DevicePortal/Authentication** -

    The node that describes the characteristics of the authentication mechanism that is used for the Windows Device Portal. +**DevicePortal/Authentication** +

    The node that describes the characteristics of the authentication mechanism that is used for the Windows Device Portal. -**DevicePortal/Authentication/Mode** -

    An integer value that specifies the mode of authentication that is used when making requests to the Windows Device Portal. +**DevicePortal/Authentication/Mode** +

    An integer value that specifies the mode of authentication that is used when making requests to the Windows Device Portal.

    The only supported operation is Replace. -**DevicePortal/Authentication/BasicAuth** -

    The node that describes the credentials that are used for basic authentication with the Windows Device Portal. +**DevicePortal/Authentication/BasicAuth** +

    The node that describes the credentials that are used for basic authentication with the Windows Device Portal. -**DevicePortal/Authentication/BasicAuth/Username** -

    A string value that specifies the user name to use when performing basic authentication with the Windows Device Portal. +**DevicePortal/Authentication/BasicAuth/Username** +

    A string value that specifies the user name to use when performing basic authentication with the Windows Device Portal. The user name must contain only ASCII characters and cannot contain a colon (:).

    The only supported operation is Replace. -**DevicePortal/Authentication/BasicAuth/Password** -

    A string value that specifies the password to use when authenticating requests against the Windows Device Portal. +**DevicePortal/Authentication/BasicAuth/Password** +

    A string value that specifies the password to use when authenticating requests against the Windows Device Portal.

    The only supported operation is Replace. -**DevicePortal/Connection** -

    The node for configuring connections to the Windows Device Portal service. +**DevicePortal/Connection** +

    The node for configuring connections to the Windows Device Portal service. -**DevicePortal/Connection/HttpPort** -

    An integer value that is used to configure the HTTP port for incoming connections to the Windows Device Portal service. -If authentication is enabled, HttpPort will redirect the user to the (required) HttpsPort. +**DevicePortal/Connection/HttpPort** +

    An integer value that is used to configure the HTTP port for incoming connections to the Windows Device Portal service. +If authentication is enabled, HttpPort will redirect the user to the (required) HttpsPort.

    The only supported operation is Replace. -**DevicePortal/Connection/HttpsPort** -

    An integer value that is used to configure the HTTPS port for incoming connections to the Windows Device Portal service. +**DevicePortal/Connection/HttpsPort** +

    An integer value that is used to configure the HTTPS port for incoming connections to the Windows Device Portal service.

    The only supported operation is Replace. \ No newline at end of file diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md index ae96fa64df..1b7d9de267 100644 --- a/windows/client-management/mdm/developersetup-ddf.md +++ b/windows/client-management/mdm/developersetup-ddf.md @@ -1,7 +1,7 @@ --- title: DeveloperSetup DDF file description: This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md index 29938e34dc..054ebc1774 100644 --- a/windows/client-management/mdm/devicelock-csp.md +++ b/windows/client-management/mdm/devicelock-csp.md @@ -1,7 +1,7 @@ --- title: DeviceLock CSP description: Learn how the DeviceLock configuration service provider (CSP) is used by the enterprise management server to configure device lock related policies. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -61,10 +61,10 @@ DeviceLock -------------MinDevicePasswordComplexCharacters ``` -**Provider** +**Provider** Required. An interior node to group all policy providers. Scope is permanent. Supported operation is Get. - ***ProviderID*** + ***ProviderID*** Optional. The node that contains the configured management server's ProviderID. Exchange ActiveSync policies set by Exchange are saved by the Sync client separately. Scope is dynamic. The following operations are supported: - **Add** - Add the management account to the configuration service provider tree. @@ -76,7 +76,7 @@ Optional. The node that contains the configured management server's ProviderID.   -***ProviderID*/DevicePasswordEnabled** +***ProviderID*/DevicePasswordEnabled** Optional. An integer value that specifies whether device lock is enabled. Possible values include: - 0 - Device lock is enabled. @@ -86,7 +86,7 @@ The scope is dynamic. Supported operations are Get, Add, and Replace. -***ProviderID*/AllowSimpleDevicePassword** +***ProviderID*/AllowSimpleDevicePassword** Optional. An integer value that specifies whether simple passwords, such as "1111" or "1234", are allowed. Possible values include: - 0 - Not allowed. @@ -96,12 +96,12 @@ Invalid values are treated as a configuration failure. The scope is dynamic. Supported operations are Get, Add, and Replace. -***ProviderID*/MinDevicePasswordLength** +***ProviderID*/MinDevicePasswordLength** Optional. An integer value that specifies the minimum number of characters required in the PIN. Valid values are 4 to 18 inclusive. The default value is 4. Invalid values are treated as a configuration failure. The scope is dynamic. Supported operations are Get, Add, and Replace. -***ProviderID*/AlphanumericDevicePasswordRequired** +***ProviderID*/AlphanumericDevicePasswordRequired** Optional. An integer value that specifies the complexity of the password or PIN allowed. Possible values include: @@ -114,39 +114,39 @@ Invalid values are treated as a configuration failure. The scope is dynamic. Supported operations are Get, Add, and Replace. -***ProviderID*/DevicePasswordExpiration** +***ProviderID*/DevicePasswordExpiration** Deprecated in Windows 10. -***ProviderID*/DevicePasswordHistory** +***ProviderID*/DevicePasswordHistory** Deprecated in Windows 10. -***ProviderID*/MaxDevicePasswordFailedAttempts** +***ProviderID*/MaxDevicePasswordFailedAttempts** Optional. An integer value that specifies the number of authentication failures allowed before the device will be wiped. Valid values are 0 to 999. The default value is 0, which indicates the device won't be wiped, whatever the number of authentication failures. Invalid values are treated as a configuration failure. The scope is dynamic. Supported operations are Get, Add, and Replace. -***ProviderID*/MaxInactivityTimeDeviceLock** +***ProviderID*/MaxInactivityTimeDeviceLock** Optional. An integer value that specifies the amount of time (in minutes) that the device can remain idle before it's password locked. Valid values are 0 to 999. A value of 0 indicates no time-out is specified. In this case, the maximum screen time-out allowed by the UI applies. Invalid values are treated as a configuration failure. The scope is dynamic. Supported operations are Get, Add, and Replace. -***ProviderID*/MinDevicePasswordComplexCharacters** +***ProviderID*/MinDevicePasswordComplexCharacters** Optional. An integer value that specifies the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong password. Valid values are 1 to 3 for Windows client. The default value is 1. Invalid values are treated as a configuration failure. The scope is dynamic. Supported operations are Get, Add, and Replace. -**DeviceValue** +**DeviceValue** Required. A permanent node that groups the policy values applied to the device. The server can query this node to discover what policy values are applied to the device. The scope is permanent. Supported operation is Get. -**DeviceValue/DevicePasswordEnable, …, MinDevicePasswordComplexCharacters** +**DeviceValue/DevicePasswordEnable, …, MinDevicePasswordComplexCharacters** Required. This node has the same set of policy nodes as the **ProviderID** node. All nodes under **DeviceValue** are read-only permanent nodes. Each node represents the current device lock policy. For detailed descriptions of each policy, see the ***ProviderID*** subnode descriptions. ## OMA DM examples @@ -312,4 +312,4 @@ The value applied to the device can be queried via the nodes under the **DeviceV [Policy CSP](policy-configuration-service-provider.md) -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md index 974d878b01..e206a5b29e 100644 --- a/windows/client-management/mdm/devicelock-ddf-file.md +++ b/windows/client-management/mdm/devicelock-ddf-file.md @@ -1,7 +1,7 @@ --- title: DeviceLock DDF file description: Learn about the OMA DM device description framework (DDF) for the DeviceLock configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md index b650e3c405..70340fe1a6 100644 --- a/windows/client-management/mdm/devicemanageability-csp.md +++ b/windows/client-management/mdm/devicemanageability-csp.md @@ -1,7 +1,7 @@ --- title: DeviceManageability CSP description: Learn how the DeviceManageability configuration service provider (CSP) is used to retrieve general information about MDM configuration capabilities on the device. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -26,7 +26,7 @@ The table below shows the applicability of Windows: The DeviceManageability configuration service provider (CSP) is used to retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607. -For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that both the paths return the same information. +For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that both the paths return the same information. The following example shows the DeviceManageability configuration service provider in a tree format. ``` @@ -40,40 +40,40 @@ DeviceManageability ------------EnrollmentInfo (Added in Windows 10, version 1709) ``` -**./Device/Vendor/MSFT/DeviceManageability** +**./Device/Vendor/MSFT/DeviceManageability** Root node to group information about runtime MDM configuration capability on the target device. -**Capabilities** +**Capabilities** Interior node. -**Capabilities/CSPVersions** +**Capabilities/CSPVersions** Returns the versions of all configuration service providers supported on the device for the MDM service. -**Provider** +**Provider** Added in Windows 10, version 1709. Interior node. -**Provider/_ProviderID_** +**Provider/_ProviderID_** Added in Windows 10, version 1709. Provider ID of the configuration source. ProviderID should be unique among the different config sources. -**Provider/_ProviderID_/ConfigInfo** +**Provider/_ProviderID_/ConfigInfo** Added in Windows 10, version 1709. Configuration information string value set by the configuration source. Recommended to use during sync session. ConfigInfo value can only be set by the provider that owns the ProviderID. The value is readable by other config sources. -Data type is string. +Data type is string. Supported operations are Add, Get, Delete, and Replace. -**Provider/_ProviderID_/EnrollmentInfo** +**Provider/_ProviderID_/EnrollmentInfo** Added in Windows 10, version 1709. Enrollment information string value set by the configuration source and sent during MDM enrollment. It's readable by MDM server during sync session. -Data type is string. +Data type is string. Supported operations are Add, Get, Delete, and Replace.  ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md index 23dd9b8cf6..5200da534c 100644 --- a/windows/client-management/mdm/devicemanageability-ddf.md +++ b/windows/client-management/mdm/devicemanageability-ddf.md @@ -1,7 +1,7 @@ --- title: DeviceManageability DDF description: This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -16,7 +16,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is for Windows 10, version 1709. diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 72be68417e..4d74896075 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -372,4 +372,4 @@ Supported operation is Get. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md index f081bf1262..a13d8ad0e9 100644 --- a/windows/client-management/mdm/devicestatus-ddf.md +++ b/windows/client-management/mdm/devicestatus-ddf.md @@ -15,7 +15,7 @@ ms.date: 03/12/2018 This topic shows the OMA DM device description framework (DDF) for the **DeviceStatus** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is for Windows 10, version 1803. diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md index fe9309086b..0ed5356c9d 100644 --- a/windows/client-management/mdm/devinfo-csp.md +++ b/windows/client-management/mdm/devinfo-csp.md @@ -1,7 +1,7 @@ --- title: DevInfo CSP description: Learn how the DevInfo configuration service provider handles the managed object that provides device information to the OMA DM server. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -43,7 +43,7 @@ DevInfo ----Lang ``` -**DevId** +**DevId** Required. Returns an application-specific global unique device identifier by default. Supported operation is Get. @@ -55,30 +55,30 @@ The **UseHWDevID** parm of the [DMAcc configuration service provider](dmacc-csp. - For dual SIM phones, this value is retrieved from the UICC of the primary data line. - For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns an application specific global unique identifier (GUID) irrespective of the value of UseHWDevID. -**Man** +**Man** Required. Returns the name of the OEM. For Windows 10 for desktop editions, it returns the SystemManufacturer as defined in HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemManufacturer. If no name is found, this returns to "Unknown". Supported operation is Get. -**Mod** +**Mod** Required. Returns the name of the hardware device model as specified by the mobile operator. For Windows 10/Windows 11 desktop editions, it returns the SystemProductName as defined in HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemProductName. If no name is found, this returns to "Unknown". Supported operation is Get. -**DmV** +**DmV** Required. Returns the current management client revision of the device. Supported operation is Get. -**Lang** +**Lang** Required. Returns the current user interface (UI) language setting of the device as defined by RFC1766. Supported operation is Get. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md index ae70ac7ba1..98492f8b3f 100644 --- a/windows/client-management/mdm/devinfo-ddf-file.md +++ b/windows/client-management/mdm/devinfo-ddf-file.md @@ -1,7 +1,7 @@ --- title: DevInfo DDF file description: Learn about the OMA DM device description framework (DDF) for the DevInfo configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **DevInfo** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index aea55b2259..8924241e4d 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -1,7 +1,7 @@ --- title: DiagnosticLog CSP description: Learn about the feature areas of the DiagnosticLog configuration service provider (CSP), including the DiagnosticLog area and Policy area. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -102,7 +102,7 @@ The data type is string. Expected value: Set and Execute are functionality equivalent, and each accepts a `Collection` XML snippet (as a string) describing what data to gather and where to upload it. The results are zipped and uploaded to the specified SasUrl. The zipped filename format is "DiagLogs-{ComputerName}-YYYYMMDDTHHMMSSZ.zip". -With Windows 10 KB5011543, Windows 11 KB5011563, we have added support for an extra element that will determine whether the output file generated by the CSP is a flattened folder structure, instead of having individual folders for each directive in the XML. +With Windows 10 KB5011543, Windows 11 KB5011563, we have added support for an extra element that will determine whether the output file generated by the CSP is a flattened folder structure, instead of having individual folders for each directive in the XML. The following example shows a `Collection` XML: @@ -195,7 +195,7 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain - **OutputFileFormat** - Flattens folder structure, instead of having individual folders for each directive in the XML. - - The value “Flattened” is the only supported value for the OutputFileFormat. If the OutputFileFormat is absent in the XML, or if explicitly set to something other than Flattened, it will leave the file structure in old structure. + - The value “Flattened” is the only supported value for the OutputFileFormat. If the OutputFileFormat is absent in the XML, or if explicitly set to something other than Flattened, it will leave the file structure in old structure. **DiagnosticArchive/ArchiveResults** Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run. @@ -268,7 +268,7 @@ la--- 1/4/2021 2:45 PM 2 la--- 12/2/2020 6:27 PM 2701 results.xml ``` -Each data gathering directive from the original `Collection` XML corresponds to a folder in the output. +Each data gathering directive from the original `Collection` XML corresponds to a folder in the output. For example, the first directive was: ```xml @@ -921,7 +921,7 @@ For each channel node, the user can: - Enable or disable the channel from Event Log service to allow or disallow event data being written into the channel. - Specify an XPath query to filter events while exporting the channel event data. -For more information about using DiagnosticLog to collect logs remotely from a PC or mobile device, see [Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md). +For more information about using DiagnosticLog to collect logs remotely from a PC or mobile device, see [Diagnose MDM failures in Windows 10]((../diagnose-mdm-failures-in-windows-10.md). To gather diagnostics using this CSP: @@ -1677,4 +1677,4 @@ To read a log file: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md index 30dddf70ca..05a0e4d332 100644 --- a/windows/client-management/mdm/diagnosticlog-ddf.md +++ b/windows/client-management/mdm/diagnosticlog-ddf.md @@ -1,7 +1,7 @@ --- title: DiagnosticLog DDF description: Learn about the the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The content below are the latest versions of the DDF files: diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md index ad9d6ccc76..8218509c6f 100644 --- a/windows/client-management/mdm/dmacc-csp.md +++ b/windows/client-management/mdm/dmacc-csp.md @@ -1,7 +1,7 @@ --- title: DMAcc CSP description: Learn how the DMAcc configuration service provider (CSP) allows an OMA Device Management (DM) version 1.2 server to handle OMA DM account objects. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -71,76 +71,76 @@ DMAcc ----------------DisableOnRoaming ----------------SSLCLIENTCERTSEARCHCRITERIA ``` -**DMAcc** +**DMAcc** Required. Defines the root node of all OMA DM server accounts that use the OMA DM version 1.2 protocol. -***AccountUID*** +***AccountUID*** Optional. Defines the unique identifier for an OMA DM server account that uses the OMA DM version 1.2 protocol. For a [w7 APPLICATION configuration service provider](w7-application-csp.md) bootstrapped account, this element is assigned a unique name by the OMA DM Client. The unique name is the hexadecimal representation of the 256-bit SHA-2 hash of the provider ID. The OMA DM server can change this node name in subsequent OMA DM sessions. -***AccountUID*/AppID** +***AccountUID*/AppID** Required. Specifies the application identifier for the OMA DM account. This value must be set to "w7". Value type is string. Supported operations are Add, Get, and Replace. -***AccountUID*/ServerID** +***AccountUID*/ServerID** Required. Specifies the OMA DM server's unique identifier for the current OMA DM account. This value is case-sensitive. Value type is string. Supported operations are Add, Get, and Replace. -***AccountUID*/Name** +***AccountUID*/Name** Optional. Specifies the display name of the application. Value type is string. Supported operations are Add, Get, and Replace. -***AccountUID*/PrefConRef** +***AccountUID*/PrefConRef** Optional. Specifies the preferred connectivity for the OMA DM account. This element contains either a URI to a NAP management object or a connection GUID used by Connection Manager. If this element is missing, the device uses the default connection that is provided by Connection Manager. Value type is string. Supported operations are Add, Get, and Replace. -***AccountUID*/AppAddr** +***AccountUID*/AppAddr** Interior node for DM server address. Required. -**AppAddr/***ObjectName* +**AppAddr/***ObjectName* Required. Defines the OMA DM server address. Only one server address can be configured. When the [w7 APPLICATION configuration service provider](w7-application-csp.md) is being mapped to the DMAcc Configuration Service Provider, the name of this element is "1". This DM address is the first one encountered in the w7 APPLICATION configuration service provider; other DM accounts are ignored. -***ObjectName*/Addr** +***ObjectName*/Addr** Required. Specifies the address of the OMA DM account. The type of address stored is specified by the AddrType element. Value type is string. Supported operations are Add, Get, and Replace. -***ObjectName*/AddrType** +***ObjectName*/AddrType** Required. Specifies the format and interpretation of the Addr node value. The default is "URI". The default value of "URI" specifies that the OMA DM account address in **Addr** is a URI address. A value of "IPv4" specifies that the OMA DM account address in **Addr** is an IP address. Value type is string. Supported operations are Add, Get, and Replace. -***ObjectName*/Port** +***ObjectName*/Port** Interior node for port information. Optional. -**Port/***ObjectName* +**Port/***ObjectName* Required. Only one port number can be configured. When the [w7 APPLICATION configuration service provider](w7-application-csp.md) is being mapped to the DMAcc Configuration Service Provider, the name of this element is "1". -***ObjectName*/PortNbr** +***ObjectName*/PortNbr** Required. Specifies the port number of the OMA MD account address. This number must be a decimal number that fits within the range of a 16-bit unsigned integer. Value type is string. Supported operations are Add, Get, and Replace. -***AccountUID*/AAuthPref** +***AccountUID*/AAuthPref** Optional. Specifies the application authentication preference. A value of "BASIC" specifies that the client attempts BASIC authentication. A value of "DIGEST' specifies that the client attempts MD5 authentication. @@ -149,98 +149,98 @@ If this value is empty, the client attempts to use the authentication mechanism Value type is string. Supported operations are Add, Get, and Replace. -***AccountUID*/AppAuth** +***AccountUID*/AppAuth** Optional. Defines authentication settings. -**AppAuth/***ObjectName* +**AppAuth/***ObjectName* Required. Defines one set of authentication settings. When the [w7 APPLICATION configuration service provider](w7-application-csp.md) is being mapped to the DMAcc Configuration Service Provider, the name of this element is same name as the AAuthLevel value ("CLRED" or "SRVCRED"). -***ObjectName*/AAuthlevel** +***ObjectName*/AAuthlevel** Required. Specifies the application authentication level. A value of "CLCRED" indicates that the credentials client will authenticate itself to the OMA DM server at the OMA DM protocol level. A value of "SRVCRED" indicates that the credentials server will authenticate itself to the OMA DM Client at the OMA DM protocol level. Value type is string. Supported operations are Add and Replace. -***ObjectName*/AAuthType** +***ObjectName*/AAuthType** Required. Specifies the authentication type. If the AAuthlevel is "CLCRED", the supported values are "BASIC" and "DIGEST". If the AAuthlevel is "SRVCRED", the supported value is "DIGEST". Value type is string. Supported operations are Add, Get, and Replace. -***ObjectName*/AAuthName** +***ObjectName*/AAuthName** Optional. Specifies the authentication name. Value type is string. Supported operations are Add, Get, and Replace. -***ObjectName*/AAuthSecret** +***ObjectName*/AAuthSecret** Optional. Specifies the password or secret used for authentication. Value type is string. Supported operations are Add and Replace. -***ObjectName*/AAuthData** +***ObjectName*/AAuthData** Optional. Specifies the next nonce used for authentication. "Nonce" refers to a number used once. It's often a random or pseudo-random number issued in an authentication protocol to ensure that old communications can't be reused in repeat attacks. Value type is binary. Supported operations are Add and Replace. -***AccountUID*/Ext** +***AccountUID*/Ext** Required. Defines a set of extended parameters. This element holds vendor-specific information about the OMA DM account and is created automatically when the OMA DM account is created. -**Ext/Microsoft** +**Ext/Microsoft** Required. Defines a set of Microsoft-specific extended parameters. This element is created automatically when the OMA DM account is created. -**Microsoft/BackCompatRetryDisabled** +**Microsoft/BackCompatRetryDisabled** Optional. Specifies whether to retry resending a package with an older protocol version (for example, 1.1) in the SyncHdr on subsequent attempts (not including the first time). The default is "FALSE". The default value of "FALSE" indicates that backward-compatible retries are enabled. A value of "TRUE" indicates that backward-compatible retries are disabled. Value type is bool. Supported operations are Add, Get, and Replace. -**Microsoft/ConnRetryFreq** +**Microsoft/ConnRetryFreq** Optional. Specifies the number of retries the DM client performs when there are Connection Manager level or wininet level errors. The default value is 3. Value type is integer. Supported operations are Add, Get, and Replace. -**Microsoft/DefaultEncoding** +**Microsoft/DefaultEncoding** Optional. Specifies whether the OMA DM client will use WBXML or XML for the DM package when communicating with the server. The default is "application/vnd.syncml.dm+xml". The default value of "application/vnd.syncml.dm+xml" specifies that XML is used. A value of "application/vnd.syncml.dm+wbxml" specifies that WBXML is used. Value type is string. Supported operations are Add, Get, and Replace. -**Microsoft/InitialBackOffTime** +**Microsoft/InitialBackOffTime** Optional. Specifies the initial wait time in milliseconds when the OMA DM client retries for the first time. The wait time grows exponentially. The default value is 16000. Value type is integer. Supported operations are Add, Get, and Replace. -**Microsoft/MaxBackOffTime** +**Microsoft/MaxBackOffTime** Optional. This node specifies the maximum number of milliseconds to wait before attempting a connection retry. The default value is 86400000. Value type is integer. Supported operations are Add, Get, and Replace. -**Microsoft/ProtoVer** +**Microsoft/ProtoVer** Optional. Specifies the OMA DM Protocol version that the server supports. There's no default value. Valid values are "1.1" and "1.2". The protocol version set by this element will match the protocol version that the DM client reports to the server in SyncHdr in package 1. If this element isn't specified when adding a DM server account, the latest DM protocol version that the client supports is used. Windows 10 clients support version 1.2. Value type is string. Supported operations are Add, Get, and Replace. -**Microsoft/Role** +**Microsoft/Role** Required. Specifies the role mask that the OMA DM session runs with when it communicates with the server. If this parameter isn't present, the DM session is given the role mask of the OMA DM session that the server created. The following list shows the valid security role masks and their values. @@ -254,7 +254,7 @@ The acceptable access roles for this node can't be more than the roles assigned Value type is integer. Supported operations are Get and Replace. -**Microsoft/UseHWDevID** +**Microsoft/UseHWDevID** Optional. Specifies whether to use the hardware ID for the ./DevInfo/DevID element in the DM account to identify the device. The default is "FALSE". The default value of "FALSE" specifies that an application-specific GUID is returned for the ./DevInfo/DevID rather than the hardware device ID. @@ -267,7 +267,7 @@ A value is "TRUE" specifies that the hardware device ID will be provided for the Value type is bool. Supported operations are Add, Get, and Replace. -**Microsoft/UseNonceResync** +**Microsoft/UseNonceResync** Optional. Specifies whether the OMA DM client should use the nonce resynchronization procedure if the server trigger notification fails authentication. The default is "FALSE". If the authentication fails because the server nonce doesn't match the server nonce that is stored on the device, then the device can use the backup nonce as the server nonce. For this procedure to be successful, if the device didn't authenticate with the preconfigured nonce value, the server must then use the backup nonce when sending the signed server notification message. @@ -276,17 +276,17 @@ The default value of "FALSE" specifies that the client doesn't try to authentica Value type is bool. Supported operations are Add, Get, and Replace. -**CRLCheck** +**CRLCheck** Optional. Allows connection to the DM server to check the Certificate Revocation List (CRL). Set to true to enable SSL revocation. Value type is bool. Supported operations are Add, Get, and Replace. -**DisableOnRoaming** +**DisableOnRoaming** Optional. Determines whether the OMA DM client should be launched when roaming. Value type is bool. Supported operations are Add, Get, and Replace. -**SSLCLIENTCERTSEARCHCRITERIA** +**SSLCLIENTCERTSEARCHCRITERIA** Optional. The SSLCLIENTCERTSEARCHCRITERIA parameter is used to specify the client certificate search criteria. This parameter supports search by subject attribute and certificate stores. If any other criteria are provided, it's ignored. The string is a concatenation of name/value pairs, each member of the pair delimited by the "&" character. The name and values are delimited by the "=" character. If there are multiple values, each value is delimited by the Unicode character "U+F000". If the name or value contains characters not in the UNRESERVED set (as specified in RFC2396), then those characters are URI-escaped per the RFC. @@ -301,17 +301,17 @@ Stores specifies which certificate stores the DM client will search to find the Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following schema: ```xml - ``` Value type is string. Supported operations are Add, Get, and Replace. -**InitiateSession** +**InitiateSession** Optional. When this node is added, a session is started with the MDM server. Supported operations are Add, and Replace. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md index 4ba6320269..2d0f472a36 100644 --- a/windows/client-management/mdm/dmacc-ddf-file.md +++ b/windows/client-management/mdm/dmacc-ddf-file.md @@ -1,7 +1,7 @@ --- title: DMAcc DDF file description: Learn about the OMA DM device description framework (DDF) for the DMAcc configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **DMAcc** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index dbaec53d02..6013c649ce 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -1,7 +1,7 @@ --- title: DMClient CSP description: Understand how the DMClient configuration service provider (CSP) is used to specify enterprise-specific mobile device management (MDM) configuration settings. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -93,36 +93,36 @@ DMClient ----UpdateManagementServiceAddress ``` -**./Vendor/MSFT** +**./Vendor/MSFT** All the nodes in this CSP are supported in the device context, except for the **ExchangeID** node, which is supported in the user context. For the device context, use the **./Device/Vendor/MSFT** path and for the user context, use the **./User/Vendor/MSFT** path. -**DMClient** +**DMClient** Root node for the CSP. -**UpdateManagementServiceAddress** +**UpdateManagementServiceAddress** For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semicolon-delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You can't add new servers to the list using this node. -**HWDevID** +**HWDevID** Added in Windows 10, version 1703. Returns the hardware device ID. Supported operation is Get. Value type is string. -**Provider** +**Provider** Required. The root node for all settings that belong to a single management server. Scope is permanent. Supported operation is Get. -**Provider/***ProviderID* +**Provider/***ProviderID* Required. This node contains the URI-encoded value of the bootstrapped device management account’s Provider ID. Scope is dynamic. This value is set and controlled by the MDM provider. As a best practice, use text that doesn’t require XML/URI escaping. Supported operations are Get and Add. -**Provider/*ProviderID*/EntDeviceName** +**Provider/*ProviderID*/EntDeviceName** Optional. Character string that contains the user-friendly device name used by the IT admin console. The value is set during the enrollment process using the DMClient CSP. You can retrieve it later during an OMA DM session. Supported operations are Get and Add. -**Provider/*ProviderID*/EntDMID** +**Provider/*ProviderID*/EntDMID** Optional. Character string that contains the unique enterprise device ID. The value is set by the management server during the enrollment process using the DMClient CSP. You can retrieve it later during an OMA DM session. Supported operations are Get and Add. @@ -131,7 +131,7 @@ Supported operations are Get and Add. > Although hardware device IDs are guaranteed to be unique, there's a concern that this isn't ultimately enforceable during a DM session. The device ID could be changed through the w7 APPLICATION CSP’s **USEHWDEVID** parm by another management server. So during enterprise bootstrap and enrollment, a new device ID is specified by the enterprise server. This node is required and must be set by the server before the client certificate renewal is triggered. -**Provider/*ProviderID*/ExchangeID** +**Provider/*ProviderID*/ExchangeID** Optional. Character string that contains the unique Exchange device ID used by the Outlook account of the user the session is running against. The enterprise management server can correlate and merge records for: - A device that's managed by Exchange. @@ -155,17 +155,17 @@ The following XML is a Get command example: ``` -**Provider/*ProviderID*/SignedEntDMID** +**Provider/*ProviderID*/SignedEntDMID** Optional. Character string that contains the device ID. This node and the nodes **CertRenewTimeStamp** can be used by the MDM provider to verify client identity to update the registration record after the device certificate is renewed. The device signs the **EntDMID** with the old client certificate during the certificate renewal process and saves the signature locally. Supported operation is Get. -**Provider/*ProviderID*/CertRenewTimeStamp** +**Provider/*ProviderID*/CertRenewTimeStamp** Optional. The time in OMA DM standard time format. This node is designed to reduce the risk of the certificate being used by another device. The device records the time that the new certificate was created. Supported operation is Get. -**Provider/*ProviderID*/ManagementServiceAddress** +**Provider/*ProviderID*/ManagementServiceAddress** Required. The character string that contains the device management server address. It can be updated during an OMA DM session by the management server. It allows the server to load balance to another server when too many devices are connected to the server. > [!NOTE] @@ -179,27 +179,27 @@ During a DM session, the device will use the first address on the list and then Supported operations are Add, Get, and Replace. -**Provider/*ProviderID*/UPN** +**Provider/*ProviderID*/UPN** Optional. Allows the management server to update the User Principal Name (UPN) of the enrolled user. This information is useful when the user's email address changes in the identity system. Or, when the user enters an invalid UPN during enrollment, and fixes the UPN during federated enrollment. The UPN will be recorded and the UX will reflect the updated UPN. Supported operations are Get and Replace. -**Provider/*ProviderID*/HelpPhoneNumber** +**Provider/*ProviderID*/HelpPhoneNumber** Optional. The character string that allows the user experience to include a customized help phone number. Users can see this information if they need help or support. Supported operations are Get, Replace, and Delete. -**Provider/*ProviderID*/HelpWebsite** +**Provider/*ProviderID*/HelpWebsite** Optional. The character string that allows the user experience to include a customized help website. Users can see this information if they need help or support. Supported operations are Get, Replace, and Delete -**Provider/*ProviderID*/HelpEmailAddress** +**Provider/*ProviderID*/HelpEmailAddress** Optional. The character string that allows the user experience to include a customized help email address. Users can see this information if they need help or support. Supported operations are Get, Replace, and Delete. -**Provider/*ProviderID*/RequireMessageSigning** +**Provider/*ProviderID*/RequireMessageSigning** Boolean type. Primarily used for SSL bridging mode where firewalls and proxies are deployed and where device client identity is required. When enabled, every SyncML message from the device will carry an additional HTTP header named MDM-Signature. This header contains BASE64-encoded Cryptographic Message Syntax using a Detached Signature of the complete SyncML message SHA-2 (inclusive of the SyncHdr and SyncBody). Signing is performed using the private key of the management session certificate that was enrolled as part of the enrollment process. The device public key and PKCS9 UTC signing time stamp are included in the authenticated attributes in the signature. Default value is false, where the device management client doesn't include authentication information in the management session HTTP header. Optionally set to true, where the client authentication information is provided in the management session HTTP header. @@ -212,7 +212,7 @@ When enabled, the MDM provider should: Supported operations are Get, Replace, and Delete. -**Provider/*ProviderID*/SyncApplicationVersion** +**Provider/*ProviderID*/SyncApplicationVersion** Optional. Used by the management server to set the DM session version that the server and device should use. Default is 1.0. In Windows 10, the DM session protocol version of the client is 2.0. If the server is updated to support 2.0, then you should set this value to 2.0. In the next session, check to see if there's a client behavior change between 1.0 and 2.0. > [!NOTE] @@ -222,19 +222,19 @@ Once you set the value to 2.0, it won't go back to 1.0. Supported operations are Get, Replace, and Delete. -**Provider/*ProviderID*/MaxSyncApplicationVersion** +**Provider/*ProviderID*/MaxSyncApplicationVersion** Optional. Used by the client to indicate the latest DM session version that it supports. Default is 2.0. When you query this node, a Windows 10 client will return 2.0 and a Windows 8.1 client will return an error code (404 node not found). Supported operation is Get. -**Provider/*ProviderID*/AADResourceID** +**Provider/*ProviderID*/AADResourceID** Optional. This ResourceID is used when requesting the user token from the OMA DM session for Azure Active Directory (Azure AD) enrollments (Azure AD Join or Add Accounts). The token is audience-specific, which allows for different service principals (enrollment vs. device management). It can be an application ID or the endpoint that you're trying to access. -For more information about Azure AD enrollment, see [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md). +For more information about Azure AD enrollment, see [Azure Active Directory integration with MDM](../azure-active-directory-integration-with-mdm.md). -**Provider/*ProviderID*/EnableOmaDmKeepAliveMessage** +**Provider/*ProviderID*/EnableOmaDmKeepAliveMessage** Added in Windows 10, version 1511. A boolean value that specifies whether the DM client should send out a request pending alert in case the device response to a DM request is too slow. When the server sends a configuration request, the client can take longer than the HTTP timeout to get all information together. The session might end unexpectedly because of the timeout. By default, the MDM client doesn't send an alert that a DM request is pending. @@ -260,7 +260,7 @@ Here's an example of DM message sent by the device when it's in pending state: 2 - 1224 + 1224 Reversed-Domain-Name:com.microsoft.mdm.requestpending @@ -272,27 +272,27 @@ Here's an example of DM message sent by the device when it's in pending state: ``` -**Provider/*ProviderID*/AADDeviceID** +**Provider/*ProviderID*/AADDeviceID** Added in Windows 10, version 1607. Returns the device ID for the Azure AD device registration. Supported operation is Get. -**Provider/*ProviderID*/EnrollmentType** +**Provider/*ProviderID*/EnrollmentType** Added in Windows 10, version 1607. Returns the enrollment type (Device or Full). Supported operation is Get. -**Provider/*ProviderID*/HWDevID** +**Provider/*ProviderID*/HWDevID** Added in Windows 10, version 1607. Returns the hardware device ID. Supported operation is Get. -**Provider/*ProviderID*/CommercialID** +**Provider/*ProviderID*/CommercialID** Added in Windows 10, version 1607. It configures the identifier that uniquely associates the device's diagnostic data belonging to the organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization, then use this setting to provide that identification. The value for this setting is provided by Microsoft in the onboarding process for the program. If you disable or don't configure this policy setting, then Microsoft can't use this identifier to associate this machine and its diagnostic data with your organization. Supported operations are Add, Get, Replace, and Delete. -**Provider/*ProviderID*/ManagementServerAddressList** +**Provider/*ProviderID*/ManagementServerAddressList** Added in Windows 10, version 1607. The list of management server URLs in the format <URL1><URL2><URL3>, and so on. If there's only one, the angle brackets (<>) aren't required. > [!NOTE] @@ -320,25 +320,25 @@ Supported operations are Get and Replace. Value type is string. -**Provider/*ProviderID*/ManagementServerToUpgradeTo** +**Provider/*ProviderID*/ManagementServerToUpgradeTo** Optional. Added in Windows 10, version 1703. Specify the Discovery server URL of the MDM provider to upgrade to for a Mobile Application Management (MAM) enrolled device. Supported operations are Add, Delete, Get, and Replace. Value type is string. -**Provider/*ProviderID*/NumberOfDaysAfterLostContactToUnenroll** +**Provider/*ProviderID*/NumberOfDaysAfterLostContactToUnenroll** Optional. Number of days after last successful sync to unenroll. -Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. Value type is integer. -**Provider/*ProviderID*/AADSendDeviceToken** +**Provider/*ProviderID*/AADSendDeviceToken** Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this feature will cause the client to send a Device Token if the User Token can't be obtained. -Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. Value type is bool. @@ -347,7 +347,7 @@ The value type is integer/enum. The value is "1" and it means client should always send Azure Active Directory device token during check-in/sync. -**Provider/*ProviderID*/Poll** +**Provider/*ProviderID*/Poll** Optional. Polling schedules must use the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated. Supported operations are Get and Add. @@ -391,7 +391,7 @@ If there's no infinite schedule set, then a 24-hour schedule is created and sche |NumberOfSecondRetries|0|0| |IntervalForRemainingScheduledRetries|0|0| |NumberOfRemainingScheduledRetries|0|0| - + **Invalid poll schedule: two infinite schedules** |Schedule name|Schedule set by server|Actual schedule set on device|Actual experience| @@ -407,14 +407,14 @@ If the device was previously enrolled in MDM with polling schedule configured us When using the DMClient CSP to configure polling schedule parameters, the server must not set all six polling parameters to 0, or set all three number of retry nodes to 0. It will cause a configuration failure. -**Provider/*ProviderID*/Poll/IntervalForFirstSetOfRetries** +**Provider/*ProviderID*/Poll/IntervalForFirstSetOfRetries** Optional. The waiting time (in minutes) for the initial set of retries, which is the number of retries in `//Poll/NumberOfFirstRetries`. If IntervalForFirstSetOfRetries isn't set, then the default value is used. The default value is 15. If the value is set to 0, this schedule is disabled. Supported operations are Get and Replace. The IntervalForFirstSetOfRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\AuxRetryInterval path that previously used the Registry CSP. -**Provider/*ProviderID*/Poll/NumberOfFirstRetries** +**Provider/*ProviderID*/Poll/NumberOfFirstRetries** Optional. The number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server. If the value is set to 0 and the IntervalForFirstSetOfRetries value isn't 0, then the schedule will be set to repeat an infinite number of times and second set and this set of schedule won't set in this case. The default value is 10. Supported operations are Get and Replace. @@ -423,14 +423,14 @@ The NumberOfFirstRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enro The first set of retries gives the management server some buffered time to be ready to send policy and setting configurations to the device. The total time for first set of retries shouldn't be more than a few hours. The server shouldn't set NumberOfFirstRetries to 0. RemainingScheduledRetries is used for the long run device polling schedule. -**Provider/*ProviderID*/Poll/IntervalForSecondSetOfRetries** +**Provider/*ProviderID*/Poll/IntervalForSecondSetOfRetries** Optional. The waiting time (in minutes) for the second set of retries, which is the number of retries in `//Poll/NumberOfSecondRetries`. Default value is 0. If this value is set to zero, then this schedule is disabled. Supported operations are Get and Replace. The IntervalForSecondSetOfRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\RetryInterval path that previously used the Registry CSP. -**Provider/*ProviderID*/Poll/NumberOfSecondRetries** +**Provider/*ProviderID*/Poll/NumberOfSecondRetries** Optional. The number of times the DM client should retry a second round of connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is set to 0 and IntervalForSecondSetOfRetries isn't set to 0 AND the first set of retries isn't set as infinite retries, then the schedule repeats an infinite number of times. However, if the first set of retries is set at infinite, then this schedule is disabled. Supported operations are Get and Replace. @@ -439,28 +439,28 @@ The NumberOfSecondRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enr The second set of retries is also optional and temporarily retries that the total duration should be last for more than a day. And the IntervalForSecondSetOfRetries should be longer than IntervalForFirstSetOfRetries. RemainingScheduledRetries is used for the long run device polling schedule. -**Provider/*ProviderID*/Poll/IntervalForRemainingScheduledRetries** +**Provider/*ProviderID*/Poll/IntervalForRemainingScheduledRetries** Optional. The waiting time (in minutes) for the initial set of retries, which is the number of retries in `//Poll/NumberOfRemainingScheduledRetries`. Default value is 0. If IntervalForRemainingScheduledRetries is set to 0, then this schedule is disabled. Supported operations are Get and Replace. The IntervalForRemainingScheduledRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\Aux2RetryInterval path that previously used the Registry CSP. -**Provider/*ProviderID*/Poll/NumberOfRemainingScheduledRetries** +**Provider/*ProviderID*/Poll/NumberOfRemainingScheduledRetries** Optional. The number of times the DM client should retry connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is set to 0 and IntervalForRemainingScheduledRetries AND the first and second set of retries aren't set as infinite retries, then the schedule will be set to repeat for an infinite number of times. However, if either or both of the first and second set of retries are set as infinite, then this schedule will be disabled. Supported operations are Get and Replace. The NumberOfRemainingScheduledRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\Aux2NumRetries path that previously used the Registry CSP. -The RemainingScheduledRetries is used for the long run device polling schedule. +The RemainingScheduledRetries is used for the long run device polling schedule. -**Provider/*ProviderID*/Poll/PollOnLogin** +**Provider/*ProviderID*/Poll/PollOnLogin** Optional. Boolean value that allows the IT admin to require the device to start a management session on any user login, even if the user has previously logged in. Login isn't the same as device unlock. Default value is false, where polling is disabled on first login. Supported values are true or false. Supported operations are Add, Get, and Replace. -**Provider/*ProviderID*/Poll/AllUsersPollOnFirstLogin** +**Provider/*ProviderID*/Poll/AllUsersPollOnFirstLogin** Optional. Boolean value that allows the IT admin to require the device to start a management session on first user login for all NT users. A session is only kicked off the first time a user logs in to the system. Later sign-ins won't trigger an MDM session. Login isn't the same as device unlock. Default value is false, where polling is disabled on first login. Supported values are true or false. Supported operations are Add, Get, and Replace. @@ -512,31 +512,31 @@ The supported values for this node are 1-true (allow) and 0-false(not allow). De This node tracks the status of a Recovery request from the InitiateRecovery node. The values are as follows: -0 - No Recovery request has been processed. -1 - Recovery is in Process. -2 - Recovery has finished successfully. -3 - Recovery has failed to start because TPM is not available. -4 - Recovery has failed to start because Azure Active Directory keys are not protected by the TPM. -5 - Recovery has failed to start because the MDM keys are already protected by the TPM. -6 - Recovery has failed to start because the TPM is not ready for attestation. -7 - Recovery has failed because the client cannot authenticate to the server. +0 - No Recovery request has been processed. +1 - Recovery is in Process. +2 - Recovery has finished successfully. +3 - Recovery has failed to start because TPM is not available. +4 - Recovery has failed to start because Azure Active Directory keys are not protected by the TPM. +5 - Recovery has failed to start because the MDM keys are already protected by the TPM. +6 - Recovery has failed to start because the TPM is not ready for attestation. +7 - Recovery has failed because the client cannot authenticate to the server. 8 - Recovery has failed because the server has rejected the client's request. Supported operation is Get only. **Provider/*ProviderID*/Recovery/InitiateRecovery** -This node initiates an MDM Recovery operation on the client. +This node initiates an MDM Recovery operation on the client. If initiated with argument 0, it triggers MDM Recovery, no matter the state of the device. -If initiated with argument 1, it triggers only if the MDM certificate’s private key isn’t already protected by the TPM, if there is a TPM to put the private key into, and if the TPM is ready for attestation. +If initiated with argument 1, it triggers only if the MDM certificate’s private key isn’t already protected by the TPM, if there is a TPM to put the private key into, and if the TPM is ready for attestation. Supported operation is Exec only. **Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionForBackgroundSync** -Optional. This node specifies maximum number of concurrent user sync sessions in background. +Optional. This node specifies maximum number of concurrent user sync sessions in background. The default value is dynamically decided by the client based on CPU usage. @@ -548,18 +548,18 @@ Value type is integer. Only applicable for Windows Enterprise multi-session. **Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionAtUserLogonSync** -Optional. This node specifies maximum number of concurrent user sync sessions at User Login. +Optional. This node specifies maximum number of concurrent user sync sessions at User Login. The default value is dynamically decided by the client based on CPU usage. The values are : 0= none, 1= sequential, anything else= parallel. -Supported operations are Get, Add, Replace and Delete. +Supported operations are Get, Add, Replace and Delete. -Value type is integer. Only applicable for Windows Enterprise multi-session. +Value type is integer. Only applicable for Windows Enterprise multi-session. **Provider/*ProviderID*/MultipleSession/IntervalForScheduledRetriesForUserSession** -Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in `//Poll/NumberOfScheduledRetriesForUserSession`. +Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in `//Poll/NumberOfScheduledRetriesForUserSession`. If IntervalForScheduledRetriesForUserSession is not set, then the default value is used. The default value is 0. If the value is set to 0, this schedule is disabled. @@ -568,9 +568,9 @@ This configuration is only applicable for Windows Multi-session Editions. Supported operations are Get and Replace. **Provider/*ProviderID*/MultipleSession/NumberOfScheduledRetriesForUserSession** -Optional. This node specifies the number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server. +Optional. This node specifies the number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server. -If the value is set to 0 and the IntervalForScheduledRetriesForUserSession value is not 0, then the schedule will be set to repeat an infinite number of times. +If the value is set to 0 and the IntervalForScheduledRetriesForUserSession value is not 0, then the schedule will be set to repeat an infinite number of times. The default value is 0. This configuration is only applicable for Windows Multi-session Editions. @@ -578,7 +578,7 @@ Supported operations are Get and Replace. **Provider/*ProviderID*/ConfigLock** -Optional. This node enables [Config Lock](config-lock.md) feature. If enabled, policies defined in the Config Lock document will be monitored and quickly remediated when a configuration drift is detected. +Optional. This node enables [Config Lock](../config-lock.md) feature. If enabled, policies defined in the Config Lock document will be monitored and quickly remediated when a configuration drift is detected. Default = Locked @@ -603,22 +603,22 @@ The supported values for this node are false or true. Supported operation is Get only. -**Provider/*ProviderID*/Push** +**Provider/*ProviderID*/Push** Optional. Not configurable during WAP Provisioning XML. If removed, DM sessions triggered by Push will no longer be supported. Supported operations are Add and Delete. -**Provider/*ProviderID*/Push/PFN** +**Provider/*ProviderID*/Push/PFN** Required. A string provided by the Windows 10 ecosystem for an MDM solution. Used to register a device for Push Notifications. The server must use the same PFN as the devices it's managing. Supported operations are Add, Get, and Replace. -**Provider/*ProviderID*/Push/ChannelURI** +**Provider/*ProviderID*/Push/ChannelURI** Required. A string that contains the channel that the WNS client has negotiated for the OMA DM client on the device, based on the PFN that was provided. If no valid PFN is currently set, ChannelURI will return null. Supported operation is Get. -**Provider/*ProviderID*/Push/Status** +**Provider/*ProviderID*/Push/Status** Required. An integer that maps to a known error state or condition on the system. Supported operation is Get. @@ -637,188 +637,188 @@ The status error mapping is listed below. |7|Failure: push notification received, but unable to establish an OMA-DM session due to power or connectivity limitations.| |8|Unknown error| -**Provider/*ProviderID*/CustomEnrollmentCompletePage** +**Provider/*ProviderID*/CustomEnrollmentCompletePage** Optional. Added in Windows 10, version 1703. Supported operations are Add, Delete, and Get. -**Provider/*ProviderID*/CustomEnrollmentCompletePage/Title** +**Provider/*ProviderID*/CustomEnrollmentCompletePage/Title** Optional. Added in Windows 10, version 1703. Specifies the title of the all done page that appears at the end of the MDM enrollment flow. -Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. Value type is string. -**Provider/*ProviderID*/CustomEnrollmentCompletePage/BodyText** +**Provider/*ProviderID*/CustomEnrollmentCompletePage/BodyText** Optional. Added in Windows 10, version 1703. Specifies the body text of the all done page that appears at the end of the MDM enrollment flow. -Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. Value type is string. -**Provider/*ProviderID*/CustomEnrollmentCompletePage/HyperlinkHref** +**Provider/*ProviderID*/CustomEnrollmentCompletePage/HyperlinkHref** Optional. Added in Windows 10, version 1703. Specifies the URL that's shown at the end of the MDM enrollment flow. -Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. Value type is string. -**Provider/*ProviderID*/CustomEnrollmentCompletePage/HyperlinkText** +**Provider/*ProviderID*/CustomEnrollmentCompletePage/HyperlinkText** Optional. Added in Windows 10, version 1703. Specifies the display text for the URL that's shown at the end of the MDM enrollment flow. -Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. Value type is string. -**Provider/*ProviderID*/FirstSyncStatus** +**Provider/*ProviderID*/FirstSyncStatus** Optional node. Added in Windows 10, version 1709. -**Provider/*ProviderID*/FirstSyncStatus/ExpectedPolicies** +**Provider/*ProviderID*/FirstSyncStatus/ExpectedPolicies** Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to policies the management service provider expects to configure, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER). -Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. Value type is string. -**Provider/*ProviderID*/FirstSyncStatus/ExpectedNetworkProfiles** +**Provider/*ProviderID*/FirstSyncStatus/ExpectedNetworkProfiles** Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profiles the management service provider expects to configure, delimited by the character L"\xF000". -Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. Value type is string. -**Provider/*ProviderID*/FirstSyncStatus/ExpectedMSIAppPackages** +**Provider/*ProviderID*/FirstSyncStatus/ExpectedMSIAppPackages** Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to configure using the EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. For example, `./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2` This represents App Package ProductID1 containing four apps, and ProductID2 containing two apps. -Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. Value type is string. -**Provider/*ProviderID*/FirstSyncStatus/ExpectedModernAppPackages** -Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to configure using the EnterpriseModernAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. For example, +**Provider/*ProviderID*/FirstSyncStatus/ExpectedModernAppPackages** +Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to configure using the EnterpriseModernAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. For example, ``` syntax -./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" +./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2 ``` This syntax represents App Package PackageFullName containing four apps, and PackageFullName2 containing two apps. -Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. Value type is string. -**Provider/*ProviderID*/FirstSyncStatus/ExpectedPFXCerts** +**Provider/*ProviderID*/FirstSyncStatus/ExpectedPFXCerts** Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to certs the management service provider expects to configure using the ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER). -Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. Value type is string. -**Provider/*ProviderID*/FirstSyncStatus/ExpectedSCEPCerts** +**Provider/*ProviderID*/FirstSyncStatus/ExpectedSCEPCerts** Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to SCEP certs the management service provider expects to configure using the ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER). -Supported operations are Add, Delete, Get, and Replace. +Supported operations are Add, Delete, Get, and Replace. Value type is string. -**Provider/*ProviderID*/FirstSyncStatus/TimeOutUntilSyncFailure** -Required. Added in Windows 10, version 1709. This node determines how long we'll poll until we surface an error message to the user. The unit of measurement is minutes. Default value will be 60, while maximum value will be 1,440 (one day). +**Provider/*ProviderID*/FirstSyncStatus/TimeOutUntilSyncFailure** +Required. Added in Windows 10, version 1709. This node determines how long we'll poll until we surface an error message to the user. The unit of measurement is minutes. Default value will be 60, while maximum value will be 1,440 (one day). -Supported operations are Get and Replace. +Supported operations are Get and Replace. Value type is integer. -**Provider/*ProviderID*/FirstSyncStatus/ServerHasFinishedProvisioning** +**Provider/*ProviderID*/FirstSyncStatus/ServerHasFinishedProvisioning** Required. Added in Windows 10, version 1709. This node is set by the server to inform the UX that the server has finished configuring the device. It was added so that the server can “change its mind" about what it needs to configure on the device. When this node is set, many other DM Client nodes can't be changed. If this node isn't True, the UX will consider the configuration a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED. This node applies to the per user expected policies and resources lists. -Supported operations are Get and Replace. +Supported operations are Get and Replace. Value type is boolean. -**Provider/*ProviderID*/FirstSyncStatus/IsSyncDone** +**Provider/*ProviderID*/FirstSyncStatus/IsSyncDone** Required. Added in Windows 10, version 1709. This node, when doing a get, tells the server if the “First Syncs" are done and the device is fully configured. `Set` triggers the UX to override whatever state it's in, and tell the user that the device is configured. It can't be set from True to False (it won't change its mind if the sync is done), and it can't be set from True to True (to prevent notifications from firing multiple times). This node only applies to the user MDM status page (on a per user basis). -Supported operations are Get and Replace. +Supported operations are Get and Replace. Value type is boolean. -**Provider/*ProviderID*/FirstSyncStatus/WasDeviceSuccessfullyProvisioned** +**Provider/*ProviderID*/FirstSyncStatus/WasDeviceSuccessfullyProvisioned** Required. Added in Windows 10, version 1709. Integer node determining if a device was successfully configured. 0 is failure, 1 is success, 2 is in progress. Once the value is changed to 0 or 1, the value can't be changed again. The client will change the value of success or failure and update the node. The server can force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true. This node only applies to the user MDM status page (on a per user basis). -Supported operations are Get and Replace. +Supported operations are Get and Replace. Value type is integer. -**Provider/*ProviderID*/FirstSyncStatus/BlockInStatusPage** +**Provider/*ProviderID*/FirstSyncStatus/BlockInStatusPage** Required. Device Only. Added in Windows 10, version 1803. This node determines if the MDM progress page is blocking in the Azure AD joined or DJ++ case, and which remediation options are available. -Supported operations are Get and Replace. +Supported operations are Get and Replace. Value type is integer. -**Provider/*ProviderID*/FirstSyncStatus/AllowCollectLogsButton** -Required. Added in Windows 10, version 1803. This node decides if the MDM progress page displays the Collect Logs button. +**Provider/*ProviderID*/FirstSyncStatus/AllowCollectLogsButton** +Required. Added in Windows 10, version 1803. This node decides if the MDM progress page displays the Collect Logs button. -Supported operations are Get and Replace. +Supported operations are Get and Replace. Value type is bool. -**Provider/*ProviderID*/FirstSyncStatus/CustomErrorText** -Required. Added in Windows 10, version 1803. This node allows the MDM to set custom error text, detailing what the user needs to do if there's an error. +**Provider/*ProviderID*/FirstSyncStatus/CustomErrorText** +Required. Added in Windows 10, version 1803. This node allows the MDM to set custom error text, detailing what the user needs to do if there's an error. -Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. Value type is string. -**Provider/*ProviderID*/FirstSyncStatus/SkipDeviceStatusPage** +**Provider/*ProviderID*/FirstSyncStatus/SkipDeviceStatusPage** Required. Device only. Added in Windows 10, version 1803. This node decides if the MDM device progress page skips after Azure AD joined or Hybrid Azure AD joined in OOBE. -Supported operations are Get and Replace. +Supported operations are Get and Replace. Value type is bool. -**Provider/*ProviderID*/FirstSyncStatus/SkipUserStatusPage** +**Provider/*ProviderID*/FirstSyncStatus/SkipUserStatusPage** Required. Device only. Added in Windows 10, version 1803. This node decides if the MDM user progress page skips after Azure AD joined or DJ++ after user login. -Supported operations are Get and Replace. +Supported operations are Get and Replace. Value type is bool. -**Provider/*ProviderID*/EnhancedAppLayerSecurity** +**Provider/*ProviderID*/EnhancedAppLayerSecurity** Required node. Added in Windows 10, version 1709. Supported operation is Get. -**Provider/*ProviderID*/EnhancedAppLayerSecurity/SecurityMode** +**Provider/*ProviderID*/EnhancedAppLayerSecurity/SecurityMode** Required. Added in Windows 10, version 1709. This node specifies how the client will do the app layer signing and encryption. 0: no op; 1: sign only; 2: encrypt only; 3: sign and encrypt. The default value is 0. -Supported operations are Add, Get, Replace, and Delete. +Supported operations are Add, Get, Replace, and Delete. Value type is integer. -**Provider/*ProviderID*/EnhancedAppLayerSecurity/UseCertIfRevocationCheckOffline** +**Provider/*ProviderID*/EnhancedAppLayerSecurity/UseCertIfRevocationCheckOffline** Required. Added in Windows 10, version 1709. When this node is set, it tells the client to use the certificate even when the client can't check the certificate's revocation status because the device is offline. The default value is set. -Supported operations are Add, Get, Replace, and Delete. +Supported operations are Add, Get, Replace, and Delete. Value type is boolean. -**Provider/*ProviderID*/EnhancedAppLayerSecurity/Cert0** +**Provider/*ProviderID*/EnhancedAppLayerSecurity/Cert0** Required. Added in Windows 10, version 1709. The node contains the primary certificate - the public key to use. -Supported operations are Add, Get, Replace, and Delete. +Supported operations are Add, Get, Replace, and Delete. Value type is string. -**Provider/*ProviderID*/EnhancedAppLayerSecurity/Cert1** +**Provider/*ProviderID*/EnhancedAppLayerSecurity/Cert1** Required. Added in Windows 10, version 1709. The node contains the secondary certificate - the public key to use. -Supported operations are Add, Get, Replace, and Delete. +Supported operations are Add, Get, Replace, and Delete. Value type is string. -**Provider/*ProviderID*/Unenroll** +**Provider/*ProviderID*/Unenroll** Required. The node accepts unenrollment requests using the OMA DM Exec command and calls the enrollment client to unenroll the device from the management server whose provider ID is specified in the `` tag under the `` element. Scope is permanent. Supported operations are Get and Exec. @@ -837,7 +837,7 @@ The following SyncML shows how to remotely unenroll the device. This command sho chr - TestMDMServer + TestMDMServer @@ -845,4 +845,4 @@ The following SyncML shows how to remotely unenroll the device. This command sho ## Related articles -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md index 2f7ca1fb7e..83705437e0 100644 --- a/windows/client-management/mdm/dmclient-ddf-file.md +++ b/windows/client-management/mdm/dmclient-ddf-file.md @@ -1,7 +1,7 @@ --- title: DMClient DDF file description: Learn about the OMA DM device description framework (DDF) for the DMClient configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -16,7 +16,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **DMClient** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is for Windows 10, version 1803. diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md deleted file mode 100644 index 471f590bc9..0000000000 --- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md +++ /dev/null @@ -1,166 +0,0 @@ ---- -title: DMProcessConfigXMLFiltered function -description: Learn how the DMProcessConfigXMLFiltered function configures phone settings by using OMA Client Provisioning XML. -Search.Refinement.TopicID: 184 -ms.reviewer: -manager: aaroncz -topic_type: - - apiref -api_name: - - DMProcessConfigXMLFiltered -api_location: - - dmprocessxmlfiltered.dll -api_type: - - DllExport -ms.author: vinpa -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: vinaypamnani-msft -ms.date: 06/26/2017 ---- - -# DMProcessConfigXMLFiltered function - -> [!Important] -> The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. For more information about the new process for provisioning connectivity configuration, see [Connectivity configuration](/previous-versions//dn757424(v=vs.85)). However, this function is still supported for other OEM uses. - - -Configures phone settings by using OMA Client Provisioning XML. Use of this function is strictly limited to the following scenarios. - -- Adding dynamic credentials for OMA Client Provisioning. - -- Manufacturing test applications. These applications and the supporting drivers must be removed from the phones before they're sold. - -Microsoft recommends that this function isn't used to configure the following types of settings: - -- Security settings that are configured using CertificateStore, SecurityPolicy, and RemoteWipe, unless they're related to OMA DM or OMA Client Provisioning security policies - -- Non-cellular data connection settings (such as Hotspot settings). - -- File system files and registry settings, unless they're used for OMA DM account management, mobile operator data connection settings, or manufacturing tests - -- Email settings - -> [!Note] -> The **DMProcessConfigXMLFiltered** function has full functionality in Windows Phone 8.1, but it has a read-only functionality in Windows 10. - - - -## Syntax - -```C++ -HRESULT STDAPICALLTYPE DMProcessConfigXMLFiltered( - LPCWSTR pszXmlIn, - const WCHAR **rgszAllowedCspNode, - const DWORD dwNumAllowedCspNodes, - BSTR *pbstrXmlOut -); -``` - -## Parameters - -*pszXmlIn* - -- [in] The null–terminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. **DMProcessConfigXMLFiltered** accepts only OMA Client Provisioning XML (also known as WAP provisioning). It doesn't accept OMA DM SyncML XML (also known as SyncML). - -*rgszAllowedCspNode* - -- [in] Array of `WCHAR` that specify which configuration service provider nodes can be invoked. - -*dwNumAllowedCspNodes* - -- [in] Number of elements passed in rgszAllowedCspNode. - -*pbstrXmlOut* - -- [out] The resulting null–terminated XML from configuration. The caller of **DMProcessConfigXMLFiltered** is responsible for cleanup of the output buffer that the pbstrXmlOut parameter references. Use **SysFreeString** to free the memory. - -If **DMProcessConfigXMLFiltered** retrieves a document, the *pbstrXmlOut* holds the XML output (in string form) of the provisioning operations. If **DMProcessConfigXMLFiltered** returns a failure, the XML output often contains "error nodes" that indicate which elements of the original XML failed. If the input document doesn't contain queries and is successfully processed, the output document should resemble the input document. In some error cases, no output is returned. - -## Return value - -Returns the standard **HRESULT** value **S\_OK** to indicate success. The following table shows more error codes that can be returned: - -|Return code|Description| -|--- |--- | -|**CONFIG_E_OBJECTBUSY**|Another instance of the configuration management service is currently running.| -|**CONFIG_E_ENTRYNOTFOUND**|No metabase entry was found.| -|**CONFIG_E_CSPEXCEPTION**|An exception occurred in one of the configuration service providers.| -|**CONFIG_E_TRANSACTIONINGFAILURE**|A configuration service provider failed to roll back properly. The affected settings might be in an unknown state.| -|**CONFIG_E_BAD_XML**|The XML input is invalid or malformed.| - -## Remarks - -The processing of the XML is transactional. Either the entire document gets processed successfully, or none of the settings are processed. So, the **DMProcessConfigXMLFiltered** function processes only one XML configuration request at a time. - -The usage of **DMProcessConfigXMLFiltered** depends on the configuration service providers that are used. For example, if the input `.provxml` contains the following two settings: - -``` XML - - - - - - - - - - - - - - - - -``` - -Then, the second parameter in the call to **DMProcessConfigXMLFiltered** would have to have the following definition. - -``` C++ -LPCWSTR rgszAllowedCspNodes[] = -{ - L"NAPDEF", - L"BrowserFavorite" -}; -``` - -This array of configuration service provider names indicates which `.provxml` contents should be present. If the provxml contains "EMAIL2" provisioning but *rgszAllowedCspNodes* doesn't contain EMAIL2, then **DMProcessConfigXMLFiltered** fails with an **E\_ACCESSDENIED** error code. - -The following code sample shows how this array would be passed in. The *szProvxmlContent* doesn't show the full XML contents for brevity. In actual usage, the "…" would contain the full XML string shown above. - -``` C++ -WCHAR szProvxmlContent[] = L"..."; -BSTR bstr = NULL; - -HRESULT hr = DMProcessConfigXMLFiltered( - szProvxmlContent, - rgszAllowedCspNodes, - _countof(rgszAllowedCspNodes), - &bstr - ); - -/* check error */ - -if ( bstr != NULL ) -{ - SysFreeString( bstr ); - bstr = NULL; -} -``` - -## Requirements - -|Requirement|Support| -|--- |--- | -|Minimum supported client|None supported| -|Minimum supported server|None supported| -|Minimum supported phone|Windows Phone 8.1| -|Header|Dmprocessxmlfiltered.h| -|Library|Dmprocessxmlfiltered.lib| -|DLL|Dmprocessxmlfiltered.dll| - -## See also - -[**SysFreeString**](/windows/win32/api/oleauto/nf-oleauto-sysfreestring) - diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md index e9c3080fba..7d1f209458 100644 --- a/windows/client-management/mdm/dmsessionactions-csp.md +++ b/windows/client-management/mdm/dmsessionactions-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 06/26/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -24,7 +24,7 @@ The table below shows the applicability of Windows: |Enterprise|Yes|Yes| |Education|Yes|Yes| -The DMSessionActions configuration service provider (CSP) is used to manage: +The DMSessionActions configuration service provider (CSP) is used to manage: - the number of sessions the client skips if the device is in a low-power state. - which CSP nodes should send an alert back to the server if there were any changes. @@ -73,58 +73,58 @@ DMSessionActions ------------MaxTimeSessionsSkippedInLowPowerState ``` -**./Device/Vendor/MSFT/DMSessionActions or ./User/Vendor/MSFT/DMSessionActions** +**./Device/Vendor/MSFT/DMSessionActions or ./User/Vendor/MSFT/DMSessionActions** Defines the root node for the DMSessionActions configuration service provider. -***ProviderID*** -Group settings per device management (DM) server. Each group of settings is distinguished by the Provider ID of the server. It must be the same DM server Provider ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. Only one enterprise management server is supported, which means there should be only one ProviderID node under NodeCache. +***ProviderID*** +Group settings per device management (DM) server. Each group of settings is distinguished by the Provider ID of the server. It must be the same DM server Provider ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. Only one enterprise management server is supported, which means there should be only one ProviderID node under NodeCache. Scope is dynamic. Supported operations are Get, Add, and Delete. -***ProviderID*/CheckinAlertConfiguration** +***ProviderID*/CheckinAlertConfiguration** Node for the custom configuration of alerts to be sent during MDM sync session. -***ProviderID*/CheckinAlertConfiguration/Nodes** +***ProviderID*/CheckinAlertConfiguration/Nodes** Required. Root node for URIs to be queried. Scope is dynamic. Supported operation is Get. -***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID*** +***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID*** Required. Information about each node is stored under NodeID as specified by the server. This value must not contain a comma. Scope is dynamic. Supported operations are Get, Add, and Delete. -***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID*/NodeURI** +***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID*/NodeURI** Required. The value is a complete OMA DM node URI. It can specify either an interior node or a leaf node in the device management tree. Scope is dynamic. -Value type is string. +Value type is string. Supported operations are Add, Get, Replace, and Delete. -**AlertData** +**AlertData** Node to query the custom alert per server configuration -Value type is string. +Value type is string. Supported operation is Get. -**PowerSettings** +**PowerSettings** Node for power-related configurations. -**PowerSettings/MaxSkippedSessionsInLowPowerState** +**PowerSettings/MaxSkippedSessionsInLowPowerState** Maximum number of continuous skipped sync sessions when the device is in low-power state. -Value type is integer. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. -**PowerSettings/MaxTimeSessionsSkippedInLowPowerState** +**PowerSettings/MaxTimeSessionsSkippedInLowPowerState** Maximum time in minutes when the device can skip the check-in with the server if the device is in low-power state. -Value type is integer. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. ## Related articles -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md index fcb5cb106e..c03dc36fde 100644 --- a/windows/client-management/mdm/dmsessionactions-ddf.md +++ b/windows/client-management/mdm/dmsessionactions-ddf.md @@ -7,16 +7,16 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/05/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # DMSessionActions DDF file -This topic shows the OMA DM device description framework (DDF) for the **DMSessionActions** configuration service provider. +This topic shows the OMA DM device description framework (DDF) for the **DMSessionActions** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md index 3e4e54c181..26bf159871 100644 --- a/windows/client-management/mdm/dynamicmanagement-csp.md +++ b/windows/client-management/mdm/dynamicmanagement-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 06/26/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.collection: highpri --- @@ -25,7 +25,7 @@ The table below shows the applicability of Windows: |Enterprise|Yes|Yes| |Education|Yes|Yes| -Windows 10 or Windows 11 allows you to manage devices differently depending on location, network, or time.  Added in Windows 10, version 1703, the focus is on the most common areas of concern expressed by organizations. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs. +Windows 10 or Windows 11 allows you to manage devices differently depending on location, network, or time.  Added in Windows 10, version 1703, the focus is on the most common areas of concern expressed by organizations. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs. This CSP was added in Windows 10, version 1703. @@ -45,13 +45,13 @@ DynamicManagement ----AlertsEnabled ``` -**DynamicManagement** +**DynamicManagement** The root node for the DynamicManagement configuration service provider. -**NotificationsEnabled** +**NotificationsEnabled** Boolean value for sending notification to the user of a context change. -Default value is False. +Default value is False. Supported operations are Get and Replace. @@ -68,62 +68,62 @@ Example to turn on NotificationsEnabled: text/plain bool - true + true ``` -**ActiveList** +**ActiveList** A string containing the list of all active ContextIDs on the device. Delimiter is unicode character 0xF000. -Supported operation is Get. +Supported operation is Get. -**Contexts** +**Contexts** Node for context information. Supported operation is Get. -***ContextID*** +***ContextID*** Node created by the server to define a context. Maximum number of characters allowed is 38. Supported operations are Add, Get, and Delete. -**SignalDefinition** +**SignalDefinition** Signal Definition XML. Value type is string. Supported operations are Add, Get, Delete, and Replace. -**SettingsPack** +**SettingsPack** Settings that get applied when the Context is active. Value type is string. Supported operations are Add, Get, Delete, and Replace. -**SettingsPackResponse** +**SettingsPackResponse** Response from applying a Settings Pack that contains information on each individual action. Value type is string. Supported operation is Get. -**ContextStatus** +**ContextStatus** Reports status of the context. If there was a failure, SettingsPackResponse should be checked for what exactly is failed. -Value type is integer. +Value type is integer. Supported operation is Get. -**Altitude** +**Altitude** A value that determines how to handle conflict resolution of applying multiple contexts on the device. This is required and must be distinct of other priorities. -Value type is integer. +Value type is integer. Supported operations are Add, Get, Delete, and Replace. -**AlertsEnabled** +**AlertsEnabled** A Boolean value for sending an alert to the server when a context fails. Supported operations are Get and Replace. @@ -158,12 +158,12 @@ Disable Cortana based on Geo location and time, from 9am-5pm, when in the 100-me - + - + - + @@ -211,14 +211,14 @@ Disable camera using network trigger with time trigger, from 9-5, when ip4 gatew chr - + - - 192.168.0.1 - + + 192.168.0.1 + - + @@ -274,4 +274,4 @@ Get ContextStatus and SignalDefinition from a specific context: ## Related articles -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](index.yml) \ No newline at end of file diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md index 0e2a6dd191..48ea1b01a8 100644 --- a/windows/client-management/mdm/dynamicmanagement-ddf.md +++ b/windows/client-management/mdm/dynamicmanagement-ddf.md @@ -1,7 +1,7 @@ --- title: DynamicManagement DDF file description: Learn about the OMA DM device description framework (DDF) for the DynamicManagement configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -13,9 +13,9 @@ ms.date: 12/05/2017 # DynamicManagement DDF file -This topic shows the OMA DM device description framework (DDF) for the **DynamicManagement** configuration service provider. +This topic shows the OMA DM device description framework (DDF) for the **DynamicManagement** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 1298e152d0..6e067a0976 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -1,7 +1,7 @@ --- title: EAP configuration description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including details about EAP certificate filtering in Windows 10. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -140,7 +140,7 @@ The following list describes the prerequisites for a certificate to be used with - Client Authentication: As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2. - Any Purpose: This property is an EKU-defined one and is published by Microsoft. It is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering. - All Purpose: As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes. - + - The user or the computer certificate on the client must chain to a trusted root CA. - The user or the computer certificate doesn't fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy. - The user or the computer certificate doesn't fail any one of the certificate object identifier checks that are specified in the Internet Authentication Service (IAS)/Radius Server. @@ -162,15 +162,15 @@ The following XML sample explains the properties for the EAP TLS XML, including 0 0 - + - + 13 - + true @@ -193,7 +193,7 @@ The following XML sample explains the properties for the EAP TLS XML, including ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff - + @@ -201,15 +201,15 @@ The following XML sample explains the properties for the EAP TLS XML, including - ContostoITEKU + ContostoITEKU - 1.3.6.1.4.1.311.42.1.15 + 1.3.6.1.4.1.311.42.1.15 - ContostoITEKU + ContostoITEKU @@ -231,16 +231,16 @@ The following XML sample explains the properties for the EAP TLS XML, including true - + - + - @@ -286,4 +286,4 @@ Alternatively, you can use the following procedure to create an EAP configuratio ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md index a88665101f..0fc082236b 100644 --- a/windows/client-management/mdm/email2-csp.md +++ b/windows/client-management/mdm/email2-csp.md @@ -1,7 +1,7 @@ --- title: EMAIL2 CSP description: Learn how the EMAIL2 configuration service provider (CSP) is used to configure Simple Mail Transfer Protocol (SMTP) email accounts. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -78,12 +78,12 @@ Configuration data isn't encrypted when sent over the air (OTA). This is a poten > [!IMPORTANT] > All Add and Replace commands need to be wrapped in an Atomic section. -**EMAIL2** +**EMAIL2** The configuration service provider root node. Supported operation is Get. -***GUID*** +***GUID*** Defines a specific email account. A globally unique identifier (GUID) must be generated for each email account on the device. Provisioning with an account that has the same GUID as an existing one doesn't create the new account and Add command will fail in this case. Supported operations are Get, Add, and Delete. @@ -93,14 +93,14 @@ The braces {} around the GUID are required in the EMAIL2 configuration service p - For OMA Client Provisioning, the braces can be sent literally. For example, `` - For OMA DM, the braces must be sent using ASCII values of 0x7B and 0x7D respectively. For example, `./Vendor/MSFT/EMAIL2/0x7BC556E16F-56C4-4edb-9C64-D9469EE1FBE0x7D` -**ACCOUNTICON** +**ACCOUNTICON** Optional. Returns the location of the icon associated with the account. Supported operations are Get, Add, Replace, and Delete. The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings, email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added. -**ACCOUNTTYPE** +**ACCOUNTTYPE** Required. Specifies the type of account. Supported operations are Get, Add, Replace, and Delete. @@ -110,12 +110,12 @@ Valid values are: - Email: Normal email - VVM: Visual voice mail -**AUTHNAME** +**AUTHNAME** Required. Character string that specifies the name used to authorize the user to a specific email account (also known as the user's logon name). Supported operations are Get, Add, Replace, and Delete. -**AUTHREQUIRED** +**AUTHREQUIRED** Optional. Character string that specifies whether the outgoing server requires authentication. Supported operations are Get, Add, Replace, and Delete. @@ -128,17 +128,17 @@ Value options are: > [!NOTE] > If this value isn't specified, then no SMTP authentication is done. Also, this is different from SMTPALTENABLED. -**AUTHSECRET** +**AUTHSECRET** Optional. Character string that specifies the user's password. The same password is used for SMTP authentication. Supported operations are Get, Add, Replace, and Delete. -**DOMAIN** +**DOMAIN** Optional. Character string that specifies the incoming server credentials domain. Limited to 255 characters. Supported operations are Get, Add, Replace, and Delete. -**DWNDAY** +**DWNDAY** Optional. Character string that specifies how many days' worth of email should be downloaded from the server. Supported operations are Get, Add, Replace, and Delete. @@ -150,14 +150,14 @@ Value options: - 14: Specifies that 14 days’ worth of email should be downloaded. - 30: Specifies that 30 days’ worth of email should be downloaded. -**INSERVER** +**INSERVER** Required. Character string that specifies the name of the incoming server name and port number. This string is limited to 62 characters. If the standard port number is used, then you don't have to specify the port number. The value format is: - server name:port number Supported operations are Get, Add, and Replace. -**LINGER** +**LINGER** Optional. Character string that specifies the length of time between email send/receive updates in minutes. Supported operations are Get, Add, Replace, and Delete. @@ -170,7 +170,7 @@ Value options: - 60 - Wait for 60 minutes between updates - 120 - Wait for 120 minutes between updates. -**KEEPMAX** +**KEEPMAX** Optional. Specifies the maximum size for a message attachment. Attachments beyond this size will not be downloaded but it will remain on the server. The message itself will be downloaded. This value can be set only for IMAP4 accounts. The limit is specified in KB. @@ -181,24 +181,24 @@ A value of 0 meaning that no limit will be enforced. Supported operations are Get, Add, Replace, and Delete. -**NAME** +**NAME** Optional. Character string that specifies the name of the sender displayed on a sent email. It should be set to the user’s name. Limited to 255 characters. Supported operations are Get, Add, Replace, and Delete. -**OUTSERVER** +**OUTSERVER** Required. Character string that specifies the name of the messaging service's outgoing email server. Limited to 62 characters. The value format is: - server name:port number Supported operations are Get, Add, Delete, and Replace. -**REPLYADDR** +**REPLYADDR** Required. Character string that specifies the reply email address of the user (usually the same as the user email address). Sending email will fail without it. Limited to 255 characters. Supported operations are Get, Add, Delete, and Replace. -**SERVICENAME** +**SERVICENAME** Required. Character string that specifies the name of the email service to create or edit (32 characters maximum). Supported operations are Get, Add, Replace, and Delete. @@ -206,21 +206,21 @@ Supported operations are Get, Add, Replace, and Delete. > [!NOTE] > The EMAIL2 Configuration Service Provider doesn't support the OMA DM **Replace** command on the parameters **SERVICENAME** and **SERVICETYPE**. To replace either the email account name or the account service type, the existing email account must be deleted and then a new one must be created. -**SERVICETYPE** +**SERVICETYPE** Required. Character string that specifies the type of email service to create or edit (for example, "IMAP4" or "POP3"). Supported operations are Get, Add, Replace, and Delete. > **Note**   The EMAIL2 Configuration Service Provider doesn't support the OMA DM **Replace** command on the parameters **SERVICENAME** and **SERVICETYPE**. To replace either the email account name or the account service type, the existing email account must be deleted and then a new one must be created. -**RETRIEVE** +**RETRIEVE** Optional. Specifies the maximum size in bytes for messages retrieved from the incoming email server. Messages beyond this size are retrieved, but truncated. Value options are 512, 1024, 2048, 5120, 20480, and 51200. Supported operations are Get, Add, Replace, and Delete. -**SERVERDELETEACTION** +**SERVERDELETEACTION** Optional. Character string that specifies how message is deleted on server. Value options are: - 1 - Delete message on the server. @@ -230,12 +230,12 @@ Any other value results in default action, which depends on the transport. Supported operations are Get, Add, Replace, and Delete. -**CELLULARONLY** +**CELLULARONLY** Optional. If this flag is set, the account only uses the cellular network and not Wi-Fi. Value type is string. Supported operations are Get, Add, Replace, and Delete. -**SYNCINGCONTENTTYPES** +**SYNCINGCONTENTTYPES** Required. Specifies a bitmask for which content types are supported for syncing, like Mail, Contacts, and Calendar. - No data (0x0) @@ -254,64 +254,64 @@ Required. Specifies a bitmask for which content types are supported for syncing, Supported operations are Get, Add, Replace, and Delete. -**CONTACTSSERVER** +**CONTACTSSERVER** Optional. Server for contact sync if it's different from the email server. Supported operations are Get, Add, Replace, and Delete. -**CALENDARSERVER** +**CALENDARSERVER** Optional. Server for calendar sync if it's different from the email server. Supported operations are Get, Add, Replace, and Delete. -**CONTACTSSERVERREQUIRESSL** +**CONTACTSSERVERREQUIRESSL** Optional. Indicates if the connection to the contact server requires SSL. Supported operations are Get, Add, Replace, and Delete. -**CALENDARSERVERREQUIRESSL** +**CALENDARSERVERREQUIRESSL** Optional. Indicates if the connection to the calendar server requires SSL. Supported operations are Get, Add, Replace, and Delete. -**CONTACTSSYNCSCHEDULE** +**CONTACTSSYNCSCHEDULE** Optional. Sets the schedule for syncing contact items. Supported operations are Get, Add, Replace, and Delete. -**CALENDARSYNCSCHEDULE** +**CALENDARSYNCSCHEDULE** Optional. Sets the schedule for syncing calendar items. Supported operations are Get, Add, Replace, and Delete. -**SMTPALTAUTHNAME** +**SMTPALTAUTHNAME** Optional. Character string that specifies the display name associated with the user's alternative SMTP email account. Supported operations are Get, Add, Replace, and Delete. -**SMTPALTDOMAIN** +**SMTPALTDOMAIN** Optional. Character string that specifies the domain name for the user's alternative SMTP account. Supported operations are Get, Add, Replace, and Delete. -**SMTPALTENABLED** +**SMTPALTENABLED** Optional. Character string that specifies if the user's alternate SMTP account is enabled. Supported operations are Get, Add, Replace, and Delete. A value of "FALSE" means the user's alternate SMTP email account is disabled. A value of "TRUE" means that the user's alternate SMTP email account is enabled. -**SMTPALTPASSWORD** +**SMTPALTPASSWORD** Optional. Character string that specifies the password for the user's alternate SMTP account. Supported operations are Get, Add, Replace, and Delete. -**TAGPROPS** +**TAGPROPS** Optional. Defines a group of properties with non-standard element names. Supported operations are Get, Add, Replace, and Delete. -**TAGPROPS/8128000B** +**TAGPROPS/8128000B** Optional. Character string that specifies if the incoming email server requires SSL. Supported operations are Get, Add, Replace, and Delete. @@ -321,7 +321,7 @@ Value options are: - 0 - SSL isn't required. - 1 - SSL is required. -**TAGPROPS/812C000B** +**TAGPROPS/812C000B** Optional. Character string that specifies if the outgoing email server requires SSL. Supported operations are Get and Replace. @@ -352,4 +352,4 @@ If the connection to the mail server is initiated with deferred SSL, the mail se ## Related articles -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md index ec7d604849..1543101a54 100644 --- a/windows/client-management/mdm/email2-ddf-file.md +++ b/windows/client-management/mdm/email2-ddf-file.md @@ -1,7 +1,7 @@ --- title: EMAIL2 DDF file description: Learn how the OMA DM device description framework (DDF) for the EMAIL2 configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **EMAIL2** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. @@ -814,7 +814,7 @@ The XML below is the current version for this CSP. - Specify whether incoming server requires SSL connection. + Specify whether incoming server requires SSL connection. 1- Require SSL connection 0- Doesn't require SSL connection (default) @@ -840,7 +840,7 @@ The XML below is the current version for this CSP. - Specify whether outgoing server requires SSL connection. + Specify whether outgoing server requires SSL connection. 1- Require SSL connection 0- Doesn't require SSL connection (default) diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md index 40b17f8970..c607ed7015 100644 --- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md +++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md @@ -14,7 +14,7 @@ ms.date: 05/17/2019 This topic shows the OMA DM device description framework (DDF) for the **EnrollmentStatusTracking** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). ### EnrollmentStatusTracking CSP diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md index 3ad33fa688..59220928f8 100644 --- a/windows/client-management/mdm/enrollmentstatustracking-csp.md +++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md @@ -70,35 +70,35 @@ EnrollmentStatusTracking --------HasProvisioningCompleted ``` -**./Vendor/MSFT** +**./Vendor/MSFT** For device context, use **./Device/Vendor/MSFT** path and for user context, use **./User/Vendor/MSFT** path. -**EnrollmentStatusTracking** -Required. Root node for the CSP. This node is supported in both user context and device context. +**EnrollmentStatusTracking** +Required. Root node for the CSP. This node is supported in both user context and device context. Provides the settings to communicate what policies the ESP must block on. Using these settings, policy providers register themselves and the set of policies that must be tracked. The ESP includes the counts of these policy settings in the status message that is displayed to the user. It also blocks ESP until all the policies are provisioned. The policy provider is expected to drive the status updates by updating the appropriate node values, which are then reflected in the ESP status message. Scope is permanent. Supported operation is Get. -**EnrollmentStatusTracking/DevicePreparation** -Required. This node is supported only in device context. +**EnrollmentStatusTracking/DevicePreparation** +Required. This node is supported only in device context. Specifies the settings that ESP reads during the device preparation phase. These settings are used to orchestrate any setup activities prior to provisioning the device in the device setup phase of the ESP. Scope is permanent. Supported operation is Get. -**EnrollmentStatusTracking/DevicePreparation/PolicyProviders** -Required. This node is supported only in device context. +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders** +Required. This node is supported only in device context. Indicates to the ESP that it should wait in the device preparation phase until all the policy providers have their InstallationState node set as 2 (NotRequired) or 3 (Completed). Scope is permanent. Supported operation is Get. -**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/_ProviderName_** -Optional. This node is supported only in device context. +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/_ProviderName_** +Optional. This node is supported only in device context. Represents a policy provider for the ESP. The node should be given a unique name for the policy provider. Registration of a policy provider indicates to ESP that it should block in the device preparation phase until the provider sets its InstallationState node to 2 (NotRequired) or 3 (Completed). Once all the registered policy providers are marked as Completed or NotRequired, the ESP progresses to the device setup phase. Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. -**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/InstallationState** -Required. This node is supported only in device context. +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/InstallationState** +Required. This node is supported only in device context. Communicates the policy provider installation state back to ESP. Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. @@ -110,30 +110,30 @@ Value type is integer. Expected values are as follows: - 3—Completed - 4—Error -**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/LastError** -Required. This node is supported only in device context. +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/LastError** +Required. This node is supported only in device context. Represents the last error code during the application installation process. If a policy provider fails to install, it can optionally set an HRESULT error code that the ESP can display in an error message to the user. ESP reads this node only when the provider's InstallationState node is set to 4 (Error). This node must be set only by the policy provider, and not by the MDM server. Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. Value type is integer. -**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/Timeout** -Optional. This node is supported only in device context. +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/Timeout** +Optional. This node is supported only in device context. Represents the amount of time, in minutes, that the provider installation process can run before the ESP shows an error. Provider installation is complete when the InstallationState node is set to 2 (NotRequired) or 3 (Completed). If no timeout value is specified, ESP selects the default timeout value of 15 minutes. Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. Value type is integer. The default is 15 minutes. -**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes** -Required. This node is supported only in device context. +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes** +Required. This node is supported only in device context. This node's children register which resource types the policy provider supports for provisioning. Only registered providers for a particular resource type will have their policies incorporated with ESP tracking message. Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. -**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes/Apps** -Required. This node is supported only in device context. +**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes/Apps** +Required. This node is supported only in device context. This node specifies if the policy provider is registered for app provisioning. Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. @@ -143,32 +143,32 @@ Value type is boolean. Expected values are as follows: - false—Indicates that the policy provider isn't registered for app provisioning. This is the default. - true—Indicates that the policy provider is registered for app provisioning. -**EnrollmentStatusTracking/Setup** -Required. This node is supported in both user context and device context. +**EnrollmentStatusTracking/Setup** +Required. This node is supported in both user context and device context. Provides the settings that ESP reads during the account setup phase in the user context and device setup phase in the device context. Policy providers use this node to communicate progress status back to the ESP, which is then displayed to the user through progress messages. Scope is permanent. Supported operation is Get. -**EnrollmentStatusTracking/Setup/Apps** -Required. This node is supported in both user context and device context. +**EnrollmentStatusTracking/Setup/Apps** +Required. This node is supported in both user context and device context. Provides the settings to communicate to the ESP which app installations it should block on and provide progress in the status message to the user. Scope is permanent. Supported operation is Get. -**EnrollmentStatusTracking/Setup/Apps/PolicyProviders** -Required. This node is supported in both user context and device context. +**EnrollmentStatusTracking/Setup/Apps/PolicyProviders** +Required. This node is supported in both user context and device context. Specifies the app policy providers for this CSP. These are the policy providers the ESP should wait on before showing the tracking message with the status to the user. Scope is permanent. Supported operation is Get. -**EnrollmentStatusTracking/Setup/Apps/PolicyProviders**/***ProviderName*** -Optional. This node is supported in both user context and device context. +**EnrollmentStatusTracking/Setup/Apps/PolicyProviders**/***ProviderName*** +Optional. This node is supported in both user context and device context. Represents an app policy provider for the ESP. Existence of this node indicates to the ESP that it shouldn't show the tracking status message until the TrackingPoliciesCreated node has been set to true. Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. -**EnrollmentStatusTracking/Setup/Apps/PolicyProviders/*ProviderName*/TrackingPoliciesCreated** -Required. This node is supported in both user context and device context. +**EnrollmentStatusTracking/Setup/Apps/PolicyProviders/*ProviderName*/TrackingPoliciesCreated** +Required. This node is supported in both user context and device context. Indicates if the provider has created the required policies for the ESP to use for tracking app installation progress. The policy provider itself is expected to set the value of this node, not the MDM server. Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. @@ -178,26 +178,26 @@ Value type is boolean. The expected values are as follows: - true—Indicates that the provider has created the required policies. - false—Indicates that the provider hasn't created the required policies. This is the default. -**EnrollmentStatusTracking/Setup/Apps/Tracking** -Required. This node is supported in both user context and device context. +**EnrollmentStatusTracking/Setup/Apps/Tracking** +Required. This node is supported in both user context and device context. Root node for the app installations being tracked by the ESP. Scope is permanent. Supported operation is Get. -**EnrollmentStatusTracking/Setup/Apps/Tracking/_ProviderName_** -Optional. This node is supported in both user context and device context. +**EnrollmentStatusTracking/Setup/Apps/Tracking/_ProviderName_** +Optional. This node is supported in both user context and device context. Indicates the provider name responsible for installing the apps and providing status back to ESP. Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. -**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/_AppName_** -Optional. This node is supported in both user context and device context. +**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/_AppName_** +Optional. This node is supported in both user context and device context. Represents a unique name for the app whose progress should be tracked by the ESP. The policy provider can define any arbitrary app name as ESP doesn't use the app name directly. Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. -**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/InstallationState** -Optional. This node is supported in both user context and device context. +**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/InstallationState** +Optional. This node is supported in both user context and device context. Represents the installation state for the app. The policy providers (not the MDM server) must update this node for the ESP to track the installation progress and update the status message. Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. @@ -209,8 +209,8 @@ Value type is integer. Expected values are as follows: - 3—Completed - 4—Error -**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/RebootRequired** -Optional. This node is supported in both user context and device context. +**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/RebootRequired** +Optional. This node is supported in both user context and device context. Indicates if the app installation requires ESP to issue a reboot. The policy providers installing the app (not the MDM server) must set this node. If the policy providers don't set this node, the ESP won't reboot the device for the app installation. Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. @@ -221,8 +221,8 @@ Value type is integer. Expected values are as follows: - 2—SoftReboot - 3—HardReboot -**EnrollmentStatusTracking/Setup/HasProvisioningCompleted** -Required. This node is supported in both user context and device context. +**EnrollmentStatusTracking/Setup/HasProvisioningCompleted** +Required. This node is supported in both user context and device context. ESP sets this node when it completes. Providers can query this node to determine if the ESP is showing, which allows them to determine if they still need to provide status updates for the ESP through this CSP. Scope is permanent. Supported operation is Get. @@ -234,4 +234,4 @@ Value type is boolean. Expected values are as follows: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](index.yml) \ No newline at end of file diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md index 7988975af6..ef1f136780 100644 --- a/windows/client-management/mdm/enterpriseapn-csp.md +++ b/windows/client-management/mdm/enterpriseapn-csp.md @@ -1,7 +1,7 @@ --- title: EnterpriseAPN CSP description: The EnterpriseAPN configuration service provider is used by the enterprise to provision an APN for the Internet. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -45,20 +45,20 @@ EnterpriseAPN --------AllowUserControl --------HideView ``` -**EnterpriseAPN** +**EnterpriseAPN** The root node for the EnterpriseAPN configuration service provider. -**EnterpriseAPN/***ConnectionName* +**EnterpriseAPN/***ConnectionName* Name of the connection as seen by Windows Connection Manager. Supported operations are Add, Get, Delete, and Replace. -**EnterpriseAPN/*ConnectionName*/APNName** +**EnterpriseAPN/*ConnectionName*/APNName** Enterprise APN name. Supported operations are Add, Get, Delete, and Replace. -**EnterpriseAPN/*ConnectionName*/IPType** +**EnterpriseAPN/*ConnectionName*/IPType** This value can be one of the following: - IPv4 - only IPV4 connection type. @@ -68,19 +68,19 @@ This value can be one of the following: Supported operations are Add, Get, Delete, and Replace. -**EnterpriseAPN/*ConnectionName*/IsAttachAPN** -Boolean value that indicates whether this APN should be requested as part of an LTE Attach. +**EnterpriseAPN/*ConnectionName*/IsAttachAPN** +Boolean value that indicates whether this APN should be requested as part of an LTE Attach. Default value is false. Supported operations are Add, Get, Delete, and Replace. -**EnterpriseAPN/*ConnectionName*/ClassId** +**EnterpriseAPN/*ConnectionName*/ClassId** GUID that defines the APN class to the modem. This is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting isn't present. It's only required when IsAttachAPN is true and the attach APN isn't only used as the Internet APN. Supported operations are Add, Get, Delete, and Replace. -**EnterpriseAPN/*ConnectionName*/AuthType** +**EnterpriseAPN/*ConnectionName*/AuthType** Authentication type. This value can be one of the following: - None (default) @@ -91,36 +91,36 @@ Authentication type. This value can be one of the following: Supported operations are Add, Get, Delete, and Replace. -**EnterpriseAPN/*ConnectionName*/UserName** +**EnterpriseAPN/*ConnectionName*/UserName** User name for use with PAP, CHAP, or MSCHAPv2 authentication. Supported operations are Add, Get, Delete, and Replace. -**EnterpriseAPN/*ConnectionName*/Password** +**EnterpriseAPN/*ConnectionName*/Password** Password corresponding to the username. Supported operations are Add, Get, Delete, and Replace. -**EnterpriseAPN/*ConnectionName*/IccId** +**EnterpriseAPN/*ConnectionName*/IccId** Integrated Circuit Card ID (ICCID) associated with the cellular connection profile. If this node isn't present, the connection is created on a single-slot device using the ICCID of the UICC and on a dual-slot device using the ICCID of the UICC that is active for data. Supported operations are Add, Get, Delete, and Replace. -**EnterpriseAPN/*ConnectionName*/AlwaysOn** +**EnterpriseAPN/*ConnectionName*/AlwaysOn** Added in Windows 10, version 1607. Boolean value that specifies whether the CM will automatically attempt to connect to the APN when a connection is available. The default value is true. Supported operations are Add, Get, Delete, and Replace. -**EnterpriseAPN/*ConnectionName*/Enabled** +**EnterpriseAPN/*ConnectionName*/Enabled** Added in Windows 10, version 1607. Boolean that specifies whether the connection is enabled. The default value is true. Supported operations are Add, Get, Delete, and Replace. -**EnterpriseAPN/*ConnectionName*/Roaming** +**EnterpriseAPN/*ConnectionName*/Roaming** Added in Windows 10, version 1703. Specifies whether the connection should be activated when the device is roaming. Valid values are: - 0 - Disallowed @@ -132,21 +132,21 @@ Added in Windows 10, version 1703. Specifies whether the connection should be a Default is 1 (all roaming allowed). -Value type is string. +Value type is string. Supported operations are Add, Get, Delete, and Replace. -**EnterpriseAPN/Settings** +**EnterpriseAPN/Settings** Added in Windows 10, version 1607. Node that contains global settings. -**EnterpriseAPN/Settings/AllowUserControl** +**EnterpriseAPN/Settings/AllowUserControl** Added in Windows 10, version 1607. Boolean value that specifies whether the cellular UX will allow users to connect with other APNs other than the Enterprise APN. The default value is false. Supported operations are Get and Replace. -**EnterpriseAPN/Settings/HideView** +**EnterpriseAPN/Settings/HideView** Added in Windows 10, version 1607. Boolean that specifies whether the cellular UX will allow the user to view enterprise APNs. Only applicable if AllowUserControl is true. The default value is false. @@ -298,4 +298,4 @@ atomicZ ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md index e83aef75e3..e14b2947da 100644 --- a/windows/client-management/mdm/enterpriseapn-ddf.md +++ b/windows/client-management/mdm/enterpriseapn-ddf.md @@ -1,7 +1,7 @@ --- title: EnterpriseAPN DDF description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAPN configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **EnterpriseAPN** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The content below are the different versions of the DDF for this CSP. diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md index 23d45c61be..46de6095eb 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 06/26/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -55,98 +55,98 @@ EnterpriseAppVManagement --------ConfigurationId ------------Policy ``` -**./Vendor/MSFT/EnterpriseAppVManagement** +**./Vendor/MSFT/EnterpriseAppVManagement** Root node for the EnterpriseAppVManagement configuration service provider. -**AppVPackageManagement** -Used to query App-V package information (post-publish). +**AppVPackageManagement** +Used to query App-V package information (post-publish). -**AppVPackageManagement/EnterpriseID** +**AppVPackageManagement/EnterpriseID** Used to query package information. Value is always "HostedInstall". -**AppVPackageManagement/EnterpriseID/PackageFamilyName** +**AppVPackageManagement/EnterpriseID/PackageFamilyName** Package ID of the published App-V package. -**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*** Version ID of the published App-V package. -**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Name** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Name** Name specified in the published AppV package. -Value type is string. +Value type is string. Supported operation is Get. -**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Version** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Version** Version specified in the published AppV package. -Value type is string. +Value type is string. Supported operation is Get. -**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Publisher** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Publisher** Publisher as specified in the published asset information of the AppV package. -Value type is string. +Value type is string. Supported operation is Get. -**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallLocation** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallLocation** Local package path specified in the published asset information of the AppV package. -Value type is string. +Value type is string. Supported operation is Get. -**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallDate** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallDate** Date the app was installed, as specified in the published asset information of the AppV package. -Value type is string. +Value type is string. Supported operation is Get. -**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Users** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Users** Registered users for app, as specified in the published asset information of the AppV package. -Value type is string. +Value type is string. Supported operation is Get. -**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageId** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageId** Package ID of the published App-V package. -Value type is string. +Value type is string. Supported operation is Get. -**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVVersionId** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVVersionId** Version ID of the published App-V package. -Value type is string. +Value type is string. Supported operation is Get. -**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageUri** +**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageUri** Package URI of the published App-V package. -Value type is string. +Value type is string. Supported operation is Get. -**AppVPublishing** +**AppVPublishing** Used to monitor publishing operations on App-V. -**AppVPublishing/LastSync** +**AppVPublishing/LastSync** Used to monitor publishing status of last sync operation. -**AppVPublishing/LastSync/LastError** +**AppVPublishing/LastSync/LastError** Error code and error description of last sync operation. -Value type is string. +Value type is string. Supported operation is Get. -**AppVPublishing/LastSync/LastErrorDescription** +**AppVPublishing/LastSync/LastErrorDescription** Last sync error status. One of the following values may be returned: - SYNC\_ERR_NONE (0) - No errors during publish. @@ -161,7 +161,7 @@ Value type is string. Supported operation is Get. -**AppVPublishing/LastSync/SyncStatusDescription** +**AppVPublishing/LastSync/SyncStatusDescription** Latest sync in-progress stage. One of the following values may be returned: - SYNC\_PROGRESS_IDLE (0) - App-V publishing is idle. @@ -170,7 +170,7 @@ Latest sync in-progress stage. One of the following values may be returned: - SYNC\_PROGRESS\_PUBLISH\_GROUP_PACKAGES (3) - App-V packages (connection group) publish in progress. - SYN\C_PROGRESS_UNPUBLISH_PACKAGES (4) - App-V packages unpublish in progress. -Value type is string. +Value type is string. Supported operation is Get. @@ -183,30 +183,30 @@ Latest sync state. One of the following values may be returned: - SYNC\_STATUS\_PUBLISH\_COMPLETED (3) - App-V Sync is complete. - SYNC\_STATUS\_PUBLISH\_REBOOT_REQUIRED (4) - App-V Sync requires device reboot. -Value type is string. +Value type is string. Supported operation is Get. -**AppVPublishing/Sync** +**AppVPublishing/Sync** Used to perform App-V synchronization. -**AppVPublishing/Sync/PublishXML** +**AppVPublishing/Sync/PublishXML** Used to execute the App-V synchronization using the Publishing protocol. For more information about the protocol,, see [[MS-VAPR]: Virtual Application Publishing and Reporting (App-V) Protocol](/openspecs/windows_protocols/ms-vapr/a05e030d-4fb9-4c8d-984b-971253b62be8). Supported operations are Get, Delete, and Execute. -**AppVDynamicPolicy** +**AppVDynamicPolicy** Used to set App-V Policy Configuration documents for publishing packages. -**AppVDynamicPolicy/*ConfigurationId*** +**AppVDynamicPolicy/*ConfigurationId*** ID for App-V Policy Configuration document for publishing packages (referenced in the Publishing protocol document). -**AppVDynamicPolicy/*ConfigurationId*/Policy** +**AppVDynamicPolicy/*ConfigurationId*/Policy** XML for App-V Policy Configuration documents for publishing packages. -Value type is xml. +Value type is xml. Supported operations are Add, Get, Delete, and Replace. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](index.yml) \ No newline at end of file diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md index 0572ef9f96..51705bf533 100644 --- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md +++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md @@ -7,15 +7,15 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/05/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # EnterpriseAppVManagement DDF file -This topic shows the OMA DM device description framework (DDF) for the **EnterpriseAppVManagement** configuration service provider. +This topic shows the OMA DM device description framework (DDF) for the **EnterpriseAppVManagement** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md index bf660969d6..17adea149a 100644 --- a/windows/client-management/mdm/enterprisedataprotection-csp.md +++ b/windows/client-management/mdm/enterprisedataprotection-csp.md @@ -2,7 +2,7 @@ title: EnterpriseDataProtection CSP description: Learn how the EnterpriseDataProtection configuration service provider (CSP) configures Windows Information Protection (formerly, Enterprise Data Protection) settings. ms.assetid: E2D4467F-A154-4C00-9208-7798EF3E25B3 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -59,14 +59,14 @@ EnterpriseDataProtection ----Status ``` -**./Device/Vendor/MSFT/EnterpriseDataProtection** +**./Device/Vendor/MSFT/EnterpriseDataProtection** The root node for the CSP. -**Settings** +**Settings** The root node for the Windows Information Protection (WIP) configuration settings. -**Settings/EDPEnforcementLevel** -Set the WIP enforcement level. +**Settings/EDPEnforcementLevel** +Set the WIP enforcement level. > [!NOTE] > Setting this value isn't sufficient to enable Windows Information Protection on the device. Attempts to change this value will fail when the WIP cleanup is running. @@ -80,7 +80,7 @@ The following list shows the supported values: Supported operations are Add, Get, Replace, and Delete. Value type is integer. -**Settings/EnterpriseProtectedDomainNames** +**Settings/EnterpriseProtectedDomainNames** A list of domains used by the enterprise for its user identities separated by pipes ("|"). The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for Windows Information Protection. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running. Changing the primary enterprise ID isn't supported and may cause unexpected behavior on the client. @@ -96,7 +96,7 @@ Here are the steps to create canonical domain names: Supported operations are Add, Get, Replace, and Delete. Value type is string. -**Settings/AllowUserDecryption** +**Settings/AllowUserDecryption** Allows the user to decrypt files. If this is set to 0 (Not Allowed), then the user won't be able to remove protection from enterprise content through the operating system or the application user experiences. > [!IMPORTANT] @@ -111,7 +111,7 @@ Most restricted value is 0. Supported operations are Add, Get, Replace, and Delete. Value type is integer. -**Settings/DataRecoveryCertificate** +**Settings/DataRecoveryCertificate** Specifies a recovery certificate that can be used for data recovery of encrypted files. This certificate is the same as the data recovery agent (DRA) certificate for encrypting file system (EFS), only delivered through mobile device management (MDM) instead of Group Policy. > [!Note] @@ -124,116 +124,116 @@ The binary blob is the serialized version of following structure: // //  Recovery Policy Data Structures // - + typedef struct _RECOVERY_POLICY_HEADER { USHORT      MajorRevision; USHORT      MinorRevision; ULONG       RecoveryKeyCount; } RECOVERY_POLICY_HEADER, *PRECOVERY_POLICY_HEADER; - + typedef struct _RECOVERY_POLICY_1_1    { RECOVERY_POLICY_HEADER  RecoveryPolicyHeader; RECOVERY_KEY_1_1        RecoveryKeyList[1]; }   RECOVERY_POLICY_1_1, *PRECOVERY_POLICY_1_1; - + #define EFS_RECOVERY_POLICY_MAJOR_REVISION_1   (1) #define EFS_RECOVERY_POLICY_MINOR_REVISION_0   (0) - + #define EFS_RECOVERY_POLICY_MINOR_REVISION_1   (1) - + /////////////////////////////////////////////////////////////////////////////// //                                                                            / //  RECOVERY_KEY Data Structure                                               / //                                                                            / /////////////////////////////////////////////////////////////////////////////// - + // // Current format of recovery data. // - + typedef struct _RECOVERY_KEY_1_1   { ULONG               TotalLength; EFS_PUBLIC_KEY_INFO PublicKeyInfo; } RECOVERY_KEY_1_1, *PRECOVERY_KEY_1_1; - - + + typedef struct _EFS_PUBLIC_KEY_INFO { - + // // The length of this entire structure, including string data // appended to the end. The length should be a multiple of 8 for // 64 bit alignment // - + ULONG Length; - + // // Sid of owner of the public key (regardless of format). // This field is to be treated as a hint only. // - + ULONG PossibleKeyOwner; - + // // Contains information describing how to interpret // the public key information // - + ULONG KeySourceTag; - + union { - + struct { - + // // The following fields contain offsets based at the // beginning of the structure.  Each offset is to // a NULL terminated WCHAR string. // - + ULONG ContainerName; ULONG ProviderName; - + // // The exported public key used to encrypt the FEK. // This field contains an offset from the beginning of the // structure. // - + ULONG PublicKeyBlob; - + // // Length of the PublicKeyBlob in bytes // - + ULONG PublicKeyBlobLength; - + } ContainerInfo; - + struct { - + ULONG CertificateLength;       // in bytes ULONG Certificate;             // offset from start of structure - + } CertificateInfo; - - + + struct { - + ULONG ThumbprintLength;        // in bytes ULONG CertHashData;            // offset from start of structure - + } CertificateThumbprint; }; - - - + + + } EFS_PUBLIC_KEY_INFO, *PEFS_PUBLIC_KEY_INFO; - + // // Possible KeyTag values // - + typedef enum _PUBLIC_KEY_SOURCE_TAG { EfsCryptoAPIContainer = 1, EfsCertificate, @@ -245,7 +245,7 @@ For EFSCertificate KeyTag, it's expected to be a DER ENCODED binary certificate. Supported operations are Add, Get, Replace, and Delete. Value type is base-64 encoded certificate. -**Settings/RevokeOnUnenroll** +**Settings/RevokeOnUnenroll** This policy controls whether to revoke the Windows Information Protection keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1. The following list shows the supported values: @@ -255,7 +255,7 @@ The following list shows the supported values: Supported operations are Add, Get, Replace, and Delete. Value type is integer. -**Settings/RevokeOnMDMHandoff** +**Settings/RevokeOnMDMHandoff** Added in Windows 10, version 1703. This policy controls whether to revoke the Windows Information Protection keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service. - 0 - Don't revoke keys. @@ -263,12 +263,12 @@ Added in Windows 10, version 1703. This policy controls whether to revoke the Wi Supported operations are Add, Get, Replace, and Delete. Value type is integer. -**Settings/RMSTemplateIDForEDP** +**Settings/RMSTemplateIDForEDP** TemplateID GUID to use for Rights Management Service (RMS) encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access. Supported operations are Add, Get, Replace, and Delete. Value type is string (GUID). -**Settings/AllowAzureRMSForEDP** +**Settings/AllowAzureRMSForEDP** Specifies whether to allow Azure RMS encryption for Windows Information Protection. - 0 (default) – Don't use RMS. @@ -276,12 +276,12 @@ Specifies whether to allow Azure RMS encryption for Windows Information Protecti Supported operations are Add, Get, Replace, and Delete. Value type is integer. -**Settings/SMBAutoEncryptedFileExtensions** +**Settings/SMBAutoEncryptedFileExtensions** Added in Windows 10, version 1703. Specifies a list of file extensions, so that files with these extensions are encrypted when copying from a Server Message Block (SMB) share within the corporate boundary as defined in the Policy CSP nodes for [NetworkIsolation/EnterpriseIPRange](policy-configuration-service-provider.md#networkisolation-enterpriseiprange) and [NetworkIsolation/EnterpriseNetworkDomainNames](policy-configuration-service-provider.md#networkisolation-enterprisenetworkdomainnames). Use semicolon (;) delimiter in the list. When this policy isn't specified, the existing auto-encryption behavior is applied. When this policy is configured, only files with the extensions in the list will be encrypted. Supported operations are Add, Get, Replace and Delete. Value type is string. -**Settings/EDPShowIcons** +**Settings/EDPShowIcons** Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles on the **Start** menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the Windows Information Protection icon in the title bar of a WIP-protected app. The following list shows the supported values: @@ -290,7 +290,7 @@ The following list shows the supported values: Supported operations are Add, Get, Replace, and Delete. Value type is integer. -**Status** +**Status** A read-only bit mask that indicates the current state of Windows Information Protection on the Device. The MDM service can use this value to determine the current overall state of WIP. WIP is only on (bit 0 = 1) if WIP mandatory policies and WIP AppLocker settings are configured. Suggested values: @@ -319,6 +319,6 @@ Supported operation is Get. Value type is integer. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md index f8be987381..da67ebd4ea 100644 --- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md +++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md @@ -1,7 +1,7 @@ --- title: EnterpriseDataProtection DDF file description: The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -18,7 +18,7 @@ The following topic shows the OMA DM device description framework (DDF) for the > [!IMPORTANT] > Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md index d06146f5a0..ebd53f9de1 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md @@ -2,7 +2,7 @@ title: EnterpriseDesktopAppManagement CSP description: Learn how the EnterpriseDesktopAppManagement CSP handles enterprise desktop application management tasks, such as installing or removing applications. ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -76,7 +76,7 @@ Installation date of the application. Value type is string. Supported operation **MSI/*ProductID*/DownloadInstall** Executes the download and installation of the application. Value type is string. Supported operations are Execute and Get. -In Windows 10, version 1703 service release, a new tag \ was added to the \ section of the XML. The default value is 0 (don't send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken. `` 0 will set the timeout to infinite. +In Windows 10, version 1703 service release, a new tag \ was added to the \ section of the XML. The default value is 0 (don't send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken. `` 0 will set the timeout to infinite. Here's an example: @@ -178,7 +178,7 @@ The following table describes the fields in the previous sample: | CmdID | Input value used to reference the request. Responses will include this value that can be used to match request and response. | | LocURI | Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting. | - + **SyncML to perform MSI operations for application status reporting** @@ -418,4 +418,4 @@ Here's a list of references: ``` ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](index.yml) \ No newline at end of file diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md index dcf0663717..23261b8b07 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md @@ -1,7 +1,7 @@ --- title: EnterpriseDesktopAppManagement DDF description: This topic shows the OMA DM device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md index 4117208a89..e03181b4e0 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md @@ -1,7 +1,7 @@ --- title: EnterpriseDesktopAppManagement XSD description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index 6aed81068c..dfe544370c 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -1,7 +1,7 @@ --- title: EnterpriseModernAppManagement CSP description: Learn how the EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -24,7 +24,7 @@ The table below shows the applicability of Windows: |Enterprise|Yes|Yes| |Education|Yes|Yes| -The EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. For details about how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md). +The EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. For details about how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](../enterprise-app-management.md). > [!Note] > Windows Holographic only supports per-user configuration of the EnterpriseModernAppManagement CSP. @@ -76,26 +76,26 @@ EnterpriseModernAppManagement ----------------GetLicenseFromStore ``` -**Device or User context** +**Device or User context** For user context, use **./User/Vendor/MSFT** path and for device context, use **./Device/Vendor/MSFT** path. > [!Note] > Windows Holographic only supports per-user configuration of the EnterpriseModernAppManagement CSP. -**AppManagement** +**AppManagement** Required. Used for inventory and app management (post-install). -**AppManagement/UpdateScan** +**AppManagement/UpdateScan** Required. Used to start the Windows Update scan. Supported operation is Execute. -**AppManagement/LastScanError** +**AppManagement/LastScanError** Required. Reports the last error code returned by the update scan. Supported operation is Get. -**AppManagement/AppInventoryResults** +**AppManagement/AppInventoryResults** Added in Windows 10, version 1511. Required. Returns the results for app inventory that was created after the AppInventoryQuery operation. Supported operation is Get. @@ -113,7 +113,7 @@ Here's an example of AppInventoryResults operation. ``` -**AppManagement/AppInventoryQuery** +**AppManagement/AppInventoryQuery** Added in Windows 10, version 1511. Required. Specifies the query for app inventory. Query parameters: @@ -162,7 +162,7 @@ The following example sets the inventory query for the package names and checks ``` -**AppManagement/RemovePackage** +**AppManagement/RemovePackage** Added in Windows 10, version 1703. Used to remove packages. Not supported for ./User/Vendor/MSFT. Parameters: @@ -170,7 +170,7 @@ Parameters:

  • Package
    • Name: Specifies the PackageFullName of the particular package to remove.
      • -
    • RemoveForAllUsers: +
    • RemoveForAllUsers:
      • 0 (default) – Package will be unprovisioned so that new users don't receive the package. The package will remain installed for current users. This option isn't currently supported.
      • 1 – Package will be removed for all users only if it's a provisioned package.
        • @@ -199,62 +199,62 @@ The following example removes a package for all users: ```` -**AppManagement/nonStore** +**AppManagement/nonStore** Used to manage enterprise apps or developer apps that weren't acquired from the Microsoft Store. Supported operation is Get. -**AppManagement/System** +**AppManagement/System** Reports apps installed as part of the operating system. Supported operation is Get. -**AppManagement/AppStore** +**AppManagement/AppStore** Required. Used for managing apps from the Microsoft Store. Supported operations are Get and Delete. -**AppManagement/AppStore/ReleaseManagement** +**AppManagement/AppStore/ReleaseManagement** Added in Windows 10, version 1809. Interior node for the managing updates through the Microsoft Store. These settings allow the IT admin to specify update channels for apps that they want their users to use for receiving updates. It allows the IT admin to assign a specific release to a smaller group for testing before the large deployment to the rest of the organization. > [!NOTE] > ReleaseManagement settings only apply to updates through the Microsoft Store. -**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_** +**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_** Added in Windows 10, version 1809. Identifier for the app or set of apps. If there's only one app, it's the PackageFamilyName. If it's for a set of apps, it's the PackageFamilyName of the main app. -**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/ChannelId** +**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/ChannelId** Added in Windows 10, version 1809. Specifies the app channel ID. -Value type is string. +Value type is string. Supported operations are Add, Get, Replace, and Delete. -**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/ReleaseManagementId** +**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/ReleaseManagementId** Added in Windows 10, version 1809. The IT admin can specify a release ID to indicate a specific release that they would like the user or device to be on. -Value type is string. +Value type is string. Supported operations are Add, Get, Replace, and Delete. -**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease** +**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease** Added in Windows 10, version 1809. Interior node used to specify the effective app release to use when multiple user policies are set on the device. The device policy or last user policy is used. -**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease/ChannelId** +**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease/ChannelId** Added in Windows 10, version 1809. Returns the last user channel ID on the device. -Value type is string. +Value type is string. Supported operation is Get. -**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease/ReleaseManagementId** +**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease/ReleaseManagementId** Added in Windows 10, version 1809. Returns the last user release ID on the device. -Value type is string. +Value type is string. Supported operation is Get. -**.../***PackageFamilyName* +**.../***PackageFamilyName* Optional. Package family name (PFN) of the app. There's one for each PFN on the device when reporting inventory. These items are rooted under their signing origin. Supported operations are Get and Delete. @@ -281,7 +281,7 @@ Here's an example for uninstalling an app: ``` -**.../*PackageFamilyName*/***PackageFullName* +**.../*PackageFamilyName*/***PackageFullName* Optional. Full name of the package installed. Supported operations are Get and Delete. @@ -290,29 +290,29 @@ Supported operations are Get and Delete. > XAP files use a product ID in place of PackageFullName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}. -**.../*PackageFamilyName*/*PackageFullName*/Name** -Required. Name of the app. +**.../*PackageFamilyName*/*PackageFullName*/Name** +Required. Name of the app. Value type is string. Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/Version** -Required. Version of the app. +**.../*PackageFamilyName*/*PackageFullName*/Version** +Required. Version of the app. Value type is string. Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/Publisher** -Required. Publisher name of the app. +**.../*PackageFamilyName*/*PackageFullName*/Publisher** +Required. Publisher name of the app. Value type is string. Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/Architecture** -Required. Architecture of installed package. +**.../*PackageFamilyName*/*PackageFullName*/Architecture** +Required. Architecture of installed package. Value type is string. @@ -321,8 +321,8 @@ Value type is string. Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/InstallLocation** -Required. Install location of the app on the device. +**.../*PackageFamilyName*/*PackageFullName*/InstallLocation** +Required. Install location of the app on the device. Value type is string. @@ -331,7 +331,7 @@ Value type is string. Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/IsFramework** +**.../*PackageFamilyName*/*PackageFullName*/IsFramework** Required. Whether or not the app is a framework package. Value type is int. The value is 1 if the app is a framework package and 0 (zero) for all other cases. > [!Note] @@ -339,21 +339,21 @@ Required. Whether or not the app is a framework package. Value type is int. The Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/IsBundle** -Required. The value is 1 if the package is an app bundle and 0 (zero) for all other cases. +**.../*PackageFamilyName*/*PackageFullName*/IsBundle** +Required. The value is 1 if the package is an app bundle and 0 (zero) for all other cases. Value type is int. Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/InstallDate** -Required. Date the app was installed. +**.../*PackageFamilyName*/*PackageFullName*/InstallDate** +Required. Date the app was installed. Value type is string. Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/ResourceID** +**.../*PackageFamilyName*/*PackageFullName*/ResourceID** Required. Resource ID of the app. This value is null for the main app, ~ for a bundle, and contains resource information for resources packages. Value type is string. > [!Note] @@ -361,8 +361,8 @@ Required. Resource ID of the app. This value is null for the main app, ~ for a b Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/PackageStatus** -Required. Provides information about the status of the package. +**.../*PackageFamilyName*/*PackageFullName*/PackageStatus** +Required. Provides information about the status of the package. Value type is int. Valid values are: @@ -377,7 +377,7 @@ Value type is int. Valid values are: Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/RequiresReinstall** +**.../*PackageFamilyName*/*PackageFullName*/RequiresReinstall** Required. Specifies whether the package state has changed and requires a reinstallation of the app. This change of status can occur when new app resources are required, such as when a device has a change in language preference or a new DPI. It can also occur of the package was corrupted. If the value is 1, reinstallation of the app is performed. Value type is int. > [!Note] @@ -385,7 +385,7 @@ Required. Specifies whether the package state has changed and requires a reinsta Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/Users** +**.../*PackageFamilyName*/*PackageFullName*/Users** Required. Registered users of the app and the package install state. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string. - Not Installed = 0 @@ -395,37 +395,37 @@ Required. Registered users of the app and the package install state. If the quer Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/IsProvisioned** -Required. The value is 0 or 1 that indicates if the app is provisioned on the device. +**.../*PackageFamilyName*/*PackageFullName*/IsProvisioned** +Required. The value is 0 or 1 that indicates if the app is provisioned on the device. The value type is int. Supported operation is Get. -**.../*PackageFamilyName*/*PackageFullName*/IsStub** -Added in Windows 10, version 2004. +**.../*PackageFamilyName*/*PackageFullName*/IsStub** +Added in Windows 10, version 2004. Required. This node is used to identify whether the package is a stub package. A stub package is a version of the package with minimal functionality that will reduce the size of the app. -The value is 1 if the package is a stub package and 0 (zero) for all other cases. +The value is 1 if the package is a stub package and 0 (zero) for all other cases. Value type is int. Supported operation is Get. -**.../*PackageFamilyName*/DoNotUpdate** +**.../*PackageFamilyName*/DoNotUpdate** Required. Specifies whether you want to block a specific app from being updated via auto-updates. Supported operations are Add, Get, Delete, and Replace. -**.../*PackageFamilyName*/AppSettingPolicy** (only for ./User/Vendor/MSFT) +**.../*PackageFamilyName*/AppSettingPolicy** (only for ./User/Vendor/MSFT) Added in Windows 10, version 1511. Interior node for all managed app setting values. This node is only supported in the user context. -**.../*PackageFamilyName*/AppSettingPolicy/***SettingValue* (only for ./User/Vendor/MSFT) +**.../*PackageFamilyName*/AppSettingPolicy/***SettingValue* (only for ./User/Vendor/MSFT) Added in Windows 10, version 1511. The *SettingValue* and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the Managed.App.Settings container. This setting only works for apps that support the feature and it's only supported in the user context. -Value type is string. +Value type is string. Supported operations are Add, Get, Replace, and Delete. @@ -461,10 +461,10 @@ The following example gets all managed app settings for a specific app. ``` -**.../_PackageFamilyName_/MaintainProcessorArchitectureOnUpdate** +**.../_PackageFamilyName_/MaintainProcessorArchitectureOnUpdate** Added in Windows 10, version 1803. Specify whether on an AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available. -Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. Value type is integer. @@ -477,92 +477,92 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M |True |Disabled |X86 flavor is picked | |False (not set) |Not configured |X64 flavor is picked | -**.../_PackageFamilyName_/NonRemovable** -Added in Windows 10, version 1809. Specifies if an app is nonremovable by the user. +**.../_PackageFamilyName_/NonRemovable** +Added in Windows 10, version 1809. Specifies if an app is nonremovable by the user. -This setting allows the IT admin to set an app to be nonremovable, or unable to be uninstalled by a user. This setting is useful in enterprise and education scenarios, where the IT admin might want to ensure that everyone always has certain apps and they won't be removed accidentally. This setting is also useful when there are multiple users per device, and you want to ensure that one user doesn’t remove it for all users. +This setting allows the IT admin to set an app to be nonremovable, or unable to be uninstalled by a user. This setting is useful in enterprise and education scenarios, where the IT admin might want to ensure that everyone always has certain apps and they won't be removed accidentally. This setting is also useful when there are multiple users per device, and you want to ensure that one user doesn’t remove it for all users. NonRemovable requires admin permission. This setting can only be defined per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults. -Value type is integer. +Value type is integer. Supported operations are Add, Get, and Replace. -Valid values: +Valid values: - 0 – app isn't in the nonremovable app policy list - 1 – app is included in the nonremovable app policy list **Examples:** -Add an app to the nonremovable app policy list +Add an app to the nonremovable app policy list ```xml - - - - 1 - - - ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable - - - int - - 1 - - - - - + + + + 1 + + + ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable + + + int + + 1 + + + + + ``` -Get the status for a particular app +Get the status for a particular app ```xml - - - - 1 - - - ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable - - - - - - + + + + 1 + + + ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable + + + + + + ``` -Replace an app in the nonremovable app policy list -Data 0 = app isn't in the app policy list +Replace an app in the nonremovable app policy list +Data 0 = app isn't in the app policy list Data 1 = app is in the app policy list ```xml - - - - 1 - - - ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable - - - int - - 0 - - - - - + + + + 1 + + + ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable + + + int + + 0 + + + + + ``` -**AppInstallation** +**AppInstallation** Required node. Used to perform app installation. -**AppInstallation/***PackageFamilyName* +**AppInstallation/***PackageFamilyName* Optional node. Package family name (PFN) of the app. There's one for each PFN on the device when reporting inventory. These items are rooted under their signing origin. Supported operations are Get and Add. @@ -570,12 +570,12 @@ Supported operations are Get and Add. > [!Note] > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}. -**AppInstallation/*PackageFamilyName*/StoreInstall** +**AppInstallation/*PackageFamilyName*/StoreInstall** Required. Command to perform an install of an app and a license from the Microsoft Store. Supported operation is Execute, Add, Delete, and Get. -**AppInstallation/*PackageFamilyName*/HostedInstall** +**AppInstallation/*PackageFamilyName*/HostedInstall** Required. Command to perform an install of an app package from a hosted location (this location can be a local drive, a UNC, or https data source). The following list shows the supported deployment options: @@ -587,13 +587,13 @@ The following list shows the supported deployment options: - ForceUpdateToAnyVersion - DeferRegistration="1". If the app is in use at the time of installation. This option stages the files for an app update and completes the registration of the app update after the app closes. Available in the latest insider flight of 20H1. - StageOnly="1". Stages the files for an app installation or update without installing the app. Available in 1803. -- LicenseUri="\\server\license.lic". Deploys an offline license from the Microsoft Store for Business. Available in 1607. +- LicenseUri="\\server\license.lic". Deploys an offline license from the Microsoft Store for Business. Available in 1607. - ValidateDependencies="1". This option is used at provisioning/staging time. If it's set to 1, deployment will perform the same dependency validation during staging that we would normally do at registration time, failing and rejecting the provision request if the dependencies aren't present. Available in the latest insider flight of 20H1. - ExcludeAppFromLayoutModification="1". Sets that the app will be provisioned on all devices and will be able to retain the apps provisioned without pinning them to start layout. Available in 1809. Supported operation is Execute, Add, Delete, and Get. -**AppInstallation/*PackageFamilyName*/LastError** +**AppInstallation/*PackageFamilyName*/LastError** Required. Last error relating to the app installation. Supported operation is Get. @@ -601,7 +601,7 @@ Supported operation is Get. > [!Note] > This element isn't present after the app is installed. -**AppInstallation/*PackageFamilyName*/LastErrorDesc** +**AppInstallation/*PackageFamilyName*/LastErrorDesc** Required. Description of last error relating to the app installation. Supported operation is Get. @@ -609,7 +609,7 @@ Supported operation is Get. > [!Note] > This element isn't present after the app is installed. -**AppInstallation/*PackageFamilyName*/Status** +**AppInstallation/*PackageFamilyName*/Status** Required. Status of app installation. The following values are returned: - NOT\_INSTALLED (0) - The node was added, but the execution hasn't completed. @@ -623,7 +623,7 @@ Supported operation is Get. > This element isn't present after the app is installed. -**AppInstallation/*PackageFamilyName*/ProgessStatus** +**AppInstallation/*PackageFamilyName*/ProgessStatus** Required. An integer that indicates the progress of the app installation. For https locations, this integer indicates the download progress. ProgressStatus isn't available for provisioning and it's only for user-based installations. ProgressStatus value is always 0 (zero) in provisioning. Supported operation is Get. @@ -631,18 +631,18 @@ Supported operation is Get. > [!Note] > This element isn't present after the app is installed. -**AppLicenses** +**AppLicenses** Required node. Used to manage licenses for app scenarios. -**AppLicenses/StoreLicenses** +**AppLicenses/StoreLicenses** Required node. Used to manage licenses for store apps. -**AppLicenses/StoreLicenses/***LicenseID* +**AppLicenses/StoreLicenses/***LicenseID* Optional node. License ID for a store installed app. The license ID is generally the PFN of the app. Supported operations are Add, Get, and Delete. -**AppLicenses/StoreLicenses/*LicenseID*/LicenseCategory** +**AppLicenses/StoreLicenses/*LicenseID*/LicenseCategory** Added in Windows 10, version 1511. Required. Category of license that is used to classify various license sources. Valid values are: - Unknown - unknown license category @@ -653,7 +653,7 @@ Added in Windows 10, version 1511. Required. Category of license that is used to Supported operation is Get. -**AppLicenses/StoreLicenses/*LicenseID*/LicenseUsage** +**AppLicenses/StoreLicenses/*LicenseID*/LicenseUsage** Added in Windows 10, version 1511. Required. Indicates the allowed usage for the license. Valid values are: - Unknown - usage is unknown. @@ -663,24 +663,24 @@ Added in Windows 10, version 1511. Required. Indicates the allowed usage for the Supported operation is Get. -**AppLicenses/StoreLicenses/*LicenseID*/RequesterID** +**AppLicenses/StoreLicenses/*LicenseID*/RequesterID** Added in Windows 10, version 1511. Required. Identifier for the entity that requested the license, such as the client who acquired the license. For example, all licenses issued by the Store for Business for a particular enterprise client has the same RequesterID. Supported operation is Get. -**AppLicenses/StoreLicenses/*LicenseID*/AddLicense** +**AppLicenses/StoreLicenses/*LicenseID*/AddLicense** Required. Command to add license. Supported operation is Execute. -**AppLicenses/StoreLicenses/*LicenseID*/GetLicenseFromStore** +**AppLicenses/StoreLicenses/*LicenseID*/GetLicenseFromStore** Added in Windows 10, version 1511. Required. Command to get license from the store. Supported operation is Execute. ## Examples -For examples of how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md). +For examples of how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](../enterprise-app-management.md). Query the device for a specific app subcategory, such as nonStore apps. @@ -720,4 +720,4 @@ Subsequent query for a specific app for its properties. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md index 3a270aad3c..ba9430bc83 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md @@ -1,7 +1,7 @@ --- title: EnterpriseModernAppManagement DDF description: Learn about the OMA DM device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 10/01/2019 This topic shows the OMA DM device description framework (DDF) for the **EnterpriseModernAppManagement** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md index 95016ab8fc..c323934254 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md @@ -1,7 +1,7 @@ --- title: EnterpriseModernAppManagement XSD description: In this article, view the EnterpriseModernAppManagement XSD example so you can set application parameters. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index 607ecdeb20..5785014560 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 03/02/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -57,138 +57,138 @@ eUICCs ------------Status ``` -**./Vendor/MSFT/eUICCs** +**./Vendor/MSFT/eUICCs** Root node for the eUICCs CSP. -**_eUICC_** +**_eUICC_** Interior node. Represents information associated with an eUICC. There's one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen. The node name is meaningful only to the LPA (which associates it with an eUICC ID (EID) in an implementation-specific manner, for example, this association could be an SHA-256 hash of the EID). The node name "Default" represents the currently active eUICC. Supported operation is Get. -**_eUICC_/Identifier** +**_eUICC_/Identifier** Required. Identifies an eUICC in an implementation-specific manner, for example, this identification could be an SHA-256 hash of the EID. Supported operation is Get. Value type is string. -**_eUICC_/IsActive** +**_eUICC_/IsActive** Required. Indicates whether this eUICC is physically present and active. Updated only by the LPA. Supported operation is Get. Value type is boolean. -**_eUICC_/PPR1Allowed** +**_eUICC_/PPR1Allowed** Profile Policy Rule 1 (PPR1) is required. Indicates whether the download of a profile with PPR1 is allowed. If the eUICC already has a profile (regardless of its origin and policy rules associated with it), the download of a profile with PPR1 isn't allowed. -Supported operation is Get. +Supported operation is Get. Value type is boolean. -**_eUICC_/PPR1AlreadySet** +**_eUICC_/PPR1AlreadySet** Required. Indicates whether the eUICC already has a profile with PPR1. -Supported operation is Get. +Supported operation is Get. Value type is boolean. -**_eUICC_/DownloadServers** +**_eUICC_/DownloadServers** Interior node. Represents default SM-DP+ discovery requests. Supported operation is Get. -**_eUICC_/DownloadServers/_ServerName_** +**_eUICC_/DownloadServers/_ServerName_** Interior node. Optional. Node specifying the server name for a discovery operation. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request. Supported operations are Add, Get, and Delete. -**_eUICC_/DownloadServers/_ServerName_/DiscoveryState** +**_eUICC_/DownloadServers/_ServerName_/DiscoveryState** Required. Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA. -Supported operation is Get. +Supported operation is Get. Value type is integer. Default value is 1. -**_eUICC_/DownloadServers/_ServerName_/AutoEnable** +**_eUICC_/DownloadServers/_ServerName_/AutoEnable** Required. Indicates whether the discovered profile must be enabled automatically after install. This setting must be defined by the MDM when the ServerName subtree is created. -Supported operations are Add, Get, and Replace. +Supported operations are Add, Get, and Replace. Value type is bool. -**_eUICC_/DownloadServers/_ServerName_/IsDiscoveryServer** +**_eUICC_/DownloadServers/_ServerName_/IsDiscoveryServer** Optional. Indicates whether the server is a discovery server. This setting must be defined by the MDM when the ServerName subtree is created. -Supported operations are Add, Get, and Replace. +Supported operations are Add, Get, and Replace. Value type is bool. Default value is false. -**_eUICC_/Profiles** +**_eUICC_/Profiles** Interior node. Required. Represents all enterprise-owned profiles. Supported operation is Get. -**_eUICC_/Profiles/_ICCID_** +**_eUICC_/Profiles/_ICCID_** Interior node. Optional. Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC). Supported operations are Add, Get, and Delete. -**_eUICC_/Profiles/_ICCID_/ServerName** +**_eUICC_/Profiles/_ICCID_/ServerName** Required. Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created. -Supported operations are Add and Get. +Supported operations are Add and Get. Value type is string. -**_eUICC_/Profiles/_ICCID_/MatchingID** +**_eUICC_/Profiles/_ICCID_/MatchingID** Required. Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created. -Supported operations are Add and Get. +Supported operations are Add and Get. Value type is string. -**_eUICC_/Profiles/_ICCID_/State** +**_eUICC_/Profiles/_ICCID_/State** Required. Current state of the profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4). Queried by the CSP and only updated by the LPA. -Supported operation is Get. +Supported operation is Get. Value type is integer. Default value is 1. -**_eUICC_/Profiles/_ICCID_/IsEnabled** +**_eUICC_/Profiles/_ICCID_/IsEnabled** Added in Windows 10, version 1803. Indicates whether this profile is enabled. Can be set by the MDM when the ICCID subtree is created to enable the profile once it’s successfully downloaded and installed on the device. Can also be queried and updated by the CSP. -Supported operations are Add, Get, and Replace. +Supported operations are Add, Get, and Replace. Value type is bool. -**_eUICC_/Policies** +**_eUICC_/Policies** Interior node. Required. Device policies associated with the eUICC as a whole (not per-profile). -Supported operation is Get. +Supported operation is Get. -**_eUICC_/Policies/LocalUIEnabled** +**_eUICC_/Policies/LocalUIEnabled** Required. Determines whether the local user interface of the LUI is available (true if available, false otherwise). Initially populated by the LPA when the eUICC tree is created, can be queried and changed by the MDM server. -Supported operations are Get and Replace. +Supported operations are Get and Replace. Value type is boolean. Default value is true. -**_eUICC_/Actions** +**_eUICC_/Actions** Interior node. Required. Actions that can be performed on the eUICC as a whole (when it's active). Supported operation is Get. -**_eUICC_/Actions/ResetToFactoryState** +**_eUICC_/Actions/ResetToFactoryState** Required. An EXECUTE on this node triggers the LPA to perform an eUICC Memory Reset. -Supported operation is Execute. +Supported operation is Execute. Value type is string. -**_eUICC_/Actions/Status** +**_eUICC_/Actions/Status** Required. Status of most recent operation, as an HRESULT. S_OK indicates success, S_FALSE indicates operation is in progress, other values represent specific errors. -Supported value is Get. +Supported value is Get. Value type is integer. Default is 0. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md index 62bced8f33..cab2efe2b9 100644 --- a/windows/client-management/mdm/euiccs-ddf-file.md +++ b/windows/client-management/mdm/euiccs-ddf-file.md @@ -1,7 +1,7 @@ --- title: eUICCs DDF file description: Learn about the OMA DM device description framework (DDF) for the eUICCs configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 03/02/2018 This topic shows the OMA DM device description framework (DDF) for the **eUICCs** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below if for Windows 10, version 1803. diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index af9202d9ca..7d3f2c7e1c 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: vinaypamnani-msft -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -26,12 +26,12 @@ The table below shows the applicability of Windows: The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP was added Windows 10, version 1709. The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP was added Windows 10, version 1709. - + Firewall rules in the FirewallRules section must be wrapped in an Atomic block in SyncML, either individually or collectively. For detailed information on some of the fields below, see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](/openspecs/windows_protocols/ms-winerrata/6521c5c4-1f76-4003-9ade-5cccfc27c8ac). -The following example shows the Firewall configuration service provider in tree format. +The following example shows the Firewall configuration service provider in tree format. ``` ./Vendor/MSFT Firewall @@ -130,7 +130,7 @@ Supported operation is Get. **MdmStore/Global** Interior node. -Supported operations are Get. +Supported operations are Get. **MdmStore/Global/PolicyVersionSupported** Integer value that contains the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value isn't merged and is always a fixed value for a particular firewall and advanced security components software build. @@ -144,7 +144,7 @@ Value type in integer. Supported operation is Get. Boolean value. If false, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. True means stateful FTP is disabled. The merge law for this option is to let "true" values win. Default value is false. -Data type is bool. Supported operations are Add, Get, Replace, and Delete. +Data type is bool. Supported operations are Add, Get, Replace, and Delete. **MdmStore/Global/SaIdleTime** This value configures the security association idle time, in seconds. Security associations are deleted after network traffic isn't seen for this specified period of time. The value is integer and MUST be in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value. @@ -351,7 +351,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. **FirewallRules/_FirewallRuleName_/IcmpTypesAndCodes** ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the “\*” character. For specific ICMP types and codes, use the “:” character to separate the type and code, for example, 3:4, 1:\*. The “\*” character can be used to represent any code. The “\*” character cannot be used to specify any type; examples such as “\*:4” or “\*:\*” are invalid. -If not specified, the default is All. +If not specified, the default is All. Value type is string. Supported operations are Add, Get, Replace, and Delete. **FirewallRules/*FirewallRuleName*/LocalAddressRanges** @@ -455,16 +455,16 @@ Name of the rule. Value type is string. Supported operations are Add, Get, Replace, and Delete. **FirewallRules/_FirewallRuleName_/RemoteAddressDynamicKeywords** -Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying the remote addresses covered by the rule. +Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying the remote addresses covered by the rule. Value type is string. Supported operations are Add, Get, Replace, and Delete. **MdmStore/DynamicKeywords** -Interior node. +Interior node. Supported operation is Get. **MdmStore/DynamicKeywords/Addresses** -Interior node. +Interior node. Supported operation is Get. **MdmStore/DynamicKeywords/Addresses/Id** @@ -487,11 +487,11 @@ Valid tokens include: Supported operations are Add, Delete, Replace, and Get. **MdmStore/DynamicKeywords/Addresses/Id/AutoResolve** -Boolean value. If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a Fully Qualified Domain Name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present. +Boolean value. If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a Fully Qualified Domain Name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present. Value type is string. Supported operations are Add, Delete, and Get. Value type is string. Supported operations are Add, Delete, and Get. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md index 50b8729198..c31d769719 100644 --- a/windows/client-management/mdm/firewall-ddf-file.md +++ b/windows/client-management/mdm/firewall-ddf-file.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/05/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -16,7 +16,7 @@ manager: aaroncz This topic shows the OMA DM device description framework (DDF) for the **Firewall** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). ```xml @@ -1512,7 +1512,7 @@ ServiceName - Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value. + Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value. Valid tokens include: "*" indicates any local address. If present, this must be the only token included. diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index 9c85e6205e..f4b7d29d2e 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -1,14 +1,14 @@ --- title: Device HealthAttestation CSP description: Learn how the DHA-CSP enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article ms.prod: w10 ms.technology: windows author: vinaypamnani-msft -ms.date: +ms.date: --- # Device HealthAttestation CSP @@ -97,11 +97,11 @@ HealthAttestation ----MaxSupportedProtocolVersion ``` -**./Vendor/MSFT/HealthAttestation** +**./Vendor/MSFT/HealthAttestation** The root node for the device HealthAttestation configuration service provider. -**TriggerAttestation** (Required) +**TriggerAttestation** (Required) Node type: EXECUTE @@ -124,7 +124,7 @@ Templated SyncML Call: { rpID : "rpID", serviceEndpoint : "MAA endpoint", nonce : "nonce", aadToken : "aadToken", "cv" : "CorrelationVector" - } + } @@ -145,12 +145,12 @@ Sample Data: ```json -{ +{ "rpid" : "https://www.contoso.com/attestation", "endpoint" : "https://contoso.eus.attest.azure.net/attest/tpm?api-version=2020-10-01", "nonce" : "5468697320697320612054657374204e6f6e6365", "aadToken" : "dummytokenstring", -"cv" : "testonboarded" +"cv" : "testonboarded" } ``` @@ -176,7 +176,7 @@ Templated SyncML Call: - + ``` @@ -209,7 +209,7 @@ Templated SyncML Call: - + ``` @@ -244,7 +244,7 @@ Templated SyncML Call: - + ``` @@ -255,7 +255,7 @@ Sample data: If success: GUID returned by the attestation service: 1k9+vQOn00S8ZK33;CMc969r1JEuHwDpM If Trigger Attestation call failed and no previous data is present. The field remains empty. -Otherwise, the last service correlation id will be returned. In a successful attestation there are two +Otherwise, the last service correlation id will be returned. In a successful attestation there are two calls between client and MAA and for each call the GUID is separated by semicolon. ``` @@ -277,13 +277,13 @@ calls between client and MAA and for each call the GUID is separated by semicolo configurationrules{ }; - authorizationrules { + authorizationrules { => permit(); }; issuancerules{ - // SecureBoot enabled + // SecureBoot enabled c:[type == "events", issuer=="AttestationService"] => add(type = "efiConfigVariables", value = JmesPath(c.value, "Events[?EventTypeString == 'EV_EFI_VARIABLE_DRIVER_CONFIG' && ProcessedData.VariableGuid == '8BE4DF61-93CA-11D2-AA0D-00E098032B8C']")); c:[type == "efiConfigVariables", issuer=="AttestationPolicy"]=> issue(type = "secureBootEnabled", value = JsonToClaimValue(JmesPath(c.value, "[?ProcessedData.UnicodeName == 'SecureBoot'] | length(@) == `1` && @[0].ProcessedData.VariableData == 'AQ'"))); ![type=="secureBootEnabled", issuer=="AttestationPolicy"] => issue(type="secureBootEnabled", value=false); @@ -351,9 +351,9 @@ calls between client and MAA and for each call the GUID is separated by semicolo // Find the first EV_SEPARATOR in PCR 12, 13, Or 14 c:[type=="events", issuer=="AttestationService"] => add(type="evSeparatorSeq", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_SEPARATOR' && (PcrIndex == `12` || PcrIndex == `13` || PcrIndex == `14`)] | @[0].EventSeq")); c:[type=="evSeparatorSeq", value != "null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value=AppendString(AppendString("Events[? EventSeq < `", c.value), "`")); - [type=="evSeparatorSeq", value=="null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value="Events[? `true` "); + [type=="evSeparatorSeq", value=="null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value="Events[? `true` "); - // Find the first EVENT_APPLICATION_SVN. + // Find the first EVENT_APPLICATION_SVN. c:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] => add(type="bootMgrSvnSeqQuery", value=AppendString(c.value, " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `12` && ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN] | @[0].EventSeq")); c1:[type=="bootMgrSvnSeqQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => add(type="bootMgrSvnSeq", value=JmesPath(c2.value, c1.value)); c:[type=="bootMgrSvnSeq", value!="null", issuer=="AttestationPolicy"] => add(type="bootMgrSvnQuery", value=AppendString(AppendString("Events[? EventSeq == `", c.value), "`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN | @[0]")); @@ -396,7 +396,7 @@ calls between client and MAA and for each call the GUID is separated by semicolo c1:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] && c2:[type=="afterTransferCtrlClause", issuer=="AttestationPolicy"] => add(type="moduleQuery", value=AppendString(AppendString(c1.value, c2.value), " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13` && ((ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_LOADEDMODULE_AGGREGATION[].EVENT_MODULE_SVN | @[0]) || (ProcessedData.EVENT_LOADEDMODULE_AGGREGATION[].EVENT_MODULE_SVN | @[0]))].EventSeq | @[0]")); c1:[type=="moduleQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => add(type="moduleSeq", value=JmesPath(c2.value, c1.value)); - // Find the first EVENT_APPLICATION_SVN after EV_EVENT_TAG in PCR 12. + // Find the first EVENT_APPLICATION_SVN after EV_EVENT_TAG in PCR 12. c:[type=="moduleSeq", value!="null", issuer=="AttestationPolicy"] => add(type="applicationSvnAfterModuleClause", value=AppendString(AppendString(" && EventSeq > `", c.value), "`")); c1:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] && c2:[type=="applicationSvnAfterModuleClause", issuer=="AttestationPolicy"] => add(type="bootAppSvnQuery", value=AppendString(AppendString(c1.value, c2.value), " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `12`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN | @[0]")); c1:[type=="bootAppSvnQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => issue(type="bootAppSvn", value=JsonToClaimValue(JmesPath(c2.value, c1.value))); @@ -464,7 +464,7 @@ calls between client and MAA and for each call the GUID is separated by semicolo }.[Signature] ``` -### Learn More +### Learn More More information about TPM attestation can be found here: [Microsoft Azure Attestation](/azure/attestation/). @@ -487,7 +487,7 @@ More information about TPM attestation can be found here: [Microsoft Azure Attes - DHA-CSP forwards device boot data (DHA-BootData) to DHA-Service - DHA-Service replies with an encrypted data blob (DHA-EncBlob) - - DHA-CSP and MDM-Server communication: + - DHA-CSP and MDM-Server communication: - MDM-Server sends a device health verification request to DHA-CSP - DHA-CSP replies with a payload called DHA-Data that includes an encrypted (DHA-EncBlob) and a signed (DHA-SignedBlob) data blob @@ -549,10 +549,10 @@ More information about TPM attestation can be found here: [Microsoft Azure Attes |Device Health Attestation – On Premise(DHA-OnPrem)|DHA-OnPrem refers to DHA-Service that is running on premises:
      • Offered to Windows Server 2016 customer (no added licensing cost for enabling/running DHA-Service)
      • Hosted on an enterprise owned and managed server device/hardware
      • Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on-premises and hybrid (Cloud + OnPrem) hardware attestation scenarios
      • Accessible to all enterprise-managed devices via following settings:
        • FQDN = (enterprise assigned)
        • Port = (enterprise assigned)
        • Protocol = TCP|The operation cost of running one or more instances of Server 2016 on-premises.
        • | |Device Health Attestation - Enterprise-Managed Cloud(DHA-EMC)|DHA-EMC refers to an enterprise-managed DHA-Service that is running as a virtual host/service on a Windows Server 2016 compatible - enterprise-managed cloud service, such as Microsoft Azure.
      • Offered to Windows Server 2016 customers with no extra licensing cost (no added licensing cost for enabling/running DHA-Service)
      • Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on-premises and hybrid (Cloud + OnPrem) hardware attestation scenarios
      • Accessible to all enterprise-managed devices via following settings:
        • FQDN = (enterprise assigned)
        • Port = (enterprise assigned)
        • Protocol = TCP|The operation cost of running Server 2016 on a compatible cloud service, such as Microsoft Azure.
        • | -### CSP diagram and node descriptions +### CSP diagram and node descriptions + +The following shows the Device HealthAttestation configuration service provider in tree format. -The following shows the Device HealthAttestation configuration service provider in tree format. - ```console ./Vendor/MSFT HealthAttestation @@ -569,17 +569,17 @@ HealthAttestation ----MaxSupportedProtocolVersion ``` -**./Vendor/MSFT/HealthAttestation** +**./Vendor/MSFT/HealthAttestation** The root node for the device HealthAttestation configuration service provider. -**VerifyHealth** (Required) +**VerifyHealth** (Required) Notifies the device to prepare a device health verification request. The supported operation is Execute. -**Status** (Required) +**Status** (Required) Provides the current status of the device health request. @@ -592,19 +592,19 @@ The following list shows some examples of supported values. For the complete lis - 2 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_FAILED): A valid DHA-EncBlob couldn't be retrieved from the DHA-Service for reasons other than discussed in the DHA error/status codes - 3 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_COMPLETE): DHA-Data is ready for pickup -**ForceRetrieve** (Optional) +**ForceRetrieve** (Optional) Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that is issued by DHA-Service). This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service. Boolean value. The supported operation is Replace. -**Certificate** (Required) +**Certificate** (Required) Instructs the DHA-CSP to forward DHA-Data to the MDM server. Value type is b64. The supported operation is Get. -**Nonce** (Required) +**Nonce** (Required) Enables MDMs to protect the device health attestation communications from man-in-the-middle type (MITM) attacks with a crypt-protected random value that is generated by the MDM Server. @@ -612,7 +612,7 @@ The nonce is in hex format, with a minimum size of 8 bytes, and a maximum size o The supported operations are Get and Replace. -**CorrelationId** (Required) +**CorrelationId** (Required) Identifies a unique device health attestation session. CorrelationId is used to correlate DHA-Service logs with the MDM server events and Client event logs for debug and troubleshooting. @@ -685,7 +685,7 @@ SSL-Session: Protocol: TLSv1.2 Cipher: ECDHE-RSA-AES256-SHA384 Session-ID: B22300009621370F84A4A3A7D9FC40D584E047C090604E5226083A02ED239C93 - Session-ID-ctx: + Session-ID-ctx: Master-Key: 9E3F6BE5B3D3B55C070470CA2B62EF59CC1D5ED9187EF5B3D1BBF4C101EE90BEB04F34FFD748A13C92A387104B8D1DE7 Key-Arg: None PSK identity: None @@ -706,7 +706,7 @@ There are three types of DHA-Service: DHA-Cloud is the default setting. No further action is required if an enterprise is planning to use Microsoft DHA-Cloud as the trusted DHA-Service provider. -For DHA-OnPrem & DHA-EMC scenarios, send a SyncML command to the HASEndpoint node to instruct a managed device to communicate with the enterprise trusted DHA-Service. +For DHA-OnPrem & DHA-EMC scenarios, send a SyncML command to the HASEndpoint node to instruct a managed device to communicate with the enterprise trusted DHA-Service. The following example shows a sample call that instructs a managed device to communicate with an enterprise-managed DHA-Service. @@ -854,7 +854,7 @@ After the MDM server receives the verified data, the information can be used to The following list of data points is verified by the DHA-Service in DHA-Report version 3: -- [Issued](#issued ) +- [Issued](#issued ) - [AIKPresent](#aikpresent) - [ResetCount](#resetcount) * - [RestartCount](#restartcount) * @@ -882,8 +882,8 @@ The following list of data points is verified by the DHA-Service in DHA-Report v - [OSRevListInfo](#osrevlistinfo) - [HealthStatusMismatchFlags](#healthstatusmismatchflags) -\* TPM 2.0 only -\*\* Reports if BitLocker was enabled during initial boot. +\* TPM 2.0 only +\*\* Reports if BitLocker was enabled during initial boot. \*\*\* The "Hybrid Resume" must be disabled on the device. Reports first-party ELAM "Defender" was loaded during boot. Each of these data points is described in further detail in the following sections, along with the recommended actions to take. @@ -892,7 +892,7 @@ Each of these data points is described in further detail in the following sectio The date and time DHA-report was evaluated or issued to MDM. -**AIKPresent** +**AIKPresent** When an Attestation Identity Key (AIK) is present on a device, it indicates that the device has an endorsement key (EK) certificate. It can be trusted more than a device that doesn’t have an EK certificate. @@ -913,7 +913,7 @@ This attribute reports the number of times a PC device has hibernated or resumed This attribute reports the number of times a PC device has rebooted. -**DEPPolicy** +**DEPPolicy** A device can be trusted more if the DEP Policy is enabled on the device. @@ -933,7 +933,7 @@ If DEPPolicy = 0 (Off), then take one of the following actions that align with y - Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history. - Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks. -**BitLockerStatus** (at boot time) +**BitLockerStatus** (at boot time) When BitLocker is reported "on" at boot time, the device is able to protect data that is stored on the drive from unauthorized access, when the system is turned off or goes to hibernation. @@ -976,7 +976,7 @@ If `CodeIntegrityRevListVersion !`= [CurrentVersion], then take one of the follo - Place the device in a watch list to monitor the device more closely for potential risks. - Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue. -**SecureBootEnabled** +**SecureBootEnabled** When Secure Boot is enabled, the core components used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies this requirement before it lets the machine start. If any files have been tampered with, breaking their signature, the system won't boot. @@ -1005,7 +1005,7 @@ If BootDebuggingEnabled = 1 (True), then take one of the following actions that - Disallow all access. - Disallow access to HBI assets. - Place the device in a watch list to monitor the device more closely for potential risks. -- Trigger a corrective action, such as enabling VSM using WMI or a PowerShell script. +- Trigger a corrective action, such as enabling VSM using WMI or a PowerShell script. **OSKernelDebuggingEnabled** @@ -1020,7 +1020,7 @@ If OSKernelDebuggingEnabled = 1 (True), then take one of the following actions t - Place the device in a watch list to monitor the device more closely for potential risks. - Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue. -**CodeIntegrityEnabled** +**CodeIntegrityEnabled** When code integrity is enabled, code execution is restricted to integrity verified code. @@ -1055,7 +1055,7 @@ If TestSigningEnabled = 1 (True), then take one of the following actions that al - Place the device in a watch list to monitor the device more closely for potential risks. - Trigger a corrective action, such as enabling test signing using WMI or a PowerShell script. -**SafeMode** +**SafeMode** Safe mode is a troubleshooting option for Windows that starts your computer in a limited state. Only the basic files and drivers necessary to run Windows are started. @@ -1067,7 +1067,7 @@ If SafeMode = 1 (True), then take one of the following actions that align with y - Disallow access to HBI assets. - Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue. -**WinPE** +**WinPE** Windows pre-installation Environment (Windows PE) is a minimal operating system with limited services that is used to prepare a computer for Windows installation, to copy disk images from a network file server, and to initiate Windows Setup. @@ -1101,7 +1101,7 @@ If ELAMDriverLoaded = 0 (False), then take one of the following actions that ali - Disallow access to HBI assets. - Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue. -**VSMEnabled** +**VSMEnabled** Virtual Secure Mode (VSM) is a container that protects high value assets from a compromised kernel. VSM requires about 1 GB of memory – it has enough capability to run the LSA service that is used for all authentication brokering. @@ -1212,7 +1212,7 @@ If reported OSRevListInfo version equals an accepted value, then allow access. If reported OSRevListInfo version doesn't equal an accepted value, then take one of the following actions that align with your enterprise policies: - Disallow all access. -- Direct the device to an enterprise honeypot, to further monitor the device's activities. +- Direct the device to an enterprise honeypot, to further monitor the device's activities. **HealthStatusMismatchFlags** @@ -1222,70 +1222,70 @@ If an issue is detected, a list of impacted DHA-report elements will be listed u ### Device HealthAttestation CSP status and error codes -Error code: 0 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZED +Error code: 0 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZED Error description: This state is the initial state for devices that have never participated in a DHA-Session. -Error code: 1 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED +Error code: 1 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED Error description: This state signifies that MDM client’s Exec call on the node VerifyHealth has been triggered and now the OS is trying to retrieve DHA-EncBlob from DHA-Server. -Error code: 2 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED +Error code: 2 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED Error description: This state signifies that the device failed to retrieve DHA-EncBlob from DHA-Server. -Error code: 3 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETE +Error code: 3 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETE Error description: This state signifies that the device has successfully retrieved DHA-EncBlob from the DHA-Server. -Error code: 4 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_PCR_FAIL +Error code: 4 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_PCR_FAIL Error description: Deprecated in Windows 10, version 1607. -Error code: 5 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETQUOTE_FAIL +Error code: 5 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETQUOTE_FAIL Error description: DHA-CSP failed to get a claim quote. -Error code: 6 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_DEVICE_NOT_READY +Error code: 6 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_DEVICE_NOT_READY Error description: DHA-CSP failed in opening a handle to Microsoft Platform Crypto Provider. -Error code: 7 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_WINDOWS_AIK_FAIL +Error code: 7 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_WINDOWS_AIK_FAIL Error description: DHA-CSP failed in retrieving Windows AIK -Error code: 8 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FROM_WEB_FAIL +Error code: 8 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FROM_WEB_FAIL Error description: Deprecated in Windows 10, version 1607. -Error code: 9 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_INVALID_TPM_VERSION +Error code: 9 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_INVALID_TPM_VERSION Error description: Invalid TPM version (TPM version isn't 1.2 or 2.0) -Error code: 10 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETNONCE_FAIL +Error code: 10 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETNONCE_FAIL Error description: Nonce wasn't found in the registry. -Error code: 11 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCORRELATIONID_FAIL +Error code: 11 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCORRELATIONID_FAIL Error description: Correlation ID wasn't found in the registry. -Error code: 12 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCERT_FAIL +Error code: 12 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCERT_FAIL Error description: Deprecated in Windows 10, version 1607. -Error code: 13 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCLAIM_FAIL +Error code: 13 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCLAIM_FAIL Error description: Deprecated in Windows 10, version 1607. -Error code: 14 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_ENCODING_FAIL +Error code: 14 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_ENCODING_FAIL Error description: Failure in Encoding functions. (Extremely unlikely scenario) -Error code: 15 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_ENDPOINTOVERRIDE_FAIL +Error code: 15 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_ENDPOINTOVERRIDE_FAIL Error description: Deprecated in Windows 10, version 1607. -Error code: 16 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_LOAD_XML +Error code: 16 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_LOAD_XML Error description: DHA-CSP failed to load the payload it received from DHA-Service -Error code: 17 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CORRUPT_XML +Error code: 17 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CORRUPT_XML Error description: DHA-CSP received a corrupted response from DHA-Service. -Error code: 18 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_XML +Error code: 18 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_XML Error description: DHA-CSP received an empty response from DHA-Service. -Error code: 19 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_AES_EK +Error code: 19 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_AES_EK Error description: DHA-CSP failed in decrypting the AES key from the EK challenge. -Error code: 20 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_CERT_AES_EK +Error code: 20 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_CERT_AES_EK Error description: DHA-CSP failed in decrypting the health cert with the AES key. -Error code: 21 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EXPORT_AIKPUB +Error code: 21 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EXPORT_AIKPUB Error description: DHA-CSP failed in exporting the AIK Public Key. Error code: 22 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_CLAIMAUTHORITYONLY @@ -1413,7 +1413,7 @@ Error description: DHA-Service isn't reachable by DHA-CSP - + @@ -1430,7 +1430,7 @@ Error description: DHA-Service isn't reachable by DHA-CSP - @@ -1474,7 +1474,7 @@ xmlns="http://schemas.microsoft.com/windows/security/healthcertificate/validatio 1 1 2 - 4ACCBE0ADB9627FFD6285C2E06EC5AC59ABF62C7 + 4ACCBE0ADB9627FFD6285C2E06EC5AC59ABF62C7 00000000000001001A000B00200000005300690050006F006C006900630079002E007000370062000000A4BF7EF05585876A61CBFF7CAE8123BE756D58B1BBE04F9719D15D6271514CF5 005D447A7CC6D101200000000B00CBB56E8B19267E24A2986C4A616CCB58B4D53F6020AC8FD5FC205C20F2AB00BC 8073EEA7F8FAD001200000000B00A8285B04DE618ACF4174C59F07AECC002D11DD7D97FA5D464F190C9D9E3479BA @@ -1488,4 +1488,4 @@ For more information, see [PC Client TPM Certification](https://trustedcomputing ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md index ccc7b8a660..f0277343bb 100644 --- a/windows/client-management/mdm/healthattestation-ddf.md +++ b/windows/client-management/mdm/healthattestation-ddf.md @@ -1,7 +1,7 @@ --- title: HealthAttestation DDF description: Learn about the OMA DM device description framework (DDF) for the HealthAttestation configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -16,7 +16,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **HealthAttestation** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/images/Provisioning_CSP_DMClient_TH2.png b/windows/client-management/mdm/images/Provisioning_CSP_DMClient_TH2.png deleted file mode 100644 index 28ae086ef7..0000000000 Binary files a/windows/client-management/mdm/images/Provisioning_CSP_DMClient_TH2.png and /dev/null differ diff --git a/windows/client-management/mdm/images/Provisioning_CSP_RemoteWipe_DMandCP.png b/windows/client-management/mdm/images/Provisioning_CSP_RemoteWipe_DMandCP.png deleted file mode 100644 index f7d21f0a94..0000000000 Binary files a/windows/client-management/mdm/images/Provisioning_CSP_RemoteWipe_DMandCP.png and /dev/null differ diff --git a/windows/client-management/mdm/images/Provisioning_CSP_eUICCs.png b/windows/client-management/mdm/images/Provisioning_CSP_eUICCs.png deleted file mode 100644 index a4c67a8b7e..0000000000 Binary files a/windows/client-management/mdm/images/Provisioning_CSP_eUICCs.png and /dev/null differ diff --git a/windows/client-management/mdm/images/admx-appv-publishing.png b/windows/client-management/mdm/images/admx-appv-publishing.png deleted file mode 100644 index 31d83e9329..0000000000 Binary files a/windows/client-management/mdm/images/admx-appv-publishing.png and /dev/null differ diff --git a/windows/client-management/mdm/images/auto-enrollment-azure-ad-device-settings.png b/windows/client-management/mdm/images/auto-enrollment-azure-ad-device-settings.png deleted file mode 100644 index 802d843215..0000000000 Binary files a/windows/client-management/mdm/images/auto-enrollment-azure-ad-device-settings.png and /dev/null differ diff --git a/windows/client-management/mdm/images/autoenrollment-device-status.png b/windows/client-management/mdm/images/autoenrollment-device-status.png deleted file mode 100644 index 67072b0da7..0000000000 Binary files a/windows/client-management/mdm/images/autoenrollment-device-status.png and /dev/null differ diff --git a/windows/client-management/mdm/images/block-untrusted-processes.png b/windows/client-management/mdm/images/block-untrusted-processes.png deleted file mode 100644 index c9d774457e..0000000000 Binary files a/windows/client-management/mdm/images/block-untrusted-processes.png and /dev/null differ diff --git a/windows/client-management/mdm/images/businessstoreportalservices10.png b/windows/client-management/mdm/images/businessstoreportalservices10.png deleted file mode 100644 index bd643ebfac..0000000000 Binary files a/windows/client-management/mdm/images/businessstoreportalservices10.png and /dev/null differ diff --git a/windows/client-management/mdm/images/businessstoreportalservices11.png b/windows/client-management/mdm/images/businessstoreportalservices11.png deleted file mode 100644 index f420a32be4..0000000000 Binary files a/windows/client-management/mdm/images/businessstoreportalservices11.png and /dev/null differ diff --git a/windows/client-management/mdm/images/businessstoreportalservices12.png b/windows/client-management/mdm/images/businessstoreportalservices12.png deleted file mode 100644 index 10cda8c9d6..0000000000 Binary files a/windows/client-management/mdm/images/businessstoreportalservices12.png and /dev/null differ diff --git a/windows/client-management/mdm/images/businessstoreportalservices13.png b/windows/client-management/mdm/images/businessstoreportalservices13.png deleted file mode 100644 index c839aea73c..0000000000 Binary files a/windows/client-management/mdm/images/businessstoreportalservices13.png and /dev/null differ diff --git a/windows/client-management/mdm/images/businessstoreportalservices14.png b/windows/client-management/mdm/images/businessstoreportalservices14.png deleted file mode 100644 index 01173f564e..0000000000 Binary files a/windows/client-management/mdm/images/businessstoreportalservices14.png and /dev/null differ diff --git a/windows/client-management/mdm/images/businessstoreportalservices8.png b/windows/client-management/mdm/images/businessstoreportalservices8.png deleted file mode 100644 index 81668d8ed3..0000000000 Binary files a/windows/client-management/mdm/images/businessstoreportalservices8.png and /dev/null differ diff --git a/windows/client-management/mdm/images/businessstoreportalservices9.png b/windows/client-management/mdm/images/businessstoreportalservices9.png deleted file mode 100644 index 1aaec4889e..0000000000 Binary files a/windows/client-management/mdm/images/businessstoreportalservices9.png and /dev/null differ diff --git a/windows/client-management/mdm/images/checkmark.png b/windows/client-management/mdm/images/checkmark.png deleted file mode 100644 index 253e5fe54b..0000000000 Binary files a/windows/client-management/mdm/images/checkmark.png and /dev/null differ diff --git a/windows/client-management/mdm/images/class-guids.png b/windows/client-management/mdm/images/class-guids.png deleted file mode 100644 index 6951e4ed5a..0000000000 Binary files a/windows/client-management/mdm/images/class-guids.png and /dev/null differ diff --git a/windows/client-management/mdm/images/crossmark.png b/windows/client-management/mdm/images/crossmark.png deleted file mode 100644 index b6758f3095..0000000000 Binary files a/windows/client-management/mdm/images/crossmark.png and /dev/null differ diff --git a/windows/client-management/mdm/images/device-manager-disk-drives.png b/windows/client-management/mdm/images/device-manager-disk-drives.png deleted file mode 100644 index 44be977537..0000000000 Binary files a/windows/client-management/mdm/images/device-manager-disk-drives.png and /dev/null differ diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures2.png b/windows/client-management/mdm/images/diagnose-mdm-failures2.png deleted file mode 100644 index ca29ceeac3..0000000000 Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures2.png and /dev/null differ diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures3.png b/windows/client-management/mdm/images/diagnose-mdm-failures3.png deleted file mode 100644 index 5da5c15077..0000000000 Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures3.png and /dev/null differ diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures4.png b/windows/client-management/mdm/images/diagnose-mdm-failures4.png deleted file mode 100644 index 20b55dcee7..0000000000 Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures4.png and /dev/null differ diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures5.png b/windows/client-management/mdm/images/diagnose-mdm-failures5.png deleted file mode 100644 index 6a3dec9354..0000000000 Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures5.png and /dev/null differ diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures6.png b/windows/client-management/mdm/images/diagnose-mdm-failures6.png deleted file mode 100644 index 5a9647cccd..0000000000 Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures6.png and /dev/null differ diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures7.png b/windows/client-management/mdm/images/diagnose-mdm-failures7.png deleted file mode 100644 index f39af3ccec..0000000000 Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures7.png and /dev/null differ diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures8.png b/windows/client-management/mdm/images/diagnose-mdm-failures8.png deleted file mode 100644 index d066198c59..0000000000 Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures8.png and /dev/null differ diff --git a/windows/client-management/mdm/images/disk-drive-hardware-id.png b/windows/client-management/mdm/images/disk-drive-hardware-id.png deleted file mode 100644 index cf8399acf4..0000000000 Binary files a/windows/client-management/mdm/images/disk-drive-hardware-id.png and /dev/null differ diff --git a/windows/client-management/mdm/images/enterpriseassignedaccess-csp.png b/windows/client-management/mdm/images/enterpriseassignedaccess-csp.png deleted file mode 100644 index 9febfb37df..0000000000 Binary files a/windows/client-management/mdm/images/enterpriseassignedaccess-csp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/flow-configlock.png b/windows/client-management/mdm/images/flow-configlock.png deleted file mode 100644 index 4310537887..0000000000 Binary files a/windows/client-management/mdm/images/flow-configlock.png and /dev/null differ diff --git a/windows/client-management/mdm/images/hardware-ids.png b/windows/client-management/mdm/images/hardware-ids.png deleted file mode 100644 index 9017f289f6..0000000000 Binary files a/windows/client-management/mdm/images/hardware-ids.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-accountmanagement.png b/windows/client-management/mdm/images/provisioning-csp-accountmanagement.png deleted file mode 100644 index 1475cb600f..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-accountmanagement.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-accounts.png b/windows/client-management/mdm/images/provisioning-csp-accounts.png deleted file mode 100644 index ceb90aff58..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-accounts.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-activesync-cp.png b/windows/client-management/mdm/images/provisioning-csp-activesync-cp.png deleted file mode 100644 index f73fce23b5..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-activesync-cp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-alljoynmanagement.png b/windows/client-management/mdm/images/provisioning-csp-alljoynmanagement.png deleted file mode 100644 index 8bfe73ca36..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-alljoynmanagement.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png b/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png deleted file mode 100644 index 012b0b392b..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-applocker.png b/windows/client-management/mdm/images/provisioning-csp-applocker.png deleted file mode 100644 index 20e46ea2eb..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-applocker.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png b/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png deleted file mode 100644 index 663f449910..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-bitlocker.png b/windows/client-management/mdm/images/provisioning-csp-bitlocker.png deleted file mode 100644 index 63ccb6fc89..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-bitlocker.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-bootstrap-cp.png b/windows/client-management/mdm/images/provisioning-csp-bootstrap-cp.png deleted file mode 100644 index f7ec4f65f7..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-bootstrap-cp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-browserfavorite-cp.png b/windows/client-management/mdm/images/provisioning-csp-browserfavorite-cp.png deleted file mode 100644 index f79837b683..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-browserfavorite-cp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-cellularsettings.png b/windows/client-management/mdm/images/provisioning-csp-cellularsettings.png deleted file mode 100644 index c8fbd79761..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-cellularsettings.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-certificatestore.png b/windows/client-management/mdm/images/provisioning-csp-certificatestore.png deleted file mode 100644 index 291122996d..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-certificatestore.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-cleanpc.png b/windows/client-management/mdm/images/provisioning-csp-cleanpc.png deleted file mode 100644 index 1b1d0fb613..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-cleanpc.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-clientcertificateinstall.png b/windows/client-management/mdm/images/provisioning-csp-clientcertificateinstall.png deleted file mode 100644 index 285576269b..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-clientcertificateinstall.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-cm-cellularentries.png b/windows/client-management/mdm/images/provisioning-csp-cm-cellularentries.png deleted file mode 100644 index 87e5cd25ba..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-cm-cellularentries.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-cm-proxyentries-cp.png b/windows/client-management/mdm/images/provisioning-csp-cm-proxyentries-cp.png deleted file mode 100644 index 6a1a3c35c2..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-cm-proxyentries-cp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-cmpolicy.png b/windows/client-management/mdm/images/provisioning-csp-cmpolicy.png deleted file mode 100644 index 71d5c46b33..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-cmpolicy.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-cmpolicyenterprise.png b/windows/client-management/mdm/images/provisioning-csp-cmpolicyenterprise.png deleted file mode 100644 index 1668606ec0..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-cmpolicyenterprise.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-customdeviceui.png b/windows/client-management/mdm/images/provisioning-csp-customdeviceui.png deleted file mode 100644 index 0bccee955f..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-customdeviceui.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-defender.png b/windows/client-management/mdm/images/provisioning-csp-defender.png deleted file mode 100644 index ccf57208df..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-defender.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png b/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png deleted file mode 100644 index 76df1eafea..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-developersetup.png b/windows/client-management/mdm/images/provisioning-csp-developersetup.png deleted file mode 100644 index 09793afcf9..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-developersetup.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-deviceinstanceservice.png b/windows/client-management/mdm/images/provisioning-csp-deviceinstanceservice.png deleted file mode 100644 index c03c7232ac..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-deviceinstanceservice.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-devicelock.png b/windows/client-management/mdm/images/provisioning-csp-devicelock.png deleted file mode 100644 index f89b1a62aa..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-devicelock.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-devicemanageability.png b/windows/client-management/mdm/images/provisioning-csp-devicemanageability.png deleted file mode 100644 index 136c240862..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-devicemanageability.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-devicestatus.png b/windows/client-management/mdm/images/provisioning-csp-devicestatus.png deleted file mode 100644 index 520d58a825..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-devicestatus.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-devinfo-dm.png b/windows/client-management/mdm/images/provisioning-csp-devinfo-dm.png deleted file mode 100644 index 31487a542f..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-devinfo-dm.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-diagnosticlog.png b/windows/client-management/mdm/images/provisioning-csp-diagnosticlog.png deleted file mode 100644 index a12415ae84..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-diagnosticlog.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-dmacc-dm.png b/windows/client-management/mdm/images/provisioning-csp-dmacc-dm.png deleted file mode 100644 index 6c2c9150ee..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-dmacc-dm.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png b/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png deleted file mode 100644 index 28ae086ef7..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-dmsessionactions.png b/windows/client-management/mdm/images/provisioning-csp-dmsessionactions.png deleted file mode 100644 index 3333e92249..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-dmsessionactions.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-dynamicmanagement.png b/windows/client-management/mdm/images/provisioning-csp-dynamicmanagement.png deleted file mode 100644 index fc7e7f12aa..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-dynamicmanagement.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-email2.png b/windows/client-management/mdm/images/provisioning-csp-email2.png deleted file mode 100644 index 980b403aee..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-email2.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-enrollmentstatustracking.png b/windows/client-management/mdm/images/provisioning-csp-enrollmentstatustracking.png deleted file mode 100644 index 3025185664..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-enrollmentstatustracking.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-enterpriseapn-rs1.png b/windows/client-management/mdm/images/provisioning-csp-enterpriseapn-rs1.png deleted file mode 100644 index 33f7471063..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-enterpriseapn-rs1.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-enterpriseappmanagement.png b/windows/client-management/mdm/images/provisioning-csp-enterpriseappmanagement.png deleted file mode 100644 index bbc01eb24c..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-enterpriseappmanagement.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-enterpriseappvmanagement.png b/windows/client-management/mdm/images/provisioning-csp-enterpriseappvmanagement.png deleted file mode 100644 index 1650842550..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-enterpriseappvmanagement.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-enterpriseassignedaccess.png b/windows/client-management/mdm/images/provisioning-csp-enterpriseassignedaccess.png deleted file mode 100644 index 3411096e90..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-enterpriseassignedaccess.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-enterprisedataprotection.png b/windows/client-management/mdm/images/provisioning-csp-enterprisedataprotection.png deleted file mode 100644 index 960a246a41..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-enterprisedataprotection.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-enterprisedesktopappmanagement.png b/windows/client-management/mdm/images/provisioning-csp-enterprisedesktopappmanagement.png deleted file mode 100644 index 573749b4ec..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-enterprisedesktopappmanagement.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-enterpriseext.png b/windows/client-management/mdm/images/provisioning-csp-enterpriseext.png deleted file mode 100644 index 04cf1f18fe..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-enterpriseext.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-enterpriseextfilesystem.png b/windows/client-management/mdm/images/provisioning-csp-enterpriseextfilesystem.png deleted file mode 100644 index e90fe5ba90..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-enterpriseextfilesystem.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-enterprisemodernappmanagement.png b/windows/client-management/mdm/images/provisioning-csp-enterprisemodernappmanagement.png deleted file mode 100644 index 4328edcad7..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-enterprisemodernappmanagement.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-euiccs.png b/windows/client-management/mdm/images/provisioning-csp-euiccs.png deleted file mode 100644 index 387fdae3fb..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-euiccs.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-filesystem-dm.png b/windows/client-management/mdm/images/provisioning-csp-filesystem-dm.png deleted file mode 100644 index 525159c3b2..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-filesystem-dm.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-firewall.png b/windows/client-management/mdm/images/provisioning-csp-firewall.png deleted file mode 100644 index 4720e51cd7..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-firewall.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-healthattestation.png b/windows/client-management/mdm/images/provisioning-csp-healthattestation.png deleted file mode 100644 index 20c1a14566..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-healthattestation.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-hotspot-cp.png b/windows/client-management/mdm/images/provisioning-csp-hotspot-cp.png deleted file mode 100644 index d3f928a8a7..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-hotspot-cp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-maps.png b/windows/client-management/mdm/images/provisioning-csp-maps.png deleted file mode 100644 index 2fe7ee311d..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-maps.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-messaging.png b/windows/client-management/mdm/images/provisioning-csp-messaging.png deleted file mode 100644 index 620476da70..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-messaging.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-multisim.png b/windows/client-management/mdm/images/provisioning-csp-multisim.png deleted file mode 100644 index 86473079f4..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-multisim.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-nap.png b/windows/client-management/mdm/images/provisioning-csp-nap.png deleted file mode 100644 index 9af073c7c0..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-nap.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-napdef-cp-2.png b/windows/client-management/mdm/images/provisioning-csp-napdef-cp-2.png deleted file mode 100644 index 492b973eda..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-napdef-cp-2.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-napdef-cp.png b/windows/client-management/mdm/images/provisioning-csp-napdef-cp.png deleted file mode 100644 index b62865faf9..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-napdef-cp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-networkproxy.png b/windows/client-management/mdm/images/provisioning-csp-networkproxy.png deleted file mode 100644 index 23671d20f1..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-networkproxy.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-networkqospolicy.png b/windows/client-management/mdm/images/provisioning-csp-networkqospolicy.png deleted file mode 100644 index 734c4213ec..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-networkqospolicy.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-nodecache.png b/windows/client-management/mdm/images/provisioning-csp-nodecache.png deleted file mode 100644 index d46abae93f..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-nodecache.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-office.png b/windows/client-management/mdm/images/provisioning-csp-office.png deleted file mode 100644 index c6bf90a18a..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-office.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-passportforwork.png b/windows/client-management/mdm/images/provisioning-csp-passportforwork.png deleted file mode 100644 index 1714a93764..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-passportforwork.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-passportforwork2.png b/windows/client-management/mdm/images/provisioning-csp-passportforwork2.png deleted file mode 100644 index 92585d5426..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-passportforwork2.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-personalization.png b/windows/client-management/mdm/images/provisioning-csp-personalization.png deleted file mode 100644 index c64c18ce5c..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-personalization.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-policy.png b/windows/client-management/mdm/images/provisioning-csp-policy.png deleted file mode 100644 index d44ef30e52..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-policy.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-policymanager.png b/windows/client-management/mdm/images/provisioning-csp-policymanager.png deleted file mode 100644 index 48d5b056df..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-policymanager.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-provisioning.png b/windows/client-management/mdm/images/provisioning-csp-provisioning.png deleted file mode 100644 index 8383027916..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-provisioning.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-proxy.png b/windows/client-management/mdm/images/provisioning-csp-proxy.png deleted file mode 100644 index 471842dbdb..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-proxy.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-pxlogical-cp-2.png b/windows/client-management/mdm/images/provisioning-csp-pxlogical-cp-2.png deleted file mode 100644 index 19c6b30cf1..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-pxlogical-cp-2.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-pxlogical-cp.png b/windows/client-management/mdm/images/provisioning-csp-pxlogical-cp.png deleted file mode 100644 index b224a2cdc8..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-pxlogical-cp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-remotefind.png b/windows/client-management/mdm/images/provisioning-csp-remotefind.png deleted file mode 100644 index 5ef59e1e3a..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-remotefind.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-remotelock.png b/windows/client-management/mdm/images/provisioning-csp-remotelock.png deleted file mode 100644 index dc7fb40afa..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-remotelock.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-remotering.png b/windows/client-management/mdm/images/provisioning-csp-remotering.png deleted file mode 100644 index 6cd032f383..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-remotering.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png b/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png deleted file mode 100644 index 73494217f8..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-reporting.png b/windows/client-management/mdm/images/provisioning-csp-reporting.png deleted file mode 100644 index 6d2c4695b1..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-reporting.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-rootcacertificate.png b/windows/client-management/mdm/images/provisioning-csp-rootcacertificate.png deleted file mode 100644 index 68672472c3..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-rootcacertificate.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-securitypolicy-dmandcp.png b/windows/client-management/mdm/images/provisioning-csp-securitypolicy-dmandcp.png deleted file mode 100644 index b3c09e85e4..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-securitypolicy-dmandcp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-storage.png b/windows/client-management/mdm/images/provisioning-csp-storage.png deleted file mode 100644 index 072e20e583..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-storage.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png b/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png deleted file mode 100644 index f123d98073..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-surfacehub.png b/windows/client-management/mdm/images/provisioning-csp-surfacehub.png deleted file mode 100644 index 1e31e34b6e..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-surfacehub.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-tenantlockdown.png b/windows/client-management/mdm/images/provisioning-csp-tenantlockdown.png deleted file mode 100644 index e788aebb52..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-tenantlockdown.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-tpmpolicy.png b/windows/client-management/mdm/images/provisioning-csp-tpmpolicy.png deleted file mode 100644 index 8950a1614d..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-tpmpolicy.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-uefi.png b/windows/client-management/mdm/images/provisioning-csp-uefi.png deleted file mode 100644 index 42adcc7895..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-uefi.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-update.png b/windows/client-management/mdm/images/provisioning-csp-update.png deleted file mode 100644 index e88466a113..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-update.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-uwf.png b/windows/client-management/mdm/images/provisioning-csp-uwf.png deleted file mode 100644 index 4f21fd2a03..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-uwf.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-vpn.png b/windows/client-management/mdm/images/provisioning-csp-vpn.png deleted file mode 100644 index f46b884641..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-vpn.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-vpnv2.png b/windows/client-management/mdm/images/provisioning-csp-vpnv2.png deleted file mode 100644 index 09c27e0e12..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-vpnv2.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-w4-application-cp.png b/windows/client-management/mdm/images/provisioning-csp-w4-application-cp.png deleted file mode 100644 index b6c9e3bd8f..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-w4-application-cp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-w7-application-dm.png b/windows/client-management/mdm/images/provisioning-csp-w7-application-dm.png deleted file mode 100644 index 78cfe00a0e..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-w7-application-dm.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-watp.png b/windows/client-management/mdm/images/provisioning-csp-watp.png deleted file mode 100644 index 7ce8a10a78..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-watp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-wifi.png b/windows/client-management/mdm/images/provisioning-csp-wifi.png deleted file mode 100644 index 28f5080466..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-wifi.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-win32appinventory.png b/windows/client-management/mdm/images/provisioning-csp-win32appinventory.png deleted file mode 100644 index 9ce9119d77..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-win32appinventory.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png b/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png deleted file mode 100644 index a15961bbcc..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png b/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png deleted file mode 100644 index 5896b7c1df..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-windowslicensing.png b/windows/client-management/mdm/images/provisioning-csp-windowslicensing.png deleted file mode 100644 index 07ca4f9982..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-windowslicensing.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-windowssecurityauditing.png b/windows/client-management/mdm/images/provisioning-csp-windowssecurityauditing.png deleted file mode 100644 index fe0baef545..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-windowssecurityauditing.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-wirednetwork.png b/windows/client-management/mdm/images/provisioning-csp-wirednetwork.png deleted file mode 100644 index 2fd93631ff..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-wirednetwork.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-customcsp-example1.png b/windows/client-management/mdm/images/provisioning-customcsp-example1.png deleted file mode 100644 index 5c1fba7347..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-customcsp-example1.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-customcsp-example2.png b/windows/client-management/mdm/images/provisioning-customcsp-example2.png deleted file mode 100644 index 3f45c8ca1f..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-customcsp-example2.png and /dev/null differ diff --git a/windows/client-management/mdm/images/reboot-csp.png b/windows/client-management/mdm/images/reboot-csp.png deleted file mode 100644 index 3779d5fcd6..0000000000 Binary files a/windows/client-management/mdm/images/reboot-csp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/secureassessment-csp.png b/windows/client-management/mdm/images/secureassessment-csp.png deleted file mode 100644 index 9538f31626..0000000000 Binary files a/windows/client-management/mdm/images/secureassessment-csp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/sharedpc-csp.png b/windows/client-management/mdm/images/sharedpc-csp.png deleted file mode 100644 index 3491643287..0000000000 Binary files a/windows/client-management/mdm/images/sharedpc-csp.png and /dev/null differ diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-21.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-21.png deleted file mode 100644 index ca53b739d5..0000000000 Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-21.png and /dev/null differ diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-22.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-22.png deleted file mode 100644 index e0686385c0..0000000000 Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-22.png and /dev/null differ diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-23.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-23.png deleted file mode 100644 index b7b5659cdc..0000000000 Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-23.png and /dev/null differ diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-24.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-24.png deleted file mode 100644 index 79c4cd6bf4..0000000000 Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-24.png and /dev/null differ diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-25.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-25.png deleted file mode 100644 index 451edd5207..0000000000 Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-25.png and /dev/null differ diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-33.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-33.png deleted file mode 100644 index e46a66db99..0000000000 Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-33.png and /dev/null differ diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-34.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-34.png deleted file mode 100644 index 28bccd8d04..0000000000 Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-34.png and /dev/null differ diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-35.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-35.png deleted file mode 100644 index 808a093cdc..0000000000 Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-35.png and /dev/null differ diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-36.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-36.png deleted file mode 100644 index 4f64e04263..0000000000 Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-36.png and /dev/null differ diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-37-b.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-37-b.png deleted file mode 100644 index 304bf8aa0b..0000000000 Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-37-b.png and /dev/null differ diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-37.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-37.png deleted file mode 100644 index ef30e3dddf..0000000000 Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-37.png and /dev/null differ diff --git a/windows/client-management/mdm/images/update-policies.png b/windows/client-management/mdm/images/update-policies.png deleted file mode 100644 index af72edd294..0000000000 Binary files a/windows/client-management/mdm/images/update-policies.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update.png b/windows/client-management/mdm/images/windowsembedded-update.png deleted file mode 100644 index 1a1eaa7c64..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update10.png b/windows/client-management/mdm/images/windowsembedded-update10.png deleted file mode 100644 index aae3534dfd..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update10.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update11.png b/windows/client-management/mdm/images/windowsembedded-update11.png deleted file mode 100644 index 74a747adf4..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update11.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update12.png b/windows/client-management/mdm/images/windowsembedded-update12.png deleted file mode 100644 index 5279b02c64..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update12.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update13.png b/windows/client-management/mdm/images/windowsembedded-update13.png deleted file mode 100644 index dfa15a35e3..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update13.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update14.png b/windows/client-management/mdm/images/windowsembedded-update14.png deleted file mode 100644 index 58417d2ca4..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update14.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update15.png b/windows/client-management/mdm/images/windowsembedded-update15.png deleted file mode 100644 index 2a234c3c41..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update15.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update16.png b/windows/client-management/mdm/images/windowsembedded-update16.png deleted file mode 100644 index d5833c233f..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update16.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update17.png b/windows/client-management/mdm/images/windowsembedded-update17.png deleted file mode 100644 index b4cd548cca..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update17.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update18.png b/windows/client-management/mdm/images/windowsembedded-update18.png deleted file mode 100644 index 58c4d1c93f..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update18.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update19.png b/windows/client-management/mdm/images/windowsembedded-update19.png deleted file mode 100644 index 7684ebabd5..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update19.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update2.png b/windows/client-management/mdm/images/windowsembedded-update2.png deleted file mode 100644 index 71b47fca43..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update2.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update21.png b/windows/client-management/mdm/images/windowsembedded-update21.png deleted file mode 100644 index fdf72a8ca3..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update21.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update22.png b/windows/client-management/mdm/images/windowsembedded-update22.png deleted file mode 100644 index 9e677907a6..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update22.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update23.png b/windows/client-management/mdm/images/windowsembedded-update23.png deleted file mode 100644 index f41ea8efda..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update23.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update3.png b/windows/client-management/mdm/images/windowsembedded-update3.png deleted file mode 100644 index 1d69407fd3..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update3.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update4.png b/windows/client-management/mdm/images/windowsembedded-update4.png deleted file mode 100644 index 0d5c96a2cc..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update4.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update5.png b/windows/client-management/mdm/images/windowsembedded-update5.png deleted file mode 100644 index 18b0ac7828..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update5.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update6.png b/windows/client-management/mdm/images/windowsembedded-update6.png deleted file mode 100644 index 37a8b2ebe4..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update6.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update7.png b/windows/client-management/mdm/images/windowsembedded-update7.png deleted file mode 100644 index a38954e8c6..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update7.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update8.png b/windows/client-management/mdm/images/windowsembedded-update8.png deleted file mode 100644 index 0a99c6bcae..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update8.png and /dev/null differ diff --git a/windows/client-management/mdm/images/windowsembedded-update9.png b/windows/client-management/mdm/images/windowsembedded-update9.png deleted file mode 100644 index 3d6780497d..0000000000 Binary files a/windows/client-management/mdm/images/windowsembedded-update9.png and /dev/null differ diff --git a/windows/client-management/mdm/index.yml b/windows/client-management/mdm/index.yml index 93540583f5..fe657489a9 100644 --- a/windows/client-management/mdm/index.yml +++ b/windows/client-management/mdm/index.yml @@ -1,11 +1,11 @@ ### YamlMime:Landing -title: Mobile Device Management # < 60 chars -summary: Find out how to enroll Windows devices and manage company security policies and business applications. # < 160 chars +title: Configuration Service Provider # < 60 chars +summary: Learn more about the configuration service provider (CSP) policies available on Windows 10 and Windows 11. # < 160 chars metadata: - title: Mobile Device Management # Required; page title displayed in search results. Include the brand. < 60 chars. - description: Find out how to enroll Windows devices and manage company security policies and business applications. # Required; article description that is displayed in search results. < 160 chars. + title: Configuration Service Provider # Required; page title displayed in search results. Include the brand. < 60 chars. + description: Learn more about the configuration service provider (CSP) policies available on Windows 10 and Windows 11. # Required; article description that is displayed in search results. < 160 chars. ms.topic: landing-page # Required services: windows-10 ms.prod: windows @@ -24,56 +24,46 @@ metadata: landingContent: # Cards and links should be based on top customer tasks or top subjects # Start card title with a verb - # Card (optional) - - title: Device enrollment - linkLists: - - linkListType: overview - links: - - text: Mobile device enrollment - url: mobile-device-enrollment.md - - linkListType: concept - links: - - text: Enroll Windows devices - url: mdm-enrollment-of-windows-devices.md - - text: Automatic enrollment using Azure AD - url: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md - - text: Automatic enrollment using Group Policy - url: enroll-a-windows-10-device-automatically-using-group-policy.md - - text: Bulk enrollment - url: bulk-enrollment-using-windows-provisioning-tool.md # Card (optional) - - title: Device management + - title: Configuration service provider reference linkLists: - - linkListType: overview + - linkListType: reference links: - - text: Enterprise settings, policies, and app management - url: windows-mdm-enterprise-settings.md - - linkListType: concept - links: - - text: Enterprise app management - url: enterprise-app-management.md - - text: Device updates management - url: device-update-management.md - - text: Secured-core PC configuration lock - url: config-lock.md - - text: Diagnose MDM failures - url: diagnose-mdm-failures-in-windows-10.md + - text: Support scenarios + url: configuration-service-provider-support.md + - text: Device description framework (DDF) files + url: configuration-service-provider-ddf.md + - text: BitLocker CSP + url: bitlocker-csp.md + - text: DynamicManagement CSP + url: dynamicmanagement-csp.md + # Card (optional) - - title: CSP reference + - title: Policy CSP linkLists: - - linkListType: overview - links: - - text: Configuration service provider reference - url: configuration-service-provider-reference.md - linkListType: reference links: - text: Policy CSP url: policy-configuration-service-provider.md + - text: Policy DDF file + url: policy-ddf-file.md + - text: Policy CSP - Start + url: policy-csp-start.md - text: Policy CSP - Update url: policy-csp-update.md - - text: DynamicManagement CSP - url: dynamicmanagement-csp.md - - text: BitLocker CSP - url: bitlocker-csp.md + + # Card (optional) + - title: Policy CSP support scenarios + linkLists: + - linkListType: reference + links: + - text: ADMX policies + url: policies-in-policy-csp-admx-backed.md + - text: Policies supported by group policy + url: policies-in-policy-csp-supported-by-group-policy.md + - text: Policies supported by HoloLens 2 + url: policies-in-policy-csp-supported-by-hololens2.md + - text: Policies supported by Microsoft Surface Hub + url: policies-in-policy-csp-supported-by-surface-hub.md \ No newline at end of file diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md index 70617f2287..9c383468c7 100644 --- a/windows/client-management/mdm/laps-csp.md +++ b/windows/client-management/mdm/laps-csp.md @@ -760,6 +760,6 @@ This example is configuring a hybrid device to back up its password to Active Di ## Related articles -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) [Windows LAPS](/windows-server/identity/laps/laps) diff --git a/windows/client-management/mdm/laps-ddf-file.md b/windows/client-management/mdm/laps-ddf-file.md index dcd69ca70c..5a830139c8 100644 --- a/windows/client-management/mdm/laps-ddf-file.md +++ b/windows/client-management/mdm/laps-ddf-file.md @@ -14,9 +14,9 @@ manager: jsimmons # Local Administrator Password Solution DDF file -This article shows the OMA DM device description framework (DDF) for the Local Administrator Password Solution (LAPS) configuration service provider. +This article shows the OMA DM device description framework (DDF) for the Local Administrator Password Solution (LAPS) configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md index 0042735b48..27e3cb817b 100644 --- a/windows/client-management/mdm/multisim-csp.md +++ b/windows/client-management/mdm/multisim-csp.md @@ -7,11 +7,11 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 03/22/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- -# MultiSIM CSP +# MultiSIM CSP The table below shows the applicability of Windows: @@ -43,52 +43,52 @@ MultiSIM --------Policies ------------SlotSelectionEnabled ``` -**./Device/Vendor/MSFT/MultiSIM** +**./Device/Vendor/MSFT/MultiSIM** Root node. -**_ModemID_** +**_ModemID_** Node representing a Mobile Broadband Modem. The node name is the modem ID. Modem ID is a GUID without curly braces, with exception of "Embedded" which represents the embedded modem. -**_ModemID_/Identifier** +**_ModemID_/Identifier** Modem ID. Supported operation is Get. Value type is string. -**_ModemID_/IsEmbedded** +**_ModemID_/IsEmbedded** Indicates whether this modem is embedded or external. Supported operation is Get. Value type is bool. -**_ModemID_/Slots** +**_ModemID_/Slots** Represents all SIM slots in the Modem. -**_ModemID_/Slots/_SlotID_** +**_ModemID_/Slots/_SlotID_** Node representing a SIM Slot. The node name is the Slot ID. SIM Slot ID format is "0", "1", etc., with exception of "Embedded" which represents the embedded Slot. -**_ModemID_/Slots/_SlotID_/Identifier** +**_ModemID_/Slots/_SlotID_/Identifier** Slot ID. Supported operation is Get. Value type is integer. -**_ModemID_/Slots/_SlotID_/IsEmbedded** +**_ModemID_/Slots/_SlotID_/IsEmbedded** Indicates whether this Slot is embedded or a physical SIM slot. Supported operation is Get. Value type is bool. -**_ModemID_/Slots/_SlotID_/IsSelected** +**_ModemID_/Slots/_SlotID_/IsSelected** Indicates whether this Slot is selected or not. Supported operation is Get and Replace. Value type is bool. -**_ModemID_/Slots/_SlotID_/State** +**_ModemID_/Slots/_SlotID_/State** Slot state (Unknown = 0, OffEmpty = 1, Off = 2, Empty = 3, NotReady = 4, Active = 5, Error = 6, ActiveEsim = 7, ActiveEsimNoProfile = 8) Supported operation is Get. Value type is integer. -**_ModemID_/Policies** +**_ModemID_/Policies** Policies associated with the Modem. -**_ModemID_/Policies/SlotSelectionEnabled** +**_ModemID_/Policies/SlotSelectionEnabled** Determines whether the user is allowed to change slots in the Cellular settings UI. Default is true. Supported operation is Get and Replace. Value type is bool. @@ -109,7 +109,7 @@ Get modem - + ``` @@ -128,7 +128,7 @@ Get slots - + ``` @@ -147,7 +147,7 @@ Get slot state - + ``` @@ -171,7 +171,7 @@ Select slot true - + ``` diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md index 662c3e0384..29365184f1 100644 --- a/windows/client-management/mdm/multisim-ddf.md +++ b/windows/client-management/mdm/multisim-ddf.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 02/27/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md index 2a4d93d58f..fd5f01ba9a 100644 --- a/windows/client-management/mdm/nap-csp.md +++ b/windows/client-management/mdm/nap-csp.md @@ -1,7 +1,7 @@ --- title: NAP CSP description: Learn how the Network Access Point (NAP) configuration service provider (CSP) is used to manage and query GPRS and CDMA connections. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -71,28 +71,28 @@ NAP ----------------SecureLevel ``` -**./Vendor/MSFT/NAP** +**./Vendor/MSFT/NAP** Root node. -***NAPX*** +***NAPX*** Required. Defines the name of the network access point. It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two network access points, use "NAP0" and "NAP1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), however, no spaces may appear in the name (use %20 instead). -***NAPX*/NAPID** +***NAPX*/NAPID** Required. Specifies the identifier of the destination network. The NAPID value must not include a "@" character. If the NAPDEF configuration service provider defines it as “connectionID@WAP”, this value should be set to “connectionID”. -***NAPX*/NAME** +***NAPX*/NAME** Optional. Specifies the user-friendly name of the connection. -***NAPX*/ADDR** +***NAPX*/ADDR** Required. Specifies the address of the destination network. The ADDR may be the URL of an access point, the APN name for a GPRS access point, the telephone number of an answering modem, or any other string used to uniquely identify the address of the destination network. -***NAPX*/ADDRTYPE** +***NAPX*/ADDRTYPE** Required. Specifies the type of address used to identify the destination network. The following table shows some commonly used ADDRTYPE values and the types of connection that corresponds with each value. @@ -103,28 +103,28 @@ The following table shows some commonly used ADDRTYPE values and the types of co |APN|GPRS connections| |ALPHA|Wi-Fi-based connections| -***NAPX*/AuthInfo** +***NAPX*/AuthInfo** Optional node. Specifies the authentication information, including the protocol, user name, and password. -***NAPX*/AuthInfo/AuthType** +***NAPX*/AuthInfo/AuthType** Optional. Specifies the method of authentication. Some supported protocols are PAP, CHAP, HTTP-BASIC, HTTP-DIGEST, WTLS-SS, and MD5. -***NAPX*/AuthInfo/AuthName** +***NAPX*/AuthInfo/AuthName** Optional. Specifies the user name and domain to be used during authentication. This field is in the form *Domain*\\*UserName*. -***NAPX*/AuthInfo/AuthSecret** +***NAPX*/AuthInfo/AuthSecret** Optional. Specifies the password used during authentication. Queries of this field will return a string composed of 16 asterisks (\*). -***NAPX*/Bearer** +***NAPX*/Bearer** Node. -***NAPX*/Bearer/BearerType** +***NAPX*/Bearer/BearerType** Required. Specifies the network type of the destination network. This can be set to GPRS, CDMA2000, WCDMA, TDMA, CSD, DTPT, and Wi-Fi. ## Related articles -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml)   diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md index ebef8beec0..e3f47e30a2 100644 --- a/windows/client-management/mdm/napdef-csp.md +++ b/windows/client-management/mdm/napdef-csp.md @@ -1,7 +1,7 @@ --- title: NAPDEF CSP description: Learn how the NAPDEF configuration service provider (CSP) is used to add, modify, or delete WAP network access points (NAPs). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -28,8 +28,8 @@ The NAPDEF configuration service provider is used to add, modify, or delete WAP > [!Note] > You cannot use NAPDEF CSP on the desktop to update the Push Proxy Gateway (PPG) list. -> -> This configuration service provider requires the `ID_CAP_CSP_FOUNDATION` and `ID_CAP_NETWORKING_ADMIN` capabilities to be accessed from a network configuration application. +> +> This configuration service provider requires the `ID_CAP_CSP_FOUNDATION` and `ID_CAP_NETWORKING_ADMIN` capabilities to be accessed from a network configuration application. The following shows the NAPDEF configuration service provider management object in tree format as used by OMA Client Provisioning for **initial bootstrapping of the phone**. The OMA DM protocol isn't supported by this configuration service provider. @@ -67,62 +67,62 @@ NAPDEF ----NAP-ADDRTYPE ``` -**NAPAUTHINFO** +**NAPAUTHINFO** Defines a group of authentication settings. -**AUTHNAME** +**AUTHNAME** Specifies the name used to authenticate the user. -**AUTHSECRET** +**AUTHSECRET** Specifies the password used to authenticate the user. A query of this parameter returns asterisks (\*) in the results. -**AUTHTYPE** +**AUTHTYPE** Specifies the protocol used to authenticate the user. The only permitted values for this element are "POP" (Password Authentication Protocol) and "CHAP" (Challenge Handshake Authentication Protocol) authentication protocols. > [!Note] -> **AuthName** and **AuthSecret** are not created if **AuthType** isn't included in the initial device configuration. **AuthName** and **AuthSecret** cannot be changed if **AuthType** isn't included in the provisioning XML used to make the change. +> **AuthName** and **AuthSecret** are not created if **AuthType** isn't included in the initial device configuration. **AuthName** and **AuthSecret** cannot be changed if **AuthType** isn't included in the provisioning XML used to make the change. -**BEARER** +**BEARER** Specifies the type of bearer. Only Global System for Mobile Communication (GSM) and GSM-General Packet Radio Services (GPRS) are supported. -**INTERNET** +**INTERNET** Optional. Specifies whether this connection is an AlwaysOn connection. If **INTERNET** exists, the connection is an AlwaysOn connection and doesn't require a connection manager policy. If **INTERNET** doesn't exist, the connection isn't an AlwaysOn connection and the connection requires a connection manager connection policy to be set. -**LOCAL-ADDR** +**LOCAL-ADDR** Required for GPRS. Specifies the local address of the WAP client for GPRS access points. -**LOCAL-ADDRTYPE** +**LOCAL-ADDRTYPE** Required for GPRS. Specifies the address format of the **LOCAL-ADDR** element. The value of LOCAL-ADDRTYPE can be "IPv4". -**NAME** +**NAME** Specifies the logical, user-readable identity of the NAP. -**NAP-ADDRESS** +**NAP-ADDRESS** Specifies the address of the NAP. -**NAP-ADDRTYPE** +**NAP-ADDRTYPE** Specifies the format and protocol of the **NAP-ADDRESS** element. Only Access Point Name (APN) and E164 are supported. -**NAPID** +**NAPID** Required for initial bootstrapping. Specifies the name of the NAP. The maximum length of the **NAPID** value is 16 characters. -***NAPID*** +***NAPID*** Required for bootstrapping updating. Defines the name of the NAP. The name of the *NAPID* element is the same as the value passed during initial bootstrapping. In addition, the Microsoft format for NAPDEF contains the provisioning XML attribute mwid. This custom attribute is optional when adding a NAP or a proxy. It's required for *NAPID* when updating and deleting existing NAPs and proxies and must have its value set to 1. @@ -140,4 +140,4 @@ The following table shows the Microsoft custom elements that this configuration ## Related articles -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md index c249a38718..8ad815d592 100644 --- a/windows/client-management/mdm/networkproxy-csp.md +++ b/windows/client-management/mdm/networkproxy-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/29/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -26,7 +26,7 @@ The table below shows the applicability of Windows: The NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections. These settings do not apply to VPN connections. This CSP was added in Windows 10, version 1703. -How the settings work: +How the settings work: - If auto-detect is enabled, the system tries to find the path to a Proxy Auto Config (PAC) script and download it. - If #1 fails and a setup script is specified, the system tries to download the explicitly configured PAC script. @@ -47,10 +47,10 @@ NetworkProxy --------UseProxyForLocalAddresses ``` -**./Vendor/MSFT/NetworkProxy** +**./Vendor/MSFT/NetworkProxy** The root node for the NetworkProxy configuration service provider. -**ProxySettingsPerUser** +**ProxySettingsPerUser** Added in Windows 10, version 1803. When set to 0, it enables proxy configuration as global, machine wide. Supported operations are Add, Get, Replace, and Delete. @@ -73,22 +73,22 @@ Address to the PAC script you want to use. The data type is string. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported. -**ProxyServer** +**ProxyServer** Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings do not apply to VPN connections. Supported operation is Get. -**ProxyAddress** +**ProxyAddress** Address to the proxy server. Specify an address in the format <server>[“:”<port>].  The data type is string. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported. -**Exceptions** +**Exceptions** Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node. Use semicolons (;) to separate entries.  The data type is string. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported. -**UseProxyForLocalAddresses** +**UseProxyForLocalAddresses** Specifies whether the proxy server should be used for local (intranet) addresses.  Valid values: @@ -131,7 +131,7 @@ These generic code portions for the options **ProxySettingsPerUser**, **Autodete 1 - + ``` ```xml diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md index ed25d003b2..8ef88b427b 100644 --- a/windows/client-management/mdm/networkproxy-ddf.md +++ b/windows/client-management/mdm/networkproxy-ddf.md @@ -7,15 +7,15 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/05/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # NetworkProxy DDF file -This topic shows the OMA DM device description framework (DDF) for the **NetworkProxy** configuration service provider. +This topic shows the OMA DM device description framework (DDF) for the **NetworkProxy** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index 5b5d5d930e..ce6a3862cd 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 04/22/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -30,7 +30,7 @@ The following conditions are supported: - Network traffic from a specific application name - Network traffic from specific source or destination ports - Network traffic from a specific IP protocol (TCP, UDP, or both) - + The following actions are supported: - Layer 2 tagging using a IEEE 802.1p priority value - Layer 3 tagging using a differentiated services code point (DSCP) value @@ -39,7 +39,7 @@ The following actions are supported: > The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on the following devices: > - Azure AD Hybrid joined devices. > - Devices that use both GPO and CSP at the same time. -> +> > The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Windows 10, version 2004. The following example shows the NetworkQoSPolicy configuration service provider in tree format. @@ -55,64 +55,64 @@ NetworkQoSPolicy --------PriorityValue8021Action --------DSCPAction ``` -**NetworkQoSPolicy** +**NetworkQoSPolicy**

        The root node for the NetworkQoSPolicy configuration service provider.

        -**Version** +**Version**

        Specifies the version information. -

        The data type is int. +

        The data type is int.

        The only supported operation is Get. -***Name*** +***Name***

        Node for the QoS policy name. -***Name*/IPProtocolMatchCondition** -

        Specifies the IP protocol used to match the network traffic. +***Name*/IPProtocolMatchCondition** +

        Specifies the IP protocol used to match the network traffic.

        Valid values are: -- 0 (default) - Both TCP and UDP +- 0 (default) - Both TCP and UDP - 1 - TCP - 2 - UDP -

        The data type is int. +

        The data type is int.

        The supported operations are Add, Get, Delete, and Replace. -***Name*/AppPathNameMatchCondition** +***Name*/AppPathNameMatchCondition**

        Specifies the name of an application to be used to match the network traffic, such as `application.exe` or `%ProgramFiles%\application.exe`. -

        The data type is char. +

        The data type is char.

        The supported operations are Add, Get, Delete, and Replace. -***Name*/SourcePortMatchCondition** -

        Specifies a single port or a range of ports to be used to match the network traffic source. +***Name*/SourcePortMatchCondition** +

        Specifies a single port or a range of ports to be used to match the network traffic source. -

        Valid values are: +

        Valid values are: - A range of source ports: _[first port number]_-_[last port number]_ - A single source port: _[port number]_ - -

        The data type is char. + +

        The data type is char.

        The supported operations are Add, Get, Delete, and Replace. -***Name*/DestinationPortMatchCondition** +***Name*/DestinationPortMatchCondition**

        Specifies a single source port or a range of ports to be used to match the network traffic destination. -

        Valid values are: +

        Valid values are: - A range of destination ports: _[first port number]_-_[last port number]_ - A single destination port: _[port number]_ - -

        The data type is char. + +

        The data type is char.

        The supported operations are Add, Get, Delete, and Replace. -***Name*/PriorityValue8021Action** +***Name*/PriorityValue8021Action**

        Specifies the IEEE 802.1p priority value to apply to matching network traffic.

        Valid values are 0-7. @@ -121,7 +121,7 @@ NetworkQoSPolicy

        The supported operations are Add, Get, Delete, and Replace. -***Name*/DSCPAction** +***Name*/DSCPAction**

        The Differentiated Services Code Point (DSCP) value to apply to matching network traffic.

        Valid values are 0-63. @@ -136,4 +136,4 @@ NetworkQoSPolicy Read more about the XML DDF structure to create this policy by following the links below: - [More Information about DDF and structure](networkqospolicy-ddf.md) -- [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download) +- [CSP DDF files download](configuration-service-provider-ddf.md) diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md index 972f823ac5..34f6c9a409 100644 --- a/windows/client-management/mdm/networkqospolicy-ddf.md +++ b/windows/client-management/mdm/networkqospolicy-ddf.md @@ -1,7 +1,7 @@ --- title: NetworkQoSPolicy DDF description: View the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **NetworkQoSPolicy** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md index dc9bf7a054..aee27d8d0c 100644 --- a/windows/client-management/mdm/nodecache-csp.md +++ b/windows/client-management/mdm/nodecache-csp.md @@ -1,7 +1,7 @@ --- title: NodeCache CSP description: Use the NodeCache configuration service provider (CSP) to synchronize, monitor, and manage the client cache. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -77,45 +77,45 @@ NodeCache ----------------ExpectedValue ----------------AutoSetExpectedValue ``` -**./Device/Vendor/MSFT and ./User/Vendor/MSFT** +**./Device/Vendor/MSFT and ./User/Vendor/MSFT** Required. The root node for the NodeCache object. Supported operation is Get. This configuration service provider is used for enterprise device management only. This parameter's value is a predefined MIME type to identify this managed object in OMA DM syntax. -***ProviderID*** +***ProviderID*** Optional. Group settings per DM server. Each group of settings is distinguished by the server’s Provider ID. It should be the same DM server **PROVIDER-ID** value that was supplied through the [w7 APPLICATION configuration service provider](w7-application-csp.md) XML during the enrollment process. Only one enterprise management server is supported. That is, there should be only one **ProviderID** node under **NodeCache**. Scope is dynamic. Supported operations are Get, Add, and Delete. -***ProviderID*/CacheVersion** +***ProviderID*/CacheVersion** Optional. Character string representing the cache version set by the server. Scope is dynamic. Data type is string. Supported operations are Get, Add, and Replace. -***ProviderID*/ChangedNodes** +***ProviderID*/ChangedNodes** Optional. List of nodes whose values don't match their expected values as specified in **/*NodeID*/ExpectedValue**. Scope is dynamic. Data type is string. Supported operation is Get. -***ProviderID*/ChangedNodesData** +***ProviderID*/ChangedNodesData** Added in Windows 10, version 1703. Optional. XML containing nodes whose values don't match their expected values as specified in /NodeID/ExpectedValue. Supported operation is Get. -***ProviderID*/Nodes** +***ProviderID*/Nodes** Required. Root node for cached nodes. Scope is dynamic. Supported operation is Get. -**/Nodes/***NodeID* +**/Nodes/***NodeID* Optional. Information about each cached node is stored under *NodeID* as specified by the server. This value must not contain a comma. Scope is dynamic. Supported operations are Get, Add, and Delete. -**/*NodeID*/NodeURI** +**/*NodeID*/NodeURI** Required. This node's value is a complete OMA DM node URI. It can specify either an interior or leaf node in the device management tree. Scope is dynamic. Data type is string. Supported operations are Get, Add, and Delete. -**/*NodeID*/ExpectedValue** +**/*NodeID*/ExpectedValue** Required. The server expects this value to be on the device. When the configuration service provider initiates a session, it checks the expected value against the node's actual value. Scope is dynamic. Supported values are string and x-nodemon-nonexistent. Supported operations are Get, Add, and Delete. @@ -137,7 +137,7 @@ Here's an example for setting the ExpectedValue to nonexistent. ``` -**/*NodeID*/AutoSetExpectedValue** +**/*NodeID*/AutoSetExpectedValue** Added in Windows 10, version 1703. Required. This parameter's value automatically sets the value on the device to match the actual value of the node. The node is specified in NodeURI. Supported operations are Add, Get, and Delete. @@ -402,11 +402,11 @@ The value inside of the node tag is the actual value returned by the Uri, which ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) - - - - +[Configuration service provider reference](index.yml) + + + + diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md index 8fb7117803..041d0c0f48 100644 --- a/windows/client-management/mdm/nodecache-ddf-file.md +++ b/windows/client-management/mdm/nodecache-ddf-file.md @@ -1,7 +1,7 @@ --- title: NodeCache DDF file description: Learn about the OMA DM device description framework (DDF) for the NodeCache configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -16,7 +16,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **NodeCache** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md index 5fc7af65c0..fa96d98a49 100644 --- a/windows/client-management/mdm/office-csp.md +++ b/windows/client-management/mdm/office-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/15/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -24,7 +24,7 @@ The table below shows the applicability of Windows: |Enterprise|Yes|Yes| |Education|Yes|Yes| -The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [How to assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365). +The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [How to assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365). This CSP was added in Windows 10, version 1703. @@ -58,41 +58,41 @@ Office ------------Status ``` -**./Device/Vendor/MSFT/Office/ or ./User/Vendor/MSFT/Office** +**./Device/Vendor/MSFT/Office/ or ./User/Vendor/MSFT/Office** The root node for the Office configuration service provider.

        -**Installation** +**Installation** Specifies the options for the Microsoft Office installation. The supported operations are Add, Delete, and Get. -**Installation/_id_** -Specifies a unique identifier that represents the ID of the Microsoft Office product to install. +**Installation/_id_** +Specifies a unique identifier that represents the ID of the Microsoft Office product to install. The supported operations are Add, Delete, and Get. -**Installation/_id_/Install** -Installs Office by using the XML data specified in the configuration.xml file. +**Installation/_id_/Install** +Installs Office by using the XML data specified in the configuration.xml file. The supported operations are Get and Execute. -**Installation/_id_/Status** -The Microsoft Office installation status. +**Installation/_id_/Status** +The Microsoft Office installation status. The only supported operation is Get. -**Installation/_id_/FinalStatus** +**Installation/_id_/FinalStatus** Added in Windows 10, version 1809. Indicates the status of the Final Office 365 installation. The only supported operation is Get. -Behavior: +Behavior: - When Office CSP is triggered to install, it will first check if the FinalStatus node exists or not. If the node exists, delete it. -- When Office installation reaches any terminal states (either success or failure), this node is created that contains the following values: +- When Office installation reaches any terminal states (either success or failure), this node is created that contains the following values: - When status = 0: 70 (succeeded) - When status!= 0: 60 (failed) -**Installation/CurrentStatus** +**Installation/CurrentStatus** Returns an XML of current Office 365 installation status on the device. The only supported operation is Get. @@ -112,7 +112,7 @@ Sample SyncML to install Microsoft 365 Apps for business Retail from current cha chr - + <Configuration><Add OfficeClientEdition="32" Channel="Current"><Product ID="O365BusinessRetail"><Language ID="en-us" /></Product></Add><Display Level="None" AcceptEULA="TRUE" /></Configuration> @@ -134,7 +134,7 @@ To uninstall the Office 365 from the system: chr - + <Configuration><Remove All="TRUE"/><Display Level="None" AcceptEULA="TRUE" /></Configuration> diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md index 94b6fecffe..6393664010 100644 --- a/windows/client-management/mdm/office-ddf.md +++ b/windows/client-management/mdm/office-ddf.md @@ -1,7 +1,7 @@ --- title: Office DDF description: This topic shows the OMA DM device description framework (DDF) for the Office configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 08/15/2018 This topic shows the OMA DM device description framework (DDF) for the **Office** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is for Windows 10, version 1809. diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index 8379da3699..c88737941e 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -1,7 +1,7 @@ --- title: PassportForWork CSP description: The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -96,34 +96,34 @@ PassportForWork ----------UseSecurityKeyForSignin ``` -**PassportForWork** +**PassportForWork** Root node for PassportForWork configuration service provider. -***TenantId*** +***TenantId*** A globally unique identifier (GUID), without curly braces (`{`, `}`), that's used as part of Windows Hello for Business provisioning and management. To get a GUID, use the PowerShell cmdlet [Get-AzureAccount](/powershell/module/servicemanagement/azure.service/get-azureaccount). For more information, see [Get Windows Azure Active Directory Tenant ID in Windows PowerShell](https://devblogs.microsoft.com/scripting/get-windows-azure-active-directory-tenant-id-in-windows-powershell). -***TenantId*/Policies** +***TenantId*/Policies** Node for defining the Windows Hello for Business policy settings. -***TenantId*/Policies/UsePassportForWork** +***TenantId*/Policies/UsePassportForWork** Boolean value that sets Windows Hello for Business as a method for signing into Windows. Default value is true. If you set this policy to false, the user can't provision Windows Hello for Business. Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/RequireSecurityDevice** +***TenantId*/Policies/RequireSecurityDevice** Boolean value that requires a Trusted Platform Module (TPM) for Windows Hello for Business. TPM provides an extra security benefit over software so that data stored in it can't be used on other devices. Default value is false. If you set this policy to true, only devices with a usable TPM can provision Windows Hello for Business. If you set this policy to false, all devices can provision Windows Hello for Business using software even if there isn't a usable TPM. If you don't configure this setting, all devices can provision Windows Hello for Business using software if the TPM is non-functional or unavailable. Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/ExcludeSecurityDevices** (only for ./Device/Vendor/MSFT) +***TenantId*/Policies/ExcludeSecurityDevices** (only for ./Device/Vendor/MSFT) Added in Windows 10, version 1703. Root node for excluded security devices. *Not supported on Windows Holographic and Windows Holographic for Business.* -***TenantId*/Policies/ExcludeSecurityDevices/TPM12** (only for ./Device/Vendor/MSFT) +***TenantId*/Policies/ExcludeSecurityDevices/TPM12** (only for ./Device/Vendor/MSFT) Added in Windows 10, version 1703. Some Trusted Platform Modules (TPMs) are compliant only with the older 1.2 revision of the TPM specification defined by the Trusted Computing Group (TCG). Default value is false. If you enable this policy setting, TPM revision 1.2 modules will be disallowed from being used with Windows Hello for Business. @@ -132,8 +132,8 @@ If you disable or don't configure this policy setting, TPM revision 1.2 modules Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/EnablePinRecovery** -Added in Windows 10, version 1703. Boolean value that enables a user to change their PIN by using the Windows Hello for Business PIN recovery service. +***TenantId*/Policies/EnablePinRecovery** +Added in Windows 10, version 1703. Boolean value that enables a user to change their PIN by using the Windows Hello for Business PIN recovery service. This cloud service encrypts a recovery secret, which is stored locally on the client, and can be decrypted only by the cloud service. Default value is false. If you enable this policy setting, the PIN recovery secret will be stored on the device and the user can change their PIN if needed. @@ -142,7 +142,7 @@ If you disable or don't configure this policy setting, the PIN recovery secret w Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/UseCertificateForOnPremAuth** (only for ./Device/Vendor/MSFT) +***TenantId*/Policies/UseCertificateForOnPremAuth** (only for ./Device/Vendor/MSFT) Boolean value that enables Windows Hello for Business to use certificates to authenticate on-premises resources. If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN. @@ -151,7 +151,7 @@ If you disable or don't configure this policy setting, the PIN will be provision Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/UseCloudTrustForOnPremAuth** (only for ./Device/Vendor/MSFT) +***TenantId*/Policies/UseCloudTrustForOnPremAuth** (only for ./Device/Vendor/MSFT) Boolean value that enables Windows Hello for Business to use Azure AD Kerberos to authenticate to on-premises resources. If you enable this policy setting, Windows Hello for Business will use an Azure AD Kerberos ticket to authenticate to on-premises resources. The Azure AD Kerberos ticket is returned to the client after a successful authentication to Azure AD if Azure AD Kerberos is enabled for the tenant and domain. @@ -160,10 +160,10 @@ If you disable or do not configure this policy setting, Windows Hello for Busine Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/PINComplexity** +***TenantId*/Policies/PINComplexity** Node for defining PIN settings. -***TenantId*/Policies/PINComplexity/MinimumPINLength** +***TenantId*/Policies/PINComplexity/MinimumPINLength** Integer value that sets the minimum number of characters required for the PIN. Default value is 4. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest. If you configure this policy setting, the PIN length must be greater than or equal to this number. If you disable or don't configure this policy setting, the PIN length must be greater than or equal to 4. @@ -174,7 +174,7 @@ If you configure this policy setting, the PIN length must be greater than or equ   Value type is int. Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/PINComplexity/MaximumPINLength** +***TenantId*/Policies/PINComplexity/MaximumPINLength** Integer value that sets the maximum number of characters allowed for the PIN. Default value is 127. The largest number you can configure for this policy setting is 127. The lowest number you can configure must be larger than the number configured in the Minimum PIN length policy setting or the number 4, whichever is greater. If you configure this policy setting, the PIN length must be less than or equal to this number. If you disable or don't configure this policy setting, the PIN length must be less than or equal to 127. @@ -185,7 +185,7 @@ If you configure this policy setting, the PIN length must be less than or equal   Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/PINComplexity/UppercaseLetters** +***TenantId*/Policies/PINComplexity/UppercaseLetters** Integer value that configures the use of uppercase letters in the Windows Hello for Business PIN. Valid values: @@ -198,7 +198,7 @@ Default value is 2. Default PIN complexity behavior is that digits are required Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/PINComplexity/LowercaseLetters** +***TenantId*/Policies/PINComplexity/LowercaseLetters** Integer value that configures the use of lowercase letters in the Windows Hello for Business PIN. Valid values: @@ -211,7 +211,7 @@ Default value is 2. Default PIN complexity behavior is that digits are required Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/PINComplexity/SpecialCharacters** +***TenantId*/Policies/PINComplexity/SpecialCharacters** Integer value that configures the use of special characters in the Windows Hello for Business PIN. Valid special characters for Windows Hello for Business PIN gestures include: ! " \# $ % & ' ( ) \* + , - . / : ; < = > ? @ \[ \\ \] ^ \_ \` { | } ~ . Valid values: @@ -224,7 +224,7 @@ Default value is 2. Default PIN complexity behavior is that digits are required Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/PINComplexity/Digits** +***TenantId*/Policies/PINComplexity/Digits** Integer value that configures the use of digits in the Windows Hello for Business PIN. Valid values: @@ -237,7 +237,7 @@ Default value is 1. Default PIN complexity behavior is that digits are required Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/PINComplexity/History** +***TenantId*/Policies/PINComplexity/History** Integer value that specifies the number of past PINs that can be associated to a user account that can’t be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs isn't required. This node was added in Windows 10, version 1511. The current PIN of the user is included in the set of PINs associated with the user account. PIN history isn't preserved through a PIN reset. @@ -246,18 +246,18 @@ Default value is 0. Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/PINComplexity/Expiration** +***TenantId*/Policies/PINComplexity/Expiration** Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user’s PIN will never expire. This node was added in Windows 10, version 1511. Default is 0. Supported operations are Add, Get, Delete, and Replace. -***TenantId*/Policies/Remote** (only for ./Device/Vendor/MSFT) +***TenantId*/Policies/Remote** (only for ./Device/Vendor/MSFT) Interior node for defining remote Windows Hello for Business policies. This node was added in Windows 10, version 1511. *Not supported on Windows Holographic and Windows Holographic for Business.* -***TenantId*/Policies/Remote/UseRemotePassport** (only for ./Device/Vendor/MSFT) +***TenantId*/Policies/Remote/UseRemotePassport** (only for ./Device/Vendor/MSFT) Boolean value used to enable or disable the use of remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion device for desktop authentication. Remote Windows Hello for Business requires that the desktop be Azure AD joined and that the companion device has a Windows Hello for Business PIN. This node was added in Windows 10, version 1511. Default value is false. If you set this policy to true, Remote Windows Hello for Business will be enabled and a portable, registered device can be used as a companion device for desktop authentication. If you set this policy to false, Remote Windows Hello for Business will be disabled. @@ -266,7 +266,7 @@ Supported operations are Add, Get, Delete, and Replace. *Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).* -***TenantId*/Policies/UseHelloCertificatesAsSmartCardCertificates** (only for ./Device/Vendor/MSFT) +***TenantId*/Policies/UseHelloCertificatesAsSmartCardCertificates** (only for ./Device/Vendor/MSFT) Added in Windows 10, version 1809. If you enable this policy setting, applications use Windows Hello for Business certificates as smart card certificates. Biometric factors are unavailable when a user is asked to authorize the use of the certificate's private key. This policy setting is designed to allow compatibility with applications that rely exclusively on smart card certificates. If you disable or don't configure this policy setting, applications don't use Windows Hello for Business certificates as smart card certificates, and biometric factors are available when a user is asked to authorize the use of the certificate's private key. @@ -275,14 +275,14 @@ Windows requires a user to lock and unlock their session after changing this set Value type is bool. Supported operations are Add, Get, Replace, and Delete. -**UseBiometrics** +**UseBiometrics** This node is deprecated. Use **Biometrics/UseBiometrics** node instead. -**Biometrics** (only for ./Device/Vendor/MSFT) +**Biometrics** (only for ./Device/Vendor/MSFT) Node for defining biometric settings. This node was added in Windows 10, version 1511. *Not supported on Windows Holographic and Windows Holographic for Business.* -**Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT) +**Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT) Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use if there are failures. This node was added in Windows 10, version 1511. Default value is true, enabling the biometric gestures for use with Windows Hello for Business. If you set this policy to false, biometric gestures are disabled for use with Windows Hello for Business. @@ -291,7 +291,7 @@ Supported operations are Add, Get, Delete, and Replace. *Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).* -**Biometrics/FacialFeaturesUseEnhancedAntiSpoofing** (only for ./Device/Vendor/MSFT) +**Biometrics/FacialFeaturesUseEnhancedAntiSpoofing** (only for ./Device/Vendor/MSFT) Boolean value used to enable or disable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication. This node was added in Windows 10, version 1511. Default value is false. If you set this policy to false or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. @@ -304,7 +304,7 @@ Supported operations are Add, Get, Delete, and Replace. *Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).* -**Biometrics/EnableESSwithSupportedPeripherals** (only for ./Device/Vendor/MSFT) +**Biometrics/EnableESSwithSupportedPeripherals** (only for ./Device/Vendor/MSFT) If this policy is enabled, Windows Hello authentication using peripheral biometric sensors will be blocked. Any non-authentication operational functionalities such as camera usage (for instance, video calls and the camera) will be unaffected. @@ -312,7 +312,7 @@ If you enable this policy it can have the following possible values: **0 - Enhanced Sign-in Security Disabled** (not recommended) -Enhanced sign-in security will be disabled on all systems, enabling the use of peripheral biometric authentication. If this policy value is set to 0 after users have enrolled in ESS biometrics, users will be prompted to reset their PIN. They will lose all their existing biometric enrollments. To use biometrics they will have to enroll again. +Enhanced sign-in security will be disabled on all systems, enabling the use of peripheral biometric authentication. If this policy value is set to 0 after users have enrolled in ESS biometrics, users will be prompted to reset their PIN. They will lose all their existing biometric enrollments. To use biometrics they will have to enroll again. **1 - Enhanced Sign-in Security Enabled** (default and recommended for highest security) @@ -324,52 +324,52 @@ Supported operations are Add, Get, Delete, and Replace. *Supported from Windows 11 version 22H2* -**DeviceUnlock** (only for ./Device/Vendor/MSFT) +**DeviceUnlock** (only for ./Device/Vendor/MSFT) Added in Windows 10, version 1803. Interior node. -**DeviceUnlock/GroupA** (only for ./Device/Vendor/MSFT) +**DeviceUnlock/GroupA** (only for ./Device/Vendor/MSFT) Added in Windows 10, version 1803. Contains a list of credential providers by GUID (comma separated) that are the first step of authentication. Value type is string. Supported operations are Add, Get, Replace, and Delete. -**DeviceUnlock/GroupB** (only for ./Device/Vendor/MSFT) +**DeviceUnlock/GroupB** (only for ./Device/Vendor/MSFT) Added in Windows 10, version 1803. Contains a list of credential providers by GUID (comma separated) that are the second step of authentication. Value type is string. Supported operations are Add, Get, Replace, and Delete. -**DeviceUnlock/Plugins** (only for ./Device/Vendor/MSFT) +**DeviceUnlock/Plugins** (only for ./Device/Vendor/MSFT) Added in Windows 10, version 1803. List of plugins (comma separated) that the passive provider monitors to detect user presence. Value type is string. Supported operations are Add, Get, Replace, and Delete. -**DynamicLock** (only for ./Device/Vendor/MSFT) +**DynamicLock** (only for ./Device/Vendor/MSFT) Added in Windows 10, version 1803. Interior node. -**DynamicLock/DynamicLock** (only for ./Device/Vendor/MSFT) +**DynamicLock/DynamicLock** (only for ./Device/Vendor/MSFT) Added in Windows 10, version 1803. Enables the dynamic lock. Value type is bool. Supported operations are Add, Get, Replace, and Delete. -**DynamicLock/Plugins** (only for ./Device/Vendor/MSFT) +**DynamicLock/Plugins** (only for ./Device/Vendor/MSFT) Added in Windows 10, version 1803. List of plugins (comma separated) that the passive provider monitors to detect user absence. Value type is string. Supported operations are Add, Get, Replace, and Delete. -**SecurityKey** (only for ./Device/Vendor/MSFT) +**SecurityKey** (only for ./Device/Vendor/MSFT) Added in Windows 10, version 1903. Interior node. Scope is permanent. Supported operation is Get. -**SecurityKey/UseSecurityKeyForSignin** (only for ./Device/Vendor/MSFT) +**SecurityKey/UseSecurityKeyForSignin** (only for ./Device/Vendor/MSFT) Added in Windows 10, version 1903. Enables users to sign in to their device with a [FIDO2 security key](/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys) that is compatible with Microsoft’s implementation. Scope is dynamic. Supported operations are Add, Get, Replace, and Delete. -Value type is integer. +Value type is integer. -Valid values: +Valid values: - 0 (default) - disabled. - 1 - enabled. @@ -600,7 +600,7 @@ Here's an example for setting Windows Hello for Business and setting the PIN pol 0 - + ``` diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md index 5bdaf460f7..ac9a932661 100644 --- a/windows/client-management/mdm/passportforwork-ddf.md +++ b/windows/client-management/mdm/passportforwork-ddf.md @@ -1,7 +1,7 @@ --- title: PassportForWork DDF description: View the OMA DM device description framework (DDF) for the PassportForWork configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 07/29/2019 This topic shows the OMA DM device description framework (DDF) for the **PassportForWork** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is for Windows 10, version 1903. @@ -658,7 +658,7 @@ If you disable or do not configure this policy setting, the PIN recovery secret False - Windows Hello for Business can use certificates to authenticate to on-premise resources. + Windows Hello for Business can use certificates to authenticate to on-premise resources. If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN. diff --git a/windows/client-management/mdm/personaldataencryption-ddf-file.md b/windows/client-management/mdm/personaldataencryption-ddf-file.md index 2911a85c66..131ffd925b 100644 --- a/windows/client-management/mdm/personaldataencryption-ddf-file.md +++ b/windows/client-management/mdm/personaldataencryption-ddf-file.md @@ -8,17 +8,17 @@ ms.technology: windows author: nimishasatapathy ms.localizationpriority: medium ms.date: 09/10/2022 -ms.reviewer: +ms.reviewer: manager: dansimp --- # PersonalDataEncryption DDF file -This topic shows the OMA DM device description framework (DDF) for the **PersonalDataEncryption** configuration service provider. +This topic shows the OMA DM device description framework (DDF) for the **PersonalDataEncryption** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). -The XML below is the current version for this CSP. +The XML below is the current version for this CSP. ```xml @@ -26,7 +26,7 @@ The XML below is the current version for this CSP. "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd" []> - 1.2 + 1.2 PDE ./User/Vendor/MSFT @@ -45,7 +45,7 @@ The XML below is the current version for this CSP. - + EnablePersonalDataEncryption diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md index 5524dfcf1a..aa250f64aa 100644 --- a/windows/client-management/mdm/personalization-csp.md +++ b/windows/client-management/mdm/personalization-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 06/28/2022 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -40,14 +40,14 @@ Personalization ----LockScreenImageUrl ----LockScreenImageStatus ``` -**./Vendor/MSFT/Personalization** +**./Vendor/MSFT/Personalization**

        Defines the root node for the Personalization configuration service provider.

        -**DesktopImageUrl** +**DesktopImageUrl**

        Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

        Value type is string. Supported operations are Add, Get, Delete, and Replace.

        -**DesktopImageStatus** +**DesktopImageStatus**

        Represents the status of the desktop image. Valid values:

        • 1 - Successfully downloaded or copied.
          • @@ -63,12 +63,12 @@ Personalization > [!Note] > This setting is only used to query status. To set the image, use the DesktopImageUrl setting. -**LockScreenImageUrl** +**LockScreenImageUrl**

          Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.

          Value type is string. Supported operations are Add, Get, Delete, and Replace.

          -**LockScreenImageStatus** +**LockScreenImageStatus**

          Represents the status of the lock screen image. Valid values:

          • 1 - Successfully downloaded or copied.
            • @@ -120,7 +120,7 @@ Personalization https://www.contoso.com/lockscreenimage.JPG - + ``` diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md index 80cdb39b9b..f75f2e95aa 100644 --- a/windows/client-management/mdm/personalization-ddf.md +++ b/windows/client-management/mdm/personalization-ddf.md @@ -7,15 +7,15 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/05/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Personalization DDF file -This topic shows the OMA DM device description framework (DDF) for the **Personalization** configuration service provider. +This topic shows the OMA DM device description framework (DDF) for the **Personalization** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index aa15270570..04c74309d3 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1,7 +1,7 @@ --- title: ADMX-backed policies in Policy CSP description: Learn about the ADMX-backed policies in Policy CSP. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -14,12 +14,6 @@ ms.date: 10/08/2020 # ADMX-backed policies in Policy CSP -> [!div class="op_single_selector"] -> -> - [Policies in Policy CSP supported by Group Policy](./policies-in-policy-csp-supported-by-group-policy.md) -> - [ADMX-backed policies in Policy CSP]() -> - - [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites) - [ADMX_ActiveXInstallService/AxISURLZonePolicies](./policy-csp-admx-activexinstallservice.md#admx-activexinstallservice-axisurlzonepolicies) - [ADMX_AddRemovePrograms/DefaultCategory](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-defaultcategory) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md index 55f6a99ca0..7dbc408509 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md @@ -1,7 +1,7 @@ --- title: Policies in Policy CSP supported by Group Policy description: Learn about the policies in Policy CSP supported by Group Policy. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -14,12 +14,6 @@ ms.date: 07/18/2019 # Policies in Policy CSP supported by Group Policy -> [!div class="op_single_selector"] -> -> - [Policies in Policy CSP supported by Group Policy]() -> - [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) -> - - [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock) - [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md index f70f86e654..12859f6173 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md @@ -1,7 +1,7 @@ --- title: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite description: Learn the policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -14,13 +14,6 @@ ms.date: 09/17/2019 # Policies in Policy CSP supported by HoloLens (first gen) Commercial Suite -> [!div class="op_single_selector"] -> -> - [HoloLens 2](./policies-in-policy-csp-supported-by-hololens2.md) -> - [HoloLens (1st gen) Commercial Suite]() -> - [HoloLens (1st gen) Development Edition](./policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md) -> - - [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection) - [ApplicationManagement/AllowAllTrustedApps](policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps) - [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md index 102a2eb6bc..ae4a2340c2 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md @@ -1,7 +1,7 @@ --- title: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition description: Learn about the policies in Policy CSP supported by HoloLens (1st gen) Development Edition. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -14,13 +14,6 @@ ms.date: 07/18/2019 # Policies in Policy CSP supported by HoloLens (first gen) Development Edition -> [!div class="op_single_selector"] -> -> - [HoloLens 2](./policies-in-policy-csp-supported-by-hololens2.md) -> - [HoloLens (1st gen) Commercial Suite](./policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md) -> - [HoloLens (1st gen) Development Edition]() -> - - [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection) - [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate) - [ApplicationManagement/AllowDeveloperUnlock](policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index 8687773b6b..10fd8d3bcf 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -1,7 +1,7 @@ --- title: Policies in Policy CSP supported by HoloLens 2 description: Learn about the policies in Policy CSP supported by HoloLens 2. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -14,13 +14,6 @@ ms.date: 08/01/2022 # Policies in Policy CSP supported by HoloLens 2 -> [!div class="op_single_selector"] -> -> - [HoloLens 2]() -> - [HoloLens (1st gen) Commercial Suite](./policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md) -> - [HoloLens (1st gen) Development Edition](./policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md) -> - - [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection) - [ApplicationManagement/AllowAllTrustedApps](policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps) - [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate) @@ -52,7 +45,7 @@ ms.date: 08/01/2022 - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment) - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) 9 -- [MixedReality/AllowCaptivePortalBeforeSignIn](./policy-csp-mixedreality.md#mixedreality-allowcaptiveportalpeforesignin) Insider +- [MixedReality/AllowCaptivePortalBeforeLogon](./policy-csp-mixedreality.md#mixedreality-allowcaptiveportalpeforelogon) Insider - [MixedReality/AllowLaunchUriInSingleAppKiosk](./policy-csp-mixedreality.md#mixedreality-allowlaunchuriinsingleappkiosk)10 - [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) 11 - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) 9 diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md index 710a6bea37..ab56c3de1b 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md @@ -1,7 +1,7 @@ --- title: Policies in Policy CSP supported by Windows 10 IoT Core description: Learn about the policies in Policy CSP supported by Windows 10 IoT Core. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -14,11 +14,6 @@ ms.date: 09/16/2019 # Policies in Policy CSP supported by Windows 10 IoT Core -> [!div class="op_single_selector"] -> -> - [IoT Core]() -> - - [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera) - [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui) - [CredentialProviders/AllowPINLogon](policy-csp-credentialproviders.md#credentialproviders-allowpinlogon) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md index 128bb7099b..8e07d4bcd1 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md @@ -1,7 +1,7 @@ --- title: Policies in Policy CSP supported by Microsoft Surface Hub description: Learn about the policies in Policy CSP supported by Microsoft Surface Hub. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -14,7 +14,6 @@ ms.date: 07/22/2020 # Policies in Policy CSP supported by Microsoft Surface Hub - - [ApplicationManagement/AllowAppStoreAutoUpdate](./policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate) - [ApplicationManagement/AllowDeveloperUnlock](./policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock) - [Accounts/AllowMicrosoftAccountConnection](./policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection) diff --git a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md index 0529c08779..9cf93f4e1e 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md +++ b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md @@ -1,7 +1,7 @@ --- title: Policies in Policy CSP that can be set using Exchange Active Sync (EAS) description: Learn about the policies in Policy CSP that can be set using Exchange Active Sync (EAS). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -14,25 +14,25 @@ ms.date: 07/18/2019 # Policies in Policy CSP that can be set using Exchange Active Sync (EAS) -- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera) -- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui) -- [Connectivity/AllowBluetooth](policy-csp-connectivity.md#connectivity-allowbluetooth) -- [Connectivity/AllowCellularDataRoaming](policy-csp-connectivity.md#connectivity-allowcellulardataroaming) -- [DeviceLock/AllowSimpleDevicePassword](policy-csp-devicelock.md#devicelock-allowsimpledevicepassword) -- [DeviceLock/AlphanumericDevicePasswordRequired](policy-csp-devicelock.md#devicelock-alphanumericdevicepasswordrequired) -- [DeviceLock/DevicePasswordEnabled](policy-csp-devicelock.md#devicelock-devicepasswordenabled) -- [DeviceLock/DevicePasswordExpiration](policy-csp-devicelock.md#devicelock-devicepasswordexpiration) -- [DeviceLock/DevicePasswordHistory](policy-csp-devicelock.md#devicelock-devicepasswordhistory) -- [DeviceLock/MaxDevicePasswordFailedAttempts](policy-csp-devicelock.md#devicelock-maxdevicepasswordfailedattempts) -- [DeviceLock/MaxInactivityTimeDeviceLock](policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelock) -- [DeviceLock/MinDevicePasswordComplexCharacters](policy-csp-devicelock.md#devicelock-mindevicepasswordcomplexcharacters) -- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength) -- [DeviceLock/PreventLockScreenSlideShow](policy-csp-devicelock.md#devicelock-preventlockscreenslideshow) -- [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation) -- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption) -- [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard) -- [System/TelemetryProxy](policy-csp-system.md#system-telemetryproxy) -- [Wifi/AllowInternetSharing](policy-csp-wifi.md#wifi-allowinternetsharing) +- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera) +- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui) +- [Connectivity/AllowBluetooth](policy-csp-connectivity.md#connectivity-allowbluetooth) +- [Connectivity/AllowCellularDataRoaming](policy-csp-connectivity.md#connectivity-allowcellulardataroaming) +- [DeviceLock/AllowSimpleDevicePassword](policy-csp-devicelock.md#devicelock-allowsimpledevicepassword) +- [DeviceLock/AlphanumericDevicePasswordRequired](policy-csp-devicelock.md#devicelock-alphanumericdevicepasswordrequired) +- [DeviceLock/DevicePasswordEnabled](policy-csp-devicelock.md#devicelock-devicepasswordenabled) +- [DeviceLock/DevicePasswordExpiration](policy-csp-devicelock.md#devicelock-devicepasswordexpiration) +- [DeviceLock/DevicePasswordHistory](policy-csp-devicelock.md#devicelock-devicepasswordhistory) +- [DeviceLock/MaxDevicePasswordFailedAttempts](policy-csp-devicelock.md#devicelock-maxdevicepasswordfailedattempts) +- [DeviceLock/MaxInactivityTimeDeviceLock](policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelock) +- [DeviceLock/MinDevicePasswordComplexCharacters](policy-csp-devicelock.md#devicelock-mindevicepasswordcomplexcharacters) +- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength) +- [DeviceLock/PreventLockScreenSlideShow](policy-csp-devicelock.md#devicelock-preventlockscreenslideshow) +- [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation) +- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption) +- [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard) +- [System/TelemetryProxy](policy-csp-system.md#system-telemetryproxy) +- [Wifi/AllowInternetSharing](policy-csp-wifi.md#wifi-allowinternetsharing) - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) ## Related topics diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 7be79948ea..7d29e6b435 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -115,7 +115,7 @@ Added in Windows 10, version 1703. The root node for grouping different configur Supported operations are Add, Get, and Delete. **Policy/ConfigOperations/ADMXInstall** -Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md). +Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](../win32-and-centennial-app-policy-configuration.md). > [!NOTE] > The OPAX settings that are managed by the Microsoft Office Customization Tool are not supported by MDM. For more information about this tool, see [Office Customization Tool](/previous-versions/office/office-2013-resource-kit/cc179097(v=office.15)). @@ -9503,7 +9503,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC - [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) > [!NOTE] -> Not all Policies in Policy CSP supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> Not all Policies in Policy CSP supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). ## Policies in Policy CSP supported by HoloLens devices - [Policies in Policy CSP supported by HoloLens 2](./policies-in-policy-csp-supported-by-hololens2.md) @@ -9521,4 +9521,4 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index da3b56f932..fb87086127 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## AboveLock policies +## AboveLock policies
            @@ -33,7 +33,7 @@ manager: aaroncz -**AboveLock/AllowCortanaAboveLock** +**AboveLock/AllowCortanaAboveLock** @@ -62,7 +62,7 @@ Added in Windows 10, version 1607. Specifies whether or not the user can intera -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Cortana above lock screen* - GP name: *AllowCortanaAboveLock* - GP path: *Windows Components/Search* @@ -81,7 +81,7 @@ The following list shows the supported values:
            -**AboveLock/AllowToasts** +**AboveLock/AllowToasts** diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 9320bce051..0d954b6ce2 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -19,7 +19,7 @@ manager: aaroncz
            -## Accounts policies +## Accounts policies
            @@ -43,7 +43,7 @@ manager: aaroncz
            -**Accounts/AllowAddingNonMicrosoftAccountsManually** +**Accounts/AllowAddingNonMicrosoftAccountsManually** @@ -88,7 +88,7 @@ The following list shows the supported values:
            -**Accounts/AllowMicrosoftAccountConnection** +**Accounts/AllowMicrosoftAccountConnection** @@ -131,7 +131,7 @@ The following list shows the supported values:
            -**Accounts/AllowMicrosoftAccountSignInAssistant** +**Accounts/AllowMicrosoftAccountSignInAssistant** @@ -163,7 +163,7 @@ Added in Windows 10, version 1703. Allows IT Admins the ability to disable the " > If the Microsoft account service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are). > [!NOTE] -> If the Microsoft account service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the Microsoft account ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app. +> If the Microsoft account service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the Microsoft account ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app. @@ -178,7 +178,7 @@ The following list shows the supported values: -**Accounts/DomainNamesForEmailSync** +**Accounts/DomainNamesForEmailSync** @@ -216,7 +216,7 @@ The following list shows the supported values:
            -**Accounts/RestrictToEnterpriseDeviceAuthenticationOnly** +**Accounts/RestrictToEnterpriseDeviceAuthenticationOnly** diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index 572eef454e..1d4622f2a0 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -8,24 +8,24 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ActiveXControls > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ActiveXControls policies +## ActiveXControls policies
            @@ -37,7 +37,7 @@ manager: aaroncz
            -**ActiveXControls/ApprovedInstallationSites** +**ActiveXControls/ApprovedInstallationSites** @@ -62,11 +62,11 @@ manager: aaroncz -This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved ActiveX Install sites specified by host URL. +This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved ActiveX Install sites specified by host URL. -If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL. +If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL. -If you disable or don't configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation. +If you disable or don't configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation. > [!Note] > Wild card characters can't be used when specifying the host URLs. @@ -74,7 +74,7 @@ If you disable or don't configure this policy setting, ActiveX controls prompt t -ADMX Info: +ADMX Info: - GP Friendly name: *Approved Installation Sites for ActiveX Controls* - GP name: *ApprovedActiveXInstallSites* - GP path: *Windows Components/ActiveX Installer Service* diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md index 05cbc1fcee..b662095255 100644 --- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md +++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md @@ -8,24 +8,24 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/09/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_ActiveXInstallService > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_ActiveXInstallService policies +## ADMX_ActiveXInstallService policies
            @@ -37,7 +37,7 @@ manager: aaroncz
            -**ADMX_ActiveXInstallService/AxISURLZonePolicies** +**ADMX_ActiveXInstallService/AxISURLZonePolicies** @@ -67,7 +67,7 @@ This policy setting controls the installation of ActiveX controls for sites in T If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting. -If you disable or don't configure this policy setting, ActiveX controls prompt the user before installation. +If you disable or don't configure this policy setting, ActiveX controls prompt the user before installation. If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If a trusted site has a certificate error but you want to trust it anyway, you can select the certificate errors that you want to ignore. @@ -77,7 +77,7 @@ If the trusted site uses the HTTPS protocol, this policy setting can also contro -ADMX Info: +ADMX Info: - GP Friendly name: *Establish ActiveX installation policy for sites in Trusted zones* - GP name: *AxISURLZonePolicies* - GP path: *Windows Components\ActiveX Installer Service* diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md index cf5b1966c0..b0c02a20be 100644 --- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md +++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md @@ -8,24 +8,24 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 08/13/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_AddRemovePrograms > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## Policy CSP - ADMX_AddRemovePrograms +## Policy CSP - ADMX_AddRemovePrograms
            @@ -67,7 +67,7 @@ manager: aaroncz
            -**ADMX_AddRemovePrograms/DefaultCategory** +**ADMX_AddRemovePrograms/DefaultCategory** @@ -89,7 +89,7 @@ manager: aaroncz -The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories. +The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories. To use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation. @@ -101,7 +101,7 @@ If you disable this setting or don't configure it, all programs (Category: All) -ADMX Info: +ADMX Info: - GP Friendly name: *Specify default category for Add New Programs* - GP name: *DefaultCategory* - GP path: *Control Panel/Add or Remove Programs* @@ -122,7 +122,7 @@ ADMX Info:
            -**ADMX_AddRemovePrograms/NoAddFromCDorFloppy** +**ADMX_AddRemovePrograms/NoAddFromCDorFloppy** @@ -159,7 +159,7 @@ If you disable this setting or don't configure it, the "Add a program from CD-RO -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the "Add a program from CD-ROM or floppy disk" option* - GP name: *NoAddFromCDorFloppy* - GP path: *Control Panel/Add or Remove Programs* @@ -180,7 +180,7 @@ ADMX Info:
            -**ADMX_AddRemovePrograms/NoAddFromInternet** +**ADMX_AddRemovePrograms/NoAddFromInternet** @@ -218,7 +218,7 @@ If you disable this setting or don't configure it, "Add programs from Microsoft" -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the "Add programs from Microsoft" option* - GP name: *NoAddFromInternet* - GP path: *Control Panel/Add or Remove Programs* @@ -239,7 +239,7 @@ ADMX Info:
            -**ADMX_AddRemovePrograms/NoAddFromNetwork** +**ADMX_AddRemovePrograms/NoAddFromNetwork** @@ -266,9 +266,9 @@ ADMX Info: -This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. +This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. -If you enable this setting, users can't tell which programs have been published by the system administrator, and they can't use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu. +If you enable this setting, users can't tell which programs have been published by the system administrator, and they can't use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu. If you disable this setting or don't configure it, "Add programs from your network" is available to all users. @@ -279,7 +279,7 @@ If you disable this setting or don't configure it, "Add programs from your netwo -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the "Add programs from your network" option* - GP name: *NoAddFromNetwork* - GP path: *Control Panel/Add or Remove Programs* @@ -299,7 +299,7 @@ ADMX Info:
            -**ADMX_AddRemovePrograms/NoAddPage** +**ADMX_AddRemovePrograms/NoAddPage** @@ -334,7 +334,7 @@ If you disable this setting or don't configure it, the Add New Programs button i -ADMX Info: +ADMX Info: - GP Friendly name: *Hide Add New Programs page* - GP name: *NoAddPage* - GP path: *Control Panel/Add or Remove Programs* @@ -355,7 +355,7 @@ ADMX Info:
            -**ADMX_AddRemovePrograms/NoAddRemovePrograms** +**ADMX_AddRemovePrograms/NoAddRemovePrograms** @@ -382,7 +382,7 @@ ADMX Info: -This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. +This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. If you disable this setting or don't configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting doesn't prevent users from using other tools and methods to install or uninstall programs. @@ -390,7 +390,7 @@ If you disable this setting or don't configure it, Add or Remove Programs is ava -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Add or Remove Programs* - GP name: *NoAddRemovePrograms* - GP path: *Control Panel/Add or Remove Programs* @@ -411,7 +411,7 @@ ADMX Info:
            -**ADMX_AddRemovePrograms/NoChooseProgramsPage** +**ADMX_AddRemovePrograms/NoChooseProgramsPage** @@ -438,7 +438,7 @@ ADMX Info: -This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users can't view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. +This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users can't view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. If you disable this setting or don't configure it, the **Set Program Access and Defaults** button is available to all users. This setting doesn't prevent users from using other tools and methods to change program access or defaults. This setting doesn't prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting. @@ -447,7 +447,7 @@ If you disable this setting or don't configure it, the **Set Program Access and -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the Set Program Access and Defaults page* - GP name: *NoChooseProgramsPage* - GP path: *Control Panel/Add or Remove Programs* @@ -468,7 +468,7 @@ ADMX Info:
            -**ADMX_AddRemovePrograms/NoRemovePage** +**ADMX_AddRemovePrograms/NoRemovePage** @@ -503,7 +503,7 @@ If you disable this setting or don't configure it, the Change or Remove Programs -ADMX Info: +ADMX Info: - GP Friendly name: *Hide Change or Remove Programs page* - GP name: *NoRemovePage* - GP path: *Control Panel/Add or Remove Programs* @@ -524,7 +524,7 @@ ADMX Info:
            -**ADMX_AddRemovePrograms/NoServices** +**ADMX_AddRemovePrograms/NoServices** @@ -562,7 +562,7 @@ If you disable this setting or don't configure it, "Set up services" appears onl -ADMX Info: +ADMX Info: - GP Friendly name: *Go directly to Components Wizard* - GP name: *NoServices* - GP path: *Control Panel/Add or Remove Programs* @@ -583,7 +583,7 @@ ADMX Info:
            -**ADMX_AddRemovePrograms/NoSupportInfo** +**ADMX_AddRemovePrograms/NoSupportInfo** @@ -620,7 +620,7 @@ If you disable this setting or don't configure it, the Support Info hyperlink ap -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Support Information* - GP name: *NoSupportInfo* - GP path: *Control Panel/Add or Remove Programs* @@ -641,7 +641,7 @@ ADMX Info:
            -**ADMX_AddRemovePrograms/NoWindowsSetupPage** +**ADMX_AddRemovePrograms/NoWindowsSetupPage** @@ -676,7 +676,7 @@ If you disable this setting or don't configure it, the Add/Remove Windows Compon -ADMX Info: +ADMX Info: - GP Friendly name: *Hide Add/Remove Windows Components page* - GP name: *NoWindowsSetupPage* - GP path: *Control Panel/Add or Remove Programs* diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md index 5dd95ce744..b547275475 100644 --- a/windows/client-management/mdm/policy-csp-admx-admpwd.md +++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md @@ -8,24 +8,24 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/09/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_AdmPwd > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_AdmPwd policies +## ADMX_AdmPwd policies
            @@ -46,7 +46,7 @@ manager: aaroncz
            -**ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy** +**ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy** @@ -78,7 +78,7 @@ When you disable or don't configure this setting, password expiration time may b -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow password expiration time longer than required by policy* - GP name: *POL_AdmPwd_DontAllowPwdExpirationBehindPolicy* - GP path: *Windows Components\AdmPwd* @@ -89,7 +89,7 @@ ADMX Info:
            -**ADMX_AdmPwd/POL_AdmPwd_Enabled** +**ADMX_AdmPwd/POL_AdmPwd_Enabled** @@ -123,7 +123,7 @@ If you disable or not configure this setting, local administrator password is NO -ADMX Info: +ADMX Info: - GP Friendly name: *Enable local admin password management* - GP name: *POL_AdmPwd_Enabled* - GP path: *Windows Components\AdmPwd* @@ -135,7 +135,7 @@ ADMX Info:
            -**ADMX_AdmPwd/POL_AdmPwd_AdminName** +**ADMX_AdmPwd/POL_AdmPwd_AdminName** @@ -168,7 +168,7 @@ When you disable or don't configure this setting, password expiration time may b -ADMX Info: +ADMX Info: - GP Friendly name: *Name of administrator account to manage* - GP name: *POL_AdmPwd_AdminName* - GP path: *Windows Components\AdmPwd* @@ -181,7 +181,7 @@ ADMX Info:
            -**ADMX_AdmPwd/POL_AdmPwd** +**ADMX_AdmPwd/POL_AdmPwd** @@ -217,7 +217,7 @@ If you disable or not configure this setting, local administrator password is NO -ADMX Info: +ADMX Info: - GP Friendly name: *Password Settings* - GP name: *POL_AdmPwd* - GP path: *Windows Components\AdmPwd* diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index ecdf4b38bf..105ba68dc0 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -8,23 +8,23 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 08/20/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_AppCompat > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## Policy CSP - ADMX_AppCompat +## Policy CSP - ADMX_AppCompat
            @@ -69,7 +69,7 @@ manager: aaroncz
            -**ADMX_AppCompat/AppCompatPrevent16BitMach** +**ADMX_AppCompat/AppCompatPrevent16BitMach** @@ -111,7 +111,7 @@ If the status is set to Not Configured, the OS falls back on a local policy set -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent access to 16-bit applications* - GP name: *AppCompatPrevent16BitMach* - GP path: *Windows Components/Application Compatibility* @@ -123,7 +123,7 @@ ADMX Info:
            -**ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage** +**ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage** @@ -159,7 +159,7 @@ Enabling this policy setting removes the property page from the context-menus, b -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Program Compatibility Property Page* - GP name: *AppCompatRemoveProgramCompatPropPage* - GP path: *Windows Components/Application Compatibility* @@ -171,7 +171,7 @@ ADMX Info:
            -**ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry** +**ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry** @@ -211,7 +211,7 @@ Disabling telemetry will take effect on any newly launched applications. To ensu -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Application Telemetry* - GP name: *AppCompatTurnOffApplicationImpactTelemetry* - GP path: *Windows Components/Application Compatibility* @@ -223,7 +223,7 @@ ADMX Info:
            -**ADMX_AppCompat/AppCompatTurnOffSwitchBack** +**ADMX_AppCompat/AppCompatTurnOffSwitchBack** @@ -264,7 +264,7 @@ Reboot the system after changing the setting to ensure that your system accurate -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off SwitchBack Compatibility Engine* - GP name: *AppCompatTurnOffSwitchBack* - GP path: *Windows Components/Application Compatibility* @@ -276,7 +276,7 @@ ADMX Info:
            -**ADMX_AppCompat/AppCompatTurnOffEngine** +**ADMX_AppCompat/AppCompatTurnOffEngine** |Edition|Windows 10|Windows 11| @@ -318,7 +318,7 @@ This option is useful to server administrators who require faster performance an -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Application Compatibility Engine* - GP name: *AppCompatTurnOffEngine* - GP path: *Windows Components/Application Compatibility* @@ -330,7 +330,7 @@ ADMX Info:
            -**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1** +**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1** @@ -362,7 +362,7 @@ This policy setting exists only for backward compatibility, and isn't valid for -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Program Compatibility Assistant* - GP name: *AppCompatTurnOffProgramCompatibilityAssistant_1* - GP path: *Windows Components/Application Compatibility* @@ -374,7 +374,7 @@ ADMX Info:
            -**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2** +**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2** @@ -404,7 +404,7 @@ This policy setting controls the state of the Program Compatibility Assistant (P If you enable this policy setting, the PCA will be turned off. The user won't be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues. -If you disable or don't configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics. +If you disable or don't configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics. > [!NOTE] > The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console. @@ -413,7 +413,7 @@ If you disable or don't configure this policy setting, the PCA will be turned on -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Program Compatibility Assistant* - GP name: *AppCompatTurnOffProgramCompatibilityAssistant_2* - GP path: *Windows Components/Application Compatibility* @@ -425,7 +425,7 @@ ADMX Info:
            -**ADMX_AppCompat/AppCompatTurnOffUserActionRecord** +**ADMX_AppCompat/AppCompatTurnOffUserActionRecord** @@ -463,7 +463,7 @@ If you disable or don't configure this policy setting, Steps Recorder will be en -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Steps Recorder* - GP name: *AppCompatTurnOffUserActionRecord* - GP path: *Windows Components/Application Compatibility* @@ -475,7 +475,7 @@ ADMX Info:
            -**ADMX_AppCompat/AppCompatTurnOffProgramInventory** +**ADMX_AppCompat/AppCompatTurnOffProgramInventory** @@ -501,7 +501,7 @@ ADMX Info: -This policy setting controls the state of the Inventory Collector. +This policy setting controls the state of the Inventory Collector. The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems. @@ -516,7 +516,7 @@ If you disable or don't configure this policy setting, the Inventory Collector w -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Inventory Collector* - GP name: *AppCompatTurnOffProgramInventory* - GP path: *Windows Components/Application Compatibility* diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md index 3e30dc883a..5be0699237 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md +++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/10/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_AppxPackageManager > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_AppxPackageManager policies +## ADMX_AppxPackageManager policies
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**ADMX_AppxPackageManager/AllowDeploymentInSpecialProfiles** +**ADMX_AppxPackageManager/AllowDeploymentInSpecialProfiles** @@ -62,9 +62,9 @@ manager: aaroncz -This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special profile. +This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special profile. -Special profiles are the following user profiles where changes are discarded after the user signs off: +Special profiles are the following user profiles where changes are discarded after the user signs off: - Roaming user profiles to which the "Delete cached copies of roaming profiles" Group Policy setting applies. - Mandatory user profiles and super-mandatory profiles, which are created by an administrator. @@ -79,7 +79,7 @@ If you disable or don't configure this policy setting, Group Policy blocks deplo -ADMX Info: +ADMX Info: - GP Friendly name: *Allow deployment operations in special profiles* - GP name: *AllowDeploymentInSpecialProfiles* - GP path: *Windows Components\App Package Deployment* diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md index 786dc5626b..6945c88082 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md +++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/10/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_AppXRuntime > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_AppXRuntime policies +## ADMX_AppXRuntime policies
            @@ -45,7 +45,7 @@ manager: aaroncz
            -**ADMX_AppXRuntime/AppxRuntimeApplicationContentUriRules** +**ADMX_AppXRuntime/AppxRuntimeApplicationContentUriRules** @@ -81,7 +81,7 @@ If you disable or don't set this policy setting, Windows Store apps will only us -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on dynamic Content URI Rules for Windows store apps* - GP name: *AppxRuntimeApplicationContentUriRules* - GP path: *Windows Components\App runtime* @@ -92,7 +92,7 @@ ADMX Info:
            -**ADMX_AppXRuntime/AppxRuntimeBlockFileElevation** +**ADMX_AppXRuntime/AppxRuntimeBlockFileElevation** @@ -128,7 +128,7 @@ If you disable or don't configure this policy setting, Windows Store apps can op -ADMX Info: +ADMX Info: - GP Friendly name: *Block launching desktop apps associated with a file.* - GP name: *AppxRuntimeBlockFileElevation* - GP path: *Windows Components\App runtime* @@ -139,7 +139,7 @@ ADMX Info:
            -**ADMX_AppXRuntime/AppxRuntimeBlockHostedAppAccessWinRT** +**ADMX_AppXRuntime/AppxRuntimeBlockHostedAppAccessWinRT** @@ -177,7 +177,7 @@ If you disable or don't configure this policy setting, all Universal Windows app -ADMX Info: +ADMX Info: - GP Friendly name: *Block launching Universal Windows apps with Windows Runtime API access from hosted content.* - GP name: *AppxRuntimeBlockHostedAppAccessWinRT* - GP path: *Windows Components\App runtime* @@ -188,7 +188,7 @@ ADMX Info:
            -**ADMX_AppXRuntime/AppxRuntimeBlockProtocolElevation** +**ADMX_AppXRuntime/AppxRuntimeBlockProtocolElevation** @@ -215,7 +215,7 @@ ADMX Info: -This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps, there's a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app. +This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps, there's a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app. If you enable this policy setting, Windows Store apps can't open URIs in the default desktop app for a URI scheme; they can open URIs only in other Windows Store apps. @@ -227,7 +227,7 @@ If you disable or don't configure this policy setting, Windows Store apps can op -ADMX Info: +ADMX Info: - GP Friendly name: *Block launching desktop apps associated with a URI scheme* - GP name: *AppxRuntimeBlockProtocolElevation* - GP path: *Windows Components\App runtime* diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md index 0b7733a5a2..dc354f8316 100644 --- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/10/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_AttachmentManager > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_AttachmentManager policies +## ADMX_AttachmentManager policies
            @@ -48,7 +48,7 @@ manager: aaroncz
            -**ADMX_AttachmentManager/AM_EstimateFileHandlerRisk** +**ADMX_AttachmentManager/AM_EstimateFileHandlerRisk** @@ -89,7 +89,7 @@ If you don't configure this policy setting, Windows uses its default trust logic -ADMX Info: +ADMX Info: - GP Friendly name: *Trust logic for file attachments* - GP name: *AM_EstimateFileHandlerRisk* - GP path: *Windows Components\Attachment Manager* @@ -100,7 +100,7 @@ ADMX Info:
            -**ADMX_AttachmentManager/AM_SetFileRiskLevel** +**ADMX_AttachmentManager/AM_SetFileRiskLevel** @@ -141,7 +141,7 @@ If you don't configure this policy setting, Windows sets the default risk level -ADMX Info: +ADMX Info: - GP Friendly name: *Default risk level for file attachments* - GP name: *AM_SetFileRiskLevel* - GP path: *Windows Components\Attachment Manager* @@ -152,7 +152,7 @@ ADMX Info:
            -**ADMX_AttachmentManager/AM_SetHighRiskInclusion** +**ADMX_AttachmentManager/AM_SetHighRiskInclusion** @@ -189,7 +189,7 @@ If you don't configure this policy setting, Windows uses its built-in list of hi -ADMX Info: +ADMX Info: - GP Friendly name: *Inclusion list for high risk file types* - GP name: *AM_SetHighRiskInclusion* - GP path: *Windows Components\Attachment Manager* @@ -200,7 +200,7 @@ ADMX Info:
            -**ADMX_AttachmentManager/AM_SetLowRiskInclusion** +**ADMX_AttachmentManager/AM_SetLowRiskInclusion** @@ -237,7 +237,7 @@ If you don't configure this policy setting, Windows uses its default trust logic -ADMX Info: +ADMX Info: - GP Friendly name: *Inclusion list for low file types* - GP name: *AM_SetLowRiskInclusion* - GP path: *Windows Components\Attachment Manager* @@ -248,7 +248,7 @@ ADMX Info:
            -**ADMX_AttachmentManager/AM_SetModRiskInclusion** +**ADMX_AttachmentManager/AM_SetModRiskInclusion** @@ -285,7 +285,7 @@ If you don't configure this policy setting, Windows uses its default trust logic -ADMX Info: +ADMX Info: - GP Friendly name: *Inclusion list for moderate risk file types* - GP name: *AM_SetModRiskInclusion* - GP path: *Windows Components\Attachment Manager* diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index d3fbdfca47..f5ad2d0813 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/13/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_AuditSettings. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_AuditSettings policies +## ADMX_AuditSettings policies
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**ADMX_AuditSettings/IncludeCmdLine** +**ADMX_AuditSettings/IncludeCmdLine** @@ -76,7 +76,7 @@ Default is Not configured. -ADMX Info: +ADMX Info: - GP Friendly name: *Include command line in process creation events* - GP name: *IncludeCmdLine* - GP path: *System/Audit Process Creation* diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md index 52c73b763f..f98c34b660 100644 --- a/windows/client-management/mdm/policy-csp-admx-bits.md +++ b/windows/client-management/mdm/policy-csp-admx-bits.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/20/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Bits > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Bits policies +## ADMX_Bits policies
            @@ -75,7 +75,7 @@ manager: aaroncz
            -**ADMX_Bits/BITS_DisableBranchCache** +**ADMX_Bits/BITS_DisableBranchCache** @@ -109,11 +109,11 @@ If you disable or don't configure this policy setting, the BITS client uses Wind > [!NOTE] > This policy setting doesn't affect the use of Windows Branch Cache by applications other than BITS. This policy setting doesn't apply to BITS transfers over SMB. This setting has no effect if the computer's administrative settings for Windows Branch Cache disable its use entirely. - + -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow the BITS client to use Windows Branch Cache* - GP name: *BITS_DisableBranchCache* - GP path: *Network\Background Intelligent Transfer Service (BITS)* @@ -124,7 +124,7 @@ ADMX Info:
            -**ADMX_Bits/BITS_DisablePeercachingClient** +**ADMX_Bits/BITS_DisablePeercachingClient** @@ -163,7 +163,7 @@ If you disable or don't configure this policy setting, the computer attempts to -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow the computer to act as a BITS Peercaching client* - GP name: *BITS_DisablePeercachingClient* - GP path: *Network\Background Intelligent Transfer Service (BITS)* @@ -174,7 +174,7 @@ ADMX Info:
            -**ADMX_Bits/BITS_DisablePeercachingServer** +**ADMX_Bits/BITS_DisablePeercachingServer** @@ -213,7 +213,7 @@ If you disable or don't configure this policy setting, the computer will offer d -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow the computer to act as a BITS Peercaching server* - GP name: *BITS_DisablePeercachingServer* - GP path: *Network\Background Intelligent Transfer Service (BITS)* @@ -225,7 +225,7 @@ ADMX Info:
            -**ADMX_Bits/BITS_EnablePeercaching** +**ADMX_Bits/BITS_EnablePeercaching** @@ -263,7 +263,7 @@ If you disable or don't configure this policy setting, the BITS peer caching fea -ADMX Info: +ADMX Info: - GP Friendly name: *Allow BITS Peercaching* - GP name: *BITS_EnablePeercaching* - GP path: *Network\Background Intelligent Transfer Service (BITS)* @@ -275,7 +275,7 @@ ADMX Info:
            -**ADMX_Bits/BITS_MaxBandwidthServedForPeers** +**ADMX_Bits/BITS_MaxBandwidthServedForPeers** @@ -311,13 +311,13 @@ If you enable this policy setting, you can enter a value in bits per second (bps If you disable this policy setting or don't configure it, the default value of 30 percent of the slowest active network interface will be used. -> [!NOTE] +> [!NOTE] > This setting has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured. -ADMX Info: +ADMX Info: - GP Friendly name: *Limit the maximum network bandwidth used for Peercaching* - GP name: *BITS_MaxBandwidthServedForPeers* - GP path: *Network\Background Intelligent Transfer Service (BITS)* @@ -328,7 +328,7 @@ ADMX Info:
            -**ADMX_Bits/BITS_MaxBandwidthV2_Maintenance** +**ADMX_Bits/BITS_MaxBandwidthV2_Maintenance** @@ -368,7 +368,7 @@ If you disable or don't configure this policy setting, the limits defined for wo -ADMX Info: +ADMX Info: - GP Friendly name: *Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers* - GP name: *BITS_MaxBandwidthV2_Maintenance* - GP path: *Network\Background Intelligent Transfer Service (BITS)* @@ -380,7 +380,7 @@ ADMX Info:
            -**ADMX_Bits/BITS_MaxBandwidthV2_Work** +**ADMX_Bits/BITS_MaxBandwidthV2_Work** @@ -417,7 +417,7 @@ If you disable or don't configure this policy setting, BITS uses all available u -ADMX Info: +ADMX Info: - GP Friendly name: *Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers* - GP name: *BITS_MaxBandwidthV2_Work* - GP path: *Network\Background Intelligent Transfer Service (BITS)* @@ -429,7 +429,7 @@ ADMX Info:
            -**ADMX_Bits/BITS_MaxCacheSize** +**ADMX_Bits/BITS_MaxCacheSize** @@ -467,7 +467,7 @@ If you disable or don't configure this policy setting, the default size of the B -ADMX Info: +ADMX Info: - GP Friendly name: *Limit the BITS Peercache size* - GP name: *BITS_MaxCacheSize* - GP path: *Network\Background Intelligent Transfer Service (BITS)* @@ -478,7 +478,7 @@ ADMX Info:
            -**ADMX_Bits/BITS_MaxContentAge** +**ADMX_Bits/BITS_MaxContentAge** @@ -516,7 +516,7 @@ If you disable or don't configure this policy setting, files that haven't been a -ADMX Info: +ADMX Info: - GP Friendly name: *Limit the age of files in the BITS Peercache* - GP name: *BITS_MaxContentAge* - GP path: *Network\Background Intelligent Transfer Service (BITS)* @@ -527,7 +527,7 @@ ADMX Info:
            -**ADMX_Bits/BITS_MaxDownloadTime** +**ADMX_Bits/BITS_MaxDownloadTime** @@ -567,7 +567,7 @@ If you disable or don't configure this policy setting, the default value of 90 d -ADMX Info: +ADMX Info: - GP Friendly name: *Limit the maximum BITS job download time* - GP name: *BITS_MaxDownloadTime* - GP path: *Network\Background Intelligent Transfer Service (BITS)* @@ -578,7 +578,7 @@ ADMX Info:
            -**ADMX_Bits/BITS_MaxFilesPerJob** +**ADMX_Bits/BITS_MaxFilesPerJob** @@ -617,7 +617,7 @@ If you disable or don't configure this policy setting, BITS will use the default -ADMX Info: +ADMX Info: - GP Friendly name: *Limit the maximum number of files allowed in a BITS job* - GP name: *BITS_MaxFilesPerJob* - GP path: *Network\Background Intelligent Transfer Service (BITS)* @@ -628,7 +628,7 @@ ADMX Info:
            -**ADMX_Bits/BITS_MaxJobsPerMachine** +**ADMX_Bits/BITS_MaxJobsPerMachine** @@ -667,7 +667,7 @@ If you disable or don't configure this policy setting, BITS will use the default -ADMX Info: +ADMX Info: - GP Friendly name: *Limit the maximum number of BITS jobs for this computer* - GP name: *BITS_MaxJobsPerMachine* - GP path: *Network\Background Intelligent Transfer Service (BITS)* @@ -678,7 +678,7 @@ ADMX Info:
            -**ADMX_Bits/BITS_MaxJobsPerUser** +**ADMX_Bits/BITS_MaxJobsPerUser** @@ -717,7 +717,7 @@ If you disable or don't configure this policy setting, BITS will use the default -ADMX Info: +ADMX Info: - GP Friendly name: *Limit the maximum number of BITS jobs for each user* - GP name: *BITS_MaxJobsPerUser* - GP path: *Network\Background Intelligent Transfer Service (BITS)* @@ -728,7 +728,7 @@ ADMX Info:
            -**ADMX_Bits/BITS_MaxRangesPerFile** +**ADMX_Bits/BITS_MaxRangesPerFile** @@ -767,7 +767,7 @@ If you disable or don't configure this policy setting, BITS will limit ranges to -ADMX Info: +ADMX Info: - GP Friendly name: *Limit the maximum number of ranges that can be added to the file in a BITS job* - GP name: *BITS_MaxRangesPerFile* - GP path: *Network\Background Intelligent Transfer Service (BITS)* diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md index 86f2b2d508..6132be8c82 100644 --- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/17/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_CipherSuiteOrder > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_CipherSuiteOrder policies +## ADMX_CipherSuiteOrder policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_CipherSuiteOrder/SSLCipherSuiteOrder** +**ADMX_CipherSuiteOrder/SSLCipherSuiteOrder** @@ -77,7 +77,7 @@ For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Sc -ADMX Info: +ADMX Info: - GP Friendly name: *SSL Cipher Suite Order* - GP name: *SSLCipherSuiteOrder* - GP path: *Network/SSL Configuration Settings* @@ -90,7 +90,7 @@ ADMX Info:
            -**ADMX_CipherSuiteOrder/SSLCurveOrder** +**ADMX_CipherSuiteOrder/SSLCurveOrder** @@ -137,7 +137,7 @@ CertUtil.exe -DisplayEccCurve -ADMX Info: +ADMX Info: - GP Friendly name: *ECC Curve Order* - GP name: *SSLCurveOrder* - GP path: *Network/SSL Configuration Settings* diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md index 8426131fb5..6da4cdd113 100644 --- a/windows/client-management/mdm/policy-csp-admx-com.md +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/18/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_COM > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_COM policies +## ADMX_COM policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_COM/AppMgmt_COM_SearchForCLSID_1** +**ADMX_COM/AppMgmt_COM_SearchForCLSID_1** @@ -79,7 +79,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Download missing COM components* - GP name: *AppMgmt_COM_SearchForCLSID_1* - GP path: *System* @@ -92,7 +92,7 @@ ADMX Info:
            -**ADMX_COM/AppMgmt_COM_SearchForCLSID_2** +**ADMX_COM/AppMgmt_COM_SearchForCLSID_2** @@ -131,7 +131,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Download missing COM components* - GP name: *AppMgmt_COM_SearchForCLSID_2* - GP path: *System* diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md index 55e7b8a33f..862fe73075 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/05/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_ControlPanel > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_ControlPanel policies +## ADMX_ControlPanel policies
            @@ -45,7 +45,7 @@ manager: aaroncz
            -**ADMX_ControlPanel/DisallowCpls** +**ADMX_ControlPanel/DisallowCpls** @@ -83,7 +83,7 @@ To hide a Control Panel item, enable this policy setting and click Show to acces If both the "Hide specified Control Panel items" setting and the "Show only specified Control Panel items" setting are enabled, the "Show only specified Control Panel items" setting is ignored. > [!NOTE] -> The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead. +> The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead. > >To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration. @@ -91,7 +91,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec -ADMX Info: +ADMX Info: - GP Friendly name: *Hide specified Control Panel items* - GP name: *DisallowCpls* - GP path: *Control Panel* @@ -102,7 +102,7 @@ ADMX Info:
            -**ADMX_ControlPanel/ForceClassicControlPanel** +**ADMX_ControlPanel/ForceClassicControlPanel** @@ -128,7 +128,7 @@ ADMX Info: -This policy setting controls the default Control Panel view, whether by category or icons. +This policy setting controls the default Control Panel view, whether by category or icons. If this policy setting is enabled, the Control Panel opens to the icon view. @@ -143,7 +143,7 @@ If this policy setting isn't configured, the Control Panel opens to the view use -ADMX Info: +ADMX Info: - GP Friendly name: *Always open All Control Panel Items when opening Control Panel* - GP name: *ForceClassicControlPanel* - GP path: *Control Panel* @@ -154,7 +154,7 @@ ADMX Info:
            -**ADMX_ControlPanel/NoControlPanel** +**ADMX_ControlPanel/NoControlPanel** @@ -202,7 +202,7 @@ If users try to select a Control Panel item from the Properties item on a contex -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit access to Control Panel and PC settings* - GP name: *NoControlPanel* - GP path: *Control Panel* @@ -213,7 +213,7 @@ ADMX Info:
            -**ADMX_ControlPanel/RestrictCpls** +**ADMX_ControlPanel/RestrictCpls** @@ -256,7 +256,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec -ADMX Info: +ADMX Info: - GP Friendly name: *Show only specified Control Panel items* - GP name: *RestrictCpls* - GP path: *Control Panel* diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md index 637df89faf..8f8832d0ec 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/05/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_ControlPanelDisplay > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_ControlPanelDisplay policies +## ADMX_ControlPanelDisplay policies
            @@ -105,7 +105,7 @@ manager: aaroncz
            -**ADMX_ControlPanelDisplay/CPL_Display_Disable** +**ADMX_ControlPanelDisplay/CPL_Display_Disable** @@ -141,7 +141,7 @@ Also, see the "Prohibit access to the Control Panel" (User Configuration\Adminis -ADMX Info: +ADMX Info: - GP Friendly name: *Disable the Display Control Panel* - GP name: *CPL_Display_Disable* - GP path: *Control Panel\Display* @@ -152,7 +152,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Display_HideSettings** +**ADMX_ControlPanelDisplay/CPL_Display_HideSettings** @@ -186,7 +186,7 @@ This setting prevents users from using Control Panel to add, configure, or chang -ADMX Info: +ADMX Info: - GP Friendly name: *Hide Settings tab* - GP name: *CPL_Display_HideSettings* - GP path: *Control Panel\Display* @@ -197,7 +197,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_DisableColorSchemeChoice** +**ADMX_ControlPanelDisplay/CPL_Personalization_DisableColorSchemeChoice** @@ -234,7 +234,7 @@ For Windows 7 and later, use the "Prevent changing color and appearance" setting -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changing color scheme* - GP name: *CPL_Personalization_DisableColorSchemeChoice* - GP path: *Control Panel\Personalization* @@ -245,7 +245,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_DisableThemeChange** +**ADMX_ControlPanelDisplay/CPL_Personalization_DisableThemeChange** @@ -283,7 +283,7 @@ If you disable or don't configure this setting, there's no effect. -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changing theme* - GP name: *CPL_Personalization_DisableThemeChange* - GP path: *Control Panel\Personalization* @@ -294,7 +294,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_DisableVisualStyle** +**ADMX_ControlPanelDisplay/CPL_Personalization_DisableVisualStyle** @@ -329,7 +329,7 @@ When enabled on Windows XP and later systems, this setting prevents users and ap -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changing visual style for windows and buttons* - GP name: *CPL_Personalization_DisableVisualStyle* - GP path: *Control Panel\Personalization* @@ -340,7 +340,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_EnableScreenSaver** +**ADMX_ControlPanelDisplay/CPL_Personalization_EnableScreenSaver** @@ -379,7 +379,7 @@ Also, see the "Prevent changing Screen Saver" setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Enable screen saver* - GP name: *CPL_Personalization_EnableScreenSaver* - GP path: *Control Panel\Personalization* @@ -390,7 +390,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_ForceDefaultLockScreen** +**ADMX_ControlPanelDisplay/CPL_Personalization_ForceDefaultLockScreen** @@ -431,7 +431,7 @@ This setting can be used in conjunction with the "Prevent changing lock screen a -ADMX Info: +ADMX Info: - GP Friendly name: *Force a specific default lock screen and logon image* - GP name: *CPL_Personalization_ForceDefaultLockScreen* - GP path: *Control Panel\Personalization* @@ -442,7 +442,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_LockFontSize** +**ADMX_ControlPanelDisplay/CPL_Personalization_LockFontSize** @@ -470,14 +470,14 @@ ADMX Info: This setting prevents users from changing the size of the font in the windows and buttons displayed on their screens. -If this setting is enabled, the "Font size" drop-down list on the Appearance tab in Display Properties is disabled. +If this setting is enabled, the "Font size" drop-down list on the Appearance tab in Display Properties is disabled. If you disable or don't configure this setting, a user may change the font size using the "Font size" drop-down list on the Appearance tab. -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit selection of visual style font size* - GP name: *CPL_Personalization_LockFontSize* - GP path: *Control Panel\Personalization* @@ -488,7 +488,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingLockScreen** +**ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingLockScreen** @@ -523,7 +523,7 @@ If you enable this setting, the user won't be able to change their lock screen a -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changing lock screen and logon image* - GP name: *CPL_Personalization_NoChangingLockScreen* - GP path: *Control Panel\Personalization* @@ -534,7 +534,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingStartMenuBackground** +**ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingStartMenuBackground** @@ -573,7 +573,7 @@ If the "Force a specific Start background" policy is also set on a supported ver -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changing start menu background* - GP name: *CPL_Personalization_NoChangingStartMenuBackground* - GP path: *Control Panel\Personalization* @@ -584,7 +584,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_NoColorAppearanceUI** +**ADMX_ControlPanelDisplay/CPL_Personalization_NoColorAppearanceUI** @@ -621,7 +621,7 @@ For systems prior to Windows Vista, this setting hides the Appearance and Themes -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changing color and appearance* - GP name: *CPL_Personalization_NoColorAppearanceUI* - GP path: *Control Panel\Personalization* @@ -632,7 +632,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopBackgroundUI** +**ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopBackgroundUI** @@ -674,7 +674,7 @@ Also, see the "Allow only bitmapped wallpaper" setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changing desktop background* - GP name: *CPL_Personalization_NoDesktopBackgroundUI* - GP path: *Control Panel\Personalization* @@ -685,7 +685,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopIconsUI** +**ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopIconsUI** @@ -722,7 +722,7 @@ For systems prior to Windows Vista, this setting also hides the Desktop tab in t -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changing desktop icons* - GP name: *CPL_Personalization_NoDesktopIconsUI* - GP path: *Control Panel\Personalization* @@ -733,7 +733,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_NoLockScreen** +**ADMX_ControlPanelDisplay/CPL_Personalization_NoLockScreen** @@ -768,7 +768,7 @@ If you disable or don't configure this policy setting, users that aren't require -ADMX Info: +ADMX Info: - GP Friendly name: *Do not display the lock screen* - GP name: *CPL_Personalization_NoLockScreen* - GP path: *Control Panel\Personalization* @@ -779,7 +779,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_NoMousePointersUI** +**ADMX_ControlPanelDisplay/CPL_Personalization_NoMousePointersUI** @@ -814,7 +814,7 @@ If you enable this setting, none of the mouse pointer scheme settings can be cha -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changing mouse pointers* - GP name: *CPL_Personalization_NoMousePointersUI* - GP path: *Control Panel\Personalization* @@ -825,7 +825,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_NoScreenSaverUI** +**ADMX_ControlPanelDisplay/CPL_Personalization_NoScreenSaverUI** @@ -858,7 +858,7 @@ This setting also prevents users from using Control Panel to add, configure, or -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changing screen saver* - GP name: *CPL_Personalization_NoScreenSaverUI* - GP path: *Control Panel\Personalization* @@ -869,7 +869,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_NoSoundSchemeUI** +**ADMX_ControlPanelDisplay/CPL_Personalization_NoSoundSchemeUI** @@ -904,7 +904,7 @@ If you enable this setting, none of the Sound Scheme settings can be changed by -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changing sounds* - GP name: *CPL_Personalization_NoSoundSchemeUI* - GP path: *Control Panel\Personalization* @@ -915,7 +915,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_PersonalColors** +**ADMX_ControlPanelDisplay/CPL_Personalization_PersonalColors** @@ -950,7 +950,7 @@ If this setting is enabled, the background and accent colors of Windows will be -ADMX Info: +ADMX Info: - GP Friendly name: *Force a specific background and accent color* - GP name: *CPL_Personalization_PersonalColors* - GP path: *Control Panel\Personalization* @@ -961,7 +961,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverIsSecure** +**ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverIsSecure** @@ -1003,7 +1003,7 @@ To ensure that a computer will be password protected, enable the "Enable Screen -ADMX Info: +ADMX Info: - GP Friendly name: *Password protect the screen saver* - GP name: *CPL_Personalization_ScreenSaverIsSecure* - GP path: *Control Panel\Personalization* @@ -1014,7 +1014,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverTimeOut** +**ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverTimeOut** @@ -1057,7 +1057,7 @@ When not configured, whatever wait time is set on the client through the Screen -ADMX Info: +ADMX Info: - GP Friendly name: *Screen saver timeout* - GP name: *CPL_Personalization_ScreenSaverTimeOut* - GP path: *Control Panel\Personalization* @@ -1068,7 +1068,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_SetScreenSaver** +**ADMX_ControlPanelDisplay/CPL_Personalization_SetScreenSaver** @@ -1110,7 +1110,7 @@ If the specified screen saver isn't installed on a computer to which this settin -ADMX Info: +ADMX Info: - GP Friendly name: *Force specific screen saver* - GP name: *CPL_Personalization_SetScreenSaver* - GP path: *Control Panel\Personalization* @@ -1121,7 +1121,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_SetTheme** +**ADMX_ControlPanelDisplay/CPL_Personalization_SetTheme** @@ -1156,7 +1156,7 @@ If you disable or don't configure this setting, the default theme will be applie -ADMX Info: +ADMX Info: - GP Friendly name: *Load a specific theme* - GP name: *CPL_Personalization_SetTheme* - GP path: *Control Panel\Personalization* @@ -1167,7 +1167,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_SetVisualStyle** +**ADMX_ControlPanelDisplay/CPL_Personalization_SetVisualStyle** @@ -1211,7 +1211,7 @@ If you disable or don't configure this setting, the users can select the visual -ADMX Info: +ADMX Info: - GP Friendly name: *Force a specific visual style file or force Windows Classic* - GP name: *CPL_Personalization_SetVisualStyle* - GP path: *Control Panel\Personalization* @@ -1222,7 +1222,7 @@ ADMX Info:
            -**ADMX_ControlPanelDisplay/CPL_Personalization_StartBackground** +**ADMX_ControlPanelDisplay/CPL_Personalization_StartBackground** @@ -1257,7 +1257,7 @@ If this setting is set to a nonzero value, then Start uses the specified backgro -ADMX Info: +ADMX Info: - GP Friendly name: *Force a specific Start background* - GP name: *CPL_Personalization_StartBackground* - GP path: *Control Panel\Personalization* diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index b7c40099e2..6c4bdbeeff 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/26/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Cpls > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Cpls policies +## ADMX_Cpls policies
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**ADMX_Cpls/UseDefaultTile** +**ADMX_Cpls/UseDefaultTile** @@ -64,7 +64,7 @@ manager: aaroncz This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo. -> [!NOTE] +> [!NOTE] > The default account picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg.` The default guest picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg.` If the default pictures do not exist, an empty frame is displayed. If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed. @@ -75,7 +75,7 @@ If you disable or do not configure this policy setting, users will be able to cu -ADMX Info: +ADMX Info: - GP Friendly name: *Apply the default account picture to all users* - GP name: *UseDefaultTile* - GP path: *Control Panel/User Accounts* diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md index b72ed7c028..f6809b9436 100644 --- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/11/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_CredentialProviders > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_CredentialProviders policies +## ADMX_CredentialProviders policies
            @@ -42,7 +42,7 @@ manager: aaroncz
            -**ADMX_CredentialProviders/AllowDomainDelayLock** +**ADMX_CredentialProviders/AllowDomainDelayLock** @@ -83,7 +83,7 @@ If you don't configure this policy setting on a workgroup device, a user on a Co -ADMX Info: +ADMX Info: - GP Friendly name: *Allow users to select when a password is required when resuming from connected standby* - GP name: *AllowDomainDelayLock* - GP path: *System\Logon* @@ -94,7 +94,7 @@ ADMX Info:
            -**ADMX_CredentialProviders/DefaultCredentialProvider** +**ADMX_CredentialProviders/DefaultCredentialProvider** @@ -132,7 +132,7 @@ If you disable or don't configure this policy setting, the system picks the defa -ADMX Info: +ADMX Info: - GP Friendly name: *Assign a default credential provider* - GP name: *DefaultCredentialProvider* - GP path: *System\Logon* @@ -144,7 +144,7 @@ ADMX Info: -**ADMX_CredentialProviders/ExcludedCredentialProviders** +**ADMX_CredentialProviders/ExcludedCredentialProviders** @@ -170,7 +170,7 @@ ADMX Info: -This policy setting allows the administrator to exclude the specified credential providers from use during authentication. +This policy setting allows the administrator to exclude the specified credential providers from use during authentication. > [!NOTE] > Credential providers are used to process and validate user credentials during logon or when authentication is required. Windows Vista provides two default credential providers: Password and Smart Card. An administrator can install additional credential providers for different sets of credentials (for example, to support biometric authentication). @@ -182,7 +182,7 @@ If you disable or do not configure this policy, all installed and otherwise enab -ADMX Info: +ADMX Info: - GP Friendly name: *Exclude credential providers* - GP name: *ExcludedCredentialProviders* - GP path: *System\Logon* diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index fb4a63852b..f1b75f5a96 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/12/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_CredSsp > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_CredSsp policies +## ADMX_CredSsp policies
            @@ -66,7 +66,7 @@ manager: aaroncz
            -**ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly** +**ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly** @@ -113,7 +113,7 @@ If you disable or don't configure (by default) this policy setting, delegation o -ADMX Info: +ADMX Info: - GP Friendly name: *Allow delegating default credentials with NTLM-only server authentication* - GP name: *AllowDefCredentialsWhenNTLMOnly* - GP path: *System\Credentials Delegation* @@ -124,7 +124,7 @@ ADMX Info:
            -**ADMX_CredSsp/AllowDefaultCredentials** +**ADMX_CredSsp/AllowDefaultCredentials** @@ -175,7 +175,7 @@ https://go.microsoft.com/fwlink/?LinkId=301508 -ADMX Info: +ADMX Info: - GP Friendly name: *Allow delegating default credentials* - GP name: *AllowDefaultCredentials* - GP path: *System\Credentials Delegation* @@ -186,7 +186,7 @@ ADMX Info:
            -**ADMX_CredSsp/AllowEncryptionOracle** +**ADMX_CredSsp/AllowEncryptionOracle** @@ -218,7 +218,7 @@ Some versions of the CredSSP protocol are vulnerable to an encryption oracle att If you enable this policy setting, CredSSP version support will be selected based on the following options: -- Force Updated Clients: Client applications that use CredSSP won't be able to fall back to the insecure versions and services using CredSSP won't accept unpatched clients. +- Force Updated Clients: Client applications that use CredSSP won't be able to fall back to the insecure versions and services using CredSSP won't accept unpatched clients. > [!NOTE] > This setting should not be deployed until all remote hosts support the newest version. @@ -232,7 +232,7 @@ For more information about the vulnerability and servicing requirements for prot -ADMX Info: +ADMX Info: - GP Friendly name: *Encryption Oracle Remediation* - GP name: *AllowEncryptionOracle* - GP path: *System\Credentials Delegation* @@ -243,7 +243,7 @@ ADMX Info:
            -**ADMX_CredSsp/AllowFreshCredentials** +**ADMX_CredSsp/AllowFreshCredentials** @@ -291,7 +291,7 @@ If you disable this policy setting, delegation of fresh credentials isn't permit -ADMX Info: +ADMX Info: - GP Friendly name: *Allow delegating fresh credentials* - GP name: *AllowFreshCredentials* - GP path: *System\Credentials Delegation* @@ -302,7 +302,7 @@ ADMX Info:
            -**ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly** +**ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly** @@ -350,7 +350,7 @@ If you disable this policy setting, delegation of fresh credentials isn't permit -ADMX Info: +ADMX Info: - GP Friendly name: *Allow delegating fresh credentials with NTLM-only server authentication* - GP name: *AllowFreshCredentialsWhenNTLMOnly* - GP path: *System\Credentials Delegation* @@ -361,7 +361,7 @@ ADMX Info:
            -**ADMX_CredSsp/AllowSavedCredentials** +**ADMX_CredSsp/AllowSavedCredentials** @@ -409,7 +409,7 @@ If you disable this policy setting, delegation of saved credentials isn't permit -ADMX Info: +ADMX Info: - GP Friendly name: *Allow delegating saved credentials* - GP name: *AllowSavedCredentials* - GP path: *System\Credentials Delegation* @@ -420,7 +420,7 @@ ADMX Info:
            -**ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly** +**ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly** @@ -468,7 +468,7 @@ If you disable this policy setting, delegation of saved credentials isn't permit -ADMX Info: +ADMX Info: - GP Friendly name: *Allow delegating saved credentials with NTLM-only server authentication* - GP name: *AllowSavedCredentialsWhenNTLMOnly* - GP path: *System\Credentials Delegation* @@ -479,7 +479,7 @@ ADMX Info:
            -**ADMX_CredSsp/DenyDefaultCredentials** +**ADMX_CredSsp/DenyDefaultCredentials** @@ -525,7 +525,7 @@ This policy setting can be used in combination with the "Allow delegating defaul -ADMX Info: +ADMX Info: - GP Friendly name: *Deny delegating default credentials* - GP name: *DenyDefaultCredentials* - GP path: *System\Credentials Delegation* @@ -536,7 +536,7 @@ ADMX Info:
            -**ADMX_CredSsp/DenyFreshCredentials** +**ADMX_CredSsp/DenyFreshCredentials** @@ -582,7 +582,7 @@ This policy setting can be used in combination with the "Allow delegating fresh -ADMX Info: +ADMX Info: - GP Friendly name: *Deny delegating fresh credentials* - GP name: *DenyFreshCredentials* - GP path: *System\Credentials Delegation* @@ -593,7 +593,7 @@ ADMX Info:
            -**ADMX_CredSsp/DenySavedCredentials** +**ADMX_CredSsp/DenySavedCredentials** @@ -639,7 +639,7 @@ This policy setting can be used in combination with the "Allow delegating saved -ADMX Info: +ADMX Info: - GP Friendly name: *Deny delegating saved credentials* - GP name: *DenySavedCredentials* - GP path: *System\Credentials Delegation* @@ -650,7 +650,7 @@ ADMX Info:
            -**ADMX_CredSsp/RestrictedRemoteAdministration** +**ADMX_CredSsp/RestrictedRemoteAdministration** @@ -697,7 +697,7 @@ If you disable or don't configure this policy setting, Restricted Admin and Remo -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict delegation of credentials to remote servers* - GP name: *RestrictedRemoteAdministration* - GP path: *System\Credentials Delegation* diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md index 68623bfc04..6aa7b55b5a 100644 --- a/windows/client-management/mdm/policy-csp-admx-credui.md +++ b/windows/client-management/mdm/policy-csp-admx-credui.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/09/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_CredUI > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_CredUI policies +## ADMX_CredUI policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_CredUI/EnableSecureCredentialPrompting** +**ADMX_CredUI/EnableSecureCredentialPrompting** @@ -77,7 +77,7 @@ If you disable or don't configure this policy setting, users will enter Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Require trusted path for credential entry* - GP name: *EnableSecureCredentialPrompting* - GP path: *Windows Components\Credential User Interface* @@ -88,7 +88,7 @@ ADMX Info:
            -**ADMX_CredUI/NoLocalPasswordResetQuestions** +**ADMX_CredUI/NoLocalPasswordResetQuestions** @@ -120,7 +120,7 @@ Available in the latest Windows 10 Insider Preview Build. If you turn on this po -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent the use of security questions for local accounts* - GP name: *NoLocalPasswordResetQuestions* - GP path: *Windows Components\Credential User Interface* diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index 0d6a23d272..73f891da05 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/26/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_CtrlAltDel > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_CtrlAltDel policies +## ADMX_CtrlAltDel policies
            @@ -45,7 +45,7 @@ manager: aaroncz
            -**ADMX_CtrlAltDel/DisableChangePassword** +**ADMX_CtrlAltDel/DisableChangePassword** @@ -81,7 +81,7 @@ However, users will still be able to change their password when prompted by the -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Change Password* - GP name: *DisableChangePassword* - GP path: *System/Ctrl+Alt+Del Options* @@ -93,7 +93,7 @@ ADMX Info:
            -**ADMX_CtrlAltDel/DisableLockComputer** +**ADMX_CtrlAltDel/DisableLockComputer** @@ -133,7 +133,7 @@ If you disable or don't configure this policy setting, users will be able to loc -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Lock Computer* - GP name: *DisableLockWorkstation* - GP path: *System/Ctrl+Alt+Del Options* @@ -144,7 +144,7 @@ ADMX Info:
            -**ADMX_CtrlAltDel/DisableTaskMgr** +**ADMX_CtrlAltDel/DisableTaskMgr** |Edition|Windows 10|Windows 11| @@ -180,7 +180,7 @@ If you disable or don't configure this policy setting, users can access Task Man -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Task Manager* - GP name: *DisableTaskMgr* - GP path: *System/Ctrl+Alt+Del Options* @@ -191,7 +191,7 @@ ADMX Info:
            -**ADMX_CtrlAltDel/NoLogoff** +**ADMX_CtrlAltDel/NoLogoff** @@ -228,7 +228,7 @@ If you disable or don't configure this policy setting, users can see and select -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Logoff* - GP name: *NoLogoff* - GP path: *System/Ctrl+Alt+Del Options* diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md index 18b990f41a..8dcae17f39 100644 --- a/windows/client-management/mdm/policy-csp-admx-datacollection.md +++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/01/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            -## ADMX_DataCollection policies +## ADMX_DataCollection policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**ADMX_DataCollection/CommercialIdPolicy** +**ADMX_DataCollection/CommercialIdPolicy** @@ -72,7 +72,7 @@ If you disable or don't configure this policy setting, then Microsoft won't be a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure the Commercial ID* - GP name: *CommercialIdPolicy* - GP path: *Windows Components\Data Collection and Preview Builds* diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md index f826ec41b1..d4623becb6 100644 --- a/windows/client-management/mdm/policy-csp-admx-dcom.md +++ b/windows/client-management/mdm/policy-csp-admx-dcom.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/08/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_DCOM > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_DCOM policies +## ADMX_DCOM policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList** +**ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList** @@ -66,10 +66,10 @@ manager: aaroncz This policy setting allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list. - + If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list. -If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list. +If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list. If you don't configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy isn't configured. @@ -79,7 +79,7 @@ If you don't configure this policy setting, DCOM will only look in the locally c -ADMX Info: +ADMX Info: - GP Friendly name: *Allow local activation security check exemptions* - GP name: *DCOMActivationSecurityCheckAllowLocalList* - GP path: *Windows Components\AppCompat!AllowLocalActivationSecurityCheckExemptionList* @@ -90,7 +90,7 @@ ADMX Info:
            -**ADMX_DCOM/DCOMActivationSecurityCheckExemptionList** +**ADMX_DCOM/DCOMActivationSecurityCheckExemptionList** @@ -116,42 +116,42 @@ ADMX Info: -This policy setting allows you to view and change a list of DCOM server application IDs (app IDs), which are exempted from the DCOM Activation security check. -DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators. -DCOM ignores the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled. +This policy setting allows you to view and change a list of DCOM server application IDs (app IDs), which are exempted from the DCOM Activation security check. +DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators. +DCOM ignores the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled. DCOM server application IDs added to this policy must be listed in curly brace format. For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`. -If you enter a non-existent or improperly formatted application, ID DCOM will add it to the list without checking for errors. +If you enter a non-existent or improperly formatted application, ID DCOM will add it to the list without checking for errors. -If you add an application ID to this list and set its value to one, DCOM won't enforce the Activation security check for that DCOM server. -If you add an application ID to this list and set its value to 0, DCOM will always enforce the Activation security check for that DCOM server regardless of local +If you add an application ID to this list and set its value to one, DCOM won't enforce the Activation security check for that DCOM server. +If you add an application ID to this list and set its value to 0, DCOM will always enforce the Activation security check for that DCOM server regardless of local settings. -If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. - +If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. + If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used. -If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used. +If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used. ->[!Note] +>[!Note] > The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process. - -This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries, then the object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead. -The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid. -DCOM servers added to this exemption list are only exempted if their custom launch permissions don't contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups. +This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries, then the object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead. + +The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid. +DCOM servers added to this exemption list are only exempted if their custom launch permissions don't contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups. > [!NOTE] > Exemptions for DCOM Server Application IDs added to this list will apply to both 32-bit and 64-bit versions of the server if present. -> +> > [!NOTE] > This policy setting applies to all sites in Trusted zones. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow local activation security check exemptions* - GP name: *DCOMActivationSecurityCheckExemptionList* - GP path: *Windows Components\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList* diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md index c18835be26..1320fc35aa 100644 --- a/windows/client-management/mdm/policy-csp-admx-desktop.md +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/02/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Desktop > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Desktop policies +## ADMX_Desktop policies
            @@ -120,7 +120,7 @@ manager: aaroncz
            -**ADMX_Desktop/AD_EnableFilter** +**ADMX_Desktop/AD_EnableFilter** @@ -158,7 +158,7 @@ To see the filter bar, open Network Locations, click Entire Network, and then cl -ADMX Info: +ADMX Info: - GP Friendly name: *Enable filter in Find dialog box* - GP name: *AD_EnableFilter* - GP path: *Desktop\Active Directory* @@ -169,7 +169,7 @@ ADMX Info:
            -**ADMX_Desktop/AD_HideDirectoryFolder** +**ADMX_Desktop/AD_HideDirectoryFolder** @@ -209,7 +209,7 @@ This setting is designed to let users search Active Directory but not tempt them -ADMX Info: +ADMX Info: - GP Friendly name: *Hide Active Directory folder* - GP name: *AD_HideDirectoryFolder* - GP path: *Desktop\Active Directory* @@ -220,7 +220,7 @@ ADMX Info:
            -**ADMX_Desktop/AD_QueryLimit** +**ADMX_Desktop/AD_QueryLimit** @@ -258,7 +258,7 @@ This setting is designed to protect the network and the domain controller from t -ADMX Info: +ADMX Info: - GP Friendly name: *Maximum size of Active Directory searches* - GP name: *AD_QueryLimit* - GP path: *Desktop\Active Directory* @@ -269,7 +269,7 @@ ADMX Info:
            -**ADMX_Desktop/ForceActiveDesktopOn** +**ADMX_Desktop/ForceActiveDesktopOn** @@ -307,7 +307,7 @@ If you disable this setting or don't configure it, Active Desktop is disabled by -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Active Desktop* - GP name: *ForceActiveDesktopOn* - GP path: *Desktop\Desktop* @@ -318,7 +318,7 @@ ADMX Info:
            -**ADMX_Desktop/NoActiveDesktop** +**ADMX_Desktop/NoActiveDesktop** @@ -357,7 +357,7 @@ If you disable this setting or don't configure it, Active Desktop is disabled by -ADMX Info: +ADMX Info: - GP Friendly name: *Disable Active Desktop* - GP name: *NoActiveDesktop* - GP path: *Desktop\Desktop* @@ -368,7 +368,7 @@ ADMX Info:
            -**ADMX_Desktop/NoActiveDesktopChanges** +**ADMX_Desktop/NoActiveDesktopChanges** @@ -401,7 +401,7 @@ This setting is a comprehensive one that locks down the configuration you establ -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit changes* - GP name: *NoActiveDesktopChanges* - GP path: *Desktop\Desktop* @@ -412,7 +412,7 @@ ADMX Info:
            -**ADMX_Desktop/NoDesktop** +**ADMX_Desktop/NoDesktop** @@ -448,7 +448,7 @@ Also, see "Items displayed in Places Bar" in User Configuration\Administrative T -ADMX Info: +ADMX Info: - GP Friendly name: *Hide and disable all items on the desktop* - GP name: *NoDesktop* - GP path: *Desktop* @@ -459,7 +459,7 @@ ADMX Info:
            -**ADMX_Desktop/NoDesktopCleanupWizard** +**ADMX_Desktop/NoDesktopCleanupWizard** @@ -498,7 +498,7 @@ If you disable this setting or don't configure it, the default behavior of the D -ADMX Info: +ADMX Info: - GP Friendly name: *Remove the Desktop Cleanup Wizard* - GP name: *NoDesktopCleanupWizard* - GP path: *Desktop* @@ -509,7 +509,7 @@ ADMX Info:
            -**ADMX_Desktop/NoInternetIcon** +**ADMX_Desktop/NoInternetIcon** @@ -543,7 +543,7 @@ This setting doesn't prevent the user from starting Internet Explorer by using o -ADMX Info: +ADMX Info: - GP Friendly name: *Hide Internet Explorer icon on desktop* - GP name: *NoInternetIcon* - GP path: *Desktop* @@ -554,7 +554,7 @@ ADMX Info:
            -**ADMX_Desktop/NoMyComputerIcon** +**ADMX_Desktop/NoMyComputerIcon** @@ -595,7 +595,7 @@ If you don't configure this setting, the default is to display Computer as usual -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Computer icon on the desktop* - GP name: *NoMyComputerIcon* - GP path: *Desktop* @@ -606,7 +606,7 @@ ADMX Info:
            -**ADMX_Desktop/NoMyDocumentsIcon** +**ADMX_Desktop/NoMyDocumentsIcon** @@ -646,7 +646,7 @@ This setting doesn't remove the My Documents icon from the Start menu. To do so, -ADMX Info: +ADMX Info: - GP Friendly name: *Remove My Documents icon on the desktop* - GP name: *NoMyDocumentsIcon* - GP path: *Desktop* @@ -657,7 +657,7 @@ ADMX Info:
            -**ADMX_Desktop/NoNetHood** +**ADMX_Desktop/NoNetHood** @@ -694,7 +694,7 @@ This setting only affects the desktop icon. It doesn't prevent users from connec -ADMX Info: +ADMX Info: - GP Friendly name: *Hide Network Locations icon on desktop* - GP name: *NoNetHood* - GP path: *Desktop* @@ -705,7 +705,7 @@ ADMX Info:
            -**ADMX_Desktop/NoPropertiesMyComputer** +**ADMX_Desktop/NoPropertiesMyComputer** @@ -741,7 +741,7 @@ If you disable or don't configure this setting, the Properties option is display -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Properties from the Computer icon context menu* - GP name: *NoPropertiesMyComputer* - GP path: *Desktop* @@ -752,7 +752,7 @@ ADMX Info:
            -**ADMX_Desktop/NoPropertiesMyDocuments** +**ADMX_Desktop/NoPropertiesMyDocuments** @@ -791,7 +791,7 @@ If you disable or don't configure this policy setting, the Properties menu comma -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Properties from the Documents icon context menu* - GP name: *NoPropertiesMyDocuments* - GP path: *Desktop* @@ -802,7 +802,7 @@ ADMX Info:
            -**ADMX_Desktop/NoRecentDocsNetHood** +**ADMX_Desktop/NoRecentDocsNetHood** @@ -838,7 +838,7 @@ If you enable this setting, shared folders aren't added to Network Locations aut -ADMX Info: +ADMX Info: - GP Friendly name: *Do not add shares of recently opened documents to Network Locations* - GP name: *NoRecentDocsNetHood* - GP path: *Desktop* @@ -849,7 +849,7 @@ ADMX Info:
            -**ADMX_Desktop/NoRecycleBinIcon** +**ADMX_Desktop/NoRecycleBinIcon** @@ -887,7 +887,7 @@ This setting doesn't prevent the user from using other methods to gain access to -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Recycle Bin icon from desktop* - GP name: *NoRecycleBinIcon* - GP path: *Desktop* @@ -898,7 +898,7 @@ ADMX Info:
            -**ADMX_Desktop/NoRecycleBinProperties** +**ADMX_Desktop/NoRecycleBinProperties** @@ -934,7 +934,7 @@ If you disable or don't configure this setting, the Properties option is display -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Properties from the Recycle Bin context menu* - GP name: *NoRecycleBinProperties* - GP path: *Desktop* @@ -945,7 +945,7 @@ ADMX Info:
            -**ADMX_Desktop/NoSaveSettings** +**ADMX_Desktop/NoSaveSettings** @@ -979,7 +979,7 @@ If you enable this setting, users can change the desktop, but some changes, such -ADMX Info: +ADMX Info: - GP Friendly name: *Don't save settings at exit* - GP name: *NoSaveSettings* - GP path: *Desktop* @@ -990,7 +990,7 @@ ADMX Info:
            -**ADMX_Desktop/NoWindowMinimizingShortcuts** +**ADMX_Desktop/NoWindowMinimizingShortcuts** @@ -1025,7 +1025,7 @@ If you disable or don't configure this policy, this window minimizing and restor -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Aero Shake window minimizing mouse gesture* - GP name: *NoWindowMinimizingShortcuts* - GP path: *Desktop* @@ -1036,7 +1036,7 @@ ADMX Info:
            -**ADMX_Desktop/Wallpaper** +**ADMX_Desktop/Wallpaper** @@ -1078,7 +1078,7 @@ Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Pr -ADMX Info: +ADMX Info: - GP Friendly name: *Desktop Wallpaper* - GP name: *Wallpaper* - GP path: *Desktop\Desktop* @@ -1089,7 +1089,7 @@ ADMX Info:
            -**ADMX_Desktop/sz_ATC_DisableAdd** +**ADMX_Desktop/sz_ATC_DisableAdd** @@ -1124,7 +1124,7 @@ Also, see the "Disable all items" setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit adding items* - GP name: *sz_ATC_DisableAdd* - GP path: *Desktop\Desktop* @@ -1135,7 +1135,7 @@ ADMX Info:
            -**ADMX_Desktop/sz_ATC_DisableClose** +**ADMX_Desktop/sz_ATC_DisableClose** @@ -1174,7 +1174,7 @@ If you enable this setting, items added to the desktop can't be closed; they alw -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit closing items* - GP name: *sz_ATC_DisableClose* - GP path: *Desktop\Desktop* @@ -1185,7 +1185,7 @@ ADMX Info:
            -**ADMX_Desktop/sz_ATC_DisableDel** +**ADMX_Desktop/sz_ATC_DisableDel** @@ -1223,7 +1223,7 @@ Also, see the "Prohibit closing items" and "Disable all items" settings. -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit deleting items* - GP name: *sz_ATC_DisableDel* - GP path: *Desktop\Desktop* @@ -1234,7 +1234,7 @@ ADMX Info:
            -**ADMX_Desktop/sz_ATC_DisableEdit** +**ADMX_Desktop/sz_ATC_DisableEdit** @@ -1268,7 +1268,7 @@ This setting disables the Properties button on the Web tab in Display in Control -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit editing items* - GP name: *sz_ATC_DisableEdit* - GP path: *Desktop\Desktop* @@ -1279,7 +1279,7 @@ ADMX Info:
            -**ADMX_Desktop/sz_ATC_NoComponents** +**ADMX_Desktop/sz_ATC_NoComponents** @@ -1305,7 +1305,7 @@ ADMX Info: -Removes Active Desktop content and prevents users from adding Active Desktop content. +Removes Active Desktop content and prevents users from adding Active Desktop content. This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users can't add Web pages or pictures from the Internet or an intranet to the desktop. @@ -1316,7 +1316,7 @@ This setting removes all Active Desktop items from the desktop. It also removes -ADMX Info: +ADMX Info: - GP Friendly name: *Disable all items* - GP name: *sz_ATC_NoComponents* - GP path: *Desktop\Desktop* @@ -1327,7 +1327,7 @@ ADMX Info:
            -**ADMX_Desktop/sz_AdminComponents_Title** +**ADMX_Desktop/sz_AdminComponents_Title** @@ -1369,7 +1369,7 @@ You can also use this setting to delete particular Web-based items from users' d -ADMX Info: +ADMX Info: - GP Friendly name: *Add/Delete items* - GP name: *sz_AdminComponents_Title* - GP path: *Desktop\Desktop* @@ -1380,7 +1380,7 @@ ADMX Info:
            -**ADMX_Desktop/sz_DB_DragDropClose** +**ADMX_Desktop/sz_DB_DragDropClose** @@ -1422,7 +1422,7 @@ Also, see the "Prohibit adjusting desktop toolbars" setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent adding, dragging, dropping and closing the Taskbar's toolbars* - GP name: *sz_DB_DragDropClose* - GP path: *Desktop* @@ -1433,7 +1433,7 @@ ADMX Info:
            -**ADMX_Desktop/sz_DB_Moving** +**ADMX_Desktop/sz_DB_Moving** @@ -1472,7 +1472,7 @@ Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's tool -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit adjusting desktop toolbars* - GP name: *sz_DB_Moving* - GP path: *Desktop* @@ -1483,7 +1483,7 @@ ADMX Info:
            -**ADMX_Desktop/sz_DWP_NoHTMLPaper** +**ADMX_Desktop/sz_DWP_NoHTMLPaper** @@ -1517,7 +1517,7 @@ Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User -ADMX Info: +ADMX Info: - GP Friendly name: *Allow only bitmapped wallpaper* - GP name: *sz_DWP_NoHTMLPaper* - GP path: *Desktop\Desktop* diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md index b2ca71c22d..d8991a7af5 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md +++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/09/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_DeviceCompat > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_DeviceCompat policies +## ADMX_DeviceCompat policies
            @@ -38,7 +38,7 @@ manager: aaroncz
            -**ADMX_DeviceCompat/DeviceFlags** +**ADMX_DeviceCompat/DeviceFlags** @@ -69,7 +69,7 @@ Changes behavior of Microsoft bus drivers to work with specific devices. -ADMX Info: +ADMX Info: - GP Friendly name: *Device compatibility settings* - GP name: *DeviceFlags* - GP path: *Windows Components\Device and Driver Compatibility* @@ -80,7 +80,7 @@ ADMX Info:
            -**ADMX_DeviceCompat/DriverShims** +**ADMX_DeviceCompat/DriverShims** @@ -111,7 +111,7 @@ Changes behavior of third-party drivers to work around incompatibilities introdu -ADMX Info: +ADMX Info: - GP Friendly name: *Driver compatibility settings* - GP name: *DriverShims* - GP path: *Windows Components\Device and Driver Compatibility* diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md index d39a25209b..423d86f64c 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/08/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,16 +18,16 @@ manager: aaroncz > Group Policy-based deployment of Windows Defender Application Control policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for [policy deployment](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_DeviceGuard policies +## ADMX_DeviceGuard policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_DeviceGuard/ConfigCIPolicy** +**ADMX_DeviceGuard/ConfigCIPolicy** @@ -65,24 +65,24 @@ manager: aaroncz -This policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed to run on that machine. +This policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed to run on that machine. -If you deploy a Code Integrity Policy, Windows will restrict what can run in both kernel mode and on the Windows Desktop based on the policy. +If you deploy a Code Integrity Policy, Windows will restrict what can run in both kernel mode and on the Windows Desktop based on the policy. -To enable this policy, the machine must be rebooted. +To enable this policy, the machine must be rebooted. The file path must be either a UNC path (for example, `\\ServerName\ShareName\SIPolicy.p7b`), -or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`. +or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`. -The local machine account (LOCAL SYSTEM) must have access permission to the policy file. -If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either: +The local machine account (LOCAL SYSTEM) must have access permission to the policy file. +If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either: -- First update the policy to a non-protected policy and then disable the setting. (or) +- First update the policy to a non-protected policy and then disable the setting. (or) - Disable the setting and then remove the policy from each computer, with a physically present user. -ADMX Info: +ADMX Info: - GP Friendly name: *Deploy Windows Defender Application Control* - GP name: *ConfigCIPolicy* - GP path: *Windows Components/DeviceGuard!DeployConfigCIPolicy* diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md index 1da8e03482..b52f76b792 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/19/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_DeviceInstallation > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_DeviceInstallation policies +## ADMX_DeviceInstallation policies
            @@ -57,7 +57,7 @@ manager: aaroncz
            -**ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall** +**ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall** @@ -93,7 +93,7 @@ If you disable or don't configure this policy setting, members of the Administra -ADMX Info: +ADMX Info: - GP Friendly name: *Allow administrators to override Device Installation Restriction policies* - GP name: *DeviceInstall_AllowAdminInstall* - GP path: *System\Device Installation\Device Installation Restrictions* @@ -104,7 +104,7 @@ ADMX Info:
            -**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText** +**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText** @@ -140,7 +140,7 @@ If you disable or don't configure this policy setting, Windows displays a defaul -ADMX Info: +ADMX Info: - GP Friendly name: *Display a custom message when installation is prevented by a policy setting* - GP name: *DeviceInstall_DeniedPolicy_DetailText* - GP path: *System\Device Installation\Device Installation Restrictions* @@ -151,7 +151,7 @@ ADMX Info:
            -**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText** +**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText** @@ -187,7 +187,7 @@ If you disable or don't configure this policy setting, Windows displays a defaul -ADMX Info: +ADMX Info: - GP Friendly name: *Display a custom message title when device installation is prevented by a policy setting* - GP name: *DeviceInstall_DeniedPolicy_SimpleText* - GP path: *System\Device Installation\Device Installation Restrictions* @@ -198,7 +198,7 @@ ADMX Info:
            -**ADMX_DeviceInstallation/DeviceInstall_InstallTimeout** +**ADMX_DeviceInstallation/DeviceInstall_InstallTimeout** @@ -224,7 +224,7 @@ ADMX Info: -This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. +This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. If you enable this policy setting, Windows waits for the number of seconds you specify before terminating the installation. @@ -234,7 +234,7 @@ If you disable or don't configure this policy setting, Windows waits 240 seconds -ADMX Info: +ADMX Info: - GP Friendly name: *Configure device installation time-out* - GP name: *DeviceInstall_InstallTimeout* - GP path: *System\Device Installation* @@ -245,7 +245,7 @@ ADMX Info:
            -**ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime** +**ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime** @@ -284,7 +284,7 @@ If you disable or don't configure this policy setting, the system doesn't force -ADMX Info: +ADMX Info: - GP Friendly name: *Time (in seconds) to force reboot when required for policy changes to take effect* - GP name: *DeviceInstall_Policy_RebootTime* - GP path: *System\Device Installation\Device Installation Restrictions* @@ -295,7 +295,7 @@ ADMX Info:
            -**ADMX_DeviceInstallation/DeviceInstall_Removable_Deny** +**ADMX_DeviceInstallation/DeviceInstall_Removable_Deny** @@ -330,7 +330,7 @@ If you disable or don't configure this policy setting, Windows can install and u -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent installation of removable devices* - GP name: *DeviceInstall_Removable_Deny* - GP path: *System\Device Installation\Device Installation Restrictions* @@ -341,7 +341,7 @@ ADMX Info:
            -**ADMX_DeviceInstallation/DeviceInstall_SystemRestore** +**ADMX_DeviceInstallation/DeviceInstall_SystemRestore** @@ -367,7 +367,7 @@ ADMX Info: -This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity. +This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity. If you enable this policy setting, Windows doesn't create a system restore point when one would normally be created. @@ -377,7 +377,7 @@ If you disable or don't configure this policy setting, Windows creates a system -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point* - GP name: *DeviceInstall_SystemRestore* - GP path: *System\Device Installation* @@ -388,7 +388,7 @@ ADMX Info:
            -**ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser** +**ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser** @@ -425,7 +425,7 @@ If you disable or don't configure this policy setting, only members of the Admin -ADMX Info: +ADMX Info: - GP Friendly name: *Allow non-administrators to install drivers for these device setup classes* - GP name: *DriverInstall_Classes_AllowUser* - GP path: *System\Device Installation* diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md index d4559a5746..f29a552897 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md +++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/19/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_DeviceSetup > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_DeviceSetup policies +## ADMX_DeviceSetup policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_DeviceSetup/DeviceInstall_BalloonTips** +**ADMX_DeviceSetup/DeviceInstall_BalloonTips** @@ -75,7 +75,7 @@ If you disable or don't configure this policy setting, "Found New Hardware" ball -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off "Found New Hardware" balloons during device installation* - GP name: *DeviceInstall_BalloonTips* - GP path: *System\Device Installation* @@ -86,7 +86,7 @@ ADMX Info:
            -**ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration** +**ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration** @@ -117,7 +117,7 @@ This policy setting allows you to specify the order in which Windows searches so If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all. >[!Note] -> Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates. +> Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching is enabled and only when needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system. @@ -126,7 +126,7 @@ If you disable or don't configure this policy setting, members of the Administra -ADMX Info: +ADMX Info: - GP Friendly name: *Specify search order for device driver source locations* - GP name: *DriverSearchPlaces_SearchOrderConfiguration* - GP path: *System\Device Installation* diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md index 3a36dd326e..7a5e7d8921 100644 --- a/windows/client-management/mdm/policy-csp-admx-dfs.md +++ b/windows/client-management/mdm/policy-csp-admx-dfs.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/08/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_DFS > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_DFS policies +## ADMX_DFS policies
            @@ -35,7 +35,7 @@ manager: aaroncz
            -**ADMX_DFS/DFSDiscoverDC** +**ADMX_DFS/DFSDiscoverDC** @@ -61,12 +61,12 @@ manager: aaroncz -This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. -By default, a DFS client attempts to discover domain controllers every 15 minutes. +This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. +By default, a DFS client attempts to discover domain controllers every 15 minutes. -If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes. +If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes. -If you disable or don't configure this policy setting, the default value of 15 minutes applies. +If you disable or don't configure this policy setting, the default value of 15 minutes applies. > [!NOTE] > The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied. @@ -74,7 +74,7 @@ If you disable or don't configure this policy setting, the default value of 15 m -ADMX Info: +ADMX Info: - GP Friendly name: *Configure how often a DFS client discovers domain controllers* - GP name: *DFSDiscoverDC* - GP path: *Windows Components\ActiveX Installer Service* diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index 4cb25e95d8..d8489566b1 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/31/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_DigitalLocker > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_DigitalLocker policies +## ADMX_DigitalLocker policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1** +**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1** @@ -76,7 +76,7 @@ If you disable or don't configure this setting, Digital Locker can be run. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow Digital Locker to run* - GP name: *Digitalx_DiableApplication_TitleText_1* - GP path: *Windows Components/Digital Locker* @@ -87,7 +87,7 @@ ADMX Info:
            -**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2** +**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2** @@ -125,7 +125,7 @@ If you disable or don't configure this setting, Digital Locker can be run. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow Digital Locker to run* - GP name: *Digitalx_DiableApplication_TitleText_2* - GP path: *Windows Components/Digital Locker* diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md index 9262266a8d..f2f068f538 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/08/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_DiskDiagnostic > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_DiskDiagnostic policies +## ADMX_DiskDiagnostic policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_DiskDiagnostic/DfdAlertPolicy** +**ADMX_DiskDiagnostic/DfdAlertPolicy** @@ -69,11 +69,11 @@ This policy setting substitutes custom alert text in the disk diagnostic message If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters. -If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message. +If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message. -No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately. +No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately. -This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. +This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. > [!NOTE] @@ -82,7 +82,7 @@ The DPS can be configured with the Services snap-in to the Microsoft Management -ADMX Info: +ADMX Info: - GP Friendly name: *Configure custom alert text* - GP name: *DfdAlertPolicy* - GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic* @@ -94,7 +94,7 @@ ADMX Info:
            -**ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy** +**ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy** @@ -120,27 +120,27 @@ ADMX Info: -This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics. +This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics. Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur. - -If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss. -If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken. +If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss. -If you don't configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. +If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken. + +If you don't configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately. -This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. > [!NOTE] > For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed. - + -ADMX Info: +ADMX Info: - GP Friendly name: *Configure execution level* - GP name: *WdiScenarioExecutionPolicy* - GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic* diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md index 92b5a4725e..d74c45064e 100644 --- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md +++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/12/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,12 +18,12 @@ manager: aaroncz
            -## ADMX_DiskNVCache policies +## ADMX_DiskNVCache policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -36,14 +36,14 @@ manager: aaroncz
            ADMX_DiskNVCache/SolidStatePolicy -
            +
            -**ADMX_DiskNVCache/BootResumePolicy** +**ADMX_DiskNVCache/BootResumePolicy** |Edition|Windows 10|Windows 11| @@ -68,20 +68,20 @@ manager: aaroncz -This policy setting turns off the boot and resumes optimizations for the hybrid hard disks in the system. +This policy setting turns off the boot and resumes optimizations for the hybrid hard disks in the system. -If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume. +If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume. -The system determines the data that will be stored in the NV cache to optimize boot and resume. +The system determines the data that will be stored in the NV cache to optimize boot and resume. -The required data is stored in the NV cache during shutdown and hibernate, respectively. This storage in such a location might cause a slight increase in the time taken for shutdown and hibernate. If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations. +The required data is stored in the NV cache during shutdown and hibernate, respectively. This storage in such a location might cause a slight increase in the time taken for shutdown and hibernate. If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations. This policy setting is applicable only if the NV cache feature is on. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off boot and resume optimizations* - GP name: *BootResumePolicy* - GP path: *System\Disk NV Cache* @@ -91,7 +91,7 @@ ADMX Info:
            -**ADMX_DiskNVCache/FeatureOffPolicy** +**ADMX_DiskNVCache/FeatureOffPolicy** |Edition|Windows 10|Windows 11| @@ -116,20 +116,20 @@ ADMX Info: -This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. +This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. -To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache. +To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache. -If you enable this policy setting, the system won't manage the NV cache and won't enable NV cache power saving mode. +If you enable this policy setting, the system won't manage the NV cache and won't enable NV cache power saving mode. -If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured. +If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured. This policy setting will take effect on next boot. If you don't configure this policy setting, the default behavior is to turn on support for the NV cache. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off non-volatile cache feature* - GP name: *FeatureOffPolicy* - GP path: *System\Disk NV Cache* @@ -141,7 +141,7 @@ ADMX Info:
            -**ADMX_DiskNVCache/SolidStatePolicy** +**ADMX_DiskNVCache/SolidStatePolicy** |Edition|Windows 10|Windows 11| @@ -166,13 +166,13 @@ ADMX Info: -This policy setting turns off the solid state mode for the hybrid hard disks. +This policy setting turns off the solid state mode for the hybrid hard disks. -If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache. +If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache. If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This storage allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power. -This can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache. +This can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache. >[!Note] > This policy setting is applicable only if the NV cache feature is on. @@ -181,7 +181,7 @@ This can cause increased wear of the NV cache. If you don't configure this poli -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off solid state mode* - GP name: *SolidStatePolicy* - GP path: *System\Disk NV Cache* diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md index bc75db6e4a..eca5056fc8 100644 --- a/windows/client-management/mdm/policy-csp-admx-diskquota.md +++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/12/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,14 +18,14 @@ manager: aaroncz
            > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -## ADMX_DiskQuota policies +## ADMX_DiskQuota policies
            @@ -53,7 +53,7 @@ manager: aaroncz
            -**ADMX_DiskQuota/DQ_RemovableMedia** +**ADMX_DiskQuota/DQ_RemovableMedia** |Edition|Windows 10|Windows 11| @@ -78,16 +78,16 @@ manager: aaroncz -This policy setting extends the disk quota policies in this folder to NTFS file system volumes on the removable media. +This policy setting extends the disk quota policies in this folder to NTFS file system volumes on the removable media. -If you disable or don't configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. +If you disable or don't configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media. -ADMX Info: +ADMX Info: - GP Friendly name: *Apply policy to removable media* - GP name: *DQ_RemovableMedia* - GP path: *System\Disk Quotas* @@ -99,7 +99,7 @@ ADMX Info:
            -**ADMX_DiskQuota/DQ_Enable** +**ADMX_DiskQuota/DQ_Enable** |Edition|Windows 10|Windows 11| @@ -124,24 +124,24 @@ ADMX Info: -This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting. +This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting. If you enable this policy setting, disk quota management is turned on, and users can't turn it off. -If you disable the policy setting, disk quota management is turned off, and users can't turn it on. When this policy setting isn't configured then the disk quota management is turned off by default, and the administrators can turn it on. +If you disable the policy setting, disk quota management is turned off, and users can't turn it on. When this policy setting isn't configured then the disk quota management is turned off by default, and the administrators can turn it on. To prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes. -This policy setting turns on disk quota management but doesn't establish or enforce a particular disk quota limit. +This policy setting turns on disk quota management but doesn't establish or enforce a particular disk quota limit. -To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit. +To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit. To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click "Enable quota management." -ADMX Info: +ADMX Info: - GP Friendly name: *Enable disk quotas* - GP name: *DQ_Enable* - GP path: *System\Disk Quotas* @@ -154,7 +154,7 @@ ADMX Info: -**ADMX_DiskQuota/DQ_Enforce** +**ADMX_DiskQuota/DQ_Enforce** |Edition|Windows 10|Windows 11| @@ -179,22 +179,22 @@ ADMX Info: -This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting. +This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting. -If you enable this policy setting, disk quota limits are enforced. +If you enable this policy setting, disk quota limits are enforced. -If you disable this policy setting, disk quota limits aren't enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceed quota limit" option on the Quota tab. Therefore, the administrators can't make changes while the setting is in effect. +If you disable this policy setting, disk quota limits aren't enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceed quota limit" option on the Quota tab. Therefore, the administrators can't make changes while the setting is in effect. -If you don't configure this policy setting, the disk quota limit isn't enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes. However, the users can continue to write to the volume as long as physical space is available. +If you don't configure this policy setting, the disk quota limit isn't enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes. However, the users can continue to write to the volume as long as physical space is available. -This policy setting overrides user settings that enable or disable quota enforcement on their volumes. +This policy setting overrides user settings that enable or disable quota enforcement on their volumes. To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit. -ADMX Info: +ADMX Info: - GP Friendly name: *Enforce disk quota limit* - GP name: *DQ_Enforce* - GP path: *System\Disk Quotas* @@ -207,7 +207,7 @@ ADMX Info: -**ADMX_DiskQuota/DQ_LogEventOverLimit** +**ADMX_DiskQuota/DQ_LogEventOverLimit** |Edition|Windows 10|Windows 11| @@ -232,13 +232,13 @@ ADMX Info: -This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting. +This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting. -If you enable this policy setting, the system records an event when the user reaches their limit. +If you enable this policy setting, the system records an event when the user reaches their limit. -If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators can't change the setting while a setting is in effect. If you don't configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting. +If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators can't change the setting while a setting is in effect. If you don't configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting. -This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their limit, because their status in the Quota Entries window changes. +This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their limit, because their status in the Quota Entries window changes. To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab. @@ -246,7 +246,7 @@ To find the logging option, in My Computer, right-click the name of an NTFS file -ADMX Info: +ADMX Info: - GP Friendly name: *Log event when quota limit is exceeded* - GP name: *DQ_LogEventOverLimit* - GP path: *System\Disk Quotas* @@ -258,7 +258,7 @@ ADMX Info: -**ADMX_DiskQuota/DQ_LogEventOverThreshold** +**ADMX_DiskQuota/DQ_LogEventOverThreshold** |Edition|Windows 10|Windows 11| @@ -283,20 +283,20 @@ ADMX Info: -This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume. +This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume. If you enable this policy setting, the system records an event. -If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators can't change logging while a policy setting is in effect. +If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators can't change logging while a policy setting is in effect. -If you don't configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their warning level because their status in the Quota Entries window changes. +If you don't configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their warning level because their status in the Quota Entries window changes. To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab. -ADMX Info: +ADMX Info: - GP Friendly name: *Log event when quota warning level is exceeded* - GP name: *DQ_LogEventOverThreshold* - GP path: *System\Disk Quotas* @@ -309,7 +309,7 @@ ADMX Info: -**ADMX_DiskQuota/DQ_Limit** +**ADMX_DiskQuota/DQ_Limit** |Edition|Windows 10|Windows 11| @@ -334,20 +334,20 @@ ADMX Info: -This policy setting specifies the default disk quota limit and warning level for new users of the volume. -This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit. +This policy setting specifies the default disk quota limit and warning level for new users of the volume. +This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit. -This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab. -This policy setting applies to all new users as soon as they write to the volume. It doesn't affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties). +This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab. +This policy setting applies to all new users as soon as they write to the volume. It doesn't affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties). -If you disable or don't configure this policy setting, the disk space available to users isn't limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it's reasonable for the range of volumes in the group. +If you disable or don't configure this policy setting, the disk space available to users isn't limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it's reasonable for the range of volumes in the group. This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas aren't enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify default quota limit and warning level* - GP name: *DQ_Limit* - GP path: *System\Disk Quotas* diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md index 7efbc6544a..d4544fc733 100644 --- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md +++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 03/22/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_DistributedLinkTracking > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_DistributedLinkTracking policies +## ADMX_DistributedLinkTracking policies
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**ADMX_DistributedLinkTracking/DLT_AllowDomainMode** +**ADMX_DistributedLinkTracking/DLT_AllowDomainMode** @@ -62,11 +62,11 @@ manager: aaroncz -This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers. +This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers. The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer. -The DLT client can more reliably track links when allowed to use the DLT server. +The DLT client can more reliably track links when allowed to use the DLT server. This policy shouldn't be set unless the DLT server is running on all domain controllers in the domain. > [!NOTE] @@ -75,7 +75,7 @@ This policy shouldn't be set unless the DLT server is running on all domain cont -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Distributed Link Tracking clients to use domain resources* - GP name: *DLT_AllowDomainMode* - GP path: *Windows\System!DLT_AllowDomainMode* diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index 8af9f82bc0..4472593a26 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/12/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_DnsClient > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_DnsClient policies +## ADMX_DnsClient policies
            @@ -99,7 +99,7 @@ manager: aaroncz
            -**ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries** +**ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries** |Edition|Windows 10|Windows 11| @@ -134,7 +134,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *Allow NetBT queries for fully qualified domain names* - GP name: *DNS_AllowFQDNNetBiosQueries* - GP path: *Network/DNS Client* @@ -145,7 +145,7 @@ ADMX Info:
            -**ADMX_DnsClient/DNS_AppendToMultiLabelName** +**ADMX_DnsClient/DNS_AppendToMultiLabelName** |Edition|Windows 10|Windows 11| @@ -187,7 +187,7 @@ If you don't configure this policy setting, computers will use their local DNS c -ADMX Info: +ADMX Info: - GP Friendly name: *Allow DNS suffix appending to unqualified multi-label name queries* - GP name: *DNS_AppendToMultiLabelName* - GP path: *Network/DNS Client* @@ -199,7 +199,7 @@ ADMX Info:
            -**ADMX_DnsClient/DNS_Domain** +**ADMX_DnsClient/DNS_Domain** |Edition|Windows 10|Windows 11| @@ -226,7 +226,7 @@ ADMX Info: This policy setting specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those configured using DHCP. To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix. -If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting. +If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting. If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured. @@ -234,7 +234,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *Connection-specific DNS suffix* - GP name: *DNS_Domain* - GP path: *Network/DNS Client* @@ -246,7 +246,7 @@ ADMX Info:
            -**ADMX_DnsClient/DNS_DomainNameDevolutionLevel** +**ADMX_DnsClient/DNS_DomainNameDevolutionLevel** |Edition|Windows 10|Windows 11| @@ -279,7 +279,7 @@ The DNS client appends DNS suffixes to the single-label, unqualified domain name Devolution isn't enabled if a global suffix search list is configured using Group Policy. -If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries: +If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries: - The primary DNS suffix, as specified on the Computer Name tab of the System control panel. - Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection. @@ -298,7 +298,7 @@ If you disable this policy setting or don't configure it, DNS clients use the de -ADMX Info: +ADMX Info: - GP Friendly name: *Primary DNS suffix devolution level* - GP name: *DNS_DomainNameDevolutionLevel* - GP path: *Network/DNS Client* @@ -346,7 +346,7 @@ If this policy setting is disabled, or if this policy setting isn't configured, -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off IDN encoding* - GP name: *DNS_IdnEncoding* - GP path: *Network/DNS Client* @@ -393,7 +393,7 @@ If this policy setting is disabled, or if this policy setting isn't configured, -ADMX Info: +ADMX Info: - GP Friendly name: *IDN mapping* - GP name: *DNS_IdnMapping* - GP path: *Network/DNS Client* @@ -434,7 +434,7 @@ This policy setting defines the DNS servers to which a computer sends queries wh To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address. -If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting. +If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting. If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured. @@ -442,7 +442,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *DNS servers* - GP name: *DNS_NameServer* - GP path: *Network/DNS Client* @@ -491,7 +491,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *Prefer link local responses over DNS when received over a network with higher precedence* - GP name: *DNS_PreferLocalResponsesOverLowerOrderDns* - GP path: *Network/DNS Client* @@ -545,7 +545,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *Primary DNS suffix* - GP name: *DNS_PrimaryDnsSuffix* - GP path: *Network/DNS Client* @@ -598,7 +598,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *Register DNS records with connection-specific DNS suffix* - GP name: *DNS_RegisterAdapterName* - GP path: *Network/DNS Client* @@ -652,7 +652,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *Register PTR records* - GP name: *DNS_RegisterReverseLookup* - GP path: *Network/DNS Client* @@ -699,7 +699,7 @@ If you disable this policy setting, computers may not use dynamic DNS registrati -ADMX Info: +ADMX Info: - GP Friendly name: *Dynamic update* - GP name: *DNS_RegistrationEnabled* - GP path: *Network/DNS Client* @@ -750,7 +750,7 @@ If you disable this policy setting, existing (A) resource records that contain c -ADMX Info: +ADMX Info: - GP Friendly name: *Replace addresses in conflicts* - GP name: *DNS_RegistrationOverwritesInConflict* - GP path: *Network/DNS Client* @@ -804,7 +804,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *Registration refresh interval* - GP name: *DNS_RegistrationRefreshInterval* - GP path: *Network/DNS Client* @@ -853,7 +853,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *TTL value for A and PTR records* - GP name: *DNS_RegistrationTtl* - GP path: *Network/DNS Client* @@ -906,7 +906,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *DNS suffix search list* - GP name: *DNS_SearchList* - GP path: *Network/DNS Client* @@ -954,7 +954,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off smart multi-homed name resolution* - GP name: *DNS_SmartMultiHomedNameResolution* - GP path: *Network/DNS Client* @@ -993,9 +993,9 @@ ADMX Info: This policy setting specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT). -If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks. +If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks. -If you disable this policy setting, or if you don't configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks. +If you disable this policy setting, or if you don't configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks. > [!NOTE] > This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured. @@ -1003,7 +1003,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off smart protocol reordering* - GP name: *DNS_SmartProtocolReorder* - GP path: *Network/DNS Client* @@ -1056,7 +1056,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *Update security level* - GP name: *DNS_UpdateSecurityLevel* - GP path: *Network/DNS Client* @@ -1105,7 +1105,7 @@ If you disable this policy setting, or if you don't configure this policy settin -ADMX Info: +ADMX Info: - GP Friendly name: *Update top level domain zones* - GP name: *DNS_UpdateTopLevelDomainZones* - GP path: *Network/DNS Client* @@ -1170,7 +1170,7 @@ If you disable this policy setting, DNS clients don't attempt to resolve names t -ADMX Info: +ADMX Info: - GP Friendly name: *Primary DNS suffix devolution* - GP name: *DNS_UseDomainNameDevolution* - GP path: *Network/DNS Client* @@ -1219,7 +1219,7 @@ If you disable this policy setting, or you don't configure this policy setting, -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off multicast name resolution* - GP name: *Turn_Off_Multicast* - GP path: *Network/DNS Client* diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index 920a8c9d98..8c02ae060e 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/31/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_DWM > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_DWM policies +## ADMX_DWM policies
            @@ -51,7 +51,7 @@ manager: aaroncz
            -**ADMX_DWM/DwmDefaultColorizationColor_1** +**ADMX_DWM/DwmDefaultColorizationColor_1** @@ -77,11 +77,11 @@ manager: aaroncz -This policy setting controls the default color for window frames when the user doesn't specify a color. +This policy setting controls the default color for window frames when the user doesn't specify a color. -If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color. +If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color. -If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color. +If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color. > [!NOTE] > This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users. @@ -89,7 +89,7 @@ If you disable or don't configure this policy setting, the default internal colo -ADMX Info: +ADMX Info: - GP Friendly name: *Specify a default color* - GP name: *DwmDefaultColorizationColor_1* - GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* @@ -101,7 +101,7 @@ ADMX Info:
            -**ADMX_DWM/DwmDefaultColorizationColor_2** +**ADMX_DWM/DwmDefaultColorizationColor_2** @@ -127,11 +127,11 @@ ADMX Info: -This policy setting controls the default color for window frames when the user doesn't specify a color. +This policy setting controls the default color for window frames when the user doesn't specify a color. -If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color. +If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color. -If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color. +If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color. > [!NOTE] > This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users. @@ -140,7 +140,7 @@ If you disable or don't configure this policy setting, the default internal colo -ADMX Info: +ADMX Info: - GP Friendly name: *Specify a default color* - GP name: *DwmDefaultColorizationColor_2* - GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* @@ -151,7 +151,7 @@ ADMX Info:
            -**ADMX_DWM/DwmDisallowAnimations_1** +**ADMX_DWM/DwmDisallowAnimations_1** @@ -177,11 +177,11 @@ ADMX Info: -This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. +This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. -If you enable this policy setting, window animations are turned off. +If you enable this policy setting, window animations are turned off. -If you disable or don't configure this policy setting, window animations are turned on. +If you disable or don't configure this policy setting, window animations are turned on. Changing this policy setting requires a sign out for it to be applied. @@ -189,7 +189,7 @@ Changing this policy setting requires a sign out for it to be applied. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow window animations* - GP name: *DwmDisallowAnimations_1* - GP path: *Windows Components/Desktop Window Manager* @@ -200,7 +200,7 @@ ADMX Info:
            -**ADMX_DWM/DwmDisallowAnimations_2** +**ADMX_DWM/DwmDisallowAnimations_2** @@ -226,11 +226,11 @@ ADMX Info: -This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. +This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. -If you enable this policy setting, window animations are turned off. +If you enable this policy setting, window animations are turned off. -If you disable or don't configure this policy setting, window animations are turned on. +If you disable or don't configure this policy setting, window animations are turned on. Changing this policy setting requires out a sign for it to be applied. @@ -238,7 +238,7 @@ Changing this policy setting requires out a sign for it to be applied. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow window animations* - GP name: *DwmDisallowAnimations_2* - GP path: *Windows Components/Desktop Window Manager* @@ -249,7 +249,7 @@ ADMX Info:
            -**ADMX_DWM/DwmDisallowColorizationColorChanges_1** +**ADMX_DWM/DwmDisallowColorizationColorChanges_1** @@ -275,11 +275,11 @@ ADMX Info: -This policy setting controls the ability to change the color of window frames. +This policy setting controls the ability to change the color of window frames. -If you enable this policy setting, you prevent users from changing the default window frame color. +If you enable this policy setting, you prevent users from changing the default window frame color. -If you disable or don't configure this policy setting, you allow users to change the default window frame color. +If you disable or don't configure this policy setting, you allow users to change the default window frame color. > [!NOTE] > This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users. @@ -288,7 +288,7 @@ If you disable or don't configure this policy setting, you allow users to change -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow color changes* - GP name: *DwmDisallowColorizationColorChanges_1* - GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* @@ -299,7 +299,7 @@ ADMX Info:
            -**ADMX_DWM/DwmDisallowColorizationColorChanges_2** +**ADMX_DWM/DwmDisallowColorizationColorChanges_2** @@ -325,19 +325,19 @@ ADMX Info: -This policy setting controls the ability to change the color of window frames. +This policy setting controls the ability to change the color of window frames. -If you enable this policy setting, you prevent users from changing the default window frame color. +If you enable this policy setting, you prevent users from changing the default window frame color. -If you disable or don't configure this policy setting, you allow users to change the default window frame color. +If you disable or don't configure this policy setting, you allow users to change the default window frame color. -> [!NOTE] +> [!NOTE] > This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow color changes* - GP name: *DwmDisallowColorizationColorChanges_2* - GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md index c08bae6677..3a7ebf1a7f 100644 --- a/windows/client-management/mdm/policy-csp-admx-eaime.md +++ b/windows/client-management/mdm/policy-csp-admx-eaime.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/19/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_EAIME > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_EAIME policies +## ADMX_EAIME policies
            @@ -69,7 +69,7 @@ manager: aaroncz
            -**ADMX_EAIME/L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList** +**ADMX_EAIME/L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList** @@ -110,7 +110,7 @@ This policy setting applies to Japanese Microsoft IME only. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not include Non-Publishing Standard Glyph in the candidate list* - GP name: *L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList* - GP path: *Windows Components\IME* @@ -121,7 +121,7 @@ ADMX Info:
            -**ADMX_EAIME/L_RestrictCharacterCodeRangeOfConversion** +**ADMX_EAIME/L_RestrictCharacterCodeRangeOfConversion** @@ -174,7 +174,7 @@ This policy setting applies to Japanese Microsoft IME only. -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict character code range of conversion* - GP name: *L_RestrictCharacterCodeRangeOfConversion* - GP path: *Windows Components\IME* @@ -185,7 +185,7 @@ ADMX Info:
            -**ADMX_EAIME/L_TurnOffCustomDictionary** +**ADMX_EAIME/L_TurnOffCustomDictionary** @@ -228,7 +228,7 @@ This policy setting is applied to Japanese Microsoft IME. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off custom dictionary* - GP name: *L_TurnOffCustomDictionary* - GP path: *Windows Components\IME* @@ -239,7 +239,7 @@ ADMX Info:
            -**ADMX_EAIME/L_TurnOffHistorybasedPredictiveInput** +**ADMX_EAIME/L_TurnOffHistorybasedPredictiveInput** @@ -279,7 +279,7 @@ This policy setting applies to Japanese Microsoft IME only. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off history-based predictive input* - GP name: *L_TurnOffHistorybasedPredictiveInput* - GP path: *Windows Components\IME* @@ -290,7 +290,7 @@ ADMX Info:
            -**ADMX_EAIME/L_TurnOffInternetSearchIntegration** +**ADMX_EAIME/L_TurnOffInternetSearchIntegration** @@ -333,7 +333,7 @@ This policy setting applies to Japanese Microsoft IME. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Internet search integration* - GP name: *L_TurnOffInternetSearchIntegration* - GP path: *Windows Components\IME* @@ -344,7 +344,7 @@ ADMX Info:
            -**ADMX_EAIME/L_TurnOffOpenExtendedDictionary** +**ADMX_EAIME/L_TurnOffOpenExtendedDictionary** @@ -384,7 +384,7 @@ This policy setting is applied to Japanese Microsoft IME. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Open Extended Dictionary* - GP name: *L_TurnOffOpenExtendedDictionary* - GP path: *Windows Components\IME* @@ -395,7 +395,7 @@ ADMX Info:
            -**ADMX_EAIME/L_TurnOffSavingAutoTuningDataToFile** +**ADMX_EAIME/L_TurnOffSavingAutoTuningDataToFile** @@ -433,7 +433,7 @@ This policy setting applies to Japanese Microsoft IME only. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off saving auto-tuning data to file* - GP name: *L_TurnOffSavingAutoTuningDataToFile* - GP path: *Windows Components\IME* @@ -444,7 +444,7 @@ ADMX Info:
            -**ADMX_EAIME/L_TurnOnCloudCandidate** +**ADMX_EAIME/L_TurnOnCloudCandidate** @@ -484,7 +484,7 @@ This Policy setting applies to Microsoft CHS Pinyin IME and JPN IME. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on cloud candidate* - GP name: *L_TurnOnCloudCandidate* - GP path: *Windows Components\IME* @@ -495,7 +495,7 @@ ADMX Info:
            -**ADMX_EAIME/L_TurnOnCloudCandidateCHS** +**ADMX_EAIME/L_TurnOnCloudCandidateCHS** @@ -535,7 +535,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on cloud candidate for CHS* - GP name: *L_TurnOnCloudCandidateCHS* - GP path: *Windows Components\IME* @@ -546,7 +546,7 @@ ADMX Info:
            -**ADMX_EAIME/L_TurnOnLexiconUpdate** +**ADMX_EAIME/L_TurnOnLexiconUpdate** @@ -586,7 +586,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on lexicon update* - GP name: *L_TurnOnLexiconUpdate* - GP path: *Windows Components\IME* @@ -597,7 +597,7 @@ ADMX Info:
            -**ADMX_EAIME/L_TurnOnLiveStickers** +**ADMX_EAIME/L_TurnOnLiveStickers** @@ -637,7 +637,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Live Sticker* - GP name: *L_TurnOnLiveStickers* - GP path: *Windows Components\IME* @@ -648,7 +648,7 @@ ADMX Info:
            -**ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport** +**ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport** @@ -686,7 +686,7 @@ This policy setting applies to Japanese Microsoft IME and Traditional Chinese IM -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on misconversion logging for misconversion report* - GP name: *L_TurnOnMisconversionLoggingForMisconversionReport* - GP path: *Windows Components\IME* diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md index 21c1fdf20f..f3b2d488de 100644 --- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/02/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_EncryptFilesonMove > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_EncryptFilesonMove policies +## ADMX_EncryptFilesonMove policies
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**ADMX_EncryptFilesonMove/NoEncryptOnMove** +**ADMX_EncryptFilesonMove/NoEncryptOnMove** @@ -74,7 +74,7 @@ This setting applies only to files moved within a volume. When files are moved t -ADMX Info: +ADMX Info: - GP Friendly name: *Do not automatically encrypt files moved to encrypted folders* - GP name: *NoEncryptOnMove* - GP path: *System* diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md index 01470abcbe..6fe53816f6 100644 --- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md +++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/23/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_EnhancedStorage > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_EnhancedStorage policies +## ADMX_EnhancedStorage policies
            @@ -51,7 +51,7 @@ manager: aaroncz
            -**ADMX_EnhancedStorage/ApprovedEnStorDevices** +**ADMX_EnhancedStorage/ApprovedEnStorDevices** @@ -86,7 +86,7 @@ If you disable or don't configure this policy setting, all Enhanced Storage devi -ADMX Info: +ADMX Info: - GP Friendly name: *Configure list of Enhanced Storage devices usable on your computer* - GP name: *ApprovedEnStorDevices* - GP path: *System\Enhanced Storage Access* @@ -97,7 +97,7 @@ ADMX Info:
            -**ADMX_EnhancedStorage/ApprovedSilos** +**ADMX_EnhancedStorage/ApprovedSilos** @@ -132,7 +132,7 @@ If you disable or don't configure this policy setting, all IEEE 1667 silos on En -ADMX Info: +ADMX Info: - GP Friendly name: *Configure list of IEEE 1667 silos usable on your computer* - GP name: *ApprovedSilos* - GP path: *System\Enhanced Storage Access* @@ -143,7 +143,7 @@ ADMX Info:
            -**ADMX_EnhancedStorage/DisablePasswordAuthentication** +**ADMX_EnhancedStorage/DisablePasswordAuthentication** @@ -178,7 +178,7 @@ If you disable or don't configure this policy setting, a password can be used to -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow password authentication of Enhanced Storage devices* - GP name: *DisablePasswordAuthentication* - GP path: *System\Enhanced Storage Access* @@ -189,7 +189,7 @@ ADMX Info:
            -**ADMX_EnhancedStorage/DisallowLegacyDiskDevices** +**ADMX_EnhancedStorage/DisallowLegacyDiskDevices** @@ -224,7 +224,7 @@ If you disable or don't configure this policy setting, non-Enhanced Storage remo -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow non-Enhanced Storage removable devices* - GP name: *DisallowLegacyDiskDevices* - GP path: *System\Enhanced Storage Access* @@ -235,7 +235,7 @@ ADMX Info:
            -**ADMX_EnhancedStorage/LockDeviceOnMachineLock** +**ADMX_EnhancedStorage/LockDeviceOnMachineLock** @@ -273,7 +273,7 @@ If you disable or don't configure this policy setting, the Enhanced Storage devi -ADMX Info: +ADMX Info: - GP Friendly name: *Lock Enhanced Storage when the computer is locked* - GP name: *LockDeviceOnMachineLock* - GP path: *System\Enhanced Storage Access* @@ -284,7 +284,7 @@ ADMX Info:
            -**ADMX_EnhancedStorage/RootHubConnectedEnStorDevices** +**ADMX_EnhancedStorage/RootHubConnectedEnStorDevices** @@ -319,7 +319,7 @@ If you disable or don't configure this policy setting, USB Enhanced Storage devi -ADMX Info: +ADMX Info: - GP Friendly name: *Allow only USB root hub connected Enhanced Storage devices* - GP name: *RootHubConnectedEnStorDevices* - GP path: *System\Enhanced Storage Access* diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index 75e7132a34..4179f9e954 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/23/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            -## ADMX_ErrorReporting policies +## ADMX_ErrorReporting policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -120,7 +120,7 @@ manager: aaroncz
            -**ADMX_ErrorReporting/PCH_AllOrNoneDef** +**ADMX_ErrorReporting/PCH_AllOrNoneDef** @@ -161,7 +161,7 @@ For related information, see the Configure Error Reporting and Report Operating -ADMX Info: +ADMX Info: - GP Friendly name: *Default application reporting settings* - GP name: *PCH_AllOrNoneDef* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* @@ -172,7 +172,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/PCH_AllOrNoneEx** +**ADMX_ErrorReporting/PCH_AllOrNoneEx** @@ -209,7 +209,7 @@ If you disable or don't configure this policy setting, the Default application r -ADMX Info: +ADMX Info: - GP Friendly name: *List of applications to never report errors for* - GP name: *PCH_AllOrNoneEx* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* @@ -220,7 +220,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/PCH_AllOrNoneInc** +**ADMX_ErrorReporting/PCH_AllOrNoneInc** @@ -267,7 +267,7 @@ This setting will be ignored if the 'Configure Error Reporting' setting is disab -ADMX Info: +ADMX Info: - GP Friendly name: *List of applications to always report errors for* - GP name: *PCH_AllOrNoneInc* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* @@ -278,7 +278,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/PCH_ConfigureReport** +**ADMX_ErrorReporting/PCH_ConfigureReport** @@ -329,7 +329,7 @@ See related policy settings Display Error Notification (same folder as this poli -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Error Reporting* - GP name: *PCH_ConfigureReport* - GP path: *Windows Components\Windows Error Reporting* @@ -340,7 +340,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults** +**ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults** @@ -379,7 +379,7 @@ See also the Configure Error Reporting policy setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Report operating system errors* - GP name: *PCH_ReportOperatingSystemFaults* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* @@ -390,7 +390,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerArchive_1** +**ADMX_ErrorReporting/WerArchive_1** @@ -425,7 +425,7 @@ If you disable or don't configure this policy setting, no Windows Error Reportin -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Report Archive* - GP name: *WerArchive_1* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* @@ -436,7 +436,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerArchive_2** +**ADMX_ErrorReporting/WerArchive_2** @@ -471,7 +471,7 @@ If you disable or don't configure this policy setting, no Windows Error Reportin -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Report Archive* - GP name: *WerArchive_2* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* @@ -482,7 +482,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerAutoApproveOSDumps_1** +**ADMX_ErrorReporting/WerAutoApproveOSDumps_1** @@ -517,7 +517,7 @@ If you disable this policy setting, then all memory dumps are uploaded according -ADMX Info: +ADMX Info: - GP Friendly name: *Automatically send memory dumps for OS-generated error reports* - GP name: *WerAutoApproveOSDumps_1* - GP path: *Windows Components\Windows Error Reporting* @@ -528,7 +528,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerAutoApproveOSDumps_2** +**ADMX_ErrorReporting/WerAutoApproveOSDumps_2** @@ -561,7 +561,7 @@ If you enable or don't configure this policy setting, any memory dumps generated If you disable this policy setting, then all memory dumps are uploaded according to the default consent and notification settings. -ADMX Info: +ADMX Info: - GP Friendly name: *Automatically send memory dumps for OS-generated error reports* - GP name: *WerAutoApproveOSDumps_2* - GP path: *Windows Components\Windows Error Reporting* @@ -572,7 +572,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerBypassDataThrottling_1** +**ADMX_ErrorReporting/WerBypassDataThrottling_1** @@ -607,7 +607,7 @@ If you disable or don't configure this policy setting, WER throttles data by def -ADMX Info: +ADMX Info: - GP Friendly name: *Do not throttle additional data* - GP name: *WerBypassDataThrottling_1* - GP path: *Windows Components\Windows Error Reporting* @@ -618,7 +618,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerBypassDataThrottling_2** +**ADMX_ErrorReporting/WerBypassDataThrottling_2** @@ -653,7 +653,7 @@ If you disable or don't configure this policy setting, WER throttles data by def -ADMX Info: +ADMX Info: - GP Friendly name: *Do not throttle additional data* - GP name: *WerBypassDataThrottling_2* - GP path: *Windows Components\Windows Error Reporting* @@ -664,7 +664,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1** +**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1** @@ -699,7 +699,7 @@ If you disable or don't configure this policy setting, WER doesn't send data, bu -ADMX Info: +ADMX Info: - GP Friendly name: *Send data when on connected to a restricted/costed network* - GP name: *WerBypassNetworkCostThrottling_1* - GP path: *Windows Components\Windows Error Reporting* @@ -710,7 +710,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2** +**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2** @@ -745,7 +745,7 @@ If you disable or don't configure this policy setting, WER doesn't send data, bu -ADMX Info: +ADMX Info: - GP Friendly name: *Send data when on connected to a restricted/costed network* - GP name: *WerBypassNetworkCostThrottling_2* - GP path: *Windows Components\Windows Error Reporting* @@ -756,7 +756,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerBypassPowerThrottling_1** +**ADMX_ErrorReporting/WerBypassPowerThrottling_1** @@ -791,7 +791,7 @@ If you disable or don't configure this policy setting, WER checks for solutions -ADMX Info: +ADMX Info: - GP Friendly name: *Send additional data when on battery power* - GP name: *WerBypassPowerThrottling_1* - GP path: *Windows Components\Windows Error Reporting* @@ -802,7 +802,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerBypassPowerThrottling_2** +**ADMX_ErrorReporting/WerBypassPowerThrottling_2** @@ -837,7 +837,7 @@ If you disable or don't configure this policy setting, WER checks for solutions -ADMX Info: +ADMX Info: - GP Friendly name: *Send additional data when on battery power* - GP name: *WerBypassPowerThrottling_2* - GP path: *Windows Components\Windows Error Reporting* @@ -848,7 +848,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerCER** +**ADMX_ErrorReporting/WerCER** @@ -883,7 +883,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting s -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Corporate Windows Error Reporting* - GP name: *WerCER* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* @@ -894,7 +894,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerConsentCustomize_1** +**ADMX_ErrorReporting/WerConsentCustomize_1** @@ -935,7 +935,7 @@ If you disable or don't configure this policy setting, then the default consent -ADMX Info: +ADMX Info: - GP Friendly name: *Customize consent settings* - GP name: *WerConsentCustomize_1* - GP path: *Windows Components\Windows Error Reporting\Consent* @@ -946,7 +946,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerConsentOverride_1** +**ADMX_ErrorReporting/WerConsentOverride_1** @@ -981,7 +981,7 @@ If you disable or don't configure this policy setting, custom consent policy set -ADMX Info: +ADMX Info: - GP Friendly name: *Ignore custom consent settings* - GP name: *WerConsentOverride_1* - GP path: *Windows Components\Windows Error Reporting\Consent* @@ -992,7 +992,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerConsentOverride_2** +**ADMX_ErrorReporting/WerConsentOverride_2** @@ -1027,7 +1027,7 @@ If you disable or don't configure this policy setting, custom consent policy set -ADMX Info: +ADMX Info: - GP Friendly name: *Ignore custom consent settings* - GP name: *WerConsentOverride_2* - GP path: *Windows Components\Windows Error Reporting\Consent* @@ -1038,7 +1038,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerDefaultConsent_1** +**ADMX_ErrorReporting/WerDefaultConsent_1** @@ -1078,7 +1078,7 @@ If this policy setting is disabled or not configured, then the consent level def -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Default consent* - GP name: *WerDefaultConsent_1* - GP path: *Windows Components\Windows Error Reporting\Consent* @@ -1089,7 +1089,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerDefaultConsent_2** +**ADMX_ErrorReporting/WerDefaultConsent_2** @@ -1129,7 +1129,7 @@ If this policy setting is disabled or not configured, then the consent level def -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Default consent* - GP name: *WerDefaultConsent_2* - GP path: *Windows Components\Windows Error Reporting\Consent* @@ -1140,7 +1140,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerDisable_1** +**ADMX_ErrorReporting/WerDisable_1** @@ -1175,7 +1175,7 @@ If you disable or don't configure this policy setting, the Turn off Windows Erro -ADMX Info: +ADMX Info: - GP Friendly name: *Disable Windows Error Reporting* - GP name: *WerDisable_1* - GP path: *Windows Components\Windows Error Reporting* @@ -1186,7 +1186,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerExlusion_1** +**ADMX_ErrorReporting/WerExlusion_1** @@ -1222,7 +1222,7 @@ If you disable or don't configure this policy setting, errors are reported on al -ADMX Info: +ADMX Info: - GP Friendly name: *List of applications to be excluded* - GP name: *WerExlusion_1* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* @@ -1233,7 +1233,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerExlusion_2** +**ADMX_ErrorReporting/WerExlusion_2** @@ -1268,7 +1268,7 @@ If you disable or don't configure this policy setting, errors are reported on al -ADMX Info: +ADMX Info: - GP Friendly name: *List of applications to be excluded* - GP name: *WerExlusion_2* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* @@ -1279,7 +1279,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerNoLogging_1** +**ADMX_ErrorReporting/WerNoLogging_1** @@ -1314,7 +1314,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting e -ADMX Info: +ADMX Info: - GP Friendly name: *Disable logging* - GP name: *WerNoLogging_1* - GP path: *Windows Components\Windows Error Reporting* @@ -1325,7 +1325,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerNoLogging_2** +**ADMX_ErrorReporting/WerNoLogging_2** @@ -1360,7 +1360,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting e -ADMX Info: +ADMX Info: - GP Friendly name: *Disable logging* - GP name: *WerNoLogging_2* - GP path: *Windows Components\Windows Error Reporting* @@ -1371,7 +1371,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerNoSecondLevelData_1** +**ADMX_ErrorReporting/WerNoSecondLevelData_1** @@ -1406,7 +1406,7 @@ If you disable or don't configure this policy setting, then consent policy setti -ADMX Info: +ADMX Info: - GP Friendly name: *Do not send additional data* - GP name: *WerNoSecondLevelData_1* - GP path: *Windows Components\Windows Error Reporting* @@ -1417,7 +1417,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerQueue_1** +**ADMX_ErrorReporting/WerQueue_1** @@ -1454,7 +1454,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting r -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Report Queue* - GP name: *WerQueue_1* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* @@ -1465,7 +1465,7 @@ ADMX Info:
            -**ADMX_ErrorReporting/WerQueue_2** +**ADMX_ErrorReporting/WerQueue_2** @@ -1502,7 +1502,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting r -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Report Queue* - GP name: *WerQueue_2* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index 627492ca73..5e65d7883b 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/17/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,13 +18,13 @@ manager: aaroncz
            -## ADMX_EventForwarding policies +## ADMX_EventForwarding policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -40,7 +40,7 @@ manager: aaroncz
            -**ADMX_EventForwarding/ForwarderResourceUsage** +**ADMX_EventForwarding/ForwarderResourceUsage** @@ -78,7 +78,7 @@ This setting applies across all subscriptions for the forwarder (source computer -ADMX Info: +ADMX Info: - GP Friendly name: *Configure forwarder resource usage* - GP name: *ForwarderResourceUsage* - GP path: *Windows Components/Event Forwarding* @@ -91,7 +91,7 @@ ADMX Info:
            -**ADMX_EventForwarding/SubscriptionManager** +**ADMX_EventForwarding/SubscriptionManager** @@ -121,7 +121,7 @@ This policy setting allows you to configure the server address, refresh interval If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics. -Use the following syntax when using the HTTPS protocol: +Use the following syntax when using the HTTPS protocol: ``` syntax Server=https://:5986/wsman/SubscriptionManager/WEC,Refresh=,IssuerCA=. @@ -135,7 +135,7 @@ If you disable or don't configure this policy setting, the Event Collector compu -ADMX Info: +ADMX Info: - GP Friendly name: *Configure target Subscription Manager* - GP name: *SubscriptionManager* - GP path: *Windows Components/Event Forwarding* diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md index 471b6a5631..67892620cd 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlog.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/01/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            -## ADMX_EventLog policies +## ADMX_EventLog policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -96,7 +96,7 @@ manager: aaroncz
            -**ADMX_EventLog/Channel_LogEnabled** +**ADMX_EventLog/Channel_LogEnabled** @@ -126,7 +126,7 @@ This policy setting turns on logging. If you enable or don't configure this policy setting, then events can be written to this log. -If the policy setting is disabled, then no new events can be logged. +If the policy setting is disabled, then no new events can be logged. >[!Note] > Events can always be read from the log, regardless of this policy setting. @@ -134,7 +134,7 @@ If the policy setting is disabled, then no new events can be logged. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on logging* - GP name: *Channel_LogEnabled* - GP path: *Windows Components\Event Log Service\Setup* @@ -145,7 +145,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_LogFilePath_1** +**ADMX_EventLog/Channel_LogFilePath_1** @@ -180,7 +180,7 @@ If you disable or don't configure this policy setting, the Event Log uses the fo -ADMX Info: +ADMX Info: - GP Friendly name: *Control the location of the log file* - GP name: *Channel_LogFilePath_1* - GP path: *Windows Components\Event Log Service\Application* @@ -191,7 +191,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_LogFilePath_2** +**ADMX_EventLog/Channel_LogFilePath_2** @@ -226,7 +226,7 @@ If you disable or don't configure this policy setting, the Event Log uses the fo -ADMX Info: +ADMX Info: - GP Friendly name: *Control the location of the log file* - GP name: *Channel_LogFilePath_2* - GP path: *Windows Components\Event Log Service\Security* @@ -237,7 +237,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_LogFilePath_3** +**ADMX_EventLog/Channel_LogFilePath_3** @@ -272,7 +272,7 @@ If you disable or don't configure this policy setting, the Event Log uses the fo -ADMX Info: +ADMX Info: - GP Friendly name: *Control the location of the log file* - GP name: *Channel_LogFilePath_3* - GP path: *Windows Components\Event Log Service\Setup* @@ -283,7 +283,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_LogFilePath_4** +**ADMX_EventLog/Channel_LogFilePath_4** @@ -318,7 +318,7 @@ If you disable or don't configure this policy setting, the Event Log uses the fo -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on logging* - GP name: *Channel_LogFilePath_4* - GP path: *Windows Components\Event Log Service\System* @@ -329,7 +329,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_LogMaxSize_3** +**ADMX_EventLog/Channel_LogMaxSize_3** @@ -364,7 +364,7 @@ If you disable or don't configure this policy setting, the maximum size of the l -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_3* - GP path: *Windows Components\Event Log Service\Setup* @@ -375,7 +375,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_AutoBackup_1** +**ADMX_EventLog/Channel_Log_AutoBackup_1** @@ -412,7 +412,7 @@ If you don't configure this policy setting and the "Retain old events" policy se -ADMX Info: +ADMX Info: - GP Friendly name: *Back up log automatically when full* - GP name: *Channel_Log_AutoBackup_1* - GP path: *Windows Components\Event Log Service\Application* @@ -423,7 +423,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_AutoBackup_2** +**ADMX_EventLog/Channel_Log_AutoBackup_2** @@ -460,7 +460,7 @@ If you don't configure this policy setting and the "Retain old events" policy se -ADMX Info: +ADMX Info: - GP Friendly name: *Back up log automatically when full* - GP name: *Channel_Log_AutoBackup_2* - GP path: *Windows Components\Event Log Service\Security* @@ -471,7 +471,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_AutoBackup_3** +**ADMX_EventLog/Channel_Log_AutoBackup_3** @@ -508,7 +508,7 @@ If you don't configure this policy setting and the "Retain old events" policy se -ADMX Info: +ADMX Info: - GP Friendly name: *Back up log automatically when full* - GP name: *Channel_Log_AutoBackup_3* - GP path: *Windows Components\Event Log Service\Setup* @@ -519,7 +519,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_AutoBackup_4** +**ADMX_EventLog/Channel_Log_AutoBackup_4** @@ -556,7 +556,7 @@ If you don't configure this policy setting and the "Retain old events" policy se -ADMX Info: +ADMX Info: - GP Friendly name: *Back up log automatically when full* - GP name: *Channel_Log_AutoBackup_4* - GP path: *Windows Components\Event Log Service\System* @@ -567,7 +567,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_FileLogAccess_1** +**ADMX_EventLog/Channel_Log_FileLogAccess_1** @@ -605,7 +605,7 @@ If you disable or don't configure this policy setting, all authenticated users a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure log access* - GP name: *Channel_Log_FileLogAccess_1* - GP path: *Windows Components\Event Log Service\Application* @@ -616,7 +616,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_FileLogAccess_2** +**ADMX_EventLog/Channel_Log_FileLogAccess_2** @@ -654,7 +654,7 @@ If you disable or don't configure this policy setting, only system software and -ADMX Info: +ADMX Info: - GP Friendly name: *Configure log access* - GP name: *Channel_Log_FileLogAccess_2* - GP path: *Windows Components\Event Log Service\Security* @@ -665,7 +665,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_FileLogAccess_3** +**ADMX_EventLog/Channel_Log_FileLogAccess_3** @@ -703,7 +703,7 @@ If you disable or don't configure this policy setting, all authenticated users a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure log access* - GP name: *Channel_Log_FileLogAccess_3* - GP path: *Windows Components\Event Log Service\Setup* @@ -714,7 +714,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_FileLogAccess_4** +**ADMX_EventLog/Channel_Log_FileLogAccess_4** @@ -752,7 +752,7 @@ If you disable or don't configure this policy setting, only system software and -ADMX Info: +ADMX Info: - GP Friendly name: *Configure log access* - GP name: *Channel_Log_FileLogAccess_4* - GP path: *Windows Components\Event Log Service\System* @@ -763,7 +763,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_FileLogAccess_5** +**ADMX_EventLog/Channel_Log_FileLogAccess_5** @@ -800,7 +800,7 @@ If you don't configure this policy setting, the previous policy setting configur -ADMX Info: +ADMX Info: - GP Friendly name: *Configure log access (legacy)* - GP name: *Channel_Log_FileLogAccess_5* - GP path: *Windows Components\Event Log Service\Application* @@ -811,7 +811,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_FileLogAccess_6** +**ADMX_EventLog/Channel_Log_FileLogAccess_6** @@ -848,7 +848,7 @@ If you don't configure this policy setting, the previous policy setting configur -ADMX Info: +ADMX Info: - GP Friendly name: *Configure log access (legacy)* - GP name: *Channel_Log_FileLogAccess_6* - GP path: *Windows Components\Event Log Service\Security* @@ -859,7 +859,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_FileLogAccess_7** +**ADMX_EventLog/Channel_Log_FileLogAccess_7** @@ -896,7 +896,7 @@ If you don't configure this policy setting, the previous policy setting configur -ADMX Info: +ADMX Info: - GP Friendly name: *Configure log access (legacy)* - GP name: *Channel_Log_FileLogAccess_7* - GP path: *Windows Components\Event Log Service\Setup* @@ -907,7 +907,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_FileLogAccess_8** +**ADMX_EventLog/Channel_Log_FileLogAccess_8** @@ -944,7 +944,7 @@ If you don't configure this policy setting, the previous policy setting configur -ADMX Info: +ADMX Info: - GP Friendly name: *Configure log access (legacy)* - GP name: *Channel_Log_FileLogAccess_8* - GP path: *Windows Components\Event Log Service\System* @@ -955,7 +955,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_Retention_2** +**ADMX_EventLog/Channel_Log_Retention_2** @@ -993,7 +993,7 @@ If you disable or don't configure this policy setting and a log file reaches its -ADMX Info: +ADMX Info: - GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size* - GP name: *Channel_Log_Retention_2* - GP path: *Windows Components\Event Log Service\Security* @@ -1004,7 +1004,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_Retention_3** +**ADMX_EventLog/Channel_Log_Retention_3** @@ -1042,7 +1042,7 @@ If you disable or don't configure this policy setting and a log file reaches its -ADMX Info: +ADMX Info: - GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size* - GP name: *Channel_Log_Retention_3* - GP path: *Windows Components\Event Log Service\Setup* @@ -1053,7 +1053,7 @@ ADMX Info:
            -**ADMX_EventLog/Channel_Log_Retention_4** +**ADMX_EventLog/Channel_Log_Retention_4** @@ -1092,7 +1092,7 @@ If you disable or don't configure this policy setting and a log file reaches its -ADMX Info: +ADMX Info: - GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size* - GP name: *Channel_Log_Retention_4* - GP path: *Windows Components\Event Log Service\System* diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md index 03921b2021..2ab2eeaca2 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/12/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_EventLogging > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_EventLogging policies +## ADMX_EventLogging policies
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**ADMX_EventLogging/EnableProtectedEventLogging** +**ADMX_EventLogging/EnableProtectedEventLogging** @@ -62,18 +62,18 @@ manager: aaroncz -This policy setting lets you configure Protected Event Logging. +This policy setting lets you configure Protected Event Logging. -If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide. +If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide. -You can use the `Unprotect-CmsMessage` PowerShell cmdlet to decrypt these encrypted messages, if you have access to the private key corresponding to the public key that they were encrypted with. +You can use the `Unprotect-CmsMessage` PowerShell cmdlet to decrypt these encrypted messages, if you have access to the private key corresponding to the public key that they were encrypted with. If you disable or don't configure this policy setting, components won't encrypt event log messages before writing them to the event log. -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Protected Event Logging* - GP name: *EnableProtectedEventLogging* - GP path: *Windows Components\Event Logging* diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md index a3979738bd..5745240332 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md +++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/13/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_EventViewer > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_EventViewer policies +## ADMX_EventViewer policies
            @@ -42,7 +42,7 @@ manager: aaroncz
            -**ADMX_EventViewer/EventViewer_RedirectionProgram** +**ADMX_EventViewer/EventViewer_RedirectionProgram** @@ -71,10 +71,10 @@ manager: aaroncz This program is the one that will be invoked when the user clicks the `events.asp` link. - - + + -ADMX Info: +ADMX Info: - GP Friendly name: *Events.asp program* - GP name: *EventViewer_RedirectionProgram* - GP path: *Windows Components\Event Viewer* @@ -85,7 +85,7 @@ ADMX Info:
            -**ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters** +**ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters** @@ -116,7 +116,7 @@ This program specifies the command line parameters that will be passed to the `e -ADMX Info: +ADMX Info: - GP Friendly name: *Events.asp program command line parameters* - GP name: *EventViewer_RedirectionProgramCommandLineParameters* - GP path: *Windows Components\Event Viewer* @@ -127,7 +127,7 @@ ADMX Info:
            -**ADMX_EventViewer/EventViewer_RedirectionURL** +**ADMX_EventViewer/EventViewer_RedirectionURL** @@ -157,10 +157,10 @@ This URL is the one that will be passed to the Description area in the Event Pro Change this value if you want to use a different Web server to handle event information requests. - + -ADMX Info: +ADMX Info: - GP Friendly name: *Events.asp URL* - GP name: *EventViewer_RedirectionURL* - GP path: *Windows Components\Event Viewer* diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md index c3be668f23..010a1a10ef 100644 --- a/windows/client-management/mdm/policy-csp-admx-explorer.md +++ b/windows/client-management/mdm/policy-csp-admx-explorer.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/08/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            -## ADMX_Explorer policies +## ADMX_Explorer policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -48,7 +48,7 @@ manager: aaroncz
            -**ADMX_Explorer/AdminInfoUrl** +**ADMX_Explorer/AdminInfoUrl** @@ -79,7 +79,7 @@ This policy setting sets the target of the More Information link that will be di -ADMX Info: +ADMX Info: - GP Friendly name: *Set a support web page link* - GP name: *AdminInfoUrl* - GP path: *Windows Components\File Explorer* @@ -90,7 +90,7 @@ ADMX Info:
            -**ADMX_Explorer/AlwaysShowClassicMenu** +**ADMX_Explorer/AlwaysShowClassicMenu** @@ -123,13 +123,13 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting co If you enable this policy setting, the menu bar will be displayed in File Explorer. -If you disable or don't configure this policy setting, the menu bar won't be displayed in File Explorer. +If you disable or don't configure this policy setting, the menu bar won't be displayed in File Explorer. > [!NOTE] > When the menu bar is not displayed, users can access the menu bar by pressing the 'ALT' key. -ADMX Info: +ADMX Info: - GP Friendly name: *Display the menu bar in File Explorer* - GP name: *AlwaysShowClassicMenu* - GP path: *Windows Components\File Explorer* @@ -140,7 +140,7 @@ ADMX Info:
            -**ADMX_Explorer/DisableRoamedProfileInit** +**ADMX_Explorer/DisableRoamedProfileInit** @@ -173,7 +173,7 @@ If you enable this policy setting on a machine that doesn't contain all programs -ADMX Info: +ADMX Info: - GP Friendly name: *Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time* - GP name: *DisableRoamedProfileInit* - GP path: *Windows Components\File Explorer* @@ -184,7 +184,7 @@ ADMX Info:
            -**ADMX_Explorer/PreventItemCreationInUsersFilesFolder** +**ADMX_Explorer/PreventItemCreationInUsersFilesFolder** @@ -222,7 +222,7 @@ If you disable or don't configure this policy setting, users will be able to add -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent users from adding files to the root of their Users Files folder.* - GP name: *PreventItemCreationInUsersFilesFolder* - GP path: *Windows Components\File Explorer* @@ -233,7 +233,7 @@ ADMX Info:
            -**ADMX_Explorer/TurnOffSPIAnimations** +**ADMX_Explorer/TurnOffSPIAnimations** @@ -259,14 +259,14 @@ ADMX Info: -This policy is similar to settings directly available to computer users. +This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities, and also improve performance and battery life in some scenarios. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off common control and window animations* - GP name: *TurnOffSPIAnimations* - GP path: *Windows Components\File Explorer* diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md index 7d85473280..62cc01fcfd 100644 --- a/windows/client-management/mdm/policy-csp-admx-externalboot.md +++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md @@ -8,23 +8,23 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/13/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_ExternalBoot > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## Policy CSP - ADMX_ExternalBoot +## Policy CSP - ADMX_ExternalBoot
            @@ -44,7 +44,7 @@ manager: aaroncz
            -**ADMX_ExternalBoot/PortableOperatingSystem_Hibernate** +**ADMX_ExternalBoot/PortableOperatingSystem_Hibernate** @@ -70,9 +70,9 @@ manager: aaroncz -This policy specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace. +This policy specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace. -If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC. +If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC. If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, and can't hibernate the PC. @@ -81,7 +81,7 @@ If you disable or don't configure this setting, Windows, when started from a Win -ADMX Info: +ADMX Info: - GP Friendly name: *Allow hibernate (S4) when starting from a Windows To Go workspace* - GP name: *PortableOperatingSystem_Hibernate* - GP path: *Windows Components\Portable Operating System* @@ -93,7 +93,7 @@ ADMX Info:
            -**ADMX_ExternalBoot/PortableOperatingSystem_Sleep** +**ADMX_ExternalBoot/PortableOperatingSystem_Sleep** @@ -119,16 +119,16 @@ ADMX Info: -This policy specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace. +This policy specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace. -If you enable this setting, Windows, when started from a Windows To Go workspace, can't use standby states to make the PC sleep. +If you enable this setting, Windows, when started from a Windows To Go workspace, can't use standby states to make the PC sleep. If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, can use standby states to make the PC sleep. -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace* - GP name: *PortableOperatingSystem_Sleep* - GP path: *Windows Components\Portable Operating System* @@ -140,7 +140,7 @@ ADMX Info:
            -**ADMX_ExternalBoot/PortableOperatingSystem_Launcher** +**ADMX_ExternalBoot/PortableOperatingSystem_Launcher** @@ -166,18 +166,18 @@ ADMX Info: -This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item. +This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item. -If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item. +If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item. -If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration. +If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration. If you don't configure this setting, users who are members of the Administrators group can make changes using the Windows To Go Startup Options Control Panel item. -ADMX Info: +ADMX Info: - GP Friendly name: *Windows To Go Default Startup Options* - GP name: *PortableOperatingSystem_Launcher* - GP path: *Windows Components\Portable Operating System* diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md index e81f6e1043..8ea5d19c93 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md @@ -8,17 +8,17 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 03/24/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_FileRecovery > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -33,7 +33,7 @@ manager: aaroncz
            -**ADMX_FileRecovery/WdiScenarioExecutionPolicy** +**ADMX_FileRecovery/WdiScenarioExecutionPolicy** @@ -65,7 +65,7 @@ manager: aaroncz -ADMX Info: +ADMX Info: - GP ADMX file name: *FileRecovery.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md index 6cf18b696b..e35b11f6d0 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md +++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md @@ -8,17 +8,17 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/13/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_FileRevocation > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -34,7 +34,7 @@ manager: aaroncz
            -**ADMX_FileRevocation/DelegatedPackageFamilyNames** +**ADMX_FileRevocation/DelegatedPackageFamilyNames** @@ -58,14 +58,14 @@ manager: aaroncz -Windows Runtime applications can protect content that has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format. -Example value: `Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy` +Windows Runtime applications can protect content that has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format. +Example value: `Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy` -If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device. +If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device. -If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app. +If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app. -Any other Windows Runtime application will only be able to revoke access to content it protected. +Any other Windows Runtime application will only be able to revoke access to content it protected. > [!NOTE] > Information the user should notice even if skimmingFile revocation applies to all content protected under the same second level domain as the provided enterprise identifier. Therefore, revoking an enterprise ID of `mail.contoso.com` will revoke the user’s access to all content protected under the contoso.com hierarchy. @@ -73,7 +73,7 @@ Any other Windows Runtime application will only be able to revoke access to cont -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Windows Runtime apps to revoke enterprise data.* - GP name: *DelegatedPackageFamilyNames* - GP path: *Windows Components\File Revocation* diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md index 5f9d1741bd..19ebcb25d5 100644 --- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md +++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/02/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_FileServerVSSProvider > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_FileServerVSSProvider policies +## ADMX_FileServerVSSProvider policies
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**ADMX_FileServerVSSProvider/Pol_EncryptProtocol** +**ADMX_FileServerVSSProvider/Pol_EncryptProtocol** @@ -66,7 +66,7 @@ This policy setting determines whether the RPC protocol messages used by VSS for VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. -By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. +By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. > [!NOTE] > To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. @@ -74,7 +74,7 @@ By default, the RPC protocol message between File Server VSS provider and File S -ADMX Info: +ADMX Info: - GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.* - GP name: *Pol_EncryptProtocol* - GP path: *System/File Share Shadow Copy Provider* diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md index e5c5587bc2..7cb1659741 100644 --- a/windows/client-management/mdm/policy-csp-admx-filesys.md +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/02/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,14 +17,14 @@ manager: aaroncz
            -## ADMX_FileSys policies +## ADMX_FileSys policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -57,7 +57,7 @@ manager: aaroncz
            -**ADMX_FileSys/DisableCompression** +**ADMX_FileSys/DisableCompression** |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -81,13 +81,13 @@ manager: aaroncz -Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. +Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow compression on all NTFS volumes* - GP name: *DisableCompression* - GP path: *System/Filesystem/NTFS* @@ -98,7 +98,7 @@ ADMX Info:
            -**ADMX_FileSys/DisableDeleteNotification** +**ADMX_FileSys/DisableDeleteNotification** |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -131,7 +131,7 @@ A value of 1 will disable delete notifications for all volumes. -ADMX Info: +ADMX Info: - GP Friendly name: *Disable delete notifications on all volumes* - GP name: *DisableDeleteNotification* - GP path: *System/Filesystem* @@ -142,7 +142,7 @@ ADMX Info:
            -**ADMX_FileSys/DisableEncryption** +**ADMX_FileSys/DisableEncryption** |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -166,12 +166,12 @@ ADMX Info: -Encryption can add to the processing overhead of filesystem operations. +Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow encryption on all NTFS volumes* - GP name: *DisableEncryption* - GP path: *System/Filesystem/NTFS* @@ -182,7 +182,7 @@ ADMX Info:
            -**ADMX_FileSys/EnablePagefileEncryption** +**ADMX_FileSys/EnablePagefileEncryption** |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -206,14 +206,14 @@ ADMX Info: -Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. +Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted. -ADMX Info: +ADMX Info: - GP Friendly name: *Enable NTFS pagefile encryption* - GP name: *EnablePagefileEncryption* - GP path: *System/Filesystem/NTFS* @@ -224,7 +224,7 @@ ADMX Info:
            -**ADMX_FileSys/LongPathsEnabled** +**ADMX_FileSys/LongPathsEnabled** |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -248,14 +248,14 @@ ADMX Info: -Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. +Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process. -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Win32 long paths* - GP name: *LongPathsEnabled* - GP path: *System/Filesystem* @@ -266,7 +266,7 @@ ADMX Info:
            -**ADMX_FileSys/ShortNameCreationSettings** +**ADMX_FileSys/ShortNameCreationSettings** |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -292,14 +292,14 @@ ADMX Info: This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system. -If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume. +If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes, then short names will only be generated for files created on the system volume. -ADMX Info: +ADMX Info: - GP Friendly name: *Short name creation options* - GP name: *ShortNameCreationSettings* - GP path: *System/Filesystem/NTFS* @@ -310,7 +310,7 @@ ADMX Info:
            -**ADMX_FileSys/SymlinkEvaluation** +**ADMX_FileSys/SymlinkEvaluation** |Edition|Windows 10|Windows 11| @@ -335,7 +335,7 @@ ADMX Info: -Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links: +Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links: - Local Link to a Local Target - Local Link to a Remote Target @@ -350,7 +350,7 @@ For more information, see the Windows Help section. -ADMX Info: +ADMX Info: - GP Friendly name: *Selectively allow the evaluation of a symbolic link* - GP name: *SymlinkEvaluation* - GP path: *System/Filesystem* @@ -361,7 +361,7 @@ ADMX Info:
            -**ADMX_FileSys/TxfDeprecatedFunctionality** +**ADMX_FileSys/TxfDeprecatedFunctionality** |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -391,7 +391,7 @@ TXF deprecated features included savepoints, secondary RM, miniversion and roll -ADMX Info: +ADMX Info: - GP Friendly name: *Enable / disable TXF deprecated features* - GP name: *TxfDeprecatedFunctionality* - GP path: *System/Filesystem/NTFS* diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md index cca8d67c3b..c61d424741 100644 --- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/02/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            -## ADMX_FolderRedirection policies +## ADMX_FolderRedirection policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -54,7 +54,7 @@ manager: aaroncz
            -**ADMX_FolderRedirection/DisableFRAdminPin** +**ADMX_FolderRedirection/DisableFRAdminPin** |Edition|Windows 10|Windows 11| @@ -81,12 +81,12 @@ manager: aaroncz This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default. -If you enable this policy setting, users must manually select the files they wish to make available offline. +If you enable this policy setting, users must manually select the files they wish to make available offline. -If you disable or don't configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline. +If you disable or don't configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline. > [!NOTE] -> This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. +> This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. > > Don't enable this policy setting if users will need access to their redirected files if the network or server holding the redirected files becomes unavailable. > @@ -95,7 +95,7 @@ If you disable or don't configure this policy setting, redirected shell folders -ADMX Info: +ADMX Info: - GP Friendly name: *Do not automatically make all redirected folders available offline* - GP name: *DisableFRAdminPin* - GP path: *System/Folder Redirection* @@ -106,7 +106,7 @@ ADMX Info:
            -**ADMX_FolderRedirection/DisableFRAdminPinByFolder** +**ADMX_FolderRedirection/DisableFRAdminPinByFolder** |Edition|Windows 10|Windows 11| @@ -145,7 +145,7 @@ If you disable or don't configure this policy setting, all redirected shell fold -ADMX Info: +ADMX Info: - GP Friendly name: *Do not automatically make specific redirected folders available offline* - GP name: *DisableFRAdminPinByFolder* - GP path: *System/Folder Redirection* @@ -156,7 +156,7 @@ ADMX Info:
            -**ADMX_FolderRedirection/FolderRedirectionEnableCacheRename** +**ADMX_FolderRedirection/FolderRedirectionEnableCacheRename** @@ -191,7 +191,7 @@ If you disable or don't configure this policy setting, when the path to a redire -ADMX Info: +ADMX Info: - GP Friendly name: *Enable optimized move of contents in Offline Files cache on Folder Redirection server path change* - GP name: *FolderRedirectionEnableCacheRename* - GP path: *System/Folder Redirection* @@ -202,7 +202,7 @@ ADMX Info:
            -**ADMX_FolderRedirection/LocalizeXPRelativePaths_1** +**ADMX_FolderRedirection/LocalizeXPRelativePaths_1** @@ -240,7 +240,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W -ADMX Info: +ADMX Info: - GP Friendly name: *Use localized subfolder names when redirecting Start Menu and My Documents* - GP name: *LocalizeXPRelativePaths_1* - GP path: *System/Folder Redirection* @@ -251,7 +251,7 @@ ADMX Info:
            -**ADMX_FolderRedirection/LocalizeXPRelativePaths_2** +**ADMX_FolderRedirection/LocalizeXPRelativePaths_2** @@ -289,7 +289,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W -ADMX Info: +ADMX Info: - GP Friendly name: *Use localized subfolder names when redirecting Start Menu and My Documents* - GP name: *LocalizeXPRelativePaths_2* - GP path: *System/Folder Redirection* @@ -300,7 +300,7 @@ ADMX Info:
            -**ADMX_FolderRedirection/PrimaryComputer_FR_1** +**ADMX_FolderRedirection/PrimaryComputer_FR_1** |Edition|Windows 10|Windows 11| @@ -339,7 +339,7 @@ If you disable or don't configure this policy setting and the user has redirecte -ADMX Info: +ADMX Info: - GP Friendly name: *Redirect folders on primary computers only* - GP name: *PrimaryComputer_FR_1* - GP path: *System/Folder Redirection* @@ -350,7 +350,7 @@ ADMX Info:
            -**ADMX_FolderRedirection/PrimaryComputer_FR_2** +**ADMX_FolderRedirection/PrimaryComputer_FR_2** |Edition|Windows 10|Windows 11| @@ -390,7 +390,7 @@ If you disable or don't configure this policy setting and the user has redirecte -ADMX Info: +ADMX Info: - GP Friendly name: *Redirect folders on primary computers only* - GP name: *PrimaryComputer_FR_2* - GP path: *System/Folder Redirection* diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md index a30e0b8b87..af389b9bdc 100644 --- a/windows/client-management/mdm/policy-csp-admx-framepanes.md +++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/14/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_FramePanes > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_FramePanes policies +## ADMX_FramePanes policies
            @@ -31,14 +31,14 @@ manager: aaroncz
            ADMX_FramePanes/NoPreviewPane -
            +
            -**ADMX_FramePanes/NoReadingPane** +**ADMX_FramePanes/NoReadingPane** |Edition|Windows 10|Windows 11| |--- |--- |--- | @@ -62,23 +62,23 @@ manager: aaroncz -This policy setting shows or hides the Details Pane in File Explorer. +This policy setting shows or hides the Details Pane in File Explorer. -If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user. +If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user. -If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user. +If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user. > [!NOTE] -> This has a side effect of not being able to toggle to the Preview Pane since the two can't be displayed at the same time. +> This has a side effect of not being able to toggle to the Preview Pane since the two can't be displayed at the same time. If you disable, or don't configure this policy setting, the Details Pane is hidden by default and can be displayed by the user. This setting is the default policy setting. - + -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on or off details pane* - GP name: *NoReadingPane* - GP path: *Windows Components\File Explorer\Explorer Frame Pane* @@ -89,7 +89,7 @@ ADMX Info:
            -**ADMX_FramePanes/NoPreviewPane** +**ADMX_FramePanes/NoPreviewPane** |Edition|Windows 10|Windows 11| @@ -114,16 +114,16 @@ ADMX Info: -Hides the Preview Pane in File Explorer. +Hides the Preview Pane in File Explorer. -If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user. +If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user. If you disable, or don't configure this setting, the Preview Pane is hidden by default and can be displayed by the user. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Preview Pane* - GP name: *NoPreviewPane* - GP path: *Windows Components\File Explorer\Explorer Frame Pane* diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md index d571a60d05..47dbc15310 100644 --- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md +++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/15/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_FTHSVC > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_FTHSVC policies +## ADMX_FTHSVC policies
            @@ -35,7 +35,7 @@ manager: aaroncz
            -**ADMX_FTHSVC/WdiScenarioExecutionPolicy** +**ADMX_FTHSVC/WdiScenarioExecutionPolicy** @@ -61,23 +61,23 @@ manager: aaroncz -This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems. +This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems. -If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems. +If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems. -If you disable this policy setting, Windows can't detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS. +If you disable this policy setting, Windows can't detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS. -If you don't configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default. +If you don't configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default. -This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. -This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. -The DPS can be configured with the Services snap-in to the Microsoft Management Console. +This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. +This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. +The DPS can be configured with the Services snap-in to the Microsoft Management Console. No system restart or service restart is required for this policy setting to take effect: changes take effect immediately. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Scenario Execution Level* - GP name: *WdiScenarioExecutionPolicy* - GP path: *System\Troubleshooting and Diagnostics\Fault Tolerant Heap* diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md index 51540ef8ab..a16529e681 100644 --- a/windows/client-management/mdm/policy-csp-admx-globalization.md +++ b/windows/client-management/mdm/policy-csp-admx-globalization.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/14/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            -## ADMX_Globalization policies +## ADMX_Globalization policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -105,7 +105,7 @@ manager: aaroncz
            -**ADMX_Globalization/BlockUserInputMethodsForSignIn** +**ADMX_Globalization/BlockUserInputMethodsForSignIn** @@ -143,7 +143,7 @@ If the policy is disabled or not configured, then the user will be able to use i -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow copying of user input methods to the system account for sign-in* - GP name: *BlockUserInputMethodsForSignIn* - GP path: *System\Locale Services* @@ -154,7 +154,7 @@ ADMX Info:
            -**ADMX_Globalization/CustomLocalesNoSelect_1** +**ADMX_Globalization/CustomLocalesNoSelect_1** @@ -197,7 +197,7 @@ To set this policy setting on a per-user basis, make sure that you don't configu -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow selection of Custom Locales* - GP name: *CustomLocalesNoSelect_1* - GP path: *System\Locale Services* @@ -208,7 +208,7 @@ ADMX Info:
            -**ADMX_Globalization/CustomLocalesNoSelect_2** +**ADMX_Globalization/CustomLocalesNoSelect_2** @@ -251,7 +251,7 @@ To set this policy setting on a per-user basis, make sure that you don't configu -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow selection of Custom Locales* - GP name: *CustomLocalesNoSelect_2* - GP path: *System\Locale Services* @@ -262,7 +262,7 @@ ADMX Info:
            -**ADMX_Globalization/HideAdminOptions** +**ADMX_Globalization/HideAdminOptions** @@ -305,7 +305,7 @@ If you disable or don't configure this policy setting, the user can see the Admi -ADMX Info: +ADMX Info: - GP Friendly name: *Hide Regional and Language Options administrative options* - GP name: *HideAdminOptions* - GP path: *Control Panel\Regional and Language Options* @@ -316,7 +316,7 @@ ADMX Info:
            -**ADMX_Globalization/HideCurrentLocation** +**ADMX_Globalization/HideCurrentLocation** @@ -356,7 +356,7 @@ If you disable or don't configure this policy setting, the user sees the option -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the geographic location option* - GP name: *HideCurrentLocation* - GP path: *Control Panel\Regional and Language Options* @@ -367,7 +367,7 @@ ADMX Info:
            -**ADMX_Globalization/HideLanguageSelection** +**ADMX_Globalization/HideLanguageSelection** @@ -406,7 +406,7 @@ If you enable this policy setting, the user doesn't see the option for changing -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the select language group options* - GP name: *HideLanguageSelection* - GP path: *Control Panel\Regional and Language Options* @@ -417,7 +417,7 @@ ADMX Info:
            -**ADMX_Globalization/HideLocaleSelectAndCustomize** +**ADMX_Globalization/HideLocaleSelectAndCustomize** @@ -454,7 +454,7 @@ If you disable or don't configure this policy setting, the user sees the regiona -ADMX Info: +ADMX Info: - GP Friendly name: *Hide user locale selection and customization options* - GP name: *HideLocaleSelectAndCustomize* - GP path: *Control Panel\Regional and Language Options* @@ -465,7 +465,7 @@ ADMX Info:
            -**ADMX_Globalization/ImplicitDataCollectionOff_1** +**ADMX_Globalization/ImplicitDataCollectionOff_1** @@ -514,7 +514,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off automatic learning* - GP name: *ImplicitDataCollectionOff_1* - GP path: *Control Panel\Regional and Language Options\Handwriting personalization* @@ -525,7 +525,7 @@ ADMX Info:
            -**ADMX_Globalization/ImplicitDataCollectionOff_2** +**ADMX_Globalization/ImplicitDataCollectionOff_2** @@ -568,13 +568,13 @@ This policy setting is related to the "Turn off handwriting personalization" pol > [!NOTE] > The amount of stored ink is limited to 50 MB and the amount of text information to approximately 5 MB. When these limits are reached and new data is collected, old data is deleted to make room for more recent data. -> +> > Handwriting personalization works only for Microsoft handwriting recognizers, and not with third-party recognizers. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off automatic learning* - GP name: *ImplicitDataCollectionOff_2* - GP path: *Control Panel\Regional and Language Options\Handwriting personalization* @@ -585,7 +585,7 @@ ADMX Info:
            -**ADMX_Globalization/LocaleSystemRestrict** +**ADMX_Globalization/LocaleSystemRestrict** @@ -622,7 +622,7 @@ If you disable or don't configure this policy setting, administrators can select -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict system locales* - GP name: *LocaleSystemRestrict* - GP path: *System\Locale Services* @@ -633,7 +633,7 @@ ADMX Info:
            -**ADMX_Globalization/LocaleUserRestrict_1** +**ADMX_Globalization/LocaleUserRestrict_1** @@ -672,7 +672,7 @@ If you disable or don't configure this policy setting, users can select any loca -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict user locales* - GP name: *LocaleUserRestrict_1* - GP path: *System\Locale Services* @@ -683,7 +683,7 @@ ADMX Info:
            -**ADMX_Globalization/LocaleUserRestrict_2** +**ADMX_Globalization/LocaleUserRestrict_2** @@ -724,7 +724,7 @@ If this policy setting is enabled at the computer level, it can't be disabled by -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict user locales* - GP name: *LocaleUserRestrict_2* - GP path: *System\Locale Services* @@ -735,7 +735,7 @@ ADMX Info:
            -**ADMX_Globalization/LockMachineUILanguage** +**ADMX_Globalization/LockMachineUILanguage** @@ -772,7 +772,7 @@ If you disable or don't configure this policy setting, the user can specify whic -ADMX Info: +ADMX Info: - GP Friendly name: *Restricts the UI language Windows uses for all logged users* - GP name: *LockMachineUILanguage* - GP path: *Control Panel\Regional and Language Options* @@ -783,7 +783,7 @@ ADMX Info:
            -**ADMX_Globalization/LockUserUILanguage** +**ADMX_Globalization/LockUserUILanguage** @@ -822,7 +822,7 @@ To enable this policy setting in Windows Server 2003, Windows XP, or Windows 200 -ADMX Info: +ADMX Info: - GP Friendly name: *Restricts the UI languages Windows should use for the selected user* - GP name: *LockUserUILanguage* - GP path: *Control Panel\Regional and Language Options* @@ -833,7 +833,7 @@ ADMX Info:
            -**ADMX_Globalization/PreventGeoIdChange_1** +**ADMX_Globalization/PreventGeoIdChange_1** @@ -872,7 +872,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow changing of geographic location* - GP name: *PreventGeoIdChange_1* - GP path: *System\Locale Services* @@ -883,7 +883,7 @@ ADMX Info:
            -**ADMX_Globalization/PreventGeoIdChange_2** +**ADMX_Globalization/PreventGeoIdChange_2** @@ -922,7 +922,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow changing of geographic location* - GP name: *PreventGeoIdChange_2* - GP path: *System\Locale Services* @@ -933,7 +933,7 @@ ADMX Info:
            -**ADMX_Globalization/PreventUserOverrides_1** +**ADMX_Globalization/PreventUserOverrides_1** @@ -976,7 +976,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow user override of locale settings* - GP name: *PreventUserOverrides_1* - GP path: *System\Locale Services* @@ -987,7 +987,7 @@ ADMX Info:
            -**ADMX_Globalization/PreventUserOverrides_2** +**ADMX_Globalization/PreventUserOverrides_2** @@ -1030,7 +1030,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow user override of locale settings* - GP name: *PreventUserOverrides_2* - GP path: *System\Locale Services* @@ -1041,7 +1041,7 @@ ADMX Info:
            -**ADMX_Globalization/RestrictUILangSelect** +**ADMX_Globalization/RestrictUILangSelect** @@ -1078,7 +1078,7 @@ If you disable or don't configure this policy setting, the logged-on user can ac -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict selection of Windows menus and dialogs language* - GP name: *RestrictUILangSelect* - GP path: *Control Panel\Regional and Language Options* @@ -1089,7 +1089,7 @@ ADMX Info:
            -**ADMX_Globalization/TurnOffAutocorrectMisspelledWords** +**ADMX_Globalization/TurnOffAutocorrectMisspelledWords** @@ -1127,7 +1127,7 @@ The availability and function of this setting is dependent on supported language -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off autocorrect misspelled words* - GP name: *TurnOffAutocorrectMisspelledWords* - GP path: *Control Panel\Regional and Language Options* @@ -1138,7 +1138,7 @@ ADMX Info:
            -**ADMX_Globalization/TurnOffHighlightMisspelledWords** +**ADMX_Globalization/TurnOffHighlightMisspelledWords** @@ -1177,7 +1177,7 @@ The availability and function of this setting is dependent on supported language -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off highlight misspelled words* - GP name: *TurnOffHighlightMisspelledWords* - GP path: *Control Panel\Regional and Language Options* @@ -1188,7 +1188,7 @@ ADMX Info:
            -**ADMX_Globalization/TurnOffInsertSpace** +**ADMX_Globalization/TurnOffInsertSpace** @@ -1226,7 +1226,7 @@ The availability and function of this setting is dependent on supported language -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off insert a space after selecting a text prediction* - GP name: *TurnOffInsertSpace* - GP path: *Control Panel\Regional and Language Options* @@ -1237,7 +1237,7 @@ ADMX Info:
            -**ADMX_Globalization/TurnOffOfferTextPredictions** +**ADMX_Globalization/TurnOffOfferTextPredictions** @@ -1276,7 +1276,7 @@ The availability and function of this setting is dependent on supported language -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off offer text predictions as I type* - GP name: *TurnOffOfferTextPredictions* - GP path: *Control Panel\Regional and Language Options* @@ -1287,7 +1287,7 @@ ADMX Info:
            -**ADMX_Globalization/Y2K** +**ADMX_Globalization/Y2K** @@ -1326,7 +1326,7 @@ If you disable or don't configure this policy setting, Windows doesn't interpret -ADMX Info: +ADMX Info: - GP Friendly name: *Century interpretation for Year 2000* - GP name: *Y2K* - GP path: *System* diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md index 986333d80f..63c71fdaa6 100644 --- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/21/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_GroupPolicy >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_GroupPolicy policies +## ADMX_GroupPolicy policies
            @@ -161,7 +161,7 @@ manager: aaroncz
            -**ADMX_GroupPolicy/AllowX-ForestPolicy-and-RUP** +**ADMX_GroupPolicy/AllowX-ForestPolicy-and-RUP** @@ -207,7 +207,7 @@ If you disable this policy setting, the behavior is the same as if it isn't conf -ADMX Info: +ADMX Info: - GP Friendly name: *Allow cross-forest user policy and roaming user profiles* - GP name: *AllowX-ForestPolicy-and-RUP* - GP path: *System\Group Policy* @@ -218,7 +218,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/CSE_AppMgmt** +**ADMX_GroupPolicy/CSE_AppMgmt** @@ -260,7 +260,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure software Installation policy processing* - GP name: *CSE_AppMgmt* - GP path: *System\Group Policy* @@ -271,7 +271,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/CSE_DiskQuota** +**ADMX_GroupPolicy/CSE_DiskQuota** @@ -315,7 +315,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure disk quota policy processing* - GP name: *CSE_DiskQuota* - GP path: *System\Group Policy* @@ -326,7 +326,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/CSE_EFSRecovery** +**ADMX_GroupPolicy/CSE_EFSRecovery** @@ -370,7 +370,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure EFS recovery policy processing* - GP name: *CSE_EFSRecovery* - GP path: *System\Group Policy* @@ -381,7 +381,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/CSE_FolderRedirection** +**ADMX_GroupPolicy/CSE_FolderRedirection** @@ -423,7 +423,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure folder redirection policy processing* - GP name: *CSE_FolderRedirection* - GP path: *System\Group Policy* @@ -434,7 +434,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/CSE_IEM** +**ADMX_GroupPolicy/CSE_IEM** @@ -478,7 +478,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Internet Explorer Maintenance policy processing* - GP name: *CSE_IEM* - GP path: *System\Group Policy* @@ -489,7 +489,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/CSE_IPSecurity** +**ADMX_GroupPolicy/CSE_IPSecurity** @@ -533,7 +533,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure IP security policy processing* - GP name: *CSE_IPSecurity* - GP path: *System\Group Policy* @@ -544,7 +544,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/CSE_Registry** +**ADMX_GroupPolicy/CSE_Registry** @@ -584,7 +584,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure registry policy processing* - GP name: *CSE_Registry* - GP path: *System\Group Policy* @@ -595,7 +595,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/CSE_Scripts** +**ADMX_GroupPolicy/CSE_Scripts** @@ -637,7 +637,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure scripts policy processing* - GP name: *CSE_Scripts* - GP path: *System\Group Policy* @@ -648,7 +648,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/CSE_Security** +**ADMX_GroupPolicy/CSE_Security** @@ -690,7 +690,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure security policy processing* - GP name: *CSE_Security* - GP path: *System\Group Policy* @@ -701,7 +701,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/CSE_Wired** +**ADMX_GroupPolicy/CSE_Wired** @@ -747,7 +747,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure wired policy processing* - GP name: *CSE_Wired* - GP path: *System\Group Policy* @@ -758,7 +758,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/CSE_Wireless** +**ADMX_GroupPolicy/CSE_Wireless** @@ -804,7 +804,7 @@ The "Process even if the Group Policy objects have not changed" option updates a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure wireless policy processing* - GP name: *CSE_Wireless* - GP path: *System\Group Policy* @@ -815,7 +815,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/CorpConnSyncWaitTime** +**ADMX_GroupPolicy/CorpConnSyncWaitTime** @@ -851,7 +851,7 @@ If you disable or don't configure this policy setting, Group Policy will use the -ADMX Info: +ADMX Info: - GP Friendly name: *Specify workplace connectivity wait time for policy processing* - GP name: *CorpConnSyncWaitTime* - GP path: *System\Group Policy* @@ -862,7 +862,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/DenyRsopToInteractiveUser_1** +**ADMX_GroupPolicy/DenyRsopToInteractiveUser_1** @@ -907,7 +907,7 @@ If you disable or don't configure this policy setting, interactive users can gen -ADMX Info: +ADMX Info: - GP Friendly name: *Determine if interactive users can generate Resultant Set of Policy data* - GP name: *DenyRsopToInteractiveUser_1* - GP path: *System\Group Policy* @@ -918,7 +918,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/DenyRsopToInteractiveUser_2** +**ADMX_GroupPolicy/DenyRsopToInteractiveUser_2** @@ -963,7 +963,7 @@ If you disable or don't configure this policy setting, interactive users can gen -ADMX Info: +ADMX Info: - GP Friendly name: *Determine if interactive users can generate Resultant Set of Policy data* - GP name: *DenyRsopToInteractiveUser_2* - GP path: *System\Group Policy* @@ -974,7 +974,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/DisableAOACProcessing** +**ADMX_GroupPolicy/DisableAOACProcessing** @@ -1006,7 +1006,7 @@ This policy setting prevents the Group Policy Client Service from stopping when -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Group Policy Client Service AOAC optimization* - GP name: *DisableAOACProcessing* - GP path: *System\Group Policy* @@ -1017,7 +1017,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/DisableAutoADMUpdate** +**ADMX_GroupPolicy/DisableAutoADMUpdate** @@ -1064,7 +1064,7 @@ Files will always be copied to the GPO if they have a later timestamp. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off automatic update of ADM files* - GP name: *DisableAutoADMUpdate* - GP path: *System\Group Policy* @@ -1075,7 +1075,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/DisableBackgroundPolicy** +**ADMX_GroupPolicy/DisableBackgroundPolicy** @@ -1114,7 +1114,7 @@ If you disable or don't configure this policy setting, updates can be applied wh -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off background refresh of Group Policy* - GP name: *DisableBackgroundPolicy* - GP path: *System\Group Policy* @@ -1125,7 +1125,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/DisableLGPOProcessing** +**ADMX_GroupPolicy/DisableLGPOProcessing** @@ -1166,7 +1166,7 @@ If you disable or don't configure this policy setting, Local GPOs continue to be -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Local Group Policy Objects processing* - GP name: *DisableLGPOProcessing* - GP path: *System\Group Policy* @@ -1177,7 +1177,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/DisableUsersFromMachGP** +**ADMX_GroupPolicy/DisableUsersFromMachGP** @@ -1221,7 +1221,7 @@ Also, see the "Set Group Policy refresh interval for computers" policy setting t -ADMX Info: +ADMX Info: - GP Friendly name: *Remove users' ability to invoke machine policy refresh* - GP name: *DisableUsersFromMachGP* - GP path: *System\Group Policy* @@ -1232,7 +1232,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/EnableCDP** +**ADMX_GroupPolicy/EnableCDP** @@ -1270,7 +1270,7 @@ If you don't configure this policy setting, the default behavior depends on the -ADMX Info: +ADMX Info: - GP Friendly name: *Continue experiences on this device* - GP name: *EnableCDP* - GP path: *System\Group Policy* @@ -1281,7 +1281,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/EnableLogonOptimization** +**ADMX_GroupPolicy/EnableLogonOptimization** @@ -1321,7 +1321,7 @@ If you disable this policy setting, the Group Policy client won't cache applicab -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Group Policy Caching* - GP name: *EnableLogonOptimization* - GP path: *System\Group Policy* @@ -1332,7 +1332,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/EnableLogonOptimizationOnServerSKU** +**ADMX_GroupPolicy/EnableLogonOptimizationOnServerSKU** @@ -1372,7 +1372,7 @@ If you disable or don't configure this policy setting, the Group Policy client w -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Group Policy Caching for Servers* - GP name: *EnableLogonOptimizationOnServerSKU* - GP path: *System\Group Policy* @@ -1383,7 +1383,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/EnableMMX** +**ADMX_GroupPolicy/EnableMMX** @@ -1421,7 +1421,7 @@ If you don't configure this policy setting, the default behavior depends on the -ADMX Info: +ADMX Info: - GP Friendly name: *Phone-PC linking on this device* - GP name: *EnableMMX* - GP path: *System\Group Policy* @@ -1432,7 +1432,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/EnforcePoliciesOnly** +**ADMX_GroupPolicy/EnforcePoliciesOnly** @@ -1475,7 +1475,7 @@ In Group Policy Object Editor, preferences have a red icon to distinguish them f -ADMX Info: +ADMX Info: - GP Friendly name: *Enforce Show Policies Only* - GP name: *EnforcePoliciesOnly* - GP path: *System\Group Policy* @@ -1486,7 +1486,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/FontMitigation** +**ADMX_GroupPolicy/FontMitigation** @@ -1512,7 +1512,7 @@ ADMX Info: -This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory. +This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory. This feature can be configured to be in three modes: On, Off, and Audit. By default, it's Off and no fonts are blocked. If you aren't ready to deploy this feature into your organization, you can run it in Audit mode to see if blocking untrusted fonts causes any usability or compatibility issues. @@ -1520,7 +1520,7 @@ This feature can be configured to be in three modes: On, Off, and Audit. By defa -ADMX Info: +ADMX Info: - GP Friendly name: *Untrusted Font Blocking* - GP name: *DisableUsersFromMachGP* - GP path: *System\Mitigation Options* @@ -1531,7 +1531,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/GPDCOptions** +**ADMX_GroupPolicy/GPDCOptions** @@ -1576,7 +1576,7 @@ If you disable this setting or don't configure it, the Group Policy Object Edito -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Group Policy domain controller selection* - GP name: *GPDCOptions* - GP path: *System\Group Policy* @@ -1587,7 +1587,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/GPTransferRate_1** +**ADMX_GroupPolicy/GPTransferRate_1** @@ -1634,7 +1634,7 @@ Also, see the "Do not detect slow network connections" and related policies in C -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Group Policy slow link detection* - GP name: *GPTransferRate_1* - GP path: *System\Group Policy* @@ -1645,7 +1645,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/GPTransferRate_2** +**ADMX_GroupPolicy/GPTransferRate_2** @@ -1683,7 +1683,7 @@ If you disable this setting or don't configure it, the system uses the default v This setting appears in the Computer Configuration and User Configuration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder. -Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile. +Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile. > [!NOTE] > If the profile server has IP connectivity, the connection speed setting is used. If the profile server doesn't have IP connectivity, the SMB timing is used. @@ -1692,7 +1692,7 @@ Also, see the "Do not detect slow network connections" and related policies in C -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Group Policy slow link detection* - GP name: *GPTransferRate_2* - GP path: *System\Group Policy* @@ -1703,7 +1703,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/GroupPolicyRefreshRate** +**ADMX_GroupPolicy/GroupPolicyRefreshRate** @@ -1752,7 +1752,7 @@ This setting is only used when the "Turn off background refresh of Group Policy" -ADMX Info: +ADMX Info: - GP Friendly name: *Set Group Policy refresh interval for computers* - GP name: *GroupPolicyRefreshRate* - GP path: *System\Group Policy* @@ -1763,7 +1763,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/GroupPolicyRefreshRateDC** +**ADMX_GroupPolicy/GroupPolicyRefreshRateDC** @@ -1806,7 +1806,7 @@ This setting also lets you specify how much the actual update interval varies. T -ADMX Info: +ADMX Info: - GP Friendly name: *Set Group Policy refresh interval for domain controllers* - GP name: *GroupPolicyRefreshRateDC* - GP path: *System\Group Policy* @@ -1817,7 +1817,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/GroupPolicyRefreshRateUser** +**ADMX_GroupPolicy/GroupPolicyRefreshRateUser** @@ -1868,7 +1868,7 @@ This setting also lets you specify how much the actual update interval varies. T -ADMX Info: +ADMX Info: - GP Friendly name: *Set Group Policy refresh interval for users* - GP name: *GroupPolicyRefreshRateUser* - GP path: *System\Group Policy* @@ -1879,7 +1879,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/LogonScriptDelay** +**ADMX_GroupPolicy/LogonScriptDelay** @@ -1921,7 +1921,7 @@ If you don't configure this policy setting, Group Policy will wait five minutes -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Logon Script Delay* - GP name: *LogonScriptDelay* - GP path: *System\Group Policy* @@ -1932,7 +1932,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/NewGPODisplayName** +**ADMX_GroupPolicy/NewGPODisplayName** @@ -1970,7 +1970,7 @@ If this setting is Disabled or Not Configured, the default display name of New G -ADMX Info: +ADMX Info: - GP Friendly name: *Set default name for new Group Policy objects* - GP name: *NewGPODisplayName* - GP path: *System\Group Policy* @@ -1981,7 +1981,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/NewGPOLinksDisabled** +**ADMX_GroupPolicy/NewGPOLinksDisabled** @@ -2017,7 +2017,7 @@ If you disable this setting or don't configure it, new Group Policy object links -ADMX Info: +ADMX Info: - GP Friendly name: *Create new Group Policy Object links disabled by default* - GP name: *NewGPOLinksDisabled* - GP path: *System\Group Policy* @@ -2028,7 +2028,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/OnlyUseLocalAdminFiles** +**ADMX_GroupPolicy/OnlyUseLocalAdminFiles** @@ -2080,7 +2080,7 @@ If you disable or don't configure this setting, the Group Policy Object Editor s -ADMX Info: +ADMX Info: - GP Friendly name: *Always use local ADM files for Group Policy Object Editor* - GP name: *OnlyUseLocalAdminFiles* - GP path: *System\Group Policy* @@ -2091,7 +2091,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/ProcessMitigationOptions** +**ADMX_GroupPolicy/ProcessMitigationOptions** @@ -2139,7 +2139,7 @@ Setting flags not specified here to any value other than ? results in undefined -ADMX Info: +ADMX Info: - GP Friendly name: *Process Mitigation Options* - GP name: *ProcessMitigationOptions* - GP path: *System\Mitigation Options* @@ -2150,7 +2150,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/RSoPLogging** +**ADMX_GroupPolicy/RSoPLogging** @@ -2191,7 +2191,7 @@ If you disable or don't configure this setting, RSoP logging is turned on. By de -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Resultant Set of Policy logging* - GP name: *RSoPLogging* - GP path: *System\Group Policy* @@ -2202,7 +2202,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/ResetDfsClientInfoDuringRefreshPolicy** +**ADMX_GroupPolicy/ResetDfsClientInfoDuringRefreshPolicy** @@ -2234,7 +2234,7 @@ Enabling this setting will cause the Group Policy Client to connect to the same -ADMX Info: +ADMX Info: - GP Friendly name: *Enable AD/DFS domain controller synchronization during policy refresh* - GP name: *ResetDfsClientInfoDuringRefreshPolicy* - GP path: *System\Group Policy* @@ -2245,7 +2245,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/SlowLinkDefaultForDirectAccess** +**ADMX_GroupPolicy/SlowLinkDefaultForDirectAccess** @@ -2286,7 +2286,7 @@ If you disable this setting or don't configure it, Group Policy will evaluate th -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Direct Access connections as a fast network connection* - GP name: *SlowLinkDefaultForDirectAccess* - GP path: *System\Group Policy* @@ -2297,7 +2297,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/SlowlinkDefaultToAsync** +**ADMX_GroupPolicy/SlowlinkDefaultToAsync** @@ -2341,7 +2341,7 @@ If you disable or don't configure this policy setting, detecting a slow network -ADMX Info: +ADMX Info: - GP Friendly name: *Change Group Policy processing to run asynchronously when a slow network connection is detected.* - GP name: *SlowlinkDefaultToAsync* - GP path: *System\Group Policy* @@ -2352,7 +2352,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/SyncWaitTime** +**ADMX_GroupPolicy/SyncWaitTime** @@ -2388,7 +2388,7 @@ If you disable or don't configure this policy setting, Group Policy will use the -ADMX Info: +ADMX Info: - GP Friendly name: *Specify startup policy processing wait time* - GP name: *SyncWaitTime* - GP path: *System\Group Policy* @@ -2399,7 +2399,7 @@ ADMX Info:
            -**ADMX_GroupPolicy/UserPolicyMode** +**ADMX_GroupPolicy/UserPolicyMode** @@ -2443,7 +2443,7 @@ If you disable this setting or don't configure it, the user's Group Policy Objec -ADMX Info: +ADMX Info: - GP Friendly name: *Configure user Group Policy loopback processing mode* - GP name: *UserPolicyMode* - GP path: *System\Group Policy* diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md index ef05d2efca..ede437e273 100644 --- a/windows/client-management/mdm/policy-csp-admx-help.md +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/03/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Help >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Help policies +## ADMX_Help policies
            @@ -44,7 +44,7 @@ manager: aaroncz
            -**ADMX_Help/DisableHHDEP** +**ADMX_Help/DisableHHDEP** @@ -82,7 +82,7 @@ If you disable or don't configure this policy setting, DEP is turned on for HTML -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Data Execution Prevention for HTML Help Executable* - GP name: *DisableHHDEP* - GP path: *System* @@ -93,7 +93,7 @@ ADMX Info:
            -**ADMX_Help/HelpQualifiedRootDir_Comp** +**ADMX_Help/HelpQualifiedRootDir_Comp** @@ -143,7 +143,7 @@ For more options, see the "Restrict these programs from being launched from Help -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict potentially unsafe HTML Help functions to specified folders* - GP name: *HelpQualifiedRootDir_Comp* - GP path: *System* @@ -154,7 +154,7 @@ ADMX Info:
            -**ADMX_Help/RestrictRunFromHelp** +**ADMX_Help/RestrictRunFromHelp** @@ -188,14 +188,14 @@ If you disable or don't configure this policy setting, users can run all applica > [!NOTE] > You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. -> +> > This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help. -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict these programs from being launched from Help* - GP name: *RestrictRunFromHelp* - GP path: *System* @@ -206,7 +206,7 @@ ADMX Info:
            -**ADMX_Help/RestrictRunFromHelp_Comp** +**ADMX_Help/RestrictRunFromHelp_Comp** @@ -240,13 +240,13 @@ If you disable or don't configure this policy setting, users can run all applica > [!NOTE] > You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. -> +> > This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help. -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict these programs from being launched from Help* - GP name: *RestrictRunFromHelp_Comp* - GP path: *System* diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md index e013dc38ab..49ba7126b9 100644 --- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md +++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/03/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_HelpAndSupport >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_HelpAndSupport policies +## ADMX_HelpAndSupport policies
            @@ -44,7 +44,7 @@ manager: aaroncz
            -**ADMX_HelpAndSupport/ActiveHelp** +**ADMX_HelpAndSupport/ActiveHelp** @@ -80,7 +80,7 @@ If you disable or don't configure this policy setting, the default behavior appl -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Active Help* - GP name: *ActiveHelp* - GP path: *Windows Components/Online Assistance* @@ -91,7 +91,7 @@ ADMX Info:
            -**ADMX_HelpAndSupport/HPExplicitFeedback** +**ADMX_HelpAndSupport/HPExplicitFeedback** @@ -129,7 +129,7 @@ Users can use the control to provide feedback on the quality and usefulness of t -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Help Ratings* - GP name: *HPExplicitFeedback* - GP path: *System/Internet Communication Management/Internet Communication settings* @@ -140,7 +140,7 @@ ADMX Info:
            -**ADMX_HelpAndSupport/HPImplicitFeedback** +**ADMX_HelpAndSupport/HPImplicitFeedback** |Edition|Windows 10|Windows 11| @@ -175,7 +175,7 @@ If you disable or don't configure this policy setting, users can turn on the Hel -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Help Experience Improvement Program* - GP name: *HPImplicitFeedback* - GP path: *System/Internet Communication Management/Internet Communication settings* @@ -186,7 +186,7 @@ ADMX Info:
            -**ADMX_HelpAndSupport/HPOnlineAssistance** +**ADMX_HelpAndSupport/HPOnlineAssistance** @@ -222,7 +222,7 @@ If you disable or don't configure this policy setting, users can access online a -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Online* - GP name: *HPOnlineAssistance* - GP path: *System/Internet Communication Management/Internet Communication settings* diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md index ba8121417b..4f686073ae 100644 --- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md +++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/15/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_HotSpotAuth > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_HotSpotAuth policies +## ADMX_HotSpotAuth policies
            @@ -35,7 +35,7 @@ manager: aaroncz
            -**ADMX_HotSpotAuth/HotspotAuth_Enable** +**ADMX_HotSpotAuth/HotspotAuth_Enable** @@ -61,20 +61,20 @@ manager: aaroncz -This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support. +This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support. -- If a WLAN hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network. +- If a WLAN hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network. -- If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators. +- If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators. -- If you enable this policy setting, or if you don't configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support. +- If you enable this policy setting, or if you don't configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support. - If you disable this policy setting, WLAN hotspots aren't probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser. -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Hotspot Authentication* - GP name: *HotspotAuth_Enable* - GP path: *Network\Hotspot Authentication* diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md index 9e9178ac7a..50119589b1 100644 --- a/windows/client-management/mdm/policy-csp-admx-icm.md +++ b/windows/client-management/mdm/policy-csp-admx-icm.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/17/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_ICM >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_ICM policies +## ADMX_ICM policies
            @@ -110,7 +110,7 @@ manager: aaroncz
            -**ADMX_ICM/CEIPEnable** +**ADMX_ICM/CEIPEnable** @@ -148,7 +148,7 @@ If you don't configure this policy setting, the administrator can use the Proble -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Customer Experience Improvement Program* - GP name: *CEIPEnable* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -159,7 +159,7 @@ ADMX Info:
            -**ADMX_ICM/CertMgr_DisableAutoRootUpdates** +**ADMX_ICM/CertMgr_DisableAutoRootUpdates** @@ -185,7 +185,7 @@ ADMX Info: -This policy setting specifies whether to automatically update root certificates using the Windows Update website. +This policy setting specifies whether to automatically update root certificates using the Windows Update website. Typically, a certificate is used when you use a secure website or when you send and receive secure email. Anyone can issue certificates, but to have transactions that are as secure as possible, certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of companies and organizations that it considers trusted authorities. @@ -197,7 +197,7 @@ If you disable or don't configure this policy setting, your computer will contac -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Automatic Root Certificates Update* - GP name: *CertMgr_DisableAutoRootUpdates* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -208,7 +208,7 @@ ADMX Info:
            -**ADMX_ICM/DisableHTTPPrinting_1** +**ADMX_ICM/DisableHTTPPrinting_1** @@ -249,7 +249,7 @@ If you disable or don't configure this policy setting, users can choose to print -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off printing over HTTP* - GP name: *DisableHTTPPrinting_1* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -260,7 +260,7 @@ ADMX Info:
            -**ADMX_ICM/DisableWebPnPDownload_1** +**ADMX_ICM/DisableWebPnPDownload_1** @@ -303,7 +303,7 @@ If you disable or don't configure this policy setting, users can download print -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off downloading of print drivers over HTTP* - GP name: *DisableWebPnPDownload_1* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -314,7 +314,7 @@ ADMX Info:
            -**ADMX_ICM/DriverSearchPlaces_DontSearchWindowsUpdate** +**ADMX_ICM/DriverSearchPlaces_DontSearchWindowsUpdate** @@ -357,7 +357,7 @@ Also see "Turn off Windows Update device driver search prompt" in "Administrativ -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Update device driver searching* - GP name: *DriverSearchPlaces_DontSearchWindowsUpdate* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -368,7 +368,7 @@ ADMX Info:
            -**ADMX_ICM/EventViewer_DisableLinks** +**ADMX_ICM/EventViewer_DisableLinks** @@ -408,7 +408,7 @@ Also, see "Events.asp URL", "Events.asp program", and "Events.asp Program Comman -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Event Viewer "Events.asp" links* - GP name: *EventViewer_DisableLinks* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -419,7 +419,7 @@ ADMX Info:
            -**ADMX_ICM/HSS_HeadlinesPolicy** +**ADMX_ICM/HSS_HeadlinesPolicy** @@ -459,7 +459,7 @@ You might want to enable this policy setting for users who don't have Internet a -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Help and Support Center "Did you know?" content* - GP name: *HSS_HeadlinesPolicy* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -470,7 +470,7 @@ ADMX Info:
            -**ADMX_ICM/HSS_KBSearchPolicy** +**ADMX_ICM/HSS_KBSearchPolicy** @@ -508,7 +508,7 @@ If you disable or don't configure this policy setting, the Knowledge Base is sea -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Help and Support Center Microsoft Knowledge Base search* - GP name: *HSS_KBSearchPolicy* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -519,7 +519,7 @@ ADMX Info:
            -**ADMX_ICM/InternetManagement_RestrictCommunication_1** +**ADMX_ICM/InternetManagement_RestrictCommunication_1** @@ -557,7 +557,7 @@ If you don't configure this policy setting, all of the policy settings in the "I -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict Internet communication* - GP name: *InternetManagement_RestrictCommunication_1* - GP path: *System\Internet Communication Management* @@ -568,7 +568,7 @@ ADMX Info:
            -**ADMX_ICM/InternetManagement_RestrictCommunication_2** +**ADMX_ICM/InternetManagement_RestrictCommunication_2** @@ -605,7 +605,7 @@ If you don't configure this policy setting, all of the policy settings in the "I -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict Internet communication* - GP name: *InternetManagement_RestrictCommunication_2* - GP path: *System\Internet Communication Management* @@ -616,7 +616,7 @@ ADMX Info:
            -**ADMX_ICM/NC_ExitOnISP** +**ADMX_ICM/NC_ExitOnISP** @@ -652,7 +652,7 @@ If you disable or don't configure this policy setting, users can connect to Micr -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com* - GP name: *NC_ExitOnISP* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -663,7 +663,7 @@ ADMX Info:
            -**ADMX_ICM/NC_NoRegistration** +**ADMX_ICM/NC_NoRegistration** @@ -701,7 +701,7 @@ Registration is optional and involves submitting some personal information to Mi -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Registration if URL connection is referring to Microsoft.com* - GP name: *NC_NoRegistration* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -712,7 +712,7 @@ ADMX Info:
            -**ADMX_ICM/PCH_DoNotReport** +**ADMX_ICM/PCH_DoNotReport** @@ -746,7 +746,7 @@ If you enable this policy setting, users aren't given the option to report error If you disable or don't configure this policy setting, the errors may be reported to Microsoft via the Internet or to a corporate file share. -This policy setting overrides any user setting made from the Control Panel for error reporting. +This policy setting overrides any user setting made from the Control Panel for error reporting. Also see the "Configure Error Reporting", "Display Error Notification" and "Disable Windows Error Reporting" policy settings under Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting. @@ -754,7 +754,7 @@ Also see the "Configure Error Reporting", "Display Error Notification" and "Disa -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Error Reporting* - GP name: *PCH_DoNotReport* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -765,7 +765,7 @@ ADMX Info:
            -**ADMX_ICM/RemoveWindowsUpdate_ICM** +**ADMX_ICM/RemoveWindowsUpdate_ICM** @@ -804,7 +804,7 @@ If you disable or don't configure this policy setting, users can access the Wind -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off access to all Windows Update features* - GP name: *RemoveWindowsUpdate_ICM* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -815,7 +815,7 @@ ADMX Info:
            -**ADMX_ICM/SearchCompanion_DisableFileUpdates** +**ADMX_ICM/SearchCompanion_DisableFileUpdates** @@ -856,7 +856,7 @@ If you disable or don't configure this policy setting, Search Companion download -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Search Companion content file updates* - GP name: *SearchCompanion_DisableFileUpdates* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -867,7 +867,7 @@ ADMX Info:
            -**ADMX_ICM/ShellNoUseInternetOpenWith_1** +**ADMX_ICM/ShellNoUseInternetOpenWith_1** @@ -905,7 +905,7 @@ If you disable or don't configure this policy setting, the user is allowed to us -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Internet File Association service* - GP name: *ShellNoUseInternetOpenWith_1* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -916,7 +916,7 @@ ADMX Info:
            -**ADMX_ICM/ShellNoUseInternetOpenWith_2** +**ADMX_ICM/ShellNoUseInternetOpenWith_2** @@ -954,7 +954,7 @@ If you disable or don't configure this policy setting, the user is allowed to us -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Internet File Association service* - GP name: *ShellNoUseInternetOpenWith_2* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -965,7 +965,7 @@ ADMX Info:
            -**ADMX_ICM/ShellNoUseStoreOpenWith_1** +**ADMX_ICM/ShellNoUseStoreOpenWith_1** @@ -1003,7 +1003,7 @@ If you disable or don't configure this policy setting, the user is allowed to us -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off access to the Store* - GP name: *ShellNoUseStoreOpenWith_1* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -1014,7 +1014,7 @@ ADMX Info:
            -**ADMX_ICM/ShellNoUseStoreOpenWith_2** +**ADMX_ICM/ShellNoUseStoreOpenWith_2** @@ -1052,7 +1052,7 @@ If you disable or don't configure this policy setting, the user is allowed to us -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off access to the Store* - GP name: *ShellNoUseStoreOpenWith_2* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -1063,7 +1063,7 @@ ADMX Info:
            -**ADMX_ICM/ShellPreventWPWDownload_1** +**ADMX_ICM/ShellPreventWPWDownload_1** @@ -1101,7 +1101,7 @@ For more information, including details on specifying service providers in the r -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Internet download for Web publishing and online ordering wizards* - GP name: *ShellPreventWPWDownload_1* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -1112,7 +1112,7 @@ ADMX Info:
            -**ADMX_ICM/ShellRemoveOrderPrints_1** +**ADMX_ICM/ShellRemoveOrderPrints_1** @@ -1148,7 +1148,7 @@ If you disable or don't configure this policy setting, the task is displayed. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the "Order Prints" picture task* - GP name: *ShellRemoveOrderPrints_1* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -1159,7 +1159,7 @@ ADMX Info:
            -**ADMX_ICM/ShellRemoveOrderPrints_2** +**ADMX_ICM/ShellRemoveOrderPrints_2** @@ -1197,7 +1197,7 @@ If you disable or don't configure this policy setting, the task is displayed. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the "Order Prints" picture task* - GP name: *ShellRemoveOrderPrints_2* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -1208,7 +1208,7 @@ ADMX Info:
            -**ADMX_ICM/ShellRemovePublishToWeb_1** +**ADMX_ICM/ShellRemovePublishToWeb_1** @@ -1244,7 +1244,7 @@ If you enable this policy setting, these tasks are removed from the File and Fol -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the "Publish to Web" task for files and folders* - GP name: *ShellRemovePublishToWeb_1* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -1255,7 +1255,7 @@ ADMX Info:
            -**ADMX_ICM/ShellRemovePublishToWeb_2** +**ADMX_ICM/ShellRemovePublishToWeb_2** @@ -1293,7 +1293,7 @@ If you disable or don't configure this policy setting, the tasks are shown. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the "Publish to Web" task for files and folders* - GP name: *ShellRemovePublishToWeb_2* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -1304,7 +1304,7 @@ ADMX Info:
            -**ADMX_ICM/WinMSG_NoInstrumentation_1** +**ADMX_ICM/WinMSG_NoInstrumentation_1** @@ -1344,7 +1344,7 @@ If you disable this policy setting, Windows Messenger collects anonymous usage i -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the Windows Messenger Customer Experience Improvement Program* - GP name: *WinMSG_NoInstrumentation_1* - GP path: *System\Internet Communication Management\Internet Communication settings* @@ -1355,7 +1355,7 @@ ADMX Info:
            -**ADMX_ICM/WinMSG_NoInstrumentation_2** +**ADMX_ICM/WinMSG_NoInstrumentation_2** @@ -1397,7 +1397,7 @@ If you don't configure this policy setting, users have the choice to opt in and -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the Windows Messenger Customer Experience Improvement Program* - GP name: *WinMSG_NoInstrumentation_2* - GP path: *System\Internet Communication Management\Internet Communication settings* diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md index cdae65ef17..737fc0a2a1 100644 --- a/windows/client-management/mdm/policy-csp-admx-iis.md +++ b/windows/client-management/mdm/policy-csp-admx-iis.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/17/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_IIS > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_IIS policies +## ADMX_IIS policies
            @@ -35,7 +35,7 @@ manager: aaroncz
            -**ADMX_IIS/PreventIISInstall** +**ADMX_IIS/PreventIISInstall** @@ -61,11 +61,11 @@ manager: aaroncz -This policy setting prevents installation of Internet Information Services (IIS) on this computer. +This policy setting prevents installation of Internet Information Services (IIS) on this computer. -If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you'll not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting. +If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you'll not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting. -Enabling this setting won't have any effect on IIS, if IIS is already installed on the computer. +Enabling this setting won't have any effect on IIS, if IIS is already installed on the computer. If you disable or don't configure this policy setting, IIS can be installed, and all the programs and applications that require IIS to run." @@ -73,7 +73,7 @@ If you disable or don't configure this policy setting, IIS can be installed, and -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent IIS installation* - GP name: *PreventIISInstall* - GP path: *Windows Components\Internet Information Services* diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md index e4938d1f67..7fa8e61ea4 100644 --- a/windows/client-management/mdm/policy-csp-admx-iscsi.md +++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/17/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_iSCSI > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_iSCSI policies +## ADMX_iSCSI policies
            @@ -42,7 +42,7 @@ manager: aaroncz
            -**ADMX_iSCSI/iSCSIGeneral_RestrictAdditionalLogins** +**ADMX_iSCSI/iSCSIGeneral_RestrictAdditionalLogins** @@ -68,7 +68,7 @@ manager: aaroncz -If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. +If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed. @@ -76,7 +76,7 @@ If disabled then new iSNS servers may be added and thus new targets discovered v -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow manual configuration of iSNS servers* - GP name: *iSCSIGeneral_RestrictAdditionalLogins* - GP path: *System\iSCSI\iSCSI Target Discovery* @@ -87,7 +87,7 @@ ADMX Info:
            -**ADMX_iSCSI/iSCSIGeneral_ChangeIQNName** +**ADMX_iSCSI/iSCSIGeneral_ChangeIQNName** @@ -113,14 +113,14 @@ ADMX Info: -If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. +If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow manual configuration of target portals* - GP name: *iSCSIGeneral_ChangeIQNName* - GP path: *System\iSCSI\iSCSI Target Discovery* @@ -131,7 +131,7 @@ ADMX Info:
            -**ADMX_iSCSI/iSCSISecurity_ChangeCHAPSecret** +**ADMX_iSCSI/iSCSISecurity_ChangeCHAPSecret** @@ -157,7 +157,7 @@ ADMX Info: -If enabled then don't allow the initiator CHAP secret to be changed. +If enabled then don't allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed. @@ -165,7 +165,7 @@ If disabled then the initiator CHAP secret may be changed. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow changes to initiator CHAP secret* - GP name: *iSCSISecurity_ChangeCHAPSecret* - GP path: *System\iSCSI\iSCSI Security* diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md index ec99d97b12..c8acf4a019 100644 --- a/windows/client-management/mdm/policy-csp-admx-kdc.md +++ b/windows/client-management/mdm/policy-csp-admx-kdc.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/13/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_kdc >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_kdc policies +## ADMX_kdc policies
            @@ -51,7 +51,7 @@ manager: aaroncz
            -**ADMX_kdc/CbacAndArmor** +**ADMX_kdc/CbacAndArmor** @@ -79,20 +79,20 @@ manager: aaroncz This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication. -If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. +If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. If you disable or don't configure this policy setting, the domain controller doesn't support claims, compound authentication or armoring. If you configure the "Not supported" option, the domain controller doesn't support claims, compound authentication or armoring, which is the default behavior for domain controllers running Windows Server 2008 R2 or earlier operating systems. > [!NOTE] -> For the following options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting isn't enabled, Kerberos authentication messages won't use these features. +> For the following options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting isn't enabled, Kerberos authentication messages won't use these features. -If you configure "Supported", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring. +If you configure "Supported", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring. **Domain functional level requirements** -For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to Windows Server 2008 R2 or earlier, then domain controllers behave as if the "Supported" option is selected. +For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to Windows Server 2008 R2 or earlier, then domain controllers behave as if the "Supported" option is selected. When the domain functional level is set to Windows Server 2012 then the domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring, and: @@ -114,7 +114,7 @@ Impact on domain controller performance when this policy setting is enabled: -ADMX Info: +ADMX Info: - GP Friendly name: *KDC support for claims, compound authentication and Kerberos armoring* - GP name: *CbacAndArmor* - GP path: *System/KDC* @@ -125,7 +125,7 @@ ADMX Info:
            -**ADMX_kdc/ForestSearch** +**ADMX_kdc/ForestSearch** @@ -163,7 +163,7 @@ To ensure consistent behavior, this policy setting must be supported and set ide -ADMX Info: +ADMX Info: - GP Friendly name: *Use forest search order* - GP name: *ForestSearch* - GP path: *System/KDC* @@ -174,7 +174,7 @@ ADMX Info:
            -**ADMX_kdc/PKINITFreshness** +**ADMX_kdc/PKINITFreshness** @@ -216,7 +216,7 @@ If you disable or not configure this policy setting, then the DC will never offe -ADMX Info: +ADMX Info: - GP Friendly name: *KDC support for PKInit Freshness Extension* - GP name: *PKINITFreshness* - GP path: *System/KDC* @@ -227,7 +227,7 @@ ADMX Info:
            -**ADMX_kdc/RequestCompoundId** +**ADMX_kdc/RequestCompoundId** @@ -256,9 +256,9 @@ ADMX Info: This policy setting allows you to configure a domain controller to request compound authentication. > [!NOTE] -> For a domain controller to request compound authentication, the policy "KDC support for claims, compound authentication, and Kerberos armoring" must be configured and enabled. +> For a domain controller to request compound authentication, the policy "KDC support for claims, compound authentication, and Kerberos armoring" must be configured and enabled. -If you enable this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. +If you enable this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. If you disable or don't configure this policy setting, domain controllers will return service tickets that contain compound authentication anytime the client sends a compound authentication request regardless of the account configuration. @@ -266,7 +266,7 @@ If you disable or don't configure this policy setting, domain controllers will r -ADMX Info: +ADMX Info: - GP Friendly name: *Request compound authentication* - GP name: *RequestCompoundId* - GP path: *System/KDC* @@ -277,7 +277,7 @@ ADMX Info:
            -**ADMX_kdc/TicketSizeThreshold** +**ADMX_kdc/TicketSizeThreshold** @@ -313,7 +313,7 @@ If you disable or don't configure this policy setting, the threshold value defau -ADMX Info: +ADMX Info: - GP Friendly name: *Warning for large Kerberos tickets* - GP name: *TicketSizeThreshold* - GP path: *System/KDC* @@ -324,7 +324,7 @@ ADMX Info:
            -**ADMX_kdc/emitlili** +**ADMX_kdc/emitlili** @@ -365,7 +365,7 @@ If you disable or don't configure this policy setting, the domain controller doe -ADMX Info: +ADMX Info: - GP Friendly name: *Provide information about previous logons to client computers* - GP name: *emitlili* - GP path: *System/KDC* diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md index 3cbff4ed32..586d3b63ab 100644 --- a/windows/client-management/mdm/policy-csp-admx-kerberos.md +++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/12/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Kerberos >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Kerberos policies +## ADMX_Kerberos policies
            @@ -57,7 +57,7 @@ manager: aaroncz
            -**ADMX_Kerberos/AlwaysSendCompoundId** +**ADMX_Kerberos/AlwaysSendCompoundId** @@ -86,9 +86,9 @@ manager: aaroncz This policy setting controls whether a device always sends a compound authentication request when the resource domain requests compound identity. > [!NOTE] -> For a domain controller to request compound authentication, the policies "KDC support for claims, compound authentication, and Kerberos armoring" and "Request compound authentication" must be configured and enabled in the resource account domain. +> For a domain controller to request compound authentication, the policies "KDC support for claims, compound authentication, and Kerberos armoring" and "Request compound authentication" must be configured and enabled in the resource account domain. -If you enable this policy setting and the resource domain requests compound authentication, devices that support compound authentication always send a compound authentication request. +If you enable this policy setting and the resource domain requests compound authentication, devices that support compound authentication always send a compound authentication request. If you disable or don't configure this policy setting and the resource domain requests compound authentication, devices will send a non-compounded authentication request first then a compound authentication request when the service requests compound authentication. @@ -96,7 +96,7 @@ If you disable or don't configure this policy setting and the resource domain re -ADMX Info: +ADMX Info: - GP Friendly name: *Always send compound authentication first* - GP name: *AlwaysSendCompoundId* - GP path: *System\Kerberos* @@ -107,7 +107,7 @@ ADMX Info:
            -**ADMX_Kerberos/DevicePKInitEnabled** +**ADMX_Kerberos/DevicePKInitEnabled** @@ -150,7 +150,7 @@ If you don't configure this policy setting, Automatic will be used. -ADMX Info: +ADMX Info: - GP Friendly name: *Support device authentication using certificate* - GP name: *DevicePKInitEnabled* - GP path: *System\Kerberos* @@ -161,7 +161,7 @@ ADMX Info:
            -**ADMX_Kerberos/HostToRealm** +**ADMX_Kerberos/HostToRealm** @@ -199,7 +199,7 @@ If you don't configure this policy setting, the system uses the host name-to-Ker -ADMX Info: +ADMX Info: - GP Friendly name: *Define host name-to-Kerberos realm mappings* - GP name: *HostToRealm* - GP path: *System\Kerberos* @@ -210,7 +210,7 @@ ADMX Info:
            -**ADMX_Kerberos/KdcProxyDisableServerRevocationCheck** +**ADMX_Kerberos/KdcProxyDisableServerRevocationCheck** @@ -238,7 +238,7 @@ ADMX Info: This policy setting allows you to disable revocation check for the SSL certificate of the targeted KDC proxy server. -If you enable this policy setting, revocation check for the SSL certificate of the KDC proxy server is ignored by the Kerberos client. This policy setting should only be used in troubleshooting KDC proxy connections. +If you enable this policy setting, revocation check for the SSL certificate of the KDC proxy server is ignored by the Kerberos client. This policy setting should only be used in troubleshooting KDC proxy connections. > [!WARNING] > When revocation check is ignored, the server represented by the certificate isn't guaranteed valid. @@ -248,7 +248,7 @@ If you disable or don't configure this policy setting, the Kerberos client enfor -ADMX Info: +ADMX Info: - GP Friendly name: *Disable revocation checking for the SSL certificate of KDC proxy servers* - GP name: *KdcProxyDisableServerRevocationCheck* - GP path: *System\Kerberos* @@ -259,7 +259,7 @@ ADMX Info:
            -**ADMX_Kerberos/KdcProxyServer** +**ADMX_Kerberos/KdcProxyServer** @@ -295,7 +295,7 @@ If you disable or don't configure this policy setting, the Kerberos client doesn -ADMX Info: +ADMX Info: - GP Friendly name: *Specify KDC proxy servers for Kerberos clients* - GP name: *KdcProxyServer* - GP path: *System\Kerberos* @@ -306,7 +306,7 @@ ADMX Info:
            -**ADMX_Kerberos/MitRealms** +**ADMX_Kerberos/MitRealms** @@ -344,7 +344,7 @@ If you don't configure this policy setting, the system uses the interoperable Ke -ADMX Info: +ADMX Info: - GP Friendly name: *Define interoperable Kerberos V5 realm settings* - GP name: *MitRealms* - GP path: *System\Kerberos* @@ -355,7 +355,7 @@ ADMX Info:
            -**ADMX_Kerberos/ServerAcceptsCompound** +**ADMX_Kerberos/ServerAcceptsCompound** @@ -399,7 +399,7 @@ If you don't configure this policy setting, Automatic will be used. -ADMX Info: +ADMX Info: - GP Friendly name: *Support compound authentication* - GP name: *ServerAcceptsCompound* - GP path: *System\Kerberos* @@ -410,7 +410,7 @@ ADMX Info:
            -**ADMX_Kerberos/StrictTarget** +**ADMX_Kerberos/StrictTarget** @@ -446,7 +446,7 @@ If you disable or don't configure this policy setting, any service is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *Require strict target SPN match on remote procedure calls* - GP name: *StrictTarget* - GP path: *System\Kerberos* diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md index 3fe3659069..38ccfc6a29 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/13/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_LanmanServer >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_LanmanServer policies +## ADMX_LanmanServer policies
            @@ -45,7 +45,7 @@ manager: aaroncz
            -**ADMX_LanmanServer/Pol_CipherSuiteOrder** +**ADMX_LanmanServer/Pol_CipherSuiteOrder** @@ -77,12 +77,12 @@ If you enable this policy setting, cipher suites are prioritized in the order sp If you enable this policy setting and don't specify at least one supported cipher suite, or if you disable or don't configure this policy setting, the default cipher suite order is used. -SMB 3.11 cipher suites: +SMB 3.11 cipher suites: - AES_128_GCM - AES_128_CCM -SMB 3.0 and 3.02 cipher suites: +SMB 3.0 and 3.02 cipher suites: - AES_128_CCM @@ -97,7 +97,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in -ADMX Info: +ADMX Info: - GP Friendly name: *Cipher suite order* - GP name: *Pol_CipherSuiteOrder* - GP path: *Network/Lanman Server* @@ -112,7 +112,7 @@ ADMX Info:
            -**ADMX_LanmanServer/Pol_HashPublication** +**ADMX_LanmanServer/Pol_HashPublication** @@ -158,7 +158,7 @@ In circumstances where this policy setting is enabled, you can also select the f -ADMX Info: +ADMX Info: - GP Friendly name: *Hash Publication for BranchCache* - GP name: *Pol_HashPublication* - GP path: *Network/Lanman Server* @@ -173,7 +173,7 @@ ADMX Info:
            -**ADMX_LanmanServer/Pol_HashSupportVersion** +**ADMX_LanmanServer/Pol_HashSupportVersion** @@ -199,7 +199,7 @@ ADMX Info: -This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled. +This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled. If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it's the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes. @@ -221,7 +221,7 @@ Hash version supported: -ADMX Info: +ADMX Info: - GP Friendly name: *Hash Version support for BranchCache* - GP name: *Pol_HashSupportVersion* - GP path: *Network/Lanman Server* @@ -232,7 +232,7 @@ ADMX Info:
            -**ADMX_LanmanServer/Pol_HonorCipherSuiteOrder** +**ADMX_LanmanServer/Pol_HonorCipherSuiteOrder** @@ -271,7 +271,7 @@ If you disable or don't configure this policy setting, the SMB server will selec -ADMX Info: +ADMX Info: - GP Friendly name: *Honor cipher suite order* - GP name: *Pol_HonorCipherSuiteOrder* - GP path: *Network/Lanman Server* diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md index 969840fdeb..728720ca70 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/08/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_LanmanWorkstation >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_LanmanWorkstation policies +## ADMX_LanmanWorkstation policies
            @@ -42,7 +42,7 @@ manager: aaroncz
            -**ADMX_LanmanWorkstation/Pol_CipherSuiteOrder** +**ADMX_LanmanWorkstation/Pol_CipherSuiteOrder** @@ -99,7 +99,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in -ADMX Info: +ADMX Info: - GP Friendly name: *Cipher suite order* - GP name: *Pol_CipherSuiteOrder* - GP path: *Network\Lanman Workstation* @@ -110,7 +110,7 @@ ADMX Info:
            -**ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles** +**ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles** @@ -149,7 +149,7 @@ If you disable or don't configure this policy setting, Windows will prevent use -ADMX Info: +ADMX Info: - GP Friendly name: *Handle Caching on Continuous Availability Shares* - GP name: *Pol_EnableHandleCachingForCAFiles* - GP path: *Network\Lanman Workstation* @@ -160,7 +160,7 @@ ADMX Info:
            -**ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares** +**ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares** @@ -199,7 +199,7 @@ If you disable or don't configure this policy setting, Windows will prevent use -ADMX Info: +ADMX Info: - GP Friendly name: *Offline Files Availability on Continuous Availability Shares* - GP name: *Pol_EnableOfflineFilesforCAShares* - GP path: *Network\Lanman Workstation* diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md index 2f421ddce0..08ee559f99 100644 --- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md +++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/17/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_LeakDiagnostic > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_LeakDiagnostic policies +## ADMX_LeakDiagnostic policies
            @@ -35,7 +35,7 @@ manager: aaroncz
            -**ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy** +**ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy** @@ -61,17 +61,17 @@ manager: aaroncz -This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. +This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. -If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters. +If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters. -If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message. +If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message. -No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. +No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. -This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. +This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. -The DPS can be configured with the Services snap-in to the Microsoft Management Console. +The DPS can be configured with the Services snap-in to the Microsoft Management Console. > [!NOTE] > For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed. @@ -80,7 +80,7 @@ The DPS can be configured with the Services snap-in to the Microsoft Management -ADMX Info: +ADMX Info: - GP Friendly name: *Configure custom alert text* - GP name: *WdiScenarioExecutionPolicy* - GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic* diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md index ac18bf4c6f..f63de1ae5b 100644 --- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md +++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/04/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_LinkLayerTopologyDiscovery >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_LinkLayerTopologyDiscovery policies +## ADMX_LinkLayerTopologyDiscovery policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO** +**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO** @@ -77,7 +77,7 @@ If you disable or don't configure this policy setting, the default behavior of L -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Mapper I/O (LLTDIO) driver* - GP name: *LLTD_EnableLLTDIO* - GP path: *Network/Link-Layer Topology Discovery* @@ -88,7 +88,7 @@ ADMX Info:
            -**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr** +**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr** @@ -126,7 +126,7 @@ If you disable or don't configure this policy setting, the default behavior for -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Responder (RSPNDR) driver* - GP name: *LLTD_EnableRspndr* - GP path: *Network/Link-Layer Topology Discovery* diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md index 6557e565a3..7552129f46 100644 --- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md +++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/20/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,15 +18,15 @@ manager: aaroncz > Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_LocationProviderAdm policies +## ADMX_LocationProviderAdm policies
            @@ -38,7 +38,7 @@ manager: aaroncz
            -**ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1** +**ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1** @@ -64,16 +64,16 @@ manager: aaroncz -This policy setting turns off the Windows Location Provider feature for this computer. +This policy setting turns off the Windows Location Provider feature for this computer. -- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer won't be able to use the Windows Location Provider feature. +- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer won't be able to use the Windows Location Provider feature. - If you disable or don't configure this policy setting, all programs on this computer can use the Windows Location Provider feature. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Location Provider* - GP name: *DisableWindowsLocationProvider_1* - GP path: *Windows Components\Location and Sensors\Windows Location Provider* diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md index 3386f503ec..f8a8aefb1f 100644 --- a/windows/client-management/mdm/policy-csp-admx-logon.md +++ b/windows/client-management/mdm/policy-csp-admx-logon.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/21/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Logon >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Logon policies +## ADMX_Logon policies
            @@ -78,7 +78,7 @@ manager: aaroncz
            -**ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin** +**ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin** @@ -113,7 +113,7 @@ If you disable or don't configure this policy setting, the user may choose to sh -ADMX Info: +ADMX Info: - GP Friendly name: *Block user from showing account details on sign-in* - GP name: *BlockUserFromShowingAccountDetailsOnSignin* - GP path: *System\Logon* @@ -124,7 +124,7 @@ ADMX Info:
            -**ADMX_Logon/DisableAcrylicBackgroundOnLogon** +**ADMX_Logon/DisableAcrylicBackgroundOnLogon** @@ -160,7 +160,7 @@ If you disable or don't configure this policy, the logon background image adopts -ADMX Info: +ADMX Info: - GP Friendly name: *Show clear logon background* - GP name: *DisableAcrylicBackgroundOnLogon* - GP path: *System\Logon* @@ -171,7 +171,7 @@ ADMX Info:
            -**ADMX_Logon/DisableExplorerRunLegacy_1** +**ADMX_Logon/DisableExplorerRunLegacy_1** @@ -210,7 +210,7 @@ This policy setting appears in the Computer Configuration and User Configuration -ADMX Info: +ADMX Info: - GP Friendly name: *Do not process the legacy run list* - GP name: *DisableExplorerRunLegacy_1* - GP path: *System\Logon* @@ -221,7 +221,7 @@ ADMX Info:
            -**ADMX_Logon/DisableExplorerRunLegacy_2** +**ADMX_Logon/DisableExplorerRunLegacy_2** @@ -260,7 +260,7 @@ This policy setting appears in the Computer Configuration and User Configuration -ADMX Info: +ADMX Info: - GP Friendly name: *Do not process the legacy run list* - GP name: *DisableExplorerRunLegacy_2* - GP path: *System\Logon* @@ -271,7 +271,7 @@ ADMX Info:
            -**ADMX_Logon/DisableExplorerRunOnceLegacy_1** +**ADMX_Logon/DisableExplorerRunOnceLegacy_1** @@ -314,7 +314,7 @@ This policy setting appears in the Computer Configuration and User Configuration -ADMX Info: +ADMX Info: - GP Friendly name: *Do not process the run once list* - GP name: *DisableExplorerRunOnceLegacy_1* - GP path: *System\Logon* @@ -325,7 +325,7 @@ ADMX Info:
            -**ADMX_Logon/DisableExplorerRunOnceLegacy_2** +**ADMX_Logon/DisableExplorerRunOnceLegacy_2** @@ -368,7 +368,7 @@ This policy setting appears in the Computer Configuration and User Configuration -ADMX Info: +ADMX Info: - GP Friendly name: *Do not process the run once list* - GP name: *DisableExplorerRunOnceLegacy_2* - GP path: *System\Logon* @@ -379,7 +379,7 @@ ADMX Info:
            -**ADMX_Logon/DisableStatusMessages** +**ADMX_Logon/DisableStatusMessages** @@ -415,7 +415,7 @@ If you disable or don't configure this policy setting, the system displays the m -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Boot / Shutdown / Logon / Logoff status messages* - GP name: *DisableStatusMessages* - GP path: *System* @@ -426,7 +426,7 @@ ADMX Info:
            -**ADMX_Logon/DontEnumerateConnectedUsers** +**ADMX_Logon/DontEnumerateConnectedUsers** @@ -462,7 +462,7 @@ If you disable or don't configure this policy setting, connected users will be e -ADMX Info: +ADMX Info: - GP Friendly name: *Do not enumerate connected users on domain-joined computers* - GP name: *DontEnumerateConnectedUsers* - GP path: *System\Logon* @@ -473,7 +473,7 @@ ADMX Info:
            -**ADMX_Logon/NoWelcomeTips_1** +**ADMX_Logon/NoWelcomeTips_1** @@ -519,7 +519,7 @@ This setting applies only to Windows. It doesn't affect the "Configure Your Serv -ADMX Info: +ADMX Info: - GP Friendly name: *Do not display the Getting Started welcome screen at logon* - GP name: *NoWelcomeTips_1* - GP path: *System* @@ -531,7 +531,7 @@ ADMX Info:
            -**ADMX_Logon/NoWelcomeTips_2** +**ADMX_Logon/NoWelcomeTips_2** @@ -575,7 +575,7 @@ If you disable or don't configure this policy, the welcome screen is displayed e -ADMX Info: +ADMX Info: - GP Friendly name: *Do not display the Getting Started welcome screen at logon* - GP name: *NoWelcomeTips_2* - GP path: *System\Logon* @@ -586,7 +586,7 @@ ADMX Info:
            -**ADMX_Logon/Run_1** +**ADMX_Logon/Run_1** @@ -629,7 +629,7 @@ Also, see the "Do not process the legacy run list" and the "don't process the ru -ADMX Info: +ADMX Info: - GP Friendly name: *Run these programs at user logon* - GP name: *Run_1* - GP path: *System\Logon* @@ -640,7 +640,7 @@ ADMX Info:
            -**ADMX_Logon/Run_2** +**ADMX_Logon/Run_2** @@ -684,7 +684,7 @@ Also, see the "Do not process the legacy run list" and the "don't process the ru -ADMX Info: +ADMX Info: - GP Friendly name: *Run these programs at user logon* - GP name: *Run_2* - GP path: *System\Logon* @@ -695,7 +695,7 @@ ADMX Info:
            -**ADMX_Logon/SyncForegroundPolicy** +**ADMX_Logon/SyncForegroundPolicy** @@ -742,14 +742,14 @@ If you disable or don't configure this policy setting and users sign in to a cli > [!NOTE] > -> - If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one sign in, enable this policy setting to ensure that Windows waits for the network to be available before applying policy. +> - If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one sign in, enable this policy setting to ensure that Windows waits for the network to be available before applying policy. > - If Folder Redirection policy will apply during the next sign in, security policies will be applied asynchronously during the next update cycle, if network connectivity is available. -ADMX Info: +ADMX Info: - GP Friendly name: *Always wait for the network at computer startup and logon* - GP name: *SyncForegroundPolicy* - GP path: *System\Logon* @@ -760,7 +760,7 @@ ADMX Info:
            -**ADMX_Logon/UseOEMBackground** +**ADMX_Logon/UseOEMBackground** @@ -796,7 +796,7 @@ If you disable or don't configure this policy setting, Windows uses the default -ADMX Info: +ADMX Info: - GP Friendly name: *Always use custom logon background* - GP name: *UseOEMBackground* - GP path: *System\Logon* @@ -807,7 +807,7 @@ ADMX Info:
            -**ADMX_Logon/VerboseStatus** +**ADMX_Logon/VerboseStatus** @@ -848,7 +848,7 @@ If you disable or don't configure this policy setting, only the default status m -ADMX Info: +ADMX Info: - GP Friendly name: *Display highly detailed status messages* - GP name: *VerboseStatus* - GP path: *System* diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index 88b2c471c4..f15a6eeac0 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/19/2022 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_MicrosoftDefenderAntivirus >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_MicrosoftDefenderAntivirus policies +## ADMX_MicrosoftDefenderAntivirus policies
            @@ -311,7 +311,7 @@ manager: aaroncz
            -**ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup** +**ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup** @@ -347,7 +347,7 @@ If you disable this setting, the antimalware service will load as a low priority -ADMX Info: +ADMX Info: - GP Friendly name: *Allow antimalware service to startup with normal priority* - GP name: *AllowFastServiceStartup* - GP path: *Windows Components\Microsoft Defender Antivirus* @@ -358,7 +358,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender** +**ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender** @@ -398,7 +398,7 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Microsoft Defender Antivirus* - GP name: *DisableAntiSpywareDefender* - GP path: *Windows Components\Microsoft Defender Antivirus* @@ -409,7 +409,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions** +**ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions** @@ -445,7 +445,7 @@ If you enable this policy setting, Microsoft Defender Antivirus won't exclude pr -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Auto Exclusions* - GP name: *DisableAutoExclusions* - GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions* @@ -456,7 +456,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen** +**ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen** @@ -486,7 +486,7 @@ This feature ensures the device checks in real time with the Microsoft Active Pr If you enable this feature, the Block at First Sight setting is turned on. If you disable this feature, the Block at First Sight setting is turned off. - + This feature requires these Policy settings to be set as follows: - MAPS -> The “Join Microsoft MAPS” must be enabled or the “Block at First Sight” feature won't function. @@ -497,7 +497,7 @@ This feature requires these Policy settings to be set as follows: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure the 'Block at First Sight' feature* - GP name: *DisableBlockAtFirstSeen* - GP path: *Windows Components\Microsoft Defender Antivirus\MAPS* @@ -508,7 +508,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge** +**ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge** @@ -544,7 +544,7 @@ If you disable this setting, only items defined by Policy will be used in the re -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local administrator merge behavior for lists* - GP name: *DisableLocalAdminMerge* - GP path: *Windows Components\Microsoft Defender Antivirus* @@ -555,7 +555,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring** +**ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring** @@ -593,7 +593,7 @@ If you disable or don't configure this policy setting, Microsoft Defender Antivi -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off real-time protection* - GP name: *DisableRealtimeMonitoring* - GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* @@ -604,7 +604,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction** +**ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction** @@ -640,7 +640,7 @@ If you disable or don't configure this policy setting, Microsoft Defender Antivi -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off routine remediation* - GP name: *DisableRoutinelyTakingAction* - GP path: *Windows Components\Microsoft Defender Antivirus* @@ -651,7 +651,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions** +**ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions** @@ -683,7 +683,7 @@ This policy setting allows you to specify a list of file types that should be ex -ADMX Info: +ADMX Info: - GP Friendly name: *Extension Exclusions* - GP name: *Exclusions_Extensions* - GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions* @@ -694,7 +694,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths** +**ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths** @@ -728,7 +728,7 @@ As an example, a path might be defined as: "c:\Windows" to exclude all files in -ADMX Info: +ADMX Info: - GP Friendly name: *Path Exclusions* - GP name: *Exclusions_Paths* - GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions* @@ -739,7 +739,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes** +**ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes** @@ -771,7 +771,7 @@ This policy setting allows you to disable scheduled and real-time scanning for a -ADMX Info: +ADMX Info: - GP Friendly name: *Process Exclusions* - GP name: *Exclusions_Processes* - GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions* @@ -782,7 +782,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions** +**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions** @@ -829,7 +829,7 @@ You can configure ASR rules in the "Configure Attack Surface Reduction rules" GP -ADMX Info: +ADMX Info: - GP Friendly name: *Exclude files and paths from Attack Surface Reduction Rules* - GP name: *ExploitGuard_ASR_ASROnlyExclusions* - GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction* @@ -840,7 +840,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules** +**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules** @@ -885,7 +885,7 @@ The following status IDs are permitted under the value column: - 1 (Block) - 0 (Off) - 2 (Audit) - + Example: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 0 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1 @@ -903,7 +903,7 @@ You can exclude folders or files in the "Exclude files and paths from Attack Sur -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Attack Surface Reduction rules* - GP name: *ExploitGuard_ASR_Rules* - GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction* @@ -914,7 +914,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications** +**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications** @@ -946,7 +946,7 @@ These applications are allowed to modify or delete files in controlled folder ac Microsoft Defender Antivirus automatically determines which applications should be trusted. You can configure this setting to add other applications. -Enabled: +Enabled: Specify other allowed applications in the Options section. Disabled: @@ -963,7 +963,7 @@ Default system folders are automatically guarded, but you can add folders in the -ADMX Info: +ADMX Info: - GP Friendly name: *Configure allowed applications* - GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications* - GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access* @@ -974,7 +974,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders** +**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders** @@ -1004,7 +1004,7 @@ Specify additional folders that should be guarded by the Controlled folder acces Files in these folders can't be modified or deleted by untrusted applications. -Default system folders are automatically protected. You can configure this setting to add more folders. +Default system folders are automatically protected. You can configure this setting to add more folders. The list of default system folders that are protected is shown in Windows Security. Enabled: @@ -1024,7 +1024,7 @@ Microsoft Defender Antivirus automatically determines which applications can be -ADMX Info: +ADMX Info: - GP Friendly name: *Configure protected folders* - GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders* - GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access* @@ -1035,7 +1035,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation** +**ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation** @@ -1076,7 +1076,7 @@ Same as Disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Enable file hash computation feature* - GP name: *MpEngine_EnableFileHashComputation* - GP path: *Windows Components\Microsoft Defender Antivirus\MpEngine* @@ -1087,7 +1087,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement** +**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement** @@ -1123,7 +1123,7 @@ If you disable this setting, definition retirement will be disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on definition retirement* - GP name: *Nis_Consumers_IPS_DisableSignatureRetirement* - GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System* @@ -1134,7 +1134,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid** +**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid** @@ -1166,7 +1166,7 @@ This policy setting defines more definition sets to enable for network traffic i -ADMX Info: +ADMX Info: - GP Friendly name: *Specify additional definition sets for network traffic inspection* - GP name: *Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid* - GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System* @@ -1177,7 +1177,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition** +**ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition** @@ -1213,7 +1213,7 @@ If you disable this setting, protocol recognition will be disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on protocol recognition* - GP name: *Nis_DisableProtocolRecognition* - GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System* @@ -1224,7 +1224,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/ProxyBypass** +**ADMX_MicrosoftDefenderAntivirus/ProxyBypass** @@ -1260,7 +1260,7 @@ If you disable or don't configure this setting, the proxy server won't be bypass -ADMX Info: +ADMX Info: - GP Friendly name: *Define addresses to bypass proxy server* - GP name: *ProxyBypass* - GP path: *Windows Components\Microsoft Defender Antivirus* @@ -1271,7 +1271,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl** +**ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl** @@ -1313,7 +1313,7 @@ If you disable or don't configure this setting, the proxy will skip over this fa -ADMX Info: +ADMX Info: - GP Friendly name: *Define proxy auto-config (.pac) for connecting to the network* - GP name: *ProxyPacUrl* - GP path: *Windows Components\Microsoft Defender Antivirus* @@ -1324,7 +1324,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/ProxyServer** +**ADMX_MicrosoftDefenderAntivirus/ProxyServer** @@ -1366,7 +1366,7 @@ If you disable or don't configure this setting, the proxy will skip over this fa -ADMX Info: +ADMX Info: - GP Friendly name: *Define proxy server for connecting to the network* - GP name: *ProxyServer* - GP path: *Windows Components\Microsoft Defender Antivirus* @@ -1377,7 +1377,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay** +**ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay** @@ -1413,7 +1413,7 @@ If you disable or don't configure this setting, Policy will take priority over t -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local setting override for the removal of items from Quarantine folder* - GP name: *Quarantine_LocalSettingOverridePurgeItemsAfterDelay* - GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine* @@ -1424,7 +1424,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay** +**ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay** @@ -1460,7 +1460,7 @@ If you disable or don't configure this setting, items will be kept in the quaran -ADMX Info: +ADMX Info: - GP Friendly name: *Configure removal of items from Quarantine folder* - GP name: *Quarantine_PurgeItemsAfterDelay* - GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine* @@ -1471,7 +1471,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes** +**ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes** @@ -1507,7 +1507,7 @@ If you disable this setting, scheduled tasks will begin at the specified start t -ADMX Info: +ADMX Info: - GP Friendly name: *Randomize scheduled task times* - GP name: *RandomizeScheduleTaskTimes* - GP path: *Windows Components\Microsoft Defender Antivirus* @@ -1518,7 +1518,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring** @@ -1554,7 +1554,7 @@ If you disable this setting, behavior monitoring will be disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on behavior monitoring* - GP name: *RealtimeProtection_DisableBehaviorMonitoring* - GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* @@ -1565,7 +1565,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection** @@ -1601,7 +1601,7 @@ If you disable this setting, scanning for all downloaded files and attachments w -ADMX Info: +ADMX Info: - GP Friendly name: *Scan all downloaded files and attachments* - GP name: *RealtimeProtection_DisableIOAVProtection* - GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* @@ -1612,7 +1612,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection** @@ -1648,7 +1648,7 @@ If you disable this setting, monitoring for file and program activity will be di -ADMX Info: +ADMX Info: - GP Friendly name: *Monitor file and program activity on your computer* - GP name: *RealtimeProtection_DisableOnAccessProtection* - GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* @@ -1659,7 +1659,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification** @@ -1695,7 +1695,7 @@ If you disable this setting, raw write notifications be disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on raw volume write notifications* - GP name: *RealtimeProtection_DisableRawWriteNotification* - GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* @@ -1706,7 +1706,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable** @@ -1742,7 +1742,7 @@ If you disable this setting, a process scan won't be initiated when real-time pr -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on process scanning whenever real-time protection is enabled* - GP name: *RealtimeProtection_DisableScanOnRealtimeEnable* - GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* @@ -1753,7 +1753,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize** @@ -1789,7 +1789,7 @@ If you disable or don't configure this setting, a default size will be applied. -ADMX Info: +ADMX Info: - GP Friendly name: *Define the maximum size of downloaded files and attachments to be scanned* - GP name: *RealtimeProtection_IOAVMaxSize* - GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* @@ -1800,7 +1800,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring** @@ -1836,7 +1836,7 @@ If you disable or don't configure this setting, Policy will take priority over t -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local setting override for turn on behavior monitoring* - GP name: *RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring* - GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* @@ -1847,7 +1847,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection** @@ -1883,7 +1883,7 @@ If you disable or don't configure this setting, Policy will take priority over t -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local setting override for scanning all downloaded files and attachments* - GP name: *RealtimeProtection_LocalSettingOverrideDisableIOAVProtection* - GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* @@ -1894,7 +1894,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection** @@ -1930,7 +1930,7 @@ If you disable or don't configure this setting, Policy will take priority over t -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local setting override for monitoring file and program activity on your computer* - GP name: *RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection* - GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* @@ -1941,7 +1941,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring** @@ -1977,7 +1977,7 @@ If you disable or don't configure this setting, Policy will take priority over t -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local setting override to turn on real-time protection* - GP name: *RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring* - GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* @@ -1988,7 +1988,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection** @@ -2024,7 +2024,7 @@ If you disable or don't configure this setting, Policy will take priority over t -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local setting override for monitoring for incoming and outgoing file activity* - GP name: *RealtimeProtection_LocalSettingOverrideRealtimeScanDirection* - GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* @@ -2035,7 +2035,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime** +**ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime** @@ -2071,7 +2071,7 @@ If you disable or don't configure this setting, Policy will take priority over t -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local setting override for the time of day to run a scheduled full scan to complete remediation* - GP name: *Remediation_LocalSettingOverrideScan_ScheduleTime* - GP path: *Windows Components\Microsoft Defender Antivirus\Remediation* @@ -2082,7 +2082,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay** +**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay** @@ -2113,7 +2113,7 @@ This policy setting allows you to specify the day of the week on which to perfor This setting can be configured with the following ordinal number values: - (0x0) Every Day -- (0x1) Sunday +- (0x1) Sunday - (0x2) Monday - (0x3) Tuesday - (0x4) Wednesday @@ -2130,7 +2130,7 @@ If you disable or don't configure this setting, a scheduled full scan to complet -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the day of the week to run a scheduled full scan to complete remediation* - GP name: *Remediation_Scan_ScheduleDay* - GP path: *Windows Components\Microsoft Defender Antivirus\Remediation* @@ -2141,7 +2141,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime** +**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime** @@ -2177,7 +2177,7 @@ If you disable or don't configure this setting, a scheduled full scan to complet -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the time of day to run a scheduled full scan to complete remediation* - GP name: *Remediation_Scan_ScheduleTime* - GP path: *Windows Components\Microsoft Defender Antivirus\Remediation* @@ -2188,7 +2188,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout** +**ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout** @@ -2220,7 +2220,7 @@ This policy setting configures the time in minutes before a detection in the "ad -ADMX Info: +ADMX Info: - GP Friendly name: *Configure time out for detections requiring additional action* - GP name: *Reporting_AdditionalActionTimeout* - GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* @@ -2231,7 +2231,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout** +**ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout** @@ -2263,7 +2263,7 @@ This policy setting configures the time in minutes before a detection in the “ -ADMX Info: +ADMX Info: - GP Friendly name: *Configure time out for detections in critically failed state* - GP name: *Reporting_CriticalFailureTimeout* - GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* @@ -2274,7 +2274,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications** +**ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications** @@ -2310,7 +2310,7 @@ If you enable this setting, Microsoft Defender Antivirus enhanced notifications -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off enhanced notifications* - GP name: *Reporting_DisableEnhancedNotifications* - GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* @@ -2319,7 +2319,7 @@ ADMX Info: -**ADMX_MicrosoftDefenderAntivirus/Reporting_Disablegenericreports** +**ADMX_MicrosoftDefenderAntivirus/Reporting_Disablegenericreports**
            @@ -2356,7 +2356,7 @@ If you disable this setting, Watson events won't be sent. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Watson events* - GP name: *Reporting_Disablegenericreports* - GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* @@ -2367,7 +2367,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout** +**ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout** @@ -2399,7 +2399,7 @@ This policy setting configures the time in minutes before a detection in the "no -ADMX Info: +ADMX Info: - GP Friendly name: *Configure time out for detections in non-critical failed state* - GP name: *Reporting_NonCriticalTimeout* - GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* @@ -2407,7 +2407,7 @@ ADMX Info: -**ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout** +**ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout**
            @@ -2440,7 +2440,7 @@ This policy setting configures the time in minutes before a detection in the "co -ADMX Info: +ADMX Info: - GP Friendly name: *Configure time out for detections in recently remediated state* - GP name: *Reporting_RecentlyCleanedTimeout* - GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* @@ -2451,7 +2451,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents** +**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents** @@ -2483,7 +2483,7 @@ This policy configures Windows software trace preprocessor (WPP Software Tracing -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Windows software trace preprocessor components* - GP name: *Reporting_WppTracingComponents* - GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* @@ -2494,7 +2494,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel** +**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel** @@ -2520,7 +2520,7 @@ ADMX Info: -This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing). +This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing). Tracing levels are defined as: @@ -2533,7 +2533,7 @@ Tracing levels are defined as: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure WPP tracing level* - GP name: *Reporting_WppTracingLevel* - GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* @@ -2544,7 +2544,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause** +**ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause** @@ -2580,7 +2580,7 @@ If you disable this setting, users won't be able to pause scans. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow users to pause scan* - GP name: *Scan_AllowPause* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -2591,7 +2591,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth** +**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth** @@ -2627,7 +2627,7 @@ If you disable or don't configure this setting, archive files will be scanned to -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the maximum depth to scan archive files* - GP name: *Scan_ArchiveMaxDepth* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -2638,7 +2638,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize** +**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize** @@ -2674,7 +2674,7 @@ If you disable or don't configure this setting, archive files will be scanned ac -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the maximum size of archive files to be scanned* - GP name: *Scan_ArchiveMaxSize* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -2686,7 +2686,7 @@ ADMX Info: -**ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning** @@ -2722,7 +2722,7 @@ If you disable this setting, archive files won't be scanned. -ADMX Info: +ADMX Info: - GP Friendly name: *Scan archive files* - GP name: *Scan_DisableArchiveScanning* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -2733,7 +2733,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning** @@ -2769,7 +2769,7 @@ If you disable or don't configure this setting, e-mail scanning will be disabled -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on e-mail scanning* - GP name: *Scan_DisableEmailScanning* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -2780,7 +2780,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics** @@ -2816,7 +2816,7 @@ If you disable this setting, heuristics will be disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on heuristics* - GP name: *Scan_DisableHeuristics* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -2827,7 +2827,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning** @@ -2863,7 +2863,7 @@ If you disable this setting, packed executables won't be scanned. -ADMX Info: +ADMX Info: - GP Friendly name: *Scan packed executables* - GP name: *Scan_DisablePackedExeScanning* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -2874,7 +2874,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning** @@ -2910,7 +2910,7 @@ If you disable or don't configure this setting, removable drives won't be scanne -ADMX Info: +ADMX Info: - GP Friendly name: *Scan removable drives* - GP name: *Scan_DisableRemovableDriveScanning* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -2921,7 +2921,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning** @@ -2947,7 +2947,7 @@ ADMX Info: -This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there's a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this setting is the recommended state for this functionality. +This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there's a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this setting is the recommended state for this functionality. If you enable this setting, reparse point scanning will be enabled. @@ -2957,7 +2957,7 @@ If you disable or don't configure this setting, reparse point scanning will be d -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on reparse point scanning* - GP name: *Scan_DisableReparsePointScanning* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -2968,7 +2968,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint** @@ -2994,7 +2994,7 @@ ADMX Info: -This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning. +This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning. If you enable this setting, a system restore point will be created. @@ -3004,7 +3004,7 @@ If you disable or don't configure this setting, a system restore point won't be -ADMX Info: +ADMX Info: - GP Friendly name: *Create a system restore point* - GP name: *Scan_DisableRestorePoint* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3050,7 +3050,7 @@ If you disable or don't configure this setting, mapped network drives won't be s -ADMX Info: +ADMX Info: - GP Friendly name: *Run full scan on mapped network drives* - GP name: *Scan_DisableScanningMappedNetworkDrivesForFullScan* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3061,7 +3061,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles** @@ -3097,7 +3097,7 @@ If you disable or don't configure this setting, network files won't be scanned. -ADMX Info: +ADMX Info: - GP Friendly name: *Scan network files* - GP name: *Scan_DisableScanningNetworkFiles* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3108,7 +3108,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor** +**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor** @@ -3144,7 +3144,7 @@ If you disable or don't configure this setting, Policy will take priority over t -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local setting override for maximum percentage of CPU utilization* - GP name: *Scan_LocalSettingOverrideAvgCPULoadFactor* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3155,7 +3155,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters** +**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters** @@ -3191,7 +3191,7 @@ If you disable or don't configure this setting, Policy will take priority over t -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local setting override for the scan type to use for a scheduled scan* - GP name: *Scan_LocalSettingOverrideScanParameters* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3202,7 +3202,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay** +**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay** @@ -3238,7 +3238,7 @@ If you disable or don't configure this setting, Policy will take priority over t -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local setting override for schedule scan day* - GP name: *Scan_LocalSettingOverrideScheduleDay* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3249,7 +3249,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime** +**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime** @@ -3285,7 +3285,7 @@ If you disable or don't configure this setting, Policy will take priority over t -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local setting override for scheduled quick scan time* - GP name: *Scan_LocalSettingOverrideScheduleQuickScantime* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3296,7 +3296,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime** +**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime** @@ -3332,7 +3332,7 @@ If you disable or don't configure this setting, Policy will take priority over t -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local setting override for scheduled scan time* - GP name: *Scan_LocalSettingOverrideScheduleTime* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3343,7 +3343,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority** +**ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority** @@ -3373,13 +3373,13 @@ This policy setting allows you to enable or disable low CPU priority for schedul If you enable this setting, low CPU priority will be used during scheduled scans. -If you disable or don't configure this setting, not changes will be made to CPU priority for scheduled scans. +If you disable or don't configure this setting, not changes will be made to CPU priority for scheduled scans. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure low CPU priority for scheduled scans* - GP name: *Scan_LowCpuPriority* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3390,7 +3390,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup** +**ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup** @@ -3426,7 +3426,7 @@ If you disable or don't configure this setting, a catch-up scan will occur after -ADMX Info: +ADMX Info: - GP Friendly name: *Define the number of days after which a catch-up scan is forced* - GP name: *Scan_MissedScheduledScanCountBeforeCatchup* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3437,7 +3437,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay** +**ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay** @@ -3473,7 +3473,7 @@ If you disable or don't configure this setting, items will be kept in the scan h -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on removal of items from scan history folder* - GP name: *Scan_PurgeItemsAfterDelay* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3484,7 +3484,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval** +**ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval** @@ -3520,7 +3520,7 @@ If you disable or don't configure this setting, a quick scan will run at a defau -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the interval to run quick scans per day* - GP name: *Scan_QuickScanInterval* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3531,7 +3531,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle** +**ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle** @@ -3567,7 +3567,7 @@ If you disable this setting, scheduled scans will run at the scheduled time. -ADMX Info: +ADMX Info: - GP Friendly name: *Start the scheduled scan only when computer is on but not in use* - GP name: *Scan_ScanOnlyIfIdle* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3578,7 +3578,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay** +**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay** @@ -3609,7 +3609,7 @@ This policy setting allows you to specify the day of the week on which to perfor This setting can be configured with the following ordinal number values: - (0x0) Every Day -- (0x1) Sunday +- (0x1) Sunday - (0x2) Monday - (0x3) Tuesday - (0x4) Wednesday @@ -3626,7 +3626,7 @@ If you disable or don't configure this setting, a scheduled scan will run at a d -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the day of the week to run a scheduled scan* - GP name: *Scan_ScheduleDay* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3637,7 +3637,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime** +**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime** @@ -3673,7 +3673,7 @@ If you disable or don't configure this setting, a scheduled scan will run at a d -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the time of day to run a scheduled scan* - GP name: *Scan_ScheduleTime* - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* @@ -3684,7 +3684,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive** +**ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive** @@ -3720,7 +3720,7 @@ If you disable or don't configure this setting, the antimalware service will be -ADMX Info: +ADMX Info: - GP Friendly name: *Allow antimalware service to remain running always* - GP name: *ServiceKeepAlive* - GP path: *Windows Components\Microsoft Defender Antivirus* @@ -3731,7 +3731,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue** @@ -3769,7 +3769,7 @@ If you disable or don't configure this setting, spyware security intelligence wi -ADMX Info: +ADMX Info: - GP Friendly name: *Define the number of days before spyware security intelligence is considered out of date* - GP name: *SignatureUpdate_ASSignatureDue* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -3780,7 +3780,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue** @@ -3816,7 +3816,7 @@ If you disable or don't configure this setting, virus security intelligence will -ADMX Info: +ADMX Info: - GP Friendly name: *Define the number of days before virus security intelligence is considered out of date* - GP name: *SignatureUpdate_AVSignatureDue* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -3827,7 +3827,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources** @@ -3863,7 +3863,7 @@ If you disable or don't configure this setting, the list will remain empty by de -ADMX Info: +ADMX Info: - GP Friendly name: *Define file shares for downloading security intelligence updates* - GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -3874,7 +3874,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate** @@ -3910,7 +3910,7 @@ If you disable this setting, a scan won't start following a security intelligenc -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on scan after security intelligence update* - GP name: *SignatureUpdate_DisableScanOnUpdate* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -3921,7 +3921,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery** @@ -3957,7 +3957,7 @@ If you disable this setting, security intelligence updates will be turned off wh -ADMX Info: +ADMX Info: - GP Friendly name: *Allow security intelligence updates when running on battery power* - GP name: *SignatureUpdate_DisableScheduledSignatureUpdateonBattery* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -3968,7 +3968,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine** @@ -4004,7 +4004,7 @@ If you disable this setting, security intelligence updates won't be initiated on -ADMX Info: +ADMX Info: - GP Friendly name: *Initiate security intelligence update on startup* - GP name: *SignatureUpdate_DisableUpdateOnStartupWithoutEngine* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -4015,7 +4015,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder** @@ -4053,7 +4053,7 @@ If you disable or don't configure this setting, security intelligence update sou -ADMX Info: +ADMX Info: - GP Friendly name: *Define the order of sources for downloading security intelligence updates* - GP name: *SignatureUpdate_FallbackOrder* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -4064,7 +4064,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU** @@ -4100,7 +4100,7 @@ If you disable or don't configure this setting, security intelligence updates wi -ADMX Info: +ADMX Info: - GP Friendly name: *Allow security intelligence updates from Microsoft Update* - GP name: *SignatureUpdate_ForceUpdateFromMU* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -4111,7 +4111,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery** @@ -4147,7 +4147,7 @@ If you disable this setting, real-time security intelligence updates will be dis -ADMX Info: +ADMX Info: - GP Friendly name: *Allow real-time security intelligence updates based on reports to Microsoft MAPS* - GP name: *SignatureUpdate_RealtimeSignatureDelivery* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -4158,7 +4158,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay** @@ -4189,7 +4189,7 @@ This policy setting allows you to specify the day of the week on which to check This setting can be configured with the following ordinal number values: - (0x0) Every Day (default) -- (0x1) Sunday +- (0x1) Sunday - (0x2) Monday - (0x3) Tuesday - (0x4) Wednesday @@ -4206,7 +4206,7 @@ If you disable or don't configure this setting, the check for security intellige -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the day of the week to check for security intelligence updates* - GP name: *SignatureUpdate_ScheduleDay* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -4217,7 +4217,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime** @@ -4253,7 +4253,7 @@ If you disable or don't configure this setting, the check for security intellig -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the time to check for security intelligence updates* - GP name: *SignatureUpdate_ScheduleTime* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -4264,7 +4264,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation** @@ -4290,7 +4290,7 @@ ADMX Info: -This policy setting allows you to define the security intelligence location for VDI-configured computers. +This policy setting allows you to define the security intelligence location for VDI-configured computers. If you disable or don't configure this setting, security intelligence will be referred from the default local source. @@ -4298,7 +4298,7 @@ If you disable or don't configure this setting, security intelligence will be re -ADMX Info: +ADMX Info: - GP Friendly name: *Define security intelligence location for VDI clients.* - GP name: *SignatureUpdate_SharedSignaturesLocation* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -4306,7 +4306,7 @@ ADMX Info: -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification**
            @@ -4345,7 +4345,7 @@ If you disable this setting, the antimalware service won't receive notifications -ADMX Info: +ADMX Info: - GP Friendly name: *Allow notifications to disable security intelligence based reports to Microsoft MAPS* - GP name: *SignatureUpdate_SignatureDisableNotification* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -4356,7 +4356,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval** @@ -4392,7 +4392,7 @@ If you disable or don't configure this setting, a catch-up security intelligence -ADMX Info: +ADMX Info: - GP Friendly name: *Define the number of days after which a catch-up security intelligence update is required* - GP name: *SignatureUpdate_SignatureUpdateCatchupInterval* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -4403,7 +4403,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup** @@ -4439,7 +4439,7 @@ If you disable this setting or don't configure this setting, a check for new sec -ADMX Info: +ADMX Info: - GP Friendly name: *Check for the latest virus and spyware security intelligence on startup* - GP name: *SignatureUpdate_UpdateOnStartup* - GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* @@ -4450,7 +4450,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/SpynetReporting** +**ADMX_MicrosoftDefenderAntivirus/SpynetReporting** @@ -4493,14 +4493,14 @@ Advanced membership, in addition to basic information, will send more informatio If you enable this setting, you'll join Microsoft MAPS with the membership specified. If you disable or don't configure this setting, you won't join Microsoft MAPS. - + In Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership. -ADMX Info: +ADMX Info: - GP Friendly name: *Join Microsoft MAPS* - GP name: *SpynetReporting* - GP path: *Windows Components\Microsoft Defender Antivirus\MAPS* @@ -4511,7 +4511,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting** +**ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting** @@ -4547,7 +4547,7 @@ If you disable or don't configure this setting, Policy will take priority over t -ADMX Info: +ADMX Info: - GP Friendly name: *Configure local setting override for reporting to Microsoft MAPS* - GP name: *Spynet_LocalSettingOverrideSpynetReporting* - GP path: *Windows Components\Microsoft Defender Antivirus\MAPS* @@ -4559,7 +4559,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction** +**ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction** @@ -4597,7 +4597,7 @@ Valid remediation action values are: -ADMX Info: +ADMX Info: - GP Friendly name: *Specify threats upon which default action should not be taken when detected* - GP name: *Threats_ThreatIdDefaultAction* - GP path: *Windows Components\Microsoft Defender Antivirus\Threats* @@ -4608,7 +4608,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString** +**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString** @@ -4644,7 +4644,7 @@ If you disable or don't configure this setting, there will be no extra text disp -ADMX Info: +ADMX Info: - GP Friendly name: *Display additional text to clients when they need to perform an action* - GP name: *UX_Configuration_CustomDefaultActionToastString* - GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface* @@ -4655,7 +4655,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress** +**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress** @@ -4691,7 +4691,7 @@ If you enable this setting, Microsoft Defender Antivirus notifications won't dis -ADMX Info: +ADMX Info: - GP Friendly name: *Suppress all notifications* - GP name: *UX_Configuration_Notification_Suppress* - GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface* @@ -4702,7 +4702,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification** +**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification** @@ -4736,7 +4736,7 @@ If you enable this setting, AM UI won't show reboot notifications. -ADMX Info: +ADMX Info: - GP Friendly name: *Suppresses reboot notifications* - GP name: *UX_Configuration_SuppressRebootNotification* - GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface* @@ -4747,7 +4747,7 @@ ADMX Info:
            -**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown** +**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown** @@ -4781,7 +4781,7 @@ If you enable this setting, AM UI won't be available to users. -ADMX Info: +ADMX Info: - GP Friendly name: *Enable headless UI mode* - GP name: *UX_Configuration_UILockdown* - GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface* diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md index 1d1d07a118..ceef59b3eb 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmc.md +++ b/windows/client-management/mdm/policy-csp-admx-mmc.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/03/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_MMC >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_MMC policies +## ADMX_MMC policies
            @@ -47,7 +47,7 @@ manager: aaroncz
            -**ADMX_MMC/MMC_ActiveXControl** +**ADMX_MMC/MMC_ActiveXControl** @@ -93,7 +93,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *ActiveX Control* - GP name: *MMC_ActiveXControl* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -104,7 +104,7 @@ ADMX Info:
            -**ADMX_MMC/MMC_ExtendView** +**ADMX_MMC/MMC_ExtendView** @@ -150,7 +150,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *Extended View (Web View)* - GP name: *MMC_ExtendView* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -161,7 +161,7 @@ ADMX Info:
            -**ADMX_MMC/MMC_LinkToWeb** +**ADMX_MMC/MMC_LinkToWeb** @@ -207,7 +207,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *Link to Web Address* - GP name: *MMC_LinkToWeb* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -218,7 +218,7 @@ ADMX Info:
            -**ADMX_MMC/MMC_Restrict_Author** +**ADMX_MMC/MMC_Restrict_Author** @@ -258,7 +258,7 @@ If you disable this setting or don't configure it, users can enter author mode a -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict the user from entering author mode* - GP name: *MMC_Restrict_Author* - GP path: *Windows Components\Microsoft Management Console* @@ -269,7 +269,7 @@ ADMX Info:
            -**ADMX_MMC/MMC_Restrict_To_Permitted_Snapins** +**ADMX_MMC/MMC_Restrict_To_Permitted_Snapins** @@ -314,7 +314,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict users to the explicitly permitted list of snap-ins* - GP name: *MMC_Restrict_To_Permitted_Snapins* - GP path: *Windows Components\Microsoft Management Console* diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index 1dc887ce45..55e94494f7 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/13/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_MMCSnapins >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_MMCSnapins policies +## ADMX_MMCSnapins policies
            @@ -344,7 +344,7 @@ manager: aaroncz
            -**ADMX_MMCSnapins/MMC_ADMComputers_1** +**ADMX_MMCSnapins/MMC_ADMComputers_1** @@ -370,17 +370,17 @@ manager: aaroncz -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -388,7 +388,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *Administrative Templates (Computers)* - GP name: *MMC_ADMComputers_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -399,7 +399,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ADMComputers_2** +**ADMX_MMCSnapins/MMC_ADMComputers_2** @@ -425,17 +425,17 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -443,7 +443,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *Administrative Templates (Computers)* - GP name: *MMC_ADMComputers_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* @@ -455,7 +455,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ADMUsers_1** +**ADMX_MMCSnapins/MMC_ADMUsers_1** @@ -481,17 +481,17 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -499,7 +499,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *Administrative Templates (Users)* - GP name: *MMC_ADMUsers_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -511,7 +511,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ADMUsers_2** +**ADMX_MMCSnapins/MMC_ADMUsers_2** @@ -537,17 +537,17 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -555,7 +555,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *Administrative Templates (Users)* - GP name: *MMC_ADMUsers_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* @@ -567,7 +567,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ADSI** +**ADMX_MMCSnapins/MMC_ADSI** @@ -593,17 +593,17 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -611,7 +611,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *ADSI Edit* - GP name: *MMC_ADSI* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -623,7 +623,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ActiveDirDomTrusts** +**ADMX_MMCSnapins/MMC_ActiveDirDomTrusts** @@ -649,17 +649,17 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -667,7 +667,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *Active Directory Domains and Trusts* - GP name: *MMC_ActiveDirDomTrusts* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -679,7 +679,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ActiveDirSitesServices** +**ADMX_MMCSnapins/MMC_ActiveDirSitesServices** @@ -705,17 +705,17 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -723,7 +723,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *Active Directory Sites and Services* - GP name: *MMC_ActiveDirSitesServices* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -735,7 +735,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ActiveDirUsersComp** +**ADMX_MMCSnapins/MMC_ActiveDirUsersComp** @@ -761,17 +761,17 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -779,7 +779,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *Active Directory Users and Computers* - GP name: *MMC_ActiveDirUsersComp* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -791,7 +791,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_AppleTalkRouting** +**ADMX_MMCSnapins/MMC_AppleTalkRouting** @@ -817,17 +817,17 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -835,7 +835,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *AppleTalk Routing* - GP name: *MMC_AppleTalkRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -847,7 +847,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_AuthMan** +**ADMX_MMCSnapins/MMC_AuthMan** @@ -873,17 +873,17 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -891,7 +891,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *Authorization Manager* - GP name: *MMC_AuthMan* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -903,7 +903,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_CertAuth** +**ADMX_MMCSnapins/MMC_CertAuth** @@ -929,17 +929,17 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. @@ -947,7 +947,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window -ADMX Info: +ADMX Info: - GP Friendly name: *Certification Authority* - GP name: *MMC_CertAuth* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -959,7 +959,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_CertAuthPolSet** +**ADMX_MMCSnapins/MMC_CertAuthPolSet** @@ -985,24 +985,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Certification Authority Policy Settings* - GP name: *MMC_CertAuthPolSet* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -1014,7 +1014,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_Certs** +**ADMX_MMCSnapins/MMC_Certs** @@ -1040,24 +1040,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Certificates* - GP name: *MMC_Certs* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -1069,7 +1069,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_CertsTemplate** +**ADMX_MMCSnapins/MMC_CertsTemplate** @@ -1095,24 +1095,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Certificate Templates* - GP name: *MMC_CertsTemplate* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -1124,7 +1124,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ComponentServices** +**ADMX_MMCSnapins/MMC_ComponentServices** @@ -1150,24 +1150,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Component Services* - GP name: *MMC_ComponentServices* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -1179,7 +1179,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ComputerManagement** +**ADMX_MMCSnapins/MMC_ComputerManagement** @@ -1205,24 +1205,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Computer Management* - GP name: *MMC_ComputerManagement* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -1234,7 +1234,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ConnectionSharingNAT** +**ADMX_MMCSnapins/MMC_ConnectionSharingNAT** @@ -1260,24 +1260,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Connection Sharing (NAT)* - GP name: *MMC_ConnectionSharingNAT* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -1289,7 +1289,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_DCOMCFG** +**ADMX_MMCSnapins/MMC_DCOMCFG** @@ -1315,24 +1315,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *DCOM Configuration Extension* - GP name: *MMC_DCOMCFG* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -1344,7 +1344,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_DFS** +**ADMX_MMCSnapins/MMC_DFS** @@ -1370,24 +1370,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Distributed File System* - GP name: *MMC_DFS* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -1399,7 +1399,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_DHCPRelayMgmt** +**ADMX_MMCSnapins/MMC_DHCPRelayMgmt** @@ -1425,24 +1425,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *DHCP Relay Management* - GP name: *MMC_DHCPRelayMgmt* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -1454,7 +1454,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_DeviceManager_1** +**ADMX_MMCSnapins/MMC_DeviceManager_1** @@ -1480,24 +1480,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Device Manager* - GP name: *MMC_DeviceManager_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -1509,7 +1509,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_DeviceManager_2** +**ADMX_MMCSnapins/MMC_DeviceManager_2** @@ -1535,24 +1535,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Device Manager* - GP name: *MMC_DeviceManager_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -1564,7 +1564,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_DiskDefrag** +**ADMX_MMCSnapins/MMC_DiskDefrag** @@ -1590,24 +1590,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Disk Defragmenter* - GP name: *MMC_DiskDefrag* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -1619,7 +1619,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_DiskMgmt** +**ADMX_MMCSnapins/MMC_DiskMgmt** @@ -1645,24 +1645,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Disk Management* - GP name: *MMC_DiskMgmt* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -1674,7 +1674,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_EnterprisePKI** +**ADMX_MMCSnapins/MMC_EnterprisePKI** @@ -1700,24 +1700,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Enterprise PKI* - GP name: *MMC_EnterprisePKI* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -1729,7 +1729,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_EventViewer_1** +**ADMX_MMCSnapins/MMC_EventViewer_1** @@ -1755,24 +1755,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Event Viewer* - GP name: *MMC_EventViewer_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -1784,7 +1784,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_EventViewer_2** +**ADMX_MMCSnapins/MMC_EventViewer_2** @@ -1810,24 +1810,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Event Viewer (Windows Vista)* - GP name: *MMC_EventViewer_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -1839,7 +1839,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_EventViewer_3** +**ADMX_MMCSnapins/MMC_EventViewer_3** @@ -1865,24 +1865,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Event Viewer* - GP name: *MMC_EventViewer_3* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -1894,7 +1894,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_EventViewer_4** +**ADMX_MMCSnapins/MMC_EventViewer_4** @@ -1920,24 +1920,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Event Viewer (Windows Vista)* - GP name: *MMC_EventViewer_4* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -1950,7 +1950,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_EventViewer_2** +**ADMX_MMCSnapins/MMC_EventViewer_2** @@ -1976,24 +1976,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Event Viewer (Windows Vista)* - GP name: *MMC_EventViewer_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -2005,7 +2005,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_FAXService** +**ADMX_MMCSnapins/MMC_FAXService** @@ -2031,24 +2031,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *FAX Service* - GP name: *MMC_FAXService* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -2060,7 +2060,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_FailoverClusters** +**ADMX_MMCSnapins/MMC_FailoverClusters** @@ -2086,24 +2086,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Failover Clusters Manager* - GP name: *MMC_FailoverClusters* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -2115,7 +2115,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_FolderRedirection_1** +**ADMX_MMCSnapins/MMC_FolderRedirection_1** @@ -2141,24 +2141,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Folder Redirection* - GP name: *MMC_FolderRedirection_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -2170,7 +2170,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_FolderRedirection_2** +**ADMX_MMCSnapins/MMC_FolderRedirection_2** @@ -2196,24 +2196,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Folder Redirection* - GP name: *MMC_FolderRedirection_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* @@ -2225,7 +2225,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_FrontPageExt** +**ADMX_MMCSnapins/MMC_FrontPageExt** @@ -2251,24 +2251,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *FrontPage Server Extensions* - GP name: *MMC_FrontPageExt* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -2280,7 +2280,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn** +**ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn** @@ -2306,24 +2306,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Group Policy Management* - GP name: *MMC_GroupPolicyManagementSnapIn* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* @@ -2335,7 +2335,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_GroupPolicySnapIn** +**ADMX_MMCSnapins/MMC_GroupPolicySnapIn** @@ -2361,24 +2361,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Group Policy Object Editor* - GP name: *MMC_GroupPolicySnapIn* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* @@ -2390,7 +2390,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_GroupPolicyTab** +**ADMX_MMCSnapins/MMC_GroupPolicyTab** @@ -2435,7 +2435,7 @@ When the Group Policy tab is inaccessible, it doesn't appear in the site, domain -ADMX Info: +ADMX Info: - GP Friendly name: *Group Policy tab for Active Directory Tools* - GP name: *MMC_GroupPolicyTab* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* @@ -2447,7 +2447,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_HRA** +**ADMX_MMCSnapins/MMC_HRA** @@ -2473,24 +2473,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Health Registration Authority (HRA)* - GP name: *MMC_HRA* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -2502,7 +2502,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IAS** +**ADMX_MMCSnapins/MMC_IAS** @@ -2528,24 +2528,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Authentication Service (IAS)* - GP name: *MMC_IAS* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -2557,7 +2557,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IASLogging** +**ADMX_MMCSnapins/MMC_IASLogging** @@ -2583,24 +2583,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *IAS Logging* - GP name: *MMC_IASLogging* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -2612,7 +2612,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IEMaintenance_1** +**ADMX_MMCSnapins/MMC_IEMaintenance_1** @@ -2638,24 +2638,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer Maintenance* - GP name: *MMC_IEMaintenance_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -2667,7 +2667,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IEMaintenance_2** +**ADMX_MMCSnapins/MMC_IEMaintenance_2** @@ -2693,24 +2693,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer Maintenance* - GP name: *MMC_IEMaintenance_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* @@ -2722,7 +2722,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IGMPRouting** +**ADMX_MMCSnapins/MMC_IGMPRouting** @@ -2748,24 +2748,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *IGMP Routing* - GP name: *MMC_IGMPRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -2777,7 +2777,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IIS** +**ADMX_MMCSnapins/MMC_IIS** @@ -2803,24 +2803,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Information Services* - GP name: *MMC_IIS* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -2832,7 +2832,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IPRouting** +**ADMX_MMCSnapins/MMC_IPRouting** @@ -2858,24 +2858,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *IP Routing* - GP name: *MMC_IPRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -2887,7 +2887,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IPSecManage_GP** +**ADMX_MMCSnapins/MMC_IPSecManage_GP** @@ -2913,24 +2913,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *IP Security Policy Management* - GP name: *MMC_IPSecManage_GP* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -2942,7 +2942,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IPXRIPRouting** +**ADMX_MMCSnapins/MMC_IPXRIPRouting** @@ -2968,24 +2968,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *IPX RIP Routing* - GP name: *MMC_IPXRIPRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -2997,7 +2997,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IPXRouting** +**ADMX_MMCSnapins/MMC_IPXRouting** @@ -3023,24 +3023,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *IPX Routing* - GP name: *MMC_IPXRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -3052,7 +3052,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IPXSAPRouting** +**ADMX_MMCSnapins/MMC_IPXSAPRouting** @@ -3078,24 +3078,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *IPX SAP Routing* - GP name: *MMC_IPXSAPRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -3107,7 +3107,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IndexingService** +**ADMX_MMCSnapins/MMC_IndexingService** @@ -3133,24 +3133,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Indexing Service* - GP name: *MMC_IndexingService* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -3162,7 +3162,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IpSecManage** +**ADMX_MMCSnapins/MMC_IpSecManage** @@ -3188,24 +3188,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *IP Security Policy Management* - GP name: *MMC_IpSecManage* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -3217,7 +3217,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_IpSecMonitor** +**ADMX_MMCSnapins/MMC_IpSecMonitor** @@ -3243,24 +3243,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *IP Security Monitor* - GP name: *MMC_IpSecMonitor* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -3272,7 +3272,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_LocalUsersGroups** +**ADMX_MMCSnapins/MMC_LocalUsersGroups** @@ -3298,24 +3298,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Local Users and Groups* - GP name: *MMC_LocalUsersGroups* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -3327,7 +3327,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_LogicalMappedDrives** +**ADMX_MMCSnapins/MMC_LogicalMappedDrives** @@ -3353,24 +3353,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Logical and Mapped Drives* - GP name: *MMC_LogicalMappedDrives* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -3382,7 +3382,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_NPSUI** +**ADMX_MMCSnapins/MMC_NPSUI** @@ -3408,24 +3408,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Network Policy Server (NPS)* - GP name: *MMC_NPSUI* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -3437,7 +3437,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_NapSnap** +**ADMX_MMCSnapins/MMC_NapSnap** @@ -3463,24 +3463,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *NAP Client Configuration* - GP name: *MMC_NapSnap* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -3492,7 +3492,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_NapSnap_GP** +**ADMX_MMCSnapins/MMC_NapSnap_GP** @@ -3518,24 +3518,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *NAP Client Configuration* - GP name: *MMC_NapSnap_GP* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -3547,7 +3547,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_Net_Framework** +**ADMX_MMCSnapins/MMC_Net_Framework** @@ -3573,24 +3573,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *.Net Framework Configuration* - GP name: *MMC_Net_Framework* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -3602,7 +3602,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_OCSP** +**ADMX_MMCSnapins/MMC_OCSP** @@ -3628,24 +3628,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Online Responder* - GP name: *MMC_OCSP* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -3657,7 +3657,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_OSPFRouting** +**ADMX_MMCSnapins/MMC_OSPFRouting** @@ -3683,24 +3683,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *OSPF Routing* - GP name: *MMC_OSPFRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -3712,7 +3712,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_PerfLogsAlerts** +**ADMX_MMCSnapins/MMC_PerfLogsAlerts** @@ -3738,24 +3738,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Performance Logs and Alerts* - GP name: *MMC_PerfLogsAlerts* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -3767,7 +3767,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_PublicKey** +**ADMX_MMCSnapins/MMC_PublicKey** @@ -3793,24 +3793,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Public Key Policies* - GP name: *MMC_PublicKey* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -3822,7 +3822,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_QoSAdmission** +**ADMX_MMCSnapins/MMC_QoSAdmission** @@ -3848,24 +3848,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *QoS Admission Control* - GP name: *MMC_QoSAdmission* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -3877,7 +3877,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_RAS_DialinUser** +**ADMX_MMCSnapins/MMC_RAS_DialinUser** @@ -3903,24 +3903,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *RAS Dialin - User Node* - GP name: *MMC_RAS_DialinUser* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -3932,7 +3932,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_RIPRouting** +**ADMX_MMCSnapins/MMC_RIPRouting** @@ -3958,24 +3958,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *RIP Routing* - GP name: *MMC_RIPRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -3987,7 +3987,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_RIS** +**ADMX_MMCSnapins/MMC_RIS** @@ -4013,24 +4013,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Remote Installation Services* - GP name: *MMC_RIS* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -4042,7 +4042,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_RRA** +**ADMX_MMCSnapins/MMC_RRA** @@ -4068,24 +4068,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Routing and Remote Access* - GP name: *MMC_RRA* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -4097,7 +4097,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_RSM** +**ADMX_MMCSnapins/MMC_RSM** @@ -4123,24 +4123,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Removable Storage Management* - GP name: *MMC_RSM* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -4152,7 +4152,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_RemStore** +**ADMX_MMCSnapins/MMC_RemStore** @@ -4178,24 +4178,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Removable Storage* - GP name: *MMC_RemStore* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -4207,7 +4207,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_RemoteAccess** +**ADMX_MMCSnapins/MMC_RemoteAccess** @@ -4233,24 +4233,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Remote Access* - GP name: *MMC_RemoteAccess* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -4262,7 +4262,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_RemoteDesktop** +**ADMX_MMCSnapins/MMC_RemoteDesktop** @@ -4288,24 +4288,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Remote Desktops* - GP name: *MMC_RemoteDesktop* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -4317,7 +4317,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn** +**ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn** @@ -4343,24 +4343,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Resultant Set of Policy snap-in* - GP name: *MMC_ResultantSetOfPolicySnapIn* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* @@ -4372,7 +4372,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_Routing** +**ADMX_MMCSnapins/MMC_Routing** @@ -4398,24 +4398,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Routing* - GP name: *MMC_Routing* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -4427,7 +4427,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SCA** +**ADMX_MMCSnapins/MMC_SCA** @@ -4453,24 +4453,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Security Configuration and Analysis* - GP name: *MMC_SCA* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -4482,7 +4482,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SMTPProtocol** +**ADMX_MMCSnapins/MMC_SMTPProtocol** @@ -4508,24 +4508,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *SMTP Protocol* - GP name: *MMC_SMTPProtocol* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -4537,7 +4537,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SNMP** +**ADMX_MMCSnapins/MMC_SNMP** @@ -4563,24 +4563,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *SNMP* - GP name: *MMC_SNMP* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -4592,7 +4592,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ScriptsMachine_1** +**ADMX_MMCSnapins/MMC_ScriptsMachine_1** @@ -4618,24 +4618,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Scripts (Startup/Shutdown)* - GP name: *MMC_ScriptsMachine_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -4647,7 +4647,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ScriptsMachine_2** +**ADMX_MMCSnapins/MMC_ScriptsMachine_2** @@ -4673,24 +4673,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Scripts (Startup/Shutdown)* - GP name: *MMC_ScriptsMachine_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* @@ -4702,7 +4702,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ScriptsUser_1** +**ADMX_MMCSnapins/MMC_ScriptsUser_1** @@ -4728,24 +4728,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Scripts (Logon/Logoff)* - GP name: *MMC_ScriptsUser_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -4757,7 +4757,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ScriptsUser_2** +**ADMX_MMCSnapins/MMC_ScriptsUser_2** @@ -4783,24 +4783,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Scripts (Logon/Logoff)* - GP name: *MMC_ScriptsUser_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* @@ -4812,7 +4812,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SecuritySettings_1** +**ADMX_MMCSnapins/MMC_SecuritySettings_1** @@ -4838,24 +4838,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Security Settings* - GP name: *MMC_SecuritySettings_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -4867,7 +4867,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SecuritySettings_2** +**ADMX_MMCSnapins/MMC_SecuritySettings_2** @@ -4893,24 +4893,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Security Settings* - GP name: *MMC_SecuritySettings_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* @@ -4922,7 +4922,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SecurityTemplates** +**ADMX_MMCSnapins/MMC_SecurityTemplates** @@ -4948,24 +4948,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Security Templates* - GP name: *MMC_SecurityTemplates* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -4977,7 +4977,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SendConsoleMessage** +**ADMX_MMCSnapins/MMC_SendConsoleMessage** @@ -5003,24 +5003,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Send Console Message* - GP name: *MMC_SendConsoleMessage* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -5032,7 +5032,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ServerManager** +**ADMX_MMCSnapins/MMC_ServerManager** @@ -5058,24 +5058,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Server Manager* - GP name: *MMC_ServerManager* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -5087,7 +5087,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_ServiceDependencies** +**ADMX_MMCSnapins/MMC_ServiceDependencies** @@ -5113,24 +5113,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Service Dependencies* - GP name: *MMC_ServiceDependencies* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -5142,7 +5142,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_Services** +**ADMX_MMCSnapins/MMC_Services** @@ -5168,24 +5168,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Services* - GP name: *MMC_Services* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -5197,7 +5197,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SharedFolders** +**ADMX_MMCSnapins/MMC_SharedFolders** @@ -5223,24 +5223,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Shared Folders* - GP name: *MMC_SharedFolders* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -5252,7 +5252,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SharedFolders_Ext** +**ADMX_MMCSnapins/MMC_SharedFolders_Ext** @@ -5278,24 +5278,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Shared Folders Ext* - GP name: *MMC_SharedFolders_Ext* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -5307,7 +5307,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1** +**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1** @@ -5333,24 +5333,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Software Installation (Computers)* - GP name: *MMC_SoftwareInstalationComputers_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -5362,7 +5362,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2** +**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2** @@ -5388,24 +5388,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Software Installation (Computers)* - GP name: *MMC_SoftwareInstalationComputers_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* @@ -5417,7 +5417,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1** +**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1** @@ -5443,24 +5443,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Software Installation (Users)* - GP name: *MMC_SoftwareInstallationUsers_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -5472,7 +5472,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2** +**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2** @@ -5498,24 +5498,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Software Installation (Users)* - GP name: *MMC_SoftwareInstallationUsers_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* @@ -5527,7 +5527,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SysInfo** +**ADMX_MMCSnapins/MMC_SysInfo** @@ -5553,24 +5553,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *System Information* - GP name: *MMC_SysInfo* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -5582,7 +5582,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_SysProp** +**ADMX_MMCSnapins/MMC_SysProp** @@ -5608,24 +5608,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *System Properties* - GP name: *MMC_SysProp* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* @@ -5637,7 +5637,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_TPMManagement** +**ADMX_MMCSnapins/MMC_TPMManagement** @@ -5663,24 +5663,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *TPM Management* - GP name: *MMC_TPMManagement* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -5692,7 +5692,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_Telephony** +**ADMX_MMCSnapins/MMC_Telephony** @@ -5718,24 +5718,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Telephony* - GP name: *MMC_Telephony* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -5747,7 +5747,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_TerminalServices** +**ADMX_MMCSnapins/MMC_TerminalServices** @@ -5773,24 +5773,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Remote Desktop Services Configuration* - GP name: *MMC_TerminalServices* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -5802,7 +5802,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_WMI** +**ADMX_MMCSnapins/MMC_WMI** @@ -5828,24 +5828,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *WMI Control* - GP name: *MMC_WMI* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -5857,7 +5857,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_WindowsFirewall** +**ADMX_MMCSnapins/MMC_WindowsFirewall** @@ -5883,24 +5883,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Windows Firewall with Advanced Security* - GP name: *MMC_WindowsFirewall* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -5912,7 +5912,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_WindowsFirewall_GP** +**ADMX_MMCSnapins/MMC_WindowsFirewall_GP** @@ -5938,24 +5938,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Windows Firewall with Advanced Security* - GP name: *MMC_WindowsFirewall_GP* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -5967,7 +5967,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_WiredNetworkPolicy** +**ADMX_MMCSnapins/MMC_WiredNetworkPolicy** @@ -5993,24 +5993,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Wired Network (IEEE 802.3) Policies* - GP name: *MMC_WiredNetworkPolicy* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* @@ -6022,7 +6022,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_WirelessMon** +**ADMX_MMCSnapins/MMC_WirelessMon** @@ -6048,24 +6048,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Wireless Monitor* - GP name: *MMC_WirelessMon* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* @@ -6077,7 +6077,7 @@ ADMX Info:
            -**ADMX_MMCSnapins/MMC_WirelessNetworkPolicy** +**ADMX_MMCSnapins/MMC_WirelessNetworkPolicy** @@ -6103,24 +6103,24 @@ ADMX Info: -This policy setting permits or prohibits the use of this snap-in. +This policy setting permits or prohibits the use of this snap-in. -If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. +If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. -If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. +If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. -If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. +If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. +- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted. When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. -ADMX Info: +ADMX Info: - GP Friendly name: *Wireless Network (IEEE 802.11) Policies* - GP name: *MMC_WirelessNetworkPolicy* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md index 462bfc2801..3de6bfa7fe 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/20/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_MobilePCMobilityCenter > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_MobilePCMobilityCenter policies +## ADMX_MobilePCMobilityCenter policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1** +**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1** @@ -65,10 +65,10 @@ manager: aaroncz -This policy setting turns off Windows Mobility Center. +This policy setting turns off Windows Mobility Center. -- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it. -- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it. +- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it. +- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it. If you don't configure this policy setting, Windows Mobility Center is on by default. @@ -76,7 +76,7 @@ If you don't configure this policy setting, Windows Mobility Center is on by def -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Mobility Center* - GP name: *MobilityCenterEnable_1* - GP path: *Windows Components\Windows Mobility Center* @@ -87,7 +87,7 @@ ADMX Info:
            -**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2** +**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2** @@ -113,10 +113,10 @@ ADMX Info: -This policy setting turns off Windows Mobility Center. +This policy setting turns off Windows Mobility Center. -- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it. -- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it. +- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it. +- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it. If you don't configure this policy setting, Windows Mobility Center is on by default. @@ -124,7 +124,7 @@ If you don't configure this policy setting, Windows Mobility Center is on by def -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Mobility Center* - GP name: *MobilityCenterEnable_2* - GP path: *Windows Components\Windows Mobility Center* diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md index a0b6581b36..2fa545031f 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/20/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_MobilePCPresentationSettings > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_MobilePCPresentationSettings policies +## ADMX_MobilePCPresentationSettings policies
            @@ -66,16 +66,16 @@ manager: aaroncz -This policy setting turns off Windows presentation settings. +This policy setting turns off Windows presentation settings. -If you enable this policy setting, Windows presentation settings can't be invoked. +If you enable this policy setting, Windows presentation settings can't be invoked. -If you disable this policy setting, Windows presentation settings can be invoked. +If you disable this policy setting, Windows presentation settings can be invoked. -The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image. +The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image. > [!NOTE] -> Users will be able to customize their system settings for presentations in Windows Mobility Center. +> Users will be able to customize their system settings for presentations in Windows Mobility Center. If you do not configure this policy setting, Windows presentation settings can be invoked. @@ -83,7 +83,7 @@ If you do not configure this policy setting, Windows presentation settings can b -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows presentation settings* - GP name: *PresentationSettingsEnable_1* - GP path: *Windows Components\Presentation Settings* @@ -94,7 +94,7 @@ ADMX Info:
            -**ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2** +**ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2** @@ -120,16 +120,16 @@ ADMX Info: -This policy setting turns off Windows presentation settings. +This policy setting turns off Windows presentation settings. -If you enable this policy setting, Windows presentation settings can't be invoked. +If you enable this policy setting, Windows presentation settings can't be invoked. -If you disable this policy setting, Windows presentation settings can be invoked. +If you disable this policy setting, Windows presentation settings can be invoked. -The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image. +The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image. > [!NOTE] -> Users will be able to customize their system settings for presentations in Windows Mobility Center. +> Users will be able to customize their system settings for presentations in Windows Mobility Center. If you do not configure this policy setting, Windows presentation settings can be invoked. @@ -137,7 +137,7 @@ If you do not configure this policy setting, Windows presentation settings can b -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows presentation settings* - GP name: *PresentationSettingsEnable_2* - GP path: *Windows Components\Presentation Settings* diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md index a706344772..f5dcb18fd2 100644 --- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/14/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_MSAPolicy >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_MSAPolicy policies +## ADMX_MSAPolicy policies
            @@ -35,7 +35,7 @@ manager: aaroncz
            -**ADMX_MSAPolicy/MicrosoftAccount_DisableUserAuth** +**ADMX_MSAPolicy/MicrosoftAccount_DisableUserAuth** @@ -73,7 +73,7 @@ By default, this setting is Disabled. This setting doesn't affect whether users -ADMX Info: +ADMX Info: - GP Friendly name: *Block all consumer Microsoft account user authentication* - GP name: *MicrosoftAccount_DisableUserAuth* - GP path: *Windows Components\Microsoft account* diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md index 039423c269..98fe49b298 100644 --- a/windows/client-management/mdm/policy-csp-admx-msched.md +++ b/windows/client-management/mdm/policy-csp-admx-msched.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/08/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_msched >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_msched policies +## ADMX_msched policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_msched/ActivationBoundaryPolicy** +**ADMX_msched/ActivationBoundaryPolicy** @@ -75,7 +75,7 @@ If you disable or don't configure this policy setting, the daily scheduled time -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic Maintenance Activation Boundary* - GP name: *ActivationBoundaryPolicy* - GP path: *Windows Components\Maintenance Scheduler* @@ -86,7 +86,7 @@ ADMX Info:
            -**ADMX_msched/RandomDelayPolicy** +**ADMX_msched/RandomDelayPolicy** @@ -126,7 +126,7 @@ If you disable this policy setting, no random delay will be applied to Automatic -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic Maintenance Random Delay* - GP name: *RandomDelayPolicy* - GP path: *Windows Components\Maintenance Scheduler* diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md index 3cf6d8ccbd..110b7c8cf8 100644 --- a/windows/client-management/mdm/policy-csp-admx-msdt.md +++ b/windows/client-management/mdm/policy-csp-admx-msdt.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/09/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_MSDT >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_MSDT policies +## ADMX_MSDT policies
            @@ -41,7 +41,7 @@ manager: aaroncz
            -**ADMX_MSDT/MsdtSupportProvider** +**ADMX_MSDT/MsdtSupportProvider** @@ -83,7 +83,7 @@ No reboots or service restarts are required for this policy setting to take effe -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider* - GP name: *MsdtSupportProvider* - GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool* @@ -94,7 +94,7 @@ ADMX Info:
            -**ADMX_MSDT/MsdtToolDownloadPolicy** +**ADMX_MSDT/MsdtToolDownloadPolicy** @@ -148,7 +148,7 @@ The DPS can be configured with the Services snap-in to the Microsoft Management -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Support Diagnostic Tool: Restrict tool download* - GP name: *MsdtToolDownloadPolicy* - GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool* @@ -159,7 +159,7 @@ ADMX Info:
            -**ADMX_MSDT/WdiScenarioExecutionPolicy** +**ADMX_MSDT/WdiScenarioExecutionPolicy** @@ -201,7 +201,7 @@ This policy setting will only take effect when the Diagnostic Policy Service (DP -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Support Diagnostic Tool: Configure execution level* - GP name: *WdiScenarioExecutionPolicy* - GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool* diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md index ee2aa88f20..6a85538f3e 100644 --- a/windows/client-management/mdm/policy-csp-admx-msi.md +++ b/windows/client-management/mdm/policy-csp-admx-msi.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/16/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_MSI >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_MSI policies +## ADMX_MSI policies
            @@ -103,7 +103,7 @@ manager: aaroncz
            -**ADMX_MSI/AllowLockdownBrowse** +**ADMX_MSI/AllowLockdownBrowse** @@ -143,7 +143,7 @@ If you disable or don't configure this policy setting, by default, only system a -ADMX Info: +ADMX Info: - GP Friendly name: *Allow users to browse for source while elevated* - GP name: *AllowLockdownBrowse* - GP path: *Windows Components\Windows Installer* @@ -155,7 +155,7 @@ ADMX Info:
            -**ADMX_MSI/AllowLockdownMedia** +**ADMX_MSI/AllowLockdownMedia** @@ -195,7 +195,7 @@ Also, see the "Prevent removable media source for any install" policy setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow users to use media source while elevated* - GP name: *AllowLockdownMedia* - GP path: *Windows Components\Windows Installer* @@ -207,7 +207,7 @@ ADMX Info:
            -**ADMX_MSI/AllowLockdownPatch** +**ADMX_MSI/AllowLockdownPatch** @@ -244,7 +244,7 @@ This policy setting doesn't affect installations that run in the user's security -ADMX Info: +ADMX Info: - GP Friendly name: *Allow users to patch elevated products* - GP name: *AllowLockdownPatch* - GP path: *Windows Components\Windows Installer* @@ -256,7 +256,7 @@ ADMX Info:
            -**ADMX_MSI/DisableAutomaticApplicationShutdown** +**ADMX_MSI/DisableAutomaticApplicationShutdown** @@ -298,7 +298,7 @@ If you disable or don't configure this policy setting, Windows Installer will us -ADMX Info: +ADMX Info: - GGP Friendly name: *Prohibit use of Restart Manager* - GP name: *DisableAutomaticApplicationShutdown* - GP path: *Windows Components\Windows Installer* @@ -310,7 +310,7 @@ ADMX Info:
            -**ADMX_MSI/DisableBrowse** +**ADMX_MSI/DisableBrowse** @@ -352,7 +352,7 @@ Also, see the "Enable user to browse for source while elevated" policy setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Remove browse dialog box for new source* - GP name: *DisableBrowse* - GP path: *Windows Components\Windows Installer* @@ -364,7 +364,7 @@ ADMX Info:
            -**ADMX_MSI/DisableFlyweightPatching** +**ADMX_MSI/DisableFlyweightPatching** @@ -400,7 +400,7 @@ If you disable or don't configure this policy setting, it enables faster applica -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit flyweight patching* - GP name: *DisableFlyweightPatching* - GP path: *Windows Components\Windows Installer* @@ -412,7 +412,7 @@ ADMX Info:
            -**ADMX_MSI/DisableLoggingFromPackage** +**ADMX_MSI/DisableLoggingFromPackage** @@ -452,7 +452,7 @@ If you disable or don't configure this policy setting, Windows Installer will au -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off logging via package settings* - GP name: *DisableLoggingFromPackage* - GP path: *Windows Components\Windows Installer* @@ -464,7 +464,7 @@ ADMX Info:
            -**ADMX_MSI/DisableMSI** +**ADMX_MSI/DisableMSI** @@ -494,7 +494,7 @@ This policy setting restricts the use of Windows Installer. If you enable this policy setting, you can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator. You can use the options in the Disable Windows Installer box to establish an installation setting. -- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software. +- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software. - The "For non-managed applications only" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publishes (adds them to Add or Remove Programs). This option's induced behavior is the default behavior of Windows Installer on Windows Server 2003 family when the policy isn't configured. @@ -506,7 +506,7 @@ This policy setting affects Windows Installer only. It doesn't prevent users fro -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Installer* - GP name: *DisableMSI* - GP path: *Windows Components\Windows Installer* @@ -518,7 +518,7 @@ ADMX Info:
            -**ADMX_MSI/DisableMedia** +**ADMX_MSI/DisableMedia** @@ -558,7 +558,7 @@ Also, see the "Enable user to use media source while elevated" and "Hide the 'Ad -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent removable media source for any installation* - GP name: *DisableMedia* - GP path: *Windows Components\Windows Installer* @@ -570,7 +570,7 @@ ADMX Info:
            -**ADMX_MSI/DisablePatch** +**ADMX_MSI/DisablePatch** @@ -611,7 +611,7 @@ Also, see the "Enable user to patch elevated products" policy setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent users from using Windows Installer to install updates and upgrades* - GP name: *DisablePatch* - GP path: *Windows Components\Windows Installer* @@ -623,7 +623,7 @@ ADMX Info:
            -**ADMX_MSI/DisableRollback_1** +**ADMX_MSI/DisableRollback_1** @@ -660,7 +660,7 @@ This policy setting appears in the Computer Configuration and User Configuration -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit rollback* - GP name: *DisableRollback_1* - GP path: *Windows Components\Windows Installer* @@ -672,7 +672,7 @@ ADMX Info:
            -**ADMX_MSI/DisableRollback_2** +**ADMX_MSI/DisableRollback_2** @@ -710,7 +710,7 @@ This policy setting appears in the Computer Configuration and User Configuration -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit rollback* - GP name: *DisableRollback_2* - GP path: *Windows Components\Windows Installer* @@ -722,7 +722,7 @@ ADMX Info:
            -**ADMX_MSI/DisableSharedComponent** +**ADMX_MSI/DisableSharedComponent** @@ -758,7 +758,7 @@ If you disable or don't configure this policy setting, by default, the shared co -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off shared components* - GP name: *DisableSharedComponent* - GP path: *Windows Components\Windows Installer* @@ -770,7 +770,7 @@ ADMX Info:
            -**ADMX_MSI/MSILogging** +**ADMX_MSI/MSILogging** @@ -808,7 +808,7 @@ If you disable or don't configure this policy setting, Windows Installer logs th -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the types of events Windows Installer records in its transaction log* - GP name: *MSILogging* - GP path: *Windows Components\Windows Installer* @@ -821,7 +821,7 @@ ADMX Info: -**ADMX_MSI/MSI_DisableLUAPatching** +**ADMX_MSI/MSI_DisableLUAPatching** @@ -859,7 +859,7 @@ If you disable or don't configure this policy setting, users without administrat -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit non-administrators from applying vendor signed updates* - GP name: *MSI_DisableLUAPatching* - GP path: *Windows Components\Windows Installer* @@ -872,7 +872,7 @@ ADMX Info: -**ADMX_MSI/MSI_DisablePatchUninstall** +**ADMX_MSI/MSI_DisablePatchUninstall** @@ -910,7 +910,7 @@ If you disable or don't configure this policy setting, a user can remove an upda -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit removal of updates* - GP name: *MSI_DisablePatchUninstall* - GP path: *Windows Components\Windows Installer* @@ -923,7 +923,7 @@ ADMX Info: -**ADMX_MSI/MSI_DisableSRCheckPoints** +**ADMX_MSI/MSI_DisableSRCheckPoints** @@ -959,7 +959,7 @@ If you disable or don't configure this policy setting, by default, the Windows I -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off creation of System Restore checkpoints* - GP name: *MSI_DisableSRCheckPoints* - GP path: *Windows Components\Windows Installer* @@ -972,7 +972,7 @@ ADMX Info: -**ADMX_MSI/MSI_DisableUserInstalls** +**ADMX_MSI/MSI_DisableUserInstalls** @@ -1008,7 +1008,7 @@ If you enable this policy setting and "Hide User Installs" is selected, the inst -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit User Installs* - GP name: *MSI_DisableUserInstalls* - GP path: *Windows Components\Windows Installer* @@ -1021,7 +1021,7 @@ ADMX Info: -**ADMX_MSI/MSI_EnforceUpgradeComponentRules** +**ADMX_MSI/MSI_EnforceUpgradeComponentRules** @@ -1063,7 +1063,7 @@ If you disable or don't configure this policy setting, the Windows Installer wil -ADMX Info: +ADMX Info: - GP Friendly name: *Enforce upgrade component rules* - GP name: *MSI_EnforceUpgradeComponentRules* - GP path: *Windows Components\Windows Installer* @@ -1075,7 +1075,7 @@ ADMX Info:
            -**ADMX_MSI/MSI_MaxPatchCacheSize** +**ADMX_MSI/MSI_MaxPatchCacheSize** @@ -1117,7 +1117,7 @@ If you disable or don't configure this policy setting, the Windows Installer wil -ADMX Info: +ADMX Info: - GP Friendly name: *Control maximum size of baseline file cache* - GP name: *MSI_MaxPatchCacheSize* - GP path: *Windows Components\Windows Installer* @@ -1129,7 +1129,7 @@ ADMX Info:
            -**ADMX_MSI/MsiDisableEmbeddedUI** +**ADMX_MSI/MsiDisableEmbeddedUI** @@ -1165,7 +1165,7 @@ If you disable or don't configure this policy setting, embedded UI is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent embedded UI* - GP name: *MsiDisableEmbeddedUI* - GP path: *Windows Components\Windows Installer* @@ -1177,7 +1177,7 @@ ADMX Info:
            -**ADMX_MSI/SafeForScripting** +**ADMX_MSI/SafeForScripting** @@ -1215,7 +1215,7 @@ This policy setting is designed for enterprises that use Web-based tools to dist -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent Internet Explorer security prompt for Windows Installer scripts* - GP name: *SafeForScripting* - GP path: *Windows Components\Windows Installer* @@ -1227,7 +1227,7 @@ ADMX Info:
            -**ADMX_MSI/SearchOrder** +**ADMX_MSI/SearchOrder** @@ -1269,7 +1269,7 @@ To exclude a file source, omit or delete the letter representing that source typ -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the order in which Windows Installer searches for installation files* - GP name: *SearchOrder* - GP path: *Windows Components\Windows Installer* @@ -1281,7 +1281,7 @@ ADMX Info:
            -**ADMX_MSI/TransformsSecure** +**ADMX_MSI/TransformsSecure** @@ -1323,7 +1323,7 @@ If you disable this policy setting, Windows Installer stores transform files in -ADMX Info: +ADMX Info: - GP Friendly name: *Save copies of transform files in a secure location on workstation* - GP name: *TransformsSecure* - GP path: *Windows Components\Windows Installer* diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md index b1d046c306..307d2be7cd 100644 --- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/20/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_MsiFileRecovery > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_MsiFileRecovery policies +## ADMX_MsiFileRecovery policies
            @@ -35,7 +35,7 @@ manager: aaroncz
            -**ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy** +**ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy** @@ -61,21 +61,21 @@ manager: aaroncz -This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states: +This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states: - Prompt for Resolution: Detection, troubleshooting, and recovery of corrupted MSI applications will be turned on. Windows will prompt the user with a dialog-box when application reinstallation is required. -This behavior is the default recovery behavior on Windows client. +This behavior is the default recovery behavior on Windows client. -- Silent: Detection, troubleshooting, and notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will suggest the application that should be reinstalled. This behavior is recommended for headless operation and is the default recovery behavior on Windows server. +- Silent: Detection, troubleshooting, and notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will suggest the application that should be reinstalled. This behavior is recommended for headless operation and is the default recovery behavior on Windows server. -- Troubleshooting Only: Detection and verification of file corruption will be performed without UI. -Recovery isn't attempted. +- Troubleshooting Only: Detection and verification of file corruption will be performed without UI. +Recovery isn't attempted. -- If you enable this policy setting, the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client), Silent (default on Windows server), or Troubleshooting Only. +- If you enable this policy setting, the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client), Silent (default on Windows server), or Troubleshooting Only. -- If you disable this policy setting, the troubleshooting and recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be attempted. +- If you disable this policy setting, the troubleshooting and recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be attempted. -If you don't configure this policy setting, the recovery behavior for corrupted files will be set to the default recovery behavior. No system or service restarts are required for changes to this policy setting to take immediate effect after a Group Policy refresh. +If you don't configure this policy setting, the recovery behavior for corrupted files will be set to the default recovery behavior. No system or service restarts are required for changes to this policy setting to take immediate effect after a Group Policy refresh. > [!NOTE] > This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in to the Microsoft Management Console. @@ -84,7 +84,7 @@ If you don't configure this policy setting, the recovery behavior for corrupted -ADMX Info: +ADMX Info: - GP Friendly name: *Configure MSI Corrupted File Recovery behavior* - GP name: *WdiScenarioExecutionPolicy* - GP path: *System\Troubleshooting and Diagnostics\MSI Corrupted File Recovery* diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index 7bfd8617d3..0c551f8352 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/14/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_nca >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_nca policies +## ADMX_nca policies
            @@ -56,7 +56,7 @@ manager: aaroncz
            -**ADMX_nca/CorporateResources** +**ADMX_nca/CorporateResources** @@ -82,11 +82,11 @@ manager: aaroncz -This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. +This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. -Each string can be one of the following types: +Each string can be one of the following types: -- A DNS name or IPv6 address that NCA pings. The syntax is “PING:” followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com or PING:2002:836b:1::1. +- A DNS name or IPv6 address that NCA pings. The syntax is “PING:” followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com or PING:2002:836b:1::1. > [!NOTE] > We recommend that you use FQDNs instead of IPv6 addresses wherever possible. @@ -102,7 +102,7 @@ You must configure this setting to have complete NCA functionality. -ADMX Info: +ADMX Info: - GP Friendly name: *Corporate Resources* - GP name: *CorporateResources* - GP path: *Network\DirectAccess Client Experience Settings* @@ -113,7 +113,7 @@ ADMX Info:
            -**ADMX_nca/CustomCommands** +**ADMX_nca/CustomCommands** @@ -145,7 +145,7 @@ This policy setting specifies commands configured by the administrator for custo -ADMX Info: +ADMX Info: - GP Friendly name: *Custom Commands* - GP name: *CustomCommands* - GP path: *Network\DirectAccess Client Experience Settings* @@ -156,7 +156,7 @@ ADMX Info:
            -**ADMX_nca/DTEs** +**ADMX_nca/DTEs** @@ -182,7 +182,7 @@ ADMX Info: -This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. +This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. By default, NCA uses the same DirectAccess server that the DirectAccess client computer connection is using. In default configurations of DirectAccess, there are typically two IPsec tunnel endpoints: one for the infrastructure tunnel and one for the intranet tunnel. You should configure one endpoint for each tunnel. @@ -194,7 +194,7 @@ You must configure this setting to have complete NCA functionality. -ADMX Info: +ADMX Info: - GP Friendly name: *IPsec Tunnel Endpoints* - GP name: *DTEs* - GP path: *Network\DirectAccess Client Experience Settings* @@ -205,7 +205,7 @@ ADMX Info:
            -**ADMX_nca/FriendlyName** +**ADMX_nca/FriendlyName** @@ -239,7 +239,7 @@ If this setting isn't configured, the string that appears for DirectAccess conne -ADMX Info: +ADMX Info: - GP Friendly name: *Friendly Name* - GP name: *FriendlyName* - GP path: *Network\DirectAccess Client Experience Settings* @@ -250,7 +250,7 @@ ADMX Info:
            -**ADMX_nca/LocalNamesOn** +**ADMX_nca/LocalNamesOn** @@ -293,7 +293,7 @@ If this setting isn't configured, users don't have Connect or Disconnect options -ADMX Info: +ADMX Info: - GP Friendly name: *Prefer Local Names Allowed* - GP name: *LocalNamesOn* - GP path: *Network\DirectAccess Client Experience Settings* @@ -304,7 +304,7 @@ ADMX Info:
            -**ADMX_nca/PassiveMode** +**ADMX_nca/PassiveMode** @@ -337,7 +337,7 @@ Set this policy setting to Disabled to keep NCA probing actively all the time. I -ADMX Info: +ADMX Info: - GP Friendly name: *DirectAccess Passive Mode* - GP name: *PassiveMode* - GP path: *Network\DirectAccess Client Experience Settings* @@ -348,7 +348,7 @@ ADMX Info:
            -**ADMX_nca/ShowUI** +**ADMX_nca/ShowUI** @@ -376,7 +376,7 @@ ADMX Info: This policy setting specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon. -Set this policy setting to Disabled to prevent user confusion when you're just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. +Set this policy setting to Disabled to prevent user confusion when you're just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. If this setting isn't configured, the entry for DirectAccess connectivity appears. @@ -384,7 +384,7 @@ If this setting isn't configured, the entry for DirectAccess connectivity appear -ADMX Info: +ADMX Info: - GP Friendly name: *User Interface* - GP name: *ShowUI* - GP path: *Network\DirectAccess Client Experience Settings* @@ -395,7 +395,7 @@ ADMX Info:
            -**ADMX_nca/SupportEmail** +**ADMX_nca/SupportEmail** @@ -421,7 +421,7 @@ ADMX Info: -This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. +This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. When the user sends the log files to the Administrator, NCA uses the default e-mail client to open a new message with the support email address in the To: field of the message, then attaches the generated log files as a .html file. The user can review the message and add additional information before sending the message. @@ -429,7 +429,7 @@ When the user sends the log files to the Administrator, NCA uses the default e-m -ADMX Info: +ADMX Info: - GP Friendly name: *Support Email Address* - GP name: *SupportEmail* - GP path: *Network\DirectAccess Client Experience Settings* diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md index ddb9baa7e7..0702a77423 100644 --- a/windows/client-management/mdm/policy-csp-admx-ncsi.md +++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/14/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_NCSI >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_NCSI policies +## ADMX_NCSI policies
            @@ -54,7 +54,7 @@ manager: aaroncz
            -**ADMX_NCSI/NCSI_CorpDnsProbeContent** +**ADMX_NCSI/NCSI_CorpDnsProbeContent** @@ -85,7 +85,7 @@ This policy setting enables you to specify the expected address of the host name -ADMX Info: +ADMX Info: - GP Friendly name: *Specify corporate DNS probe host address* - GP name: *NCSI_CorpDnsProbeContent* - GP path: *Network\Network Connectivity Status Indicator* @@ -96,7 +96,7 @@ ADMX Info:
            -**ADMX_NCSI/NCSI_CorpDnsProbeHost** +**ADMX_NCSI/NCSI_CorpDnsProbeHost** @@ -128,7 +128,7 @@ This policy setting enables you to specify the host name of a computer known to -ADMX Info: +ADMX Info: - GP Friendly name: *Specify corporate DNS probe host name* - GP name: *NCSI_CorpDnsProbeHost* - GP path: *Network\Network Connectivity Status Indicator* @@ -139,7 +139,7 @@ ADMX Info:
            -**ADMX_NCSI/NCSI_CorpSitePrefixes** +**ADMX_NCSI/NCSI_CorpSitePrefixes** @@ -171,7 +171,7 @@ This policy setting enables you to specify the list of IPv6 corporate site prefi -ADMX Info: +ADMX Info: - GP Friendly name: *Specify corporate site prefix list* - GP name: *NCSI_CorpSitePrefixes* - GP path: *Network\Network Connectivity Status Indicator* @@ -182,7 +182,7 @@ ADMX Info:
            -**ADMX_NCSI/NCSI_CorpWebProbeUrl** +**ADMX_NCSI/NCSI_CorpWebProbeUrl** @@ -214,7 +214,7 @@ This policy setting enables you to specify the URL of the corporate website, aga -ADMX Info: +ADMX Info: - GP Friendly name: *Specify corporate Website probe URL* - GP name: *NCSI_CorpWebProbeUrl* - GP path: *Network\Network Connectivity Status Indicator* @@ -228,7 +228,7 @@ ADMX Info:
            -**ADMX_NCSI/NCSI_DomainLocationDeterminationUrl** +**ADMX_NCSI/NCSI_DomainLocationDeterminationUrl** @@ -260,7 +260,7 @@ This policy setting enables you to specify the HTTPS URL of the corporate websit -ADMX Info: +ADMX Info: - GP Friendly name: *Specify domain location determination URL* - GP name: *NCSI_DomainLocationDeterminationUrl* - GP path: *Network\Network Connectivity Status Indicator* @@ -271,7 +271,7 @@ ADMX Info:
            -**ADMX_NCSI/NCSI_GlobalDns** +**ADMX_NCSI/NCSI_GlobalDns** @@ -303,7 +303,7 @@ This policy setting enables you to specify DNS binding behavior. NCSI by default -ADMX Info: +ADMX Info: - GP Friendly name: *Specify global DNS* - GP name: *NCSI_GlobalDns* - GP path: *Network\Network Connectivity Status Indicator* @@ -314,7 +314,7 @@ ADMX Info:
            -**ADMX_NCSI/NCSI_PassivePolling** +**ADMX_NCSI/NCSI_PassivePolling** @@ -346,7 +346,7 @@ This Policy setting enables you to specify passive polling behavior. NCSI polls -ADMX Info: +ADMX Info: - GP Friendly name: *Specify passive polling* - GP name: *NCSI_PassivePolling* - GP path: *Network\Network Connectivity Status Indicator* diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 119133aa16..476acdccaf 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/15/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Netlogon >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Netlogon policies +## ADMX_Netlogon policies
            @@ -138,7 +138,7 @@ manager: aaroncz
            -**ADMX_Netlogon/Netlogon_AddressLookupOnPingBehavior** +**ADMX_Netlogon/Netlogon_AddressLookupOnPingBehavior** @@ -182,7 +182,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs -ADMX Info: +ADMX Info: - GP Friendly name: *Specify address lookup behavior for DC locator ping* - GP name: *Netlogon_AddressLookupOnPingBehavior* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -193,7 +193,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_AddressTypeReturned** +**ADMX_Netlogon/Netlogon_AddressTypeReturned** @@ -232,7 +232,7 @@ If you don't configure this policy setting, DC Locator APIs can return IPv4/IPv6 -ADMX Info: +ADMX Info: - GP Friendly name: *Return domain controller address type* - GP name: *Netlogon_AddressTypeReturned* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -245,7 +245,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_AllowDnsSuffixSearch** +**ADMX_Netlogon/Netlogon_AllowDnsSuffixSearch** @@ -283,7 +283,7 @@ If you disable this policy setting, when the `AllowSingleLabelDnsDomain` policy -ADMX Info: +ADMX Info: - GP Friendly name: *Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.* - GP name: *Netlogon_AllowDnsSuffixSearch* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -296,7 +296,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_AllowNT4Crypto** +**ADMX_Netlogon/Netlogon_AllowNT4Crypto** @@ -325,10 +325,10 @@ ADMX Info: This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier aren't as secure as newer algorithms used in Windows 2000 or later, including this version of Windows. By default, Net Logon won't allow the older cryptography algorithms to be used and won't include them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 won't be able to establish a connection to this domain controller. - + If you enable this policy setting, Net Logon will allow the negotiation and use of older cryptography algorithms compatible with Windows NT 4.0. However, using the older algorithms represents a potential security risk. -If you disable this policy setting, Net Logon won't allow the negotiation and use of older cryptography algorithms. +If you disable this policy setting, Net Logon won't allow the negotiation and use of older cryptography algorithms. If you don't configure this policy setting, Net Logon won't allow the negotiation and use of older cryptography algorithms. @@ -336,7 +336,7 @@ If you don't configure this policy setting, Net Logon won't allow the negotiatio -ADMX Info: +ADMX Info: - GP Friendly name: *Allow cryptography algorithms compatible with Windows NT 4.0* - GP name: *Netlogon_AllowNT4Crypto* - GP path: *System\Net Logon* @@ -349,7 +349,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_AllowSingleLabelDnsDomain** +**ADMX_Netlogon/Netlogon_AllowSingleLabelDnsDomain** @@ -389,7 +389,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a -ADMX Info: +ADMX Info: - GP Friendly name: *Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC* - GP name: *Netlogon_AllowSingleLabelDnsDomain* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -402,7 +402,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_AutoSiteCoverage** +**ADMX_Netlogon/Netlogon_AutoSiteCoverage** @@ -440,7 +440,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs -ADMX Info: +ADMX Info: - GP Friendly name: *Use automated site coverage by the DC Locator DNS SRV Records* - GP name: *Netlogon_AutoSiteCoverage* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -453,7 +453,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_AvoidFallbackNetbiosDiscovery** +**ADMX_Netlogon/Netlogon_AvoidFallbackNetbiosDiscovery** @@ -494,7 +494,7 @@ If you disable this policy setting, the DC location algorithm can use NetBIOS-ba -ADMX Info: +ADMX Info: - GP Friendly name: *Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails* - GP name: *Netlogon_AvoidFallbackNetbiosDiscovery* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -507,7 +507,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_AvoidPdcOnWan** +**ADMX_Netlogon/Netlogon_AvoidPdcOnWan** @@ -539,7 +539,7 @@ Contacting the PDC emulator is useful in case the client’s password was recent If you enable this policy setting, the DCs to which this policy setting applies will attempt to verify a password with the PDC emulator if the DC fails to validate the password. -If you disable this policy setting, the DCs won't attempt to verify any passwords with the PDC emulator. +If you disable this policy setting, the DCs won't attempt to verify any passwords with the PDC emulator. If you don't configure this policy setting, it isn't applied to any DCs. @@ -547,7 +547,7 @@ If you don't configure this policy setting, it isn't applied to any DCs. -ADMX Info: +ADMX Info: - GP Friendly name: *Contact PDC on logon failure* - GP name: *Netlogon_AvoidPdcOnWan* - GP path: *System\Net Logon* @@ -560,7 +560,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_BackgroundRetryInitialPeriod** +**ADMX_Netlogon/Netlogon_BackgroundRetryInitialPeriod** @@ -588,7 +588,7 @@ ADMX Info: This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC. -The default value for this setting is 10 minutes (10*60). +The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0. @@ -603,7 +603,7 @@ If the value of this setting is less than the value specified in the NegativeCac -ADMX Info: +ADMX Info: - GP Friendly name: *Use initial DC discovery retry setting for background callers* - GP name: *Netlogon_BackgroundRetryInitialPeriod* - GP path: *System\Net Logon* @@ -616,7 +616,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_BackgroundRetryMaximumPeriod** +**ADMX_Netlogon/Netlogon_BackgroundRetryMaximumPeriod** @@ -661,7 +661,7 @@ If the value for this setting is too small and the DC isn't available, the frequ -ADMX Info: +ADMX Info: - GP Friendly name: *Use maximum DC discovery retry interval setting for background callers* - GP name: *Netlogon_BackgroundRetryMaximumPeriod* - GP path: *System\Net Logon* @@ -674,7 +674,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_BackgroundRetryQuitTime** +**ADMX_Netlogon/Netlogon_BackgroundRetryQuitTime** @@ -711,7 +711,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu -ADMX Info: +ADMX Info: - GP Friendly name: *Use final DC discovery retry setting for background callers* - GP name: *Netlogon_BackgroundRetryQuitTime* - GP path: *System\Net Logon* @@ -724,7 +724,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_BackgroundSuccessfulRefreshPeriod** +**ADMX_Netlogon/Netlogon_BackgroundSuccessfulRefreshPeriod** @@ -756,7 +756,7 @@ This policy setting determines when a successful DC cache entry is refreshed. Th -ADMX Info: +ADMX Info: - GP Friendly name: *Use positive periodic DC cache refresh for background callers* - GP name: *Netlogon_BackgroundSuccessfulRefreshPeriod* - GP path: *System\Net Logon* @@ -769,7 +769,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_DebugFlag** +**ADMX_Netlogon/Netlogon_DebugFlag** @@ -809,7 +809,7 @@ If you disable this policy setting or don't configure it, the default behavior o -ADMX Info: +ADMX Info: - GP Friendly name: *Specify log file debug output level* - GP name: *Netlogon_DebugFlag* - GP path: *System\Net Logon* @@ -822,7 +822,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_DnsAvoidRegisterRecords** +**ADMX_Netlogon/Netlogon_DnsAvoidRegisterRecords** @@ -876,7 +876,7 @@ Select the mnemonics from the following table: |GenericGcAtSite|SRV|_gc._tcp.``._sites.``| |Rfc1510UdpKdc|SRV|_kerberos._udp.``| |Rfc1510Kpwd|SRV|_kpasswd._tcp.``| -|Rfc1510UdpKpwd|SRV|_kpasswd._udp.``| +|Rfc1510UdpKpwd|SRV|_kpasswd._udp.``| If you disable this policy setting, DCs configured to perform dynamic registration of DC Locator DNS records register all DC Locator DNS resource records. @@ -886,7 +886,7 @@ If you don't configure this policy setting, DCs use their local configuration. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify DC Locator DNS records not registered by the DCs* - GP name: *Netlogon_DnsAvoidRegisterRecords* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -899,7 +899,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_DnsRefreshInterval** +**ADMX_Netlogon/Netlogon_DnsRefreshInterval** @@ -940,7 +940,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs -ADMX Info: +ADMX Info: - GP Friendly name: *Specify Refresh Interval of the DC Locator DNS records* - GP name: *Netlogon_DnsRefreshInterval* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -953,7 +953,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_DnsSrvRecordUseLowerCaseHostNames** +**ADMX_Netlogon/Netlogon_DnsSrvRecordUseLowerCaseHostNames** @@ -994,7 +994,7 @@ A reboot isn't required for changes to this setting to take effect. -ADMX Info: +ADMX Info: - GP Friendly name: *Use lowercase DNS host names when registering domain controller SRV records* - GP name: *Netlogon_DnsSrvRecordUseLowerCaseHostNames* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -1007,7 +1007,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_DnsTtl** +**ADMX_Netlogon/Netlogon_DnsTtl** @@ -1042,7 +1042,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs -ADMX Info: +ADMX Info: - GP Friendly name: *Set TTL in the DC Locator DNS Records* - GP name: *Netlogon_DnsTtl* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -1055,7 +1055,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_ExpectedDialupDelay** +**ADMX_Netlogon/Netlogon_ExpectedDialupDelay** @@ -1091,7 +1091,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a -ADMX Info: +ADMX Info: - GP Friendly name: *Specify expected dial-up delay on logon* - GP name: *Netlogon_ExpectedDialupDelay* - GP path: *System\Net Logon* @@ -1104,7 +1104,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_ForceRediscoveryInterval** +**ADMX_Netlogon/Netlogon_ForceRediscoveryInterval** @@ -1144,7 +1144,7 @@ If you don't configure this policy setting, Force Rediscovery will be used by de -ADMX Info: +ADMX Info: - GP Friendly name: *Force Rediscovery Interval* - GP name: *Netlogon_ForceRediscoveryInterval* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -1157,7 +1157,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_GcSiteCoverage** +**ADMX_Netlogon/Netlogon_GcSiteCoverage** @@ -1183,7 +1183,7 @@ ADMX Info: -This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. The records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. +This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. The records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they're used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory. @@ -1195,7 +1195,7 @@ If you don't configure this policy setting, it isn't applied to any GCs, and GCs -ADMX Info: +ADMX Info: - GP Friendly name: *Specify sites covered by the GC Locator DNS SRV Records* - GP name: *Netlogon_GcSiteCoverage* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -1208,7 +1208,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_IgnoreIncomingMailslotMessages** +**ADMX_Netlogon/Netlogon_IgnoreIncomingMailslotMessages** @@ -1249,7 +1249,7 @@ If you disable or don't configure this policy setting, this DC processes incomin -ADMX Info: +ADMX Info: - GP Friendly name: *Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names* - GP name: *Netlogon_IgnoreIncomingMailslotMessages* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -1262,7 +1262,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_LdapSrvPriority** +**ADMX_Netlogon/Netlogon_LdapSrvPriority** @@ -1300,7 +1300,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs -ADMX Info: +ADMX Info: - GP Friendly name: *Set Priority in the DC Locator DNS SRV records* - GP name: *Netlogon_LdapSrvPriority* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -1313,7 +1313,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_LdapSrvWeight** +**ADMX_Netlogon/Netlogon_LdapSrvWeight** @@ -1351,7 +1351,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs -ADMX Info: +ADMX Info: - GP Friendly name: *Set Weight in the DC Locator DNS SRV records* - GP name: *Netlogon_LdapSrvWeight* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -1364,7 +1364,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_MaximumLogFileSize** +**ADMX_Netlogon/Netlogon_MaximumLogFileSize** @@ -1400,7 +1400,7 @@ If you disable or don't configure this policy setting, the default behavior occu -ADMX Info: +ADMX Info: - GP Friendly name: *Specify maximum log file size* - GP name: *Netlogon_MaximumLogFileSize* - GP path: *System\Net Logon* @@ -1413,7 +1413,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_NdncSiteCoverage** +**ADMX_Netlogon/Netlogon_NdncSiteCoverage** @@ -1439,7 +1439,7 @@ ADMX Info: -This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. +This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. The application directory partition DC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they're used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. @@ -1451,7 +1451,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs -ADMX Info: +ADMX Info: - GP Friendly name: *Specify sites covered by the application directory partition DC Locator DNS SRV records* - GP name: *Netlogon_NdncSiteCoverage* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -1464,7 +1464,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_NegativeCachePeriod** +**ADMX_Netlogon/Netlogon_NegativeCachePeriod** @@ -1501,7 +1501,7 @@ The default value for this setting is 45 seconds. The maximum value for this set -ADMX Info: +ADMX Info: - GP Friendly name: *Specify negative DC Discovery cache setting* - GP name: *Netlogon_NegativeCachePeriod* - GP path: *System\Net Logon* @@ -1514,7 +1514,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_NetlogonShareCompatibilityMode** +**ADMX_Netlogon/Netlogon_NetlogonShareCompatibilityMode** @@ -1557,7 +1557,7 @@ If you enable this policy setting, domain administrators should ensure that the -ADMX Info: +ADMX Info: - GP Friendly name: *Set Netlogon share compatibility* - GP name: *Netlogon_NetlogonShareCompatibilityMode* - GP path: *System\Net Logon* @@ -1570,7 +1570,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_NonBackgroundSuccessfulRefreshPeriod** +**ADMX_Netlogon/Netlogon_NonBackgroundSuccessfulRefreshPeriod** @@ -1604,7 +1604,7 @@ The default value for this setting is 30 minutes (1800). The maximum value for t -ADMX Info: +ADMX Info: - GP Friendly name: *Specify positive periodic DC Cache refresh for non-background callers* - GP name: *Netlogon_NonBackgroundSuccessfulRefreshPeriod* - GP path: *System\Net Logon* @@ -1617,7 +1617,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_PingUrgencyMode** +**ADMX_Netlogon/Netlogon_PingUrgencyMode** @@ -1660,7 +1660,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a -ADMX Info: +ADMX Info: - GP Friendly name: *Use urgent mode when pinging domain controllers* - GP name: *Netlogon_PingUrgencyMode* - GP path: *System\Net Logon* @@ -1673,7 +1673,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_ScavengeInterval** +**ADMX_Netlogon/Netlogon_ScavengeInterval** @@ -1715,7 +1715,7 @@ To enable the setting, click Enabled, and then specify the interval in seconds. -ADMX Info: +ADMX Info: - GP Friendly name: *Set scavenge interval* - GP name: *Netlogon_ScavengeInterval* - GP path: *System\Net Logon* @@ -1728,7 +1728,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_SiteCoverage** +**ADMX_Netlogon/Netlogon_SiteCoverage** @@ -1754,7 +1754,7 @@ ADMX Info: -This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. +This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. The DC Locator DNS records are dynamically registered by the Net Logon service, and they're used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. @@ -1766,7 +1766,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs -ADMX Info: +ADMX Info: - GP Friendly name: *Specify sites covered by the DC Locator DNS SRV records* - GP name: *Netlogon_SiteCoverage* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -1779,7 +1779,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_SiteName** +**ADMX_Netlogon/Netlogon_SiteName** @@ -1817,7 +1817,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a -ADMX Info: +ADMX Info: - GP Friendly name: *Specify site name* - GP name: *Netlogon_SiteName* - GP path: *System\Net Logon* @@ -1830,7 +1830,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode** +**ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode** @@ -1873,7 +1873,7 @@ If you enable this policy setting, domain administrators should ensure that the -ADMX Info: +ADMX Info: - GP Friendly name: *Set SYSVOL share compatibility* - GP name: *Netlogon_SysvolShareCompatibilityMode* - GP path: *System\Net Logon* @@ -1886,7 +1886,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_TryNextClosestSite** +**ADMX_Netlogon/Netlogon_TryNextClosestSite** @@ -1914,7 +1914,7 @@ ADMX Info: This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site isn't found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively. -The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none is found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost. +The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none is found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost. If you enable this policy setting, Try Next Closest Site DC Location will be turned on for the computer. @@ -1926,7 +1926,7 @@ If you don't configure this policy setting, Try Next Closest Site DC Location wo -ADMX Info: +ADMX Info: - GP Friendly name: *Try Next Closest Site* - GP name: *Netlogon_TryNextClosestSite* - GP path: *System\Net Logon\DC Locator DNS Records* @@ -1939,7 +1939,7 @@ ADMX Info:
            -**ADMX_Netlogon/Netlogon_UseDynamicDns** +**ADMX_Netlogon/Netlogon_UseDynamicDns** @@ -1977,7 +1977,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs -ADMX Info: +ADMX Info: - GP Friendly name: *Specify dynamic registration of the DC Locator DNS Records* - GP name: *Netlogon_UseDynamicDns* - GP path: *System\Net Logon\DC Locator DNS Records* diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md index 178901d5b6..036ada6705 100644 --- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md +++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/21/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_NetworkConnections >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_NetworkConnections policies +## ADMX_NetworkConnections policies
            @@ -114,7 +114,7 @@ manager: aaroncz
            -**ADMX_NetworkConnections/NC_AddRemoveComponents** +**ADMX_NetworkConnections/NC_AddRemoveComponents** @@ -161,7 +161,7 @@ The Install and Uninstall buttons appear in the properties dialog box for connec -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit adding and removing components for a LAN or remote access connection* - GP name: *NC_AddRemoveComponents* - GP path: *Network\Network Connections* @@ -172,7 +172,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_AdvancedSettings** +**ADMX_NetworkConnections/NC_AdvancedSettings** @@ -215,7 +215,7 @@ If you disable this setting or don't configure it, the Advanced Settings item is -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit access to the Advanced Settings item on the Advanced menu* - GP name: *NC_AdvancedSettings* - GP path: *Network\Network Connections* @@ -226,7 +226,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig** +**ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig** @@ -274,7 +274,7 @@ Changing this setting from Enabled to Not Configured doesn't enable the Advanced -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit TCP/IP advanced configuration* - GP name: *NC_AllowAdvancedTCPIPConfig* - GP path: *Network\Network Connections* @@ -285,7 +285,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_ChangeBindState** +**ADMX_NetworkConnections/NC_ChangeBindState** @@ -328,7 +328,7 @@ If you disable this setting or don't configure it, the Properties dialog box for -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit Enabling/Disabling components of a LAN connection* - GP name: *NC_ChangeBindState* - GP path: *Network\Network Connections* @@ -339,7 +339,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_DeleteAllUserConnection** +**ADMX_NetworkConnections/NC_DeleteAllUserConnection** @@ -381,14 +381,14 @@ When enabled, the "Prohibit deletion of remote access connections" setting takes > [!NOTE] > LAN connections are created and deleted automatically by the system when a LAN adapter is installed or removed. You can't use the Network Connections folder to create or delete a LAN connection. -> +> > This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Ability to delete all user remote access connections* - GP name: *NC_DeleteAllUserConnection* - GP path: *Network\Network Connections* @@ -399,7 +399,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_DeleteConnection** +**ADMX_NetworkConnections/NC_DeleteConnection** @@ -439,14 +439,14 @@ When enabled, this setting takes precedence over the "Ability to delete all user > LAN connections are created and deleted automatically when a LAN adapter is installed or removed. You can't use the Network Connections folder to create or delete a LAN connection. > > This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting. -> +> > This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit deletion of remote access connections* - GP name: *NC_DeleteConnection* - GP path: *Network\Network Connections* @@ -457,7 +457,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_DialupPrefs** +**ADMX_NetworkConnections/NC_DialupPrefs** @@ -497,7 +497,7 @@ If you disable this setting or don't configure it, the Remote Access Preferences -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit access to the Remote Access Preferences item on the Advanced menu* - GP name: *NC_DialupPrefs* - GP path: *Network\Network Connections* @@ -508,7 +508,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon** +**ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon** @@ -544,7 +544,7 @@ If you disable this setting or don't configure it, the "local access only" icon -ADMX Info: +ADMX Info: - GP Friendly name: *Do not show the "local access only" network icon* - GP name: *NC_DoNotShowLocalOnlyIcon* - GP path: *Network\Network Connections* @@ -555,7 +555,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_EnableAdminProhibits** +**ADMX_NetworkConnections/NC_EnableAdminProhibits** @@ -597,7 +597,7 @@ If you disable this setting or don't configure it, Windows settings that existed -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Windows 2000 Network Connections settings for Administrators* - GP name: *NC_EnableAdminProhibits* - GP path: *Network\Network Connections* @@ -608,7 +608,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_ForceTunneling** +**ADMX_NetworkConnections/NC_ForceTunneling** @@ -648,7 +648,7 @@ If you don't configure this policy setting, traffic between remote client comput -ADMX Info: +ADMX Info: - GP Friendly name: *Route all traffic through the internal network* - GP name: *NC_ForceTunneling* - GP path: *Network\Network Connections* @@ -659,7 +659,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_IpStateChecking** +**ADMX_NetworkConnections/NC_IpStateChecking** @@ -695,7 +695,7 @@ If you disable or don't configure this policy setting, a DHCP-configured connect -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off notifications when a connection has only limited or no connectivity* - GP name: *NC_IpStateChecking* - GP path: *Network\Network Connections* @@ -706,7 +706,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_LanChangeProperties** +**ADMX_NetworkConnections/NC_LanChangeProperties** @@ -757,7 +757,7 @@ The Local Area Connection Properties dialog box includes a list of the network c -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit access to properties of components of a LAN connection* - GP name: *NC_LanChangeProperties* - GP path: *Network\Network Connections* @@ -768,7 +768,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_LanConnect** +**ADMX_NetworkConnections/NC_LanConnect** @@ -811,7 +811,7 @@ If you don't configure this setting, only Administrators and Network Configurati -ADMX Info: +ADMX Info: - GP Friendly name: *Ability to Enable/Disable a LAN connection* - GP name: *NC_LanConnect* - GP path: *Network\Network Connections* @@ -822,7 +822,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_LanProperties** +**ADMX_NetworkConnections/NC_LanProperties** @@ -867,7 +867,7 @@ If you disable this setting or don't configure it, a Properties menu item appear -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit access to properties of a LAN connection* - GP name: *NC_LanProperties* - GP path: *Network\Network Connections* @@ -878,7 +878,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_NewConnectionWizard** +**ADMX_NetworkConnections/NC_NewConnectionWizard** @@ -921,7 +921,7 @@ If you disable this setting or don't configure it, the Make New Connection icon -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit access to the New Connection Wizard* - GP name: *NC_NewConnectionWizard* - GP path: *Network\Network Connections* @@ -932,7 +932,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_PersonalFirewallConfig** +**ADMX_NetworkConnections/NC_PersonalFirewallConfig** @@ -977,7 +977,7 @@ If you disable this setting or don't configure it, the Internet Connection Firew -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit use of Internet Connection Firewall on your DNS domain network* - GP name: *NC_PersonalFirewallConfig* - GP path: *Network\Network Connections* @@ -988,7 +988,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_RasAllUserProperties** +**ADMX_NetworkConnections/NC_RasAllUserProperties** @@ -1030,14 +1030,14 @@ If you don't configure this setting, only Administrators and Network Configurati > [!NOTE] > This setting takes precedence over settings that manipulate the availability of features inside the Remote Access Connection Properties dialog box. If this setting is disabled, nothing within the properties dialog box for a remote access connection will be available to users. -> +> > This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Ability to change properties of an all user remote access connection* - GP name: *NC_RasAllUserProperties* - GP path: *Network\Network Connections* @@ -1048,7 +1048,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_RasChangeProperties** +**ADMX_NetworkConnections/NC_RasChangeProperties** @@ -1097,7 +1097,7 @@ The Networking tab of the Remote Access Connection Properties dialog box include -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit access to properties of components of a remote access connection* - GP name: *NC_RasChangeProperties* - GP path: *Network\Network Connections* @@ -1108,7 +1108,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_RasConnect** +**ADMX_NetworkConnections/NC_RasConnect** @@ -1146,7 +1146,7 @@ If you disable this setting or don't configure it, the Connect and Disconnect op -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit connecting and disconnecting a remote access connection* - GP name: *NC_RasConnect* - GP path: *Network\Network Connections* @@ -1157,7 +1157,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_RasMyProperties** +**ADMX_NetworkConnections/NC_RasMyProperties** @@ -1204,7 +1204,7 @@ If you disable this setting or don't configure it, a Properties menu item appear -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit changing properties of a private remote access connection* - GP name: *NC_RasMyProperties* - GP path: *Network\Network Connections* @@ -1215,7 +1215,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_RenameAllUserRasConnection** +**ADMX_NetworkConnections/NC_RenameAllUserRasConnection** @@ -1262,7 +1262,7 @@ This setting doesn't prevent users from using other programs, such as Internet E -ADMX Info: +ADMX Info: - GP Friendly name: *Ability to rename all user remote access connections* - GP name: *NC_RenameAllUserRasConnection* - GP path: *Network\Network Connections* @@ -1273,7 +1273,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_RenameConnection** +**ADMX_NetworkConnections/NC_RenameConnection** @@ -1318,7 +1318,7 @@ If this setting isn't configured, only Administrators and Network Configuration -ADMX Info: +ADMX Info: - GP Friendly name: *Ability to rename LAN connections or remote access connections available to all users* - GP name: *NC_RenameConnection* - GP path: *Network\Network Connections* @@ -1329,7 +1329,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_RenameLanConnection** +**ADMX_NetworkConnections/NC_RenameLanConnection** @@ -1372,7 +1372,7 @@ When the "Ability to rename LAN connections or remote access connections availab -ADMX Info: +ADMX Info: - GP Friendly name: *Ability to rename LAN connections* - GP name: *NC_RenameLanConnection* - GP path: *Network\Network Connections* @@ -1383,7 +1383,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_RenameMyRasConnection** +**ADMX_NetworkConnections/NC_RenameMyRasConnection** @@ -1426,7 +1426,7 @@ If you disable this setting or don't configure it, the Rename option is enabled -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit renaming private remote access connections* - GP name: *NC_RenameMyRasConnection* - GP path: *Network\Network Connections* @@ -1437,7 +1437,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_ShowSharedAccessUI** +**ADMX_NetworkConnections/NC_ShowSharedAccessUI** @@ -1469,7 +1469,7 @@ ICS lets administrators configure their system as an Internet gateway for a smal If you enable this setting, ICS can't be enabled or configured by administrators, and the ICS service can't run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled. -If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. +If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When administrators are running the New Connection Wizard or Network Setup Wizard, they can choose to enable ICS. @@ -1486,7 +1486,7 @@ Disabling this setting doesn't prevent Wireless Hosted Networking from using the -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit use of Internet Connection Sharing on your DNS domain network* - GP name: *NC_ShowSharedAccessUI* - GP path: *Network\Network Connections* @@ -1497,7 +1497,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_Statistics** +**ADMX_NetworkConnections/NC_Statistics** @@ -1537,7 +1537,7 @@ If you disable this setting or don't configure it, the connection status taskbar -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit viewing of status for an active connection* - GP name: *NC_Statistics* - GP path: *Network\Network Connections* @@ -1548,7 +1548,7 @@ ADMX Info:
            -**ADMX_NetworkConnections/NC_StdDomainUserSetLocation** +**ADMX_NetworkConnections/NC_StdDomainUserSetLocation** @@ -1584,7 +1584,7 @@ If you disable or don't configure this policy setting, domain users can set a ne -ADMX Info: +ADMX Info: - GP Friendly name: *Require domain users to elevate when setting a network's location* - GP name: *NC_StdDomainUserSetLocation* - GP path: *Network\Network Connections* diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index efc0936d36..7f67e4fe84 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/21/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_OfflineFiles >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_OfflineFiles policies +## ADMX_OfflineFiles policies
            @@ -171,7 +171,7 @@ manager: aaroncz
            -**ADMX_OfflineFiles/Pol_AlwaysPinSubFolders** +**ADMX_OfflineFiles/Pol_AlwaysPinSubFolders** @@ -209,7 +209,7 @@ If you disable this setting or don't configure it, the system asks users whether -ADMX Info: +ADMX Info: - GP Friendly name: *Subfolders always available offline* - GP name: *Pol_AlwaysPinSubFolders* - GP path: *Network\Offline Files* @@ -220,7 +220,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_AssignedOfflineFiles_1** +**ADMX_OfflineFiles/Pol_AssignedOfflineFiles_1** @@ -261,7 +261,7 @@ If you don't configure this policy setting, no files or folders are made availab -ADMX Info: +ADMX Info: - GP Friendly name: *Specify administratively assigned Offline Files* - GP name: *Pol_AssignedOfflineFiles_1* - GP path: *Network\Offline Files* @@ -272,7 +272,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_AssignedOfflineFiles_2** +**ADMX_OfflineFiles/Pol_AssignedOfflineFiles_2** @@ -313,7 +313,7 @@ If you don't configure this policy setting, no files or folders are made availab -ADMX Info: +ADMX Info: - GP Friendly name: *Specify administratively assigned Offline Files* - GP name: *Pol_AssignedOfflineFiles_2* - GP path: *Network\Offline Files* @@ -324,7 +324,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_BackgroundSyncSettings** +**ADMX_OfflineFiles/Pol_BackgroundSyncSettings** @@ -362,7 +362,7 @@ If you disable or don't configure this policy setting, Windows performs a backgr -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Background Sync* - GP name: *Pol_BackgroundSyncSettings* - GP path: *Network\Offline Files* @@ -373,7 +373,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_CacheSize** +**ADMX_OfflineFiles/Pol_CacheSize** @@ -421,7 +421,7 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s -ADMX Info: +ADMX Info: - GP Friendly name: *Limit disk space used by Offline Files* - GP name: *Pol_CacheSize* - GP path: *Network\Offline Files* @@ -432,7 +432,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_CustomGoOfflineActions_1** +**ADMX_OfflineFiles/Pol_CustomGoOfflineActions_1** @@ -482,7 +482,7 @@ Also, see the "Non-default server disconnect actions" setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Action on server disconnect* - GP name: *Pol_CustomGoOfflineActions_1* - GP path: *Network\Offline Files* @@ -493,7 +493,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_CustomGoOfflineActions_2** +**ADMX_OfflineFiles/Pol_CustomGoOfflineActions_2** @@ -525,7 +525,7 @@ This setting also disables the "When a network connection is lost" option on the If you enable this setting, you can use the "Action" box to specify how computers in the group respond. -- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible. +- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible. - "Never go offline" indicates that network files aren't available while the server is inaccessible. If you disable this setting or select the "Work offline" option, users can work offline if disconnected. @@ -543,7 +543,7 @@ Also, see the "Non-default server disconnect actions" setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Action on server disconnect* - GP name: *Pol_CustomGoOfflineActions_2* - GP path: *Network\Offline Files* @@ -554,7 +554,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_DefCacheSize** +**ADMX_OfflineFiles/Pol_DefCacheSize** @@ -601,7 +601,7 @@ If you don't configure this setting, disk space for automatically cached files i -ADMX Info: +ADMX Info: - GP Friendly name: *Default cache size* - GP name: *Pol_DefCacheSize* - GP path: *Network\Offline Files* @@ -612,7 +612,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_Enabled** +**ADMX_OfflineFiles/Pol_Enabled** @@ -653,7 +653,7 @@ If you don't configure this policy setting, Offline Files is enabled on Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Allow or Disallow use of the Offline Files feature* - GP name: *Pol_Enabled* - GP path: *Network\Offline Files* @@ -664,7 +664,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_EncryptOfflineFiles** +**ADMX_OfflineFiles/Pol_EncryptOfflineFiles** @@ -708,7 +708,7 @@ This setting is applied at user sign-in. If this setting is changed after user s -ADMX Info: +ADMX Info: - GP Friendly name: *Encrypt the Offline Files cache* - GP name: *Pol_EncryptOfflineFiles* - GP path: *Network\Offline Files* @@ -719,7 +719,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_EventLoggingLevel_1** +**ADMX_OfflineFiles/Pol_EventLoggingLevel_1** @@ -766,7 +766,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the -ADMX Info: +ADMX Info: - GP Friendly name: *Event logging level* - GP name: *Pol_EventLoggingLevel_1* - GP path: *Network\Offline Files* @@ -777,7 +777,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_EventLoggingLevel_2** +**ADMX_OfflineFiles/Pol_EventLoggingLevel_2** @@ -809,7 +809,7 @@ Offline Files records events in the Application login Event Viewer when it detec To use this setting, in the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels. -- "0" records an error when the offline storage cache is corrupted. +- "0" records an error when the offline storage cache is corrupted. - "1" also records an event when the server hosting the offline file is disconnected from the network. - "2" also records events when the local computer is connected and disconnected from the network. - "3" also records an event when the server hosting the offline file is reconnected to the network. @@ -821,7 +821,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the -ADMX Info: +ADMX Info: - GP Friendly name: *Event logging level* - GP name: *Pol_EventLoggingLevel_2* - GP path: *Network\Offline Files* @@ -832,7 +832,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_ExclusionListSettings** +**ADMX_OfflineFiles/Pol_ExclusionListSettings** @@ -868,7 +868,7 @@ If you disable or don't configure this policy setting, a user can create a file -ADMX Info: +ADMX Info: - GP Friendly name: *Enable file screens* - GP name: *Pol_ExclusionListSettings* - GP path: *Network\Offline Files* @@ -879,7 +879,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_ExtExclusionList** +**ADMX_OfflineFiles/Pol_ExtExclusionList** @@ -920,7 +920,7 @@ To use this setting, type the file name extension in the "Extensions" box. To ty -ADMX Info: +ADMX Info: - GP Friendly name: *Files not cached* - GP name: *Pol_ExtExclusionList* - GP path: *Network\Offline Files* @@ -931,7 +931,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_GoOfflineAction_1** +**ADMX_OfflineFiles/Pol_GoOfflineAction_1** @@ -982,7 +982,7 @@ Also, see the "Non-default server disconnect actions" setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Action on server disconnect* - GP name: *Pol_GoOfflineAction_1* - GP path: *Network\Offline Files* @@ -993,7 +993,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_GoOfflineAction_2** +**ADMX_OfflineFiles/Pol_GoOfflineAction_2** @@ -1044,7 +1044,7 @@ Also, see the "Non-default server disconnect actions" setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Action on server disconnect* - GP name: *Pol_GoOfflineAction_2* - GP path: *Network\Offline Files* @@ -1055,7 +1055,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_NoCacheViewer_1** +**ADMX_OfflineFiles/Pol_NoCacheViewer_1** @@ -1096,7 +1096,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent use of Offline Files folder* - GP name: *Pol_NoCacheViewer_1* - GP path: *Network\Offline Files* @@ -1107,7 +1107,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_NoCacheViewer_2** +**ADMX_OfflineFiles/Pol_NoCacheViewer_2** @@ -1148,7 +1148,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent use of Offline Files folder* - GP name: *Pol_NoCacheViewer_2* - GP path: *Network\Offline Files* @@ -1159,7 +1159,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_NoConfigCache_1** +**ADMX_OfflineFiles/Pol_NoConfigCache_1** @@ -1200,7 +1200,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit user configuration of Offline Files* - GP name: *Pol_NoConfigCache_1* - GP path: *Network\Offline Files* @@ -1211,7 +1211,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_NoConfigCache_2** +**ADMX_OfflineFiles/Pol_NoConfigCache_2** @@ -1252,7 +1252,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit user configuration of Offline Files* - GP name: *Pol_NoConfigCache_2* - GP path: *Network\Offline Files* @@ -1263,7 +1263,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_1** +**ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_1** @@ -1303,7 +1303,7 @@ If you disable or don't configure this policy setting, users can manually specif -ADMX Info: +ADMX Info: - GP Friendly name: *Remove "Make Available Offline" command* - GP name: *Pol_NoMakeAvailableOffline_1* - GP path: *Network\Offline Files* @@ -1314,7 +1314,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_2** +**ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_2** @@ -1354,7 +1354,7 @@ If you disable or don't configure this policy setting, users can manually specif -ADMX Info: +ADMX Info: - GP Friendly name: *Remove "Make Available Offline" command* - GP name: *Pol_NoMakeAvailableOffline_2* - GP path: *Network\Offline Files* @@ -1365,7 +1365,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_NoPinFiles_1** +**ADMX_OfflineFiles/Pol_NoPinFiles_1** @@ -1409,7 +1409,7 @@ If you don't configure this policy setting, the "Make Available Offline" command -ADMX Info: +ADMX Info: - GP Friendly name: *Remove "Make Available Offline" for these files and folders* - GP name: *Pol_NoPinFiles_1* - GP path: *Network\Offline Files* @@ -1420,7 +1420,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_NoPinFiles_2** +**ADMX_OfflineFiles/Pol_NoPinFiles_2** @@ -1464,7 +1464,7 @@ If you don't configure this policy setting, the "Make Available Offline" command -ADMX Info: +ADMX Info: - GP Friendly name: *Remove "Make Available Offline" for these files and folders* - GP name: *Pol_NoPinFiles_2* - GP path: *Network\Offline Files* @@ -1475,7 +1475,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_NoReminders_1** +**ADMX_OfflineFiles/Pol_NoReminders_1** @@ -1522,7 +1522,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off reminder balloons* - GP name: *Pol_NoReminders_1* - GP path: *Network\Offline Files* @@ -1533,7 +1533,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_NoReminders_2** +**ADMX_OfflineFiles/Pol_NoReminders_2** @@ -1580,7 +1580,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off reminder balloons* - GP name: *Pol_NoReminders_2* - GP path: *Network\Offline Files* @@ -1591,7 +1591,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_OnlineCachingSettings** +**ADMX_OfflineFiles/Pol_OnlineCachingSettings** @@ -1631,7 +1631,7 @@ If you disable or don't configure this policy setting, remote files won't be tra -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Transparent Caching* - GP name: *Pol_OnlineCachingSettings* - GP path: *Network\Offline Files* @@ -1642,7 +1642,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_AlwaysPinSubFolders** +**ADMX_OfflineFiles/Pol_AlwaysPinSubFolders** @@ -1680,7 +1680,7 @@ If you disable this setting or don't configure it, the system asks users whether -ADMX Info: +ADMX Info: - GP Friendly name: *Subfolders always available offline* - GP name: *Pol_AlwaysPinSubFolders* - GP path: *Network\Offline Files* @@ -1691,7 +1691,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_PurgeAtLogoff** +**ADMX_OfflineFiles/Pol_PurgeAtLogoff** @@ -1730,7 +1730,7 @@ If you disable this setting or don't configure it, automatically and manually ca -ADMX Info: +ADMX Info: - GP Friendly name: *At logoff, delete local copy of user’s offline files* - GP name: *Pol_PurgeAtLogoff* - GP path: *Network\Offline Files* @@ -1741,7 +1741,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_QuickAdimPin** +**ADMX_OfflineFiles/Pol_QuickAdimPin** @@ -1777,7 +1777,7 @@ If you disable this policy setting, all administratively assigned folders are sy -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on economical application of administratively assigned Offline Files* - GP name: *Pol_QuickAdimPin* - GP path: *Network\Offline Files* @@ -1788,7 +1788,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_ReminderFreq_1** +**ADMX_OfflineFiles/Pol_ReminderFreq_1** @@ -1829,7 +1829,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Reminder balloon frequency* - GP name: *Pol_ReminderFreq_1* - GP path: *Network\Offline Files* @@ -1840,7 +1840,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_ReminderFreq_2** +**ADMX_OfflineFiles/Pol_ReminderFreq_2** @@ -1881,7 +1881,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Reminder balloon frequency* - GP name: *Pol_ReminderFreq_2* - GP path: *Network\Offline Files* @@ -1892,7 +1892,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_ReminderInitTimeout_1** +**ADMX_OfflineFiles/Pol_ReminderInitTimeout_1** @@ -1928,7 +1928,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Initial reminder balloon lifetime* - GP name: *Pol_ReminderInitTimeout_1* - GP path: *Network\Offline Files* @@ -1939,7 +1939,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_ReminderInitTimeout_2** +**ADMX_OfflineFiles/Pol_ReminderInitTimeout_2** @@ -1975,7 +1975,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Initial reminder balloon lifetime* - GP name: *Pol_ReminderInitTimeout_2* - GP path: *Network\Offline Files* @@ -1986,7 +1986,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_ReminderTimeout_1** +**ADMX_OfflineFiles/Pol_ReminderTimeout_1** @@ -2022,7 +2022,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Reminder balloon lifetime* - GP name: *Pol_ReminderTimeout_1* - GP path: *Network\Offline Files* @@ -2033,7 +2033,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_ReminderTimeout_2** +**ADMX_OfflineFiles/Pol_ReminderTimeout_2** @@ -2069,7 +2069,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Reminder balloon lifetime* - GP name: *Pol_ReminderTimeout_2* - GP path: *Network\Offline Files* @@ -2080,7 +2080,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_SlowLinkSettings** +**ADMX_OfflineFiles/Pol_SlowLinkSettings** @@ -2126,7 +2126,7 @@ If you disable this policy setting, computers won't use the slow-link mode. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure slow-link mode* - GP name: *Pol_SlowLinkSettings* - GP path: *Network\Offline Files* @@ -2137,7 +2137,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_SlowLinkSpeed** +**ADMX_OfflineFiles/Pol_SlowLinkSpeed** @@ -2177,7 +2177,7 @@ If this setting is disabled or not configured, the default threshold value of 64 -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Slow link speed* - GP name: *Pol_SlowLinkSpeed* - GP path: *Network\Offline Files* @@ -2188,7 +2188,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_SyncAtLogoff_1** +**ADMX_OfflineFiles/Pol_SyncAtLogoff_1** @@ -2233,7 +2233,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Synchronize all offline files before logging off* - GP name: *Pol_SyncAtLogoff_1* - GP path: *Network\Offline Files* @@ -2244,7 +2244,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_SyncAtLogoff_2** +**ADMX_OfflineFiles/Pol_SyncAtLogoff_2** @@ -2289,7 +2289,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Synchronize all offline files before logging off* - GP name: *Pol_SyncAtLogoff_2* - GP path: *Network\Offline Files* @@ -2300,7 +2300,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_SyncAtLogon_1** +**ADMX_OfflineFiles/Pol_SyncAtLogon_1** @@ -2345,7 +2345,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Synchronize all offline files when logging on* - GP name: *Pol_SyncAtLogon_1* - GP path: *Network\Offline Files* @@ -2358,7 +2358,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_SyncAtLogon_2** +**ADMX_OfflineFiles/Pol_SyncAtLogon_2** @@ -2403,7 +2403,7 @@ This setting appears in the Computer Configuration and User Configuration folder -ADMX Info: +ADMX Info: - GP Friendly name: *Synchronize all offline files when logging on* - GP name: *Pol_SyncAtLogon_2* - GP path: *Network\Offline Files* @@ -2414,7 +2414,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_SyncAtSuspend_1** +**ADMX_OfflineFiles/Pol_SyncAtSuspend_1** @@ -2453,7 +2453,7 @@ If you disable or don't configure this setting, files aren't synchronized when t -ADMX Info: +ADMX Info: - GP Friendly name: *Synchronize offline files before suspend* - GP name: *Pol_SyncAtSuspend_1* - GP path: *Network\Offline Files* @@ -2464,7 +2464,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_SyncAtSuspend_2** +**ADMX_OfflineFiles/Pol_SyncAtSuspend_2** @@ -2503,7 +2503,7 @@ If you disable or don't configure this setting, files aren't synchronized when t -ADMX Info: +ADMX Info: - GP Friendly name: *Synchronize offline files before suspend* - GP name: *Pol_SyncAtSuspend_2* - GP path: *Network\Offline Files* @@ -2514,7 +2514,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_SyncOnCostedNetwork** +**ADMX_OfflineFiles/Pol_SyncOnCostedNetwork** @@ -2550,7 +2550,7 @@ If this setting is disabled or not configured, synchronization won't run in the -ADMX Info: +ADMX Info: - GP Friendly name: *Enable file synchronization on costed networks* - GP name: *Pol_SyncOnCostedNetwork* - GP path: *Network\Offline Files* @@ -2561,7 +2561,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_WorkOfflineDisabled_1** +**ADMX_OfflineFiles/Pol_WorkOfflineDisabled_1** @@ -2597,7 +2597,7 @@ If you disable or don't configure this policy setting, the "Work offline" comman -ADMX Info: +ADMX Info: - GP Friendly name: *Remove "Work offline" command* - GP name: *Pol_WorkOfflineDisabled_1* - GP path: *Network\Offline Files* @@ -2608,7 +2608,7 @@ ADMX Info:
            -**ADMX_OfflineFiles/Pol_WorkOfflineDisabled_2** +**ADMX_OfflineFiles/Pol_WorkOfflineDisabled_2** @@ -2644,7 +2644,7 @@ If you disable or don't configure this policy setting, the "Work offline" comman -ADMX Info: +ADMX Info: - GP Friendly name: *Remove "Work offline" command* - GP name: *Pol_WorkOfflineDisabled_2* - GP path: *Network\Offline Files* diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md index 28a333dfcc..359ce758a3 100644 --- a/windows/client-management/mdm/policy-csp-admx-pca.md +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/20/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_pca > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_pca policies +## ADMX_pca policies
            @@ -55,7 +55,7 @@ manager: aaroncz **ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy** - + |Edition|Windows 10|Windows 11| @@ -80,16 +80,16 @@ manager: aaroncz -This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility. +This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility. -If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website. +If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website. -If you disable this policy setting, the PCA doesn't detect compatibility issues for applications and drivers. +If you disable this policy setting, the PCA doesn't detect compatibility issues for applications and drivers. -If you don't configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. +If you don't configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. > [!NOTE] -> This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy setting is enabled. +> This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy setting is enabled. The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console. @@ -97,7 +97,7 @@ The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service -ADMX Info: +ADMX Info: - GP Friendly name: *Detect compatibility issues for applications and drivers* - GP name: *DetectDeprecatedCOMComponentFailuresPolicy* - GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* @@ -107,7 +107,7 @@ ADMX Info:
            -**ADMX_pca/DetectDeprecatedComponentFailuresPolicy** +**ADMX_pca/DetectDeprecatedComponentFailuresPolicy** @@ -133,16 +133,16 @@ ADMX Info: -This setting exists only for backward compatibility, and isn't valid for this version of Windows. +This setting exists only for backward compatibility, and isn't valid for this version of Windows. -To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative +To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. -ADMX Info: +ADMX Info: - GP Friendly name: *Detect application install failures* - GP name: *DetectDeprecatedComponentFailuresPolicy* - GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* @@ -153,7 +153,7 @@ ADMX Info:
            -**ADMX_pca/DetectInstallFailuresPolicy** +**ADMX_pca/DetectInstallFailuresPolicy** @@ -185,7 +185,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve -ADMX Info: +ADMX Info: - GP Friendly name: *Detect applications unable to launch installers under UAC* - GP name: *DetectInstallFailuresPolicy* - GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* @@ -195,7 +195,7 @@ ADMX Info:
            -**ADMX_pca/DetectUndetectedInstallersPolicy** +**ADMX_pca/DetectUndetectedInstallersPolicy** @@ -228,7 +228,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve -ADMX Info: +ADMX Info: - GP Friendly name: *Detect application failures caused by deprecated Windows DLLs* - GP name: *DetectUndetectedInstallersPolicy* - GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* @@ -238,7 +238,7 @@ ADMX Info:
            -**ADMX_pca/DetectUpdateFailuresPolicy** +**ADMX_pca/DetectUpdateFailuresPolicy** @@ -273,7 +273,7 @@ To configure the Program Compatibility Assistant, use the 'Turn off Program Comp -ADMX Info: +ADMX Info: - GP Friendly name: *Detect application failures caused by deprecated COM objects* - GP name: *DetectUpdateFailuresPolicy* - GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* @@ -283,7 +283,7 @@ ADMX Info:
            -**ADMX_pca/DisablePcaUIPolicy** +**ADMX_pca/DisablePcaUIPolicy** @@ -318,7 +318,7 @@ To configure the Program Compatibility Assistant, use the 'Turn off Program Comp -ADMX Info: +ADMX Info: - GP Friendly name: *Detect application installers that need to be run as administrator* - GP name: *DisablePcaUIPolicy* - GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* @@ -328,7 +328,7 @@ ADMX Info:
            -**ADMX_pca/DetectBlockedDriversPolicy** +**ADMX_pca/DetectBlockedDriversPolicy** @@ -363,7 +363,7 @@ To configure the Program Compatibility Assistant, use the 'Turn off Program Comp -ADMX Info: +ADMX Info: - GP Friendly name: *Notify blocked drivers* - GP name: *DetectBlockedDriversPolicy* - GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index b5e4199768..8be37f91ec 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/16/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_PeerToPeerCaching >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_PeerToPeerCaching policies +## ADMX_PeerToPeerCaching policies
            @@ -59,7 +59,7 @@ manager: aaroncz
            -**ADMX_PeerToPeerCaching/EnableWindowsBranchCache** +**ADMX_PeerToPeerCaching/EnableWindowsBranchCache** @@ -85,7 +85,7 @@ manager: aaroncz -This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following policy settings: +This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following policy settings: - Set BranchCache Distributed Cache mode - Set BranchCache Hosted Cache mode @@ -104,7 +104,7 @@ For policy configuration, select one of the following options: -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on BranchCache* - GP name: *EnableWindowsBranchCache* - GP path: *Network\BranchCache* @@ -115,7 +115,7 @@ ADMX Info:
            -**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Distributed** +**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Distributed** @@ -158,7 +158,7 @@ For policy configuration, select one of the following options: -ADMX Info: +ADMX Info: - GP Friendly name: *Set BranchCache Distributed Cache mode* - GP name: *EnableWindowsBranchCache_Distributed* - GP path: *Network\BranchCache* @@ -169,7 +169,7 @@ ADMX Info:
            -**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Hosted** +**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Hosted** @@ -207,7 +207,7 @@ For policy configuration, select one of the following options: In circumstances where this setting is enabled, you can also select and configure the following option: -- Type the name of the hosted cache server. Specifies the computer name of the hosted cache server. Because the hosted cache server name is also specified in the certificate enrolled to the hosted cache server, the name that you enter here must match the name of the hosted cache server that is specified in the server certificate. +- Type the name of the hosted cache server. Specifies the computer name of the hosted cache server. Because the hosted cache server name is also specified in the certificate enrolled to the hosted cache server, the name that you enter here must match the name of the hosted cache server that is specified in the server certificate. Hosted cache clients must trust the server certificate that is issued to the hosted cache server. Ensure that the issuing CA certificate is installed in the Trusted Root Certification Authorities certificate store on all hosted cache client computers. @@ -218,7 +218,7 @@ Hosted cache clients must trust the server certificate that is issued to the hos -ADMX Info: +ADMX Info: - GP Friendly name: *Set BranchCache Hosted Cache mode* - GP name: *EnableWindowsBranchCache_Hosted* - GP path: *Network\BranchCache* @@ -229,7 +229,7 @@ ADMX Info:
            -**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedCacheDiscovery** +**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedCacheDiscovery** @@ -267,7 +267,7 @@ If the policy setting "Set BranchCache Distributed Cache Mode" is applied in add If the policy setting "Set BranchCache Hosted Cache Mode" is applied, the client computer doesn't perform automatically hosted cache discovery. This restriction is also true in cases where the policy setting "Configure Hosted Cache Servers" is applied. -This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. +This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. If you disable, or don't configure this setting, a client won't attempt to discover hosted cache servers by service connection point. @@ -281,7 +281,7 @@ For policy configuration, select one of the following options: -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Automatic Hosted Cache Discovery by Service Connection Point* - GP name: *EnableWindowsBranchCache_HostedCacheDiscovery* - GP path: *Network\BranchCache* @@ -292,7 +292,7 @@ ADMX Info:
            -**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedMultipleServers** +**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedMultipleServers** @@ -340,7 +340,7 @@ In circumstances where this setting is enabled, you can also select and configur -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Hosted Cache Servers* - GP name: *EnableWindowsBranchCache_HostedMultipleServers* - GP path: *Network\BranchCache* @@ -351,7 +351,7 @@ ADMX Info:
            -**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_SMB** +**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_SMB** @@ -393,7 +393,7 @@ In circumstances where this policy setting is enabled, you can also select and c -ADMX Info: +ADMX Info: - GP Friendly name: *Configure BranchCache for network files* - GP name: *EnableWindowsBranchCache_SMB* - GP path: *Network\BranchCache* @@ -404,7 +404,7 @@ ADMX Info:
            -**ADMX_PeerToPeerCaching/SetCachePercent** +**ADMX_PeerToPeerCaching/SetCachePercent** @@ -453,7 +453,7 @@ In circumstances where this setting is enabled, you can also select and configur -ADMX Info: +ADMX Info: - GP Friendly name: *Set percentage of disk space used for client computer cache* - GP name: *SetCachePercent* - GP path: *Network\BranchCache* @@ -464,7 +464,7 @@ ADMX Info:
            -**ADMX_PeerToPeerCaching/SetDataCacheEntryMaxAge** +**ADMX_PeerToPeerCaching/SetDataCacheEntryMaxAge** @@ -510,7 +510,7 @@ In circumstances where this setting is enabled, you can also select and configur -ADMX Info: +ADMX Info: - GP Friendly name: *Set age for segments in the data cache* - GP name: *SetDataCacheEntryMaxAge* - GP path: *Network\BranchCache* @@ -521,7 +521,7 @@ ADMX Info:
            -**ADMX_PeerToPeerCaching/SetDowngrading** +**ADMX_PeerToPeerCaching/SetDowngrading** @@ -570,7 +570,7 @@ Select from the following versions -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Client BranchCache Version Support* - GP name: *SetDowngrading* - GP path: *Network\BranchCache* diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md index 322223fccc..9c80f44388 100644 --- a/windows/client-management/mdm/policy-csp-admx-pentraining.md +++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/22/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_PenTraining > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_PenTraining policies +## ADMX_PenTraining policies
            @@ -38,7 +38,7 @@ manager: aaroncz
            -**ADMX_PenTraining/PenTrainingOff_1** +**ADMX_PenTraining/PenTrainingOff_1** @@ -64,9 +64,9 @@ manager: aaroncz -Turns off Tablet PC Pen Training. +Turns off Tablet PC Pen Training. -- If you enable this policy setting, users can't open Tablet PC Pen Training. +- If you enable this policy setting, users can't open Tablet PC Pen Training. - If you disable or don't configure this policy setting, users can open Tablet PC Pen Training. @@ -74,7 +74,7 @@ Turns off Tablet PC Pen Training. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Tablet PC Pen Training* - GP name: *PenTrainingOff_1* - GP path: *Windows Components\Tablet PC\Tablet PC Pen Training* @@ -85,7 +85,7 @@ ADMX Info:
            -**ADMX_PenTraining/PenTrainingOff_2** +**ADMX_PenTraining/PenTrainingOff_2** @@ -111,9 +111,9 @@ ADMX Info: -Turns off Tablet PC Pen Training. +Turns off Tablet PC Pen Training. -- If you enable this policy setting, users can't open Tablet PC Pen Training. +- If you enable this policy setting, users can't open Tablet PC Pen Training. - If you disable or don't configure this policy setting, users can open Tablet PC Pen Training. @@ -121,7 +121,7 @@ Turns off Tablet PC Pen Training. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Tablet PC Pen Training* - GP name: *PenTrainingOff_2* - GP path: *Windows Components\Tablet PC\Tablet PC Pen Training* diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md index 7c956fcf64..b665754614 100644 --- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md +++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/16/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_PerformanceDiagnostics >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_PerformanceDiagnostics policies +## ADMX_PerformanceDiagnostics policies
            @@ -45,7 +45,7 @@ manager: aaroncz
            -**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_1** +**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_1** @@ -90,7 +90,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Scenario Execution Level* - GP name: *WdiScenarioExecutionPolicy_1* - GP path: *System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics* @@ -101,7 +101,7 @@ ADMX Info:
            -**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2** +**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2** @@ -145,7 +145,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Scenario Execution Level* - GP name: *WdiScenarioExecutionPolicy_2* - GP path: *System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics* @@ -156,7 +156,7 @@ ADMX Info:
            -**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3** +**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3** @@ -200,7 +200,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Scenario Execution Level* - GP name: *WdiScenarioExecutionPolicy_3* - GP path: *System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics* @@ -211,7 +211,7 @@ ADMX Info:
            -**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4** +**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4** @@ -255,7 +255,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Scenario Execution Level* - GP name: *WdiScenarioExecutionPolicy_4* - GP path: *System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics* diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md index e1e9ee133b..072280236a 100644 --- a/windows/client-management/mdm/policy-csp-admx-power.md +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/22/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Power >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Power policies +## ADMX_Power policies
            @@ -108,7 +108,7 @@ manager: aaroncz
            -**ADMX_Power/ACConnectivityInStandby_2** +**ADMX_Power/ACConnectivityInStandby_2** @@ -146,7 +146,7 @@ If you don't configure this policy setting, users control this setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow network connectivity during connected-standby (plugged in)* - GP name: *ACConnectivityInStandby_2* - GP path: *System\Power Management\Sleep Settings* @@ -157,7 +157,7 @@ ADMX Info:
            -**ADMX_Power/ACCriticalSleepTransitionsDisable_2** +**ADMX_Power/ACCriticalSleepTransitionsDisable_2** @@ -193,7 +193,7 @@ If you disable or don't configure this policy setting, users control this settin -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on the ability for applications to prevent sleep transitions (plugged in)* - GP name: *ACCriticalSleepTransitionsDisable_2* - GP path: *System\Power Management\Sleep Settings* @@ -204,7 +204,7 @@ ADMX Info:
            -**ADMX_Power/ACStartMenuButtonAction_2** +**ADMX_Power/ACStartMenuButtonAction_2** @@ -244,7 +244,7 @@ If you disable this policy or don't configure this policy setting, users control -ADMX Info: +ADMX Info: - GP Friendly name: *Select the Start menu Power button action (plugged in)* - GP name: *ACStartMenuButtonAction_2* - GP path: *System\Power Management\Button Settings* @@ -255,7 +255,7 @@ ADMX Info:
            -**ADMX_Power/AllowSystemPowerRequestAC** +**ADMX_Power/AllowSystemPowerRequestAC** @@ -291,7 +291,7 @@ If you disable or don't configure this policy setting, applications, services, o -ADMX Info: +ADMX Info: - GP Friendly name: *Allow applications to prevent automatic sleep (plugged in)* - GP name: *AllowSystemPowerRequestAC* - GP path: *System\Power Management\Sleep Settings* @@ -302,7 +302,7 @@ ADMX Info:
            -**ADMX_Power/AllowSystemPowerRequestDC** +**ADMX_Power/AllowSystemPowerRequestDC** @@ -338,7 +338,7 @@ If you disable or don't configure this policy setting, applications, services, o -ADMX Info: +ADMX Info: - GP Friendly name: *Allow applications to prevent automatic sleep (on battery)* - GP name: *AllowSystemPowerRequestDC* - GP path: *System\Power Management\Sleep Settings* @@ -349,7 +349,7 @@ ADMX Info:
            -**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC** +**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC** @@ -385,7 +385,7 @@ If you disable or don't configure this policy setting, the computer doesn't auto -ADMX Info: +ADMX Info: - GP Friendly name: *Allow automatic sleep with Open Network Files (plugged in)* - GP name: *AllowSystemSleepWithRemoteFilesOpenAC* - GP path: *System\Power Management\Sleep Settings* @@ -396,7 +396,7 @@ ADMX Info:
            -**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC** +**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC** @@ -432,7 +432,7 @@ If you disable or don't configure this policy setting, the computer doesn't auto -ADMX Info: +ADMX Info: - GP Friendly name: *Allow automatic sleep with Open Network Files (on battery)* - GP name: *AllowSystemSleepWithRemoteFilesOpenDC* - GP path: *System\Power Management\Sleep Settings* @@ -443,7 +443,7 @@ ADMX Info:
            -**ADMX_Power/CustomActiveSchemeOverride_2** +**ADMX_Power/CustomActiveSchemeOverride_2** @@ -479,7 +479,7 @@ If you disable or don't configure this policy setting, users can see and change -ADMX Info: +ADMX Info: - GP Friendly name: *Specify a custom active power plan* - GP name: *CustomActiveSchemeOverride_2* - GP path: *System\Power Management* @@ -490,7 +490,7 @@ ADMX Info:
            -**ADMX_Power/DCBatteryDischargeAction0_2** +**ADMX_Power/DCBatteryDischargeAction0_2** @@ -516,7 +516,7 @@ ADMX Info: -This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level. +This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level. If you enable this policy setting, select one of the following actions: @@ -531,7 +531,7 @@ If you disable or don't configure this policy setting, users control this settin -ADMX Info: +ADMX Info: - GP Friendly name: *Critical battery notification action* - GP name: *DCBatteryDischargeAction0_2* - GP path: *System\Power Management\Notification Settings* @@ -542,7 +542,7 @@ ADMX Info:
            -**ADMX_Power/DCBatteryDischargeAction1_2** +**ADMX_Power/DCBatteryDischargeAction1_2** @@ -583,7 +583,7 @@ If you disable or don't configure this policy setting, users control this settin -ADMX Info: +ADMX Info: - GP Friendly name: *Low battery notification action* - GP name: *DCBatteryDischargeAction1_2* - GP path: *System\Power Management\Notification Settings* @@ -594,7 +594,7 @@ ADMX Info:
            -**ADMX_Power/DCBatteryDischargeLevel0_2** +**ADMX_Power/DCBatteryDischargeLevel0_2** @@ -632,7 +632,7 @@ If you disable this policy setting or don't configure it, users control this set -ADMX Info: +ADMX Info: - GP Friendly name: *Critical battery notification level* - GP name: *DCBatteryDischargeLevel0_2* - GP path: *System\Power Management\Notification Settings* @@ -643,7 +643,7 @@ ADMX Info:
            -**ADMX_Power/DCBatteryDischargeLevel1UINotification_2** +**ADMX_Power/DCBatteryDischargeLevel1UINotification_2** @@ -683,7 +683,7 @@ If you disable or don't configure this policy setting, users can control this se -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off low battery user notification* - GP name: *DCBatteryDischargeLevel1UINotification_2* - GP path: *System\Power Management\Notification Settings* @@ -694,7 +694,7 @@ ADMX Info:
            -**ADMX_Power/DCBatteryDischargeLevel1_2** +**ADMX_Power/DCBatteryDischargeLevel1_2** @@ -732,7 +732,7 @@ If you disable this policy setting or don't configure it, users control this set -ADMX Info: +ADMX Info: - GP Friendly name: *Low battery notification level* - GP name: *DCBatteryDischargeLevel1_2* - GP path: *System\Power Management\Notification Settings* @@ -743,7 +743,7 @@ ADMX Info:
            -**ADMX_Power/DCConnectivityInStandby_2** +**ADMX_Power/DCConnectivityInStandby_2** @@ -781,7 +781,7 @@ If you don't configure this policy setting, users control this setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow network connectivity during connected-standby (on battery)* - GP name: *DCConnectivityInStandby_2* - GP path: *System\Power Management\Sleep Settings* @@ -792,7 +792,7 @@ ADMX Info:
            -**ADMX_Power/DCCriticalSleepTransitionsDisable_2** +**ADMX_Power/DCCriticalSleepTransitionsDisable_2** @@ -828,7 +828,7 @@ If you disable or don't configure this policy setting, users control this settin -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on the ability for applications to prevent sleep transitions (on battery)* - GP name: *DCCriticalSleepTransitionsDisable_2* - GP path: *System\Power Management\Sleep Settings* @@ -839,7 +839,7 @@ ADMX Info:
            -**ADMX_Power/DCStartMenuButtonAction_2** +**ADMX_Power/DCStartMenuButtonAction_2** @@ -879,7 +879,7 @@ If you disable this policy or don't configure this policy setting, users control -ADMX Info: +ADMX Info: - GP Friendly name: *Select the Start menu Power button action (on battery)* - GP name: *DCStartMenuButtonAction_2* - GP path: *System\Power Management\Button Settings* @@ -890,7 +890,7 @@ ADMX Info:
            -**ADMX_Power/DiskACPowerDownTimeOut_2** +**ADMX_Power/DiskACPowerDownTimeOut_2** @@ -926,7 +926,7 @@ If you disable or don't configure this policy setting, users can see and change -ADMX Info: +ADMX Info: - GP Friendly name: *Turn Off the hard disk (plugged in)* - GP name: *DiskACPowerDownTimeOut_2* - GP path: *System\Power Management\Hard Disk Settings* @@ -937,7 +937,7 @@ ADMX Info:
            -**ADMX_Power/DiskDCPowerDownTimeOut_2** +**ADMX_Power/DiskDCPowerDownTimeOut_2** @@ -973,7 +973,7 @@ If you disable or don't configure this policy setting, users can see and change -ADMX Info: +ADMX Info: - GP Friendly name: *Turn Off the hard disk (on battery)* - GP name: *DiskDCPowerDownTimeOut_2* - GP path: *System\Power Management\Hard Disk Settings* @@ -984,7 +984,7 @@ ADMX Info:
            -**ADMX_Power/Dont_PowerOff_AfterShutdown** +**ADMX_Power/Dont_PowerOff_AfterShutdown** @@ -1026,7 +1026,7 @@ If you disable or don't configure this policy setting, the computer system safel -ADMX Info: +ADMX Info: - GP Friendly name: *Do not turn off system power after a Windows system shutdown has occurred.* - GP name: *Dont_PowerOff_AfterShutdown* - GP path: *System* @@ -1037,7 +1037,7 @@ ADMX Info:
            -**ADMX_Power/EnableDesktopSlideShowAC** +**ADMX_Power/EnableDesktopSlideShowAC** @@ -1075,7 +1075,7 @@ If you disable or don't configure this policy setting, users control this settin -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on desktop background slideshow (plugged in)* - GP name: *EnableDesktopSlideShowAC* - GP path: *System\Power Management\Video and Display Settings* @@ -1086,7 +1086,7 @@ ADMX Info:
            -**ADMX_Power/EnableDesktopSlideShowDC** +**ADMX_Power/EnableDesktopSlideShowDC** @@ -1124,7 +1124,7 @@ If you disable or don't configure this policy setting, users control this settin -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on desktop background slideshow (on battery)* - GP name: *EnableDesktopSlideShowDC* - GP path: *System\Power Management\Video and Display Settings* @@ -1135,7 +1135,7 @@ ADMX Info:
            -**ADMX_Power/InboxActiveSchemeOverride_2** +**ADMX_Power/InboxActiveSchemeOverride_2** @@ -1171,7 +1171,7 @@ If you disable or don't configure this policy setting, users control this settin -ADMX Info: +ADMX Info: - GP Friendly name: *Select an active power plan* - GP name: *InboxActiveSchemeOverride_2* - GP path: *System\Power Management* @@ -1182,7 +1182,7 @@ ADMX Info:
            -**ADMX_Power/PW_PromptPasswordOnResume** +**ADMX_Power/PW_PromptPasswordOnResume** @@ -1218,7 +1218,7 @@ If you disable or don't configure this policy setting, users control if their co -ADMX Info: +ADMX Info: - GP Friendly name: *Prompt for password on resume from hibernate/suspend* - GP name: *PW_PromptPasswordOnResume* - GP path: *System\Power Management* @@ -1229,7 +1229,7 @@ ADMX Info:
            -**ADMX_Power/PowerThrottlingTurnOff** +**ADMX_Power/PowerThrottlingTurnOff** @@ -1265,7 +1265,7 @@ If you disable or don't configure this policy setting, users control this settin -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Power Throttling* - GP name: *PowerThrottlingTurnOff* - GP path: *System\Power Management\Power Throttling Settings* @@ -1276,7 +1276,7 @@ ADMX Info:
            -**ADMX_Power/ReserveBatteryNotificationLevel** +**ADMX_Power/ReserveBatteryNotificationLevel** @@ -1312,7 +1312,7 @@ If you disable or don't configure this policy setting, users can see and change -ADMX Info: +ADMX Info: - GP Friendly name: *Reserve battery notification level* - GP name: *ReserveBatteryNotificationLevel* - GP path: *System\Power Management\Notification Settings* diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md index 0818fc3b94..0df72059e5 100644 --- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/26/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_PowerShellExecutionPolicy >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_PowerShellExecutionPolicy policies +## ADMX_PowerShellExecutionPolicy policies
            @@ -45,7 +45,7 @@ manager: aaroncz
            -**ADMX_PowerShellExecutionPolicy/EnableModuleLogging** +**ADMX_PowerShellExecutionPolicy/EnableModuleLogging** @@ -87,7 +87,7 @@ To add modules and snap-ins to the policy setting list, click Show, and then typ -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Module Logging* - GP name: *EnableModuleLogging* - GP path: *Windows Components\Windows PowerShell* @@ -98,7 +98,7 @@ ADMX Info:
            -**ADMX_PowerShellExecutionPolicy/EnableScripts** +**ADMX_PowerShellExecutionPolicy/EnableScripts** @@ -140,7 +140,7 @@ If you disable this policy setting, no scripts are allowed to run. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Script Execution* - GP name: *EnableScripts* - GP path: *Windows Components\Windows PowerShell* @@ -151,7 +151,7 @@ ADMX Info:
            -**ADMX_PowerShellExecutionPolicy/EnableTranscripting** +**ADMX_PowerShellExecutionPolicy/EnableTranscripting** @@ -193,7 +193,7 @@ If you use the OutputDirectory setting to enable transcript logging to a shared -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on PowerShell Transcription* - GP name: *EnableTranscripting* - GP path: *Windows Components\Windows PowerShell* @@ -204,7 +204,7 @@ ADMX Info:
            -**ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath** +**ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath** @@ -244,7 +244,7 @@ If this policy setting is disabled or not configured, this policy setting doesn' -ADMX Info: +ADMX Info: - GP Friendly name: *Set the default source path for Update-Help* - GP name: *EnableUpdateHelpDefaultSourcePath* - GP path: *Windows Components\Windows PowerShell* diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md index 05320e6fd6..236b8197d1 100644 --- a/windows/client-management/mdm/policy-csp-admx-previousversions.md +++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md @@ -8,19 +8,19 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/01/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_PreviousVersions -## ADMX_PreviousVersions policies +## ADMX_PreviousVersions policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -51,14 +51,14 @@ manager: aaroncz
            ADMX_PreviousVersions/DisableLocalRestore_2 -
            +
            -**ADMX_PreviousVersions/DisableLocalPage_1** +**ADMX_PreviousVersions/DisableLocalPage_1** @@ -84,18 +84,18 @@ manager: aaroncz -This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file. +This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file. -- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file. -- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. -- If the user clicks the Restore button, Windows attempts to restore the file from the local disk. +- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file. +- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. +- If the user clicks the Restore button, Windows attempts to restore the file from the local disk. - If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file. -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent restoring local previous versions* - GP name: *DisableLocalPage_1* - GP path: *Windows Components\File Explorer\Previous Versions* @@ -106,7 +106,7 @@ ADMX Info:
            -**ADMX_PreviousVersions/DisableLocalPage_2** +**ADMX_PreviousVersions/DisableLocalPage_2** @@ -132,18 +132,18 @@ ADMX Info: -This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file. +This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file. -- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file. -- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. -- If the user clicks the Restore button, Windows attempts to restore the file from the local disk. +- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file. +- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. +- If the user clicks the Restore button, Windows attempts to restore the file from the local disk. - If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file. -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent restoring local previous versions* - GP name: *DisableLocalPage_2* - GP path: *Windows Components\File Explorer\Previous Versions* @@ -154,7 +154,7 @@ ADMX Info:
            -**ADMX_PreviousVersions/DisableRemotePage_1** +**ADMX_PreviousVersions/DisableRemotePage_1** @@ -180,18 +180,18 @@ ADMX Info: -This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share. +This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share. -- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. -- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. -- If the user clicks the Restore button, Windows attempts to restore the file from the file share. +- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. +- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. +- If the user clicks the Restore button, Windows attempts to restore the file from the file share. - If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share. -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent restoring remote previous versions* - GP name: *DisableRemotePage_1* - GP path: *Windows Components\File Explorer\Previous Versions* @@ -202,7 +202,7 @@ ADMX Info:
            -**ADMX_PreviousVersions/DisableRemotePage_2** +**ADMX_PreviousVersions/DisableRemotePage_2** @@ -228,18 +228,18 @@ ADMX Info: -This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share. +This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share. -- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. -- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. -- If the user clicks the Restore button, Windows attempts to restore the file from the file share. +- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. +- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. +- If the user clicks the Restore button, Windows attempts to restore the file from the file share. - If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share. -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent restoring remote previous versions* - GP name: *DisableRemotePage_1* - GP path: *Windows Components\File Explorer\Previous Versions* @@ -251,7 +251,7 @@ ADMX Info:
            -**ADMX_PreviousVersions/HideBackupEntries_1** +**ADMX_PreviousVersions/HideBackupEntries_1** @@ -277,17 +277,17 @@ ADMX Info: -This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media. +This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media. -- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points. -- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points. +- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points. +- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points. - If you don't configure this policy setting, it's disabled by default. -ADMX Info: +ADMX Info: - GP Friendly name: *Hide previous versions of files on backup location* - GP name: *HideBackupEntries_1* - GP path: *Windows Components\File Explorer\Previous Versions* @@ -298,7 +298,7 @@ ADMX Info:
            -**ADMX_PreviousVersions/HideBackupEntries_2** +**ADMX_PreviousVersions/HideBackupEntries_2** @@ -324,17 +324,17 @@ ADMX Info: -This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media. +This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media. -- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points. -- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points. +- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points. +- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points. - If you don't configure this policy setting, it's disabled by default. -ADMX Info: +ADMX Info: - GP Friendly name: *Hide previous versions of files on backup location* - GP name: *HideBackupEntries_2* - GP path: *Windows Components\File Explorer\Previous Versions* @@ -345,7 +345,7 @@ ADMX Info:
            -**ADMX_PreviousVersions/DisableLocalRestore_1** +**ADMX_PreviousVersions/DisableLocalRestore_1** @@ -371,10 +371,10 @@ ADMX Info: -This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share. +This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share. - If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. -- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. +- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. - If the user clicks the Restore button, Windows attempts to restore the file from the file share. - If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share. @@ -382,7 +382,7 @@ This setting lets you suppress the Restore button in the previous versions prope -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent restoring remote previous versions* - GP name: *DisableLocalRestore_1* - GP path: *Windows Components\File Explorer\Previous Versions* @@ -393,7 +393,7 @@ ADMX Info:
            -**ADMX_PreviousVersions/DisableLocalRestore_2** +**ADMX_PreviousVersions/DisableLocalRestore_2** @@ -419,17 +419,17 @@ ADMX Info: -This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share. +This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share. -- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. -- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. -- If the user clicks the Restore button, Windows attempts to restore the file from the file share. +- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share. +- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. +- If the user clicks the Restore button, Windows attempts to restore the file from the file share. - If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share. -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent restoring remote previous versions* - GP name: *DisableLocalRestore_2* - GP path: *Windows Components\File Explorer\Previous Versions* diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index f107901b56..cd49466b59 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/15/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Printing >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Printing policies +## ADMX_Printing policies
            @@ -112,7 +112,7 @@ manager: aaroncz
            -**ADMX_Printing/AllowWebPrinting** +**ADMX_Printing/AllowWebPrinting** @@ -155,7 +155,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" setting in -ADMX Info: +ADMX Info: - GP Friendly name: *Activate Internet printing* - GP name: *AllowWebPrinting* - GP path: *Printers* @@ -166,7 +166,7 @@ ADMX Info:
            -**ADMX_Printing/ApplicationDriverIsolation** +**ADMX_Printing/ApplicationDriverIsolation** @@ -209,7 +209,7 @@ If you disable this policy setting, then print drivers will be loaded within all -ADMX Info: +ADMX Info: - GP Friendly name: *Isolate print drivers from applications* - GP name: *ApplicationDriverIsolation* - GP path: *Printers* @@ -220,7 +220,7 @@ ADMX Info:
            -**ADMX_Printing/CustomizedSupportUrl** +**ADMX_Printing/CustomizedSupportUrl** @@ -264,7 +264,7 @@ Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Opt -ADMX Info: +ADMX Info: - GP Friendly name: *Custom support URL in the Printers folder's left pane* - GP name: *CustomizedSupportUrl* - GP path: *Printers* @@ -275,7 +275,7 @@ ADMX Info:
            -**ADMX_Printing/DoNotInstallCompatibleDriverFromWindowsUpdate** +**ADMX_Printing/DoNotInstallCompatibleDriverFromWindowsUpdate** @@ -312,7 +312,7 @@ This policy setting isn't configured by default, and the behavior depends on the -ADMX Info: +ADMX Info: - GP Friendly name: *Extend Point and Print connection to search Windows Update* - GP name: *DoNotInstallCompatibleDriverFromWindowsUpdate* - GP path: *Printers* @@ -323,7 +323,7 @@ ADMX Info:
            -**ADMX_Printing/DomainPrinters** +**ADMX_Printing/DomainPrinters** @@ -373,7 +373,7 @@ In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't app -ADMX Info: +ADMX Info: - GP Friendly name: *Add Printer wizard - Network scan page (Managed network)* - GP name: *DomainPrinters* - GP path: *Printers* @@ -384,7 +384,7 @@ ADMX Info:
            -**ADMX_Printing/DownlevelBrowse** +**ADMX_Printing/DownlevelBrowse** @@ -423,7 +423,7 @@ If you disable this setting, the network printer browse page is removed from wit -ADMX Info: +ADMX Info: - GP Friendly name: *Browse the network to find printers* - GP name: *DownlevelBrowse* - GP path: *Control Panel\Printers* @@ -434,7 +434,7 @@ ADMX Info:
            -**ADMX_Printing/EMFDespooling** +**ADMX_Printing/EMFDespooling** @@ -481,7 +481,7 @@ If you don't enable this policy setting, the behavior is the same as disabling i -ADMX Info: +ADMX Info: - GP Friendly name: *Always render print jobs on the server* - GP name: *EMFDespooling* - GP path: *Printers* @@ -492,7 +492,7 @@ ADMX Info:
            -**ADMX_Printing/ForceSoftwareRasterization** +**ADMX_Printing/ForceSoftwareRasterization** @@ -526,7 +526,7 @@ This setting may improve the performance of the XPS Rasterization Service or the -ADMX Info: +ADMX Info: - GP Friendly name: *Always rasterize content to be printed using a software rasterizer* - GP name: *ForceSoftwareRasterization* - GP path: *Printers* @@ -537,7 +537,7 @@ ADMX Info:
            -**ADMX_Printing/IntranetPrintersUrl** +**ADMX_Printing/IntranetPrintersUrl** @@ -577,7 +577,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" and "Activ -ADMX Info: +ADMX Info: - GP Friendly name: *Browse a common web site to find printers* - GP name: *IntranetPrintersUrl* - GP path: *Control Panel\Printers* @@ -588,7 +588,7 @@ ADMX Info:
            -**ADMX_Printing/KMPrintersAreBlocked** +**ADMX_Printing/KMPrintersAreBlocked** @@ -628,7 +628,7 @@ If you enable this setting, installation of a printer using a kernel-mode driver -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow installation of printers using kernel-mode drivers* - GP name: *KMPrintersAreBlocked* - GP path: *Printers* @@ -639,7 +639,7 @@ ADMX Info:
            -**ADMX_Printing/LegacyDefaultPrinterMode** +**ADMX_Printing/LegacyDefaultPrinterMode** @@ -671,13 +671,13 @@ If you enable this setting, Windows won't manage the default printer. If you disable this setting, Windows will manage the default printer. -If you don't configure this setting, default printer management won't change. +If you don't configure this setting, default printer management won't change. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows default printer management* - GP name: *LegacyDefaultPrinterMode* - GP path: *Control Panel\Printers* @@ -688,7 +688,7 @@ ADMX Info:
            -**ADMX_Printing/MXDWUseLegacyOutputFormatMSXPS** +**ADMX_Printing/MXDWUseLegacyOutputFormatMSXPS** @@ -724,7 +724,7 @@ If you disable or don't configure this policy setting, the default MXDW output f -ADMX Info: +ADMX Info: - GP Friendly name: *Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)* - GP name: *MXDWUseLegacyOutputFormatMSXPS* - GP path: *Printers* @@ -735,7 +735,7 @@ ADMX Info:
            -**ADMX_Printing/NoDeletePrinter** +**ADMX_Printing/NoDeletePrinter** @@ -773,7 +773,7 @@ If this policy is disabled, or not configured, users can delete printers using t -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent deletion of printers* - GP name: *NoDeletePrinter* - GP path: *Control Panel\Printers* @@ -784,7 +784,7 @@ ADMX Info:
            -**ADMX_Printing/NonDomainPrinters** +**ADMX_Printing/NonDomainPrinters** @@ -831,7 +831,7 @@ In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't app -ADMX Info: +ADMX Info: - GP Friendly name: *Add Printer wizard - Network scan page (Unmanaged network)* - GP name: *NonDomainPrinters* - GP path: *Printers* @@ -842,7 +842,7 @@ ADMX Info:
            -**ADMX_Printing/PackagePointAndPrintOnly** +**ADMX_Printing/PackagePointAndPrintOnly** @@ -878,7 +878,7 @@ If this setting is disabled, or not configured, users won't be restricted to pac -ADMX Info: +ADMX Info: - GP Friendly name: *Only use Package Point and print* - GP name: *PackagePointAndPrintOnly* - GP path: *Control Panel\Printers* @@ -889,7 +889,7 @@ ADMX Info:
            -**ADMX_Printing/PackagePointAndPrintOnly_Win7** +**ADMX_Printing/PackagePointAndPrintOnly_Win7** @@ -925,7 +925,7 @@ If this setting is disabled, or not configured, users won't be restricted to pac -ADMX Info: +ADMX Info: - GP Friendly name: *Only use Package Point and print* - GP name: *PackagePointAndPrintOnly_Win7* - GP path: *Printers* @@ -936,7 +936,7 @@ ADMX Info:
            -**ADMX_Printing/PackagePointAndPrintServerList** +**ADMX_Printing/PackagePointAndPrintServerList** @@ -976,7 +976,7 @@ If this setting is disabled, or not configured, package point and print won't be -ADMX Info: +ADMX Info: - GP Friendly name: *Package Point and print - Approved servers* - GP name: *PackagePointAndPrintServerList* - GP path: *Control Panel\Printers* @@ -987,7 +987,7 @@ ADMX Info:
            -**ADMX_Printing/PackagePointAndPrintServerList_Win7** +**ADMX_Printing/PackagePointAndPrintServerList_Win7** @@ -1027,7 +1027,7 @@ If this setting is disabled, or not configured, package point and print won't be -ADMX Info: +ADMX Info: - GP Friendly name: *Package Point and print - Approved servers* - GP name: *PackagePointAndPrintServerList_Win7* - GP path: *Printers* @@ -1038,7 +1038,7 @@ ADMX Info:
            -**ADMX_Printing/PhysicalLocation** +**ADMX_Printing/PhysicalLocation** @@ -1078,7 +1078,7 @@ If you disable this setting or don't configure it, and the user doesn't type a l -ADMX Info: +ADMX Info: - GP Friendly name: *Computer location* - GP name: *PhysicalLocation* - GP path: *Printers* @@ -1089,7 +1089,7 @@ ADMX Info:
            -**ADMX_Printing/PhysicalLocationSupport** +**ADMX_Printing/PhysicalLocationSupport** @@ -1127,7 +1127,7 @@ If you disable this setting or don't configure it, Location Tracking is disabled -ADMX Info: +ADMX Info: - GP Friendly name: *Pre-populate printer search location text* - GP name: *PhysicalLocationSupport* - GP path: *Printers* @@ -1138,7 +1138,7 @@ ADMX Info:
            -**ADMX_Printing/PrintDriverIsolationExecutionPolicy** +**ADMX_Printing/PrintDriverIsolationExecutionPolicy** @@ -1179,7 +1179,7 @@ If you disable this policy setting, the print spooler will execute print drivers -ADMX Info: +ADMX Info: - GP Friendly name: *Execute print drivers in isolated processes* - GP name: *PrintDriverIsolationExecutionPolicy* - GP path: *Printers* @@ -1190,7 +1190,7 @@ ADMX Info:
            -**ADMX_Printing/PrintDriverIsolationOverrideCompat** +**ADMX_Printing/PrintDriverIsolationOverrideCompat** @@ -1231,7 +1231,7 @@ If you disable or don't configure this policy setting, the print spooler uses th -ADMX Info: +ADMX Info: - GP Friendly name: *Override print driver execution compatibility setting reported by print driver* - GP name: *PrintDriverIsolationOverrideCompat* - GP path: *Printers* @@ -1242,7 +1242,7 @@ ADMX Info:
            -**ADMX_Printing/PrinterDirectorySearchScope** +**ADMX_Printing/PrinterDirectorySearchScope** @@ -1280,7 +1280,7 @@ This setting only provides a starting point for Active Directory searches for pr -ADMX Info: +ADMX Info: - GP Friendly name: *Default Active Directory path when searching for printers* - GP name: *PrinterDirectorySearchScope* - GP path: *Control Panel\Printers* @@ -1291,7 +1291,7 @@ ADMX Info:
            -**ADMX_Printing/PrinterServerThread** +**ADMX_Printing/PrinterServerThread** @@ -1334,7 +1334,7 @@ If you don't configure this setting, shared printers are announced to browse mai -ADMX Info: +ADMX Info: - GP Friendly name: *Printer browsing* - GP name: *PrinterServerThread* - GP path: *Printers* @@ -1345,7 +1345,7 @@ ADMX Info:
            -**ADMX_Printing/ShowJobTitleInEventLogs** +**ADMX_Printing/ShowJobTitleInEventLogs** @@ -1384,7 +1384,7 @@ If you enable this policy setting, the print job name will be included in new lo -ADMX Info: +ADMX Info: - GP Friendly name: *Allow job name in event logs* - GP name: *ShowJobTitleInEventLogs* - GP path: *Printers* @@ -1395,7 +1395,7 @@ ADMX Info:
            -**ADMX_Printing/V4DriverDisallowPrinterExtension** +**ADMX_Printing/V4DriverDisallowPrinterExtension** @@ -1433,7 +1433,7 @@ If you disable this policy setting or don't configure it, then all printer exten -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow v4 printer drivers to show printer extensions* - GP name: *V4DriverDisallowPrinterExtension* - GP path: *Printers* diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md index 3032187dbe..0c9c1071c5 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing2.md +++ b/windows/client-management/mdm/policy-csp-admx-printing2.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/15/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Printing2 >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Printing2 policies +## ADMX_Printing2 policies
            @@ -60,7 +60,7 @@ manager: aaroncz
            -**ADMX_Printing2/AutoPublishing** +**ADMX_Printing2/AutoPublishing** @@ -101,7 +101,7 @@ The default behavior is to automatically publish shared printers in Active Direc -ADMX Info: +ADMX Info: - GP Friendly name: *Automatically publish new printers in Active Directory* - GP name: *AutoPublishing* - GP path: *Printers* @@ -112,7 +112,7 @@ ADMX Info:
            -**ADMX_Printing2/ImmortalPrintQueue** +**ADMX_Printing2/ImmortalPrintQueue** @@ -153,7 +153,7 @@ If you disable this setting, the domain controller doesn't prune this computer's -ADMX Info: +ADMX Info: - GP Friendly name: *Allow pruning of published printers* - GP name: *ImmortalPrintQueue* - GP path: *Printers* @@ -164,7 +164,7 @@ ADMX Info:
            -**ADMX_Printing2/PruneDownlevel** +**ADMX_Printing2/PruneDownlevel** @@ -212,7 +212,7 @@ You can enable this setting to change the default behavior. To use this setting, -ADMX Info: +ADMX Info: - GP Friendly name: *Prune printers that are not automatically republished* - GP name: *PruneDownlevel* - GP path: *Printers* @@ -223,7 +223,7 @@ ADMX Info:
            -**ADMX_Printing2/PruningInterval** +**ADMX_Printing2/PruningInterval** @@ -266,7 +266,7 @@ If you don't configure or disable this setting, the default values will be used. -ADMX Info: +ADMX Info: - GP Friendly name: *Directory pruning interval* - GP name: *PruningInterval* - GP path: *Printers* @@ -277,7 +277,7 @@ ADMX Info:
            -**ADMX_Printing2/PruningPriority** +**ADMX_Printing2/PruningPriority** @@ -318,7 +318,7 @@ By default, the pruning thread runs at normal priority. However, you can adjust -ADMX Info: +ADMX Info: - GP Friendly name: *Directory pruning priority* - GP name: *PruningPriority* - GP path: *Printers* @@ -329,7 +329,7 @@ ADMX Info:
            -**ADMX_Printing2/PruningRetries** +**ADMX_Printing2/PruningRetries** @@ -372,7 +372,7 @@ If you don't configure or disable this setting, the default values are used. -ADMX Info: +ADMX Info: - GP Friendly name: *Directory pruning retry* - GP name: *PruningRetries* - GP path: *Printers* @@ -383,7 +383,7 @@ ADMX Info:
            -**ADMX_Printing2/PruningRetryLog** +**ADMX_Printing2/PruningRetryLog** @@ -424,7 +424,7 @@ If you disable or don't configure this policy setting, the contact events aren't -ADMX Info: +ADMX Info: - GP Friendly name: *Log directory pruning retry events* - GP name: *PruningRetryLog* - GP path: *Printers* @@ -435,7 +435,7 @@ ADMX Info:
            -**ADMX_Printing2/RegisterSpoolerRemoteRpcEndPoint** +**ADMX_Printing2/RegisterSpoolerRemoteRpcEndPoint** @@ -473,7 +473,7 @@ The spooler must be restarted for changes to this policy to take effect. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Print Spooler to accept client connections* - GP name: *RegisterSpoolerRemoteRpcEndPoint* - GP path: *Printers* @@ -484,7 +484,7 @@ ADMX Info:
            -**ADMX_Printing2/VerifyPublishedState** +**ADMX_Printing2/VerifyPublishedState** @@ -522,7 +522,7 @@ To disable verification, disable this setting, or enable this setting and select -ADMX Info: +ADMX Info: - GP Friendly name: *Check published state* - GP name: *VerifyPublishedState* - GP path: *Printers* diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md index 3758a6ba32..73ecf3f28a 100644 --- a/windows/client-management/mdm/policy-csp-admx-programs.md +++ b/windows/client-management/mdm/policy-csp-admx-programs.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/01/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Programs >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Programs policies +## ADMX_Programs policies
            @@ -54,7 +54,7 @@ manager: aaroncz
            -**ADMX_Programs/NoDefaultPrograms** +**ADMX_Programs/NoDefaultPrograms** @@ -93,7 +93,7 @@ This setting doesn't prevent the Default Programs icon from appearing on the Sta -ADMX Info: +ADMX Info: - GP Friendly name: *Hide "Set Program Access and Computer Defaults" page* - GP name: *NoDefaultPrograms* - GP path: *Control Panel\Programs* @@ -104,7 +104,7 @@ ADMX Info:
            -**ADMX_Programs/NoGetPrograms** +**ADMX_Programs/NoGetPrograms** @@ -130,7 +130,7 @@ ADMX Info: -Prevents users from viewing or installing published programs from the network. +Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View, Programs and Features in Classic View and the "Install a program from the network" task. The "Get Programs" page lists published programs and provides an easy way to install them. @@ -147,7 +147,7 @@ If this setting is disabled or isn't configured, the "Install a program from the -ADMX Info: +ADMX Info: - GP Friendly name: *Hide "Get Programs" page* - GP name: *NoGetPrograms* - GP path: *Control Panel\Programs* @@ -158,7 +158,7 @@ ADMX Info:
            -**ADMX_Programs/NoInstalledUpdates** +**ADMX_Programs/NoInstalledUpdates** @@ -196,7 +196,7 @@ This setting doesn't prevent users from using other tools and methods to install -ADMX Info: +ADMX Info: - GP Friendly name: *Hide "Installed Updates" page* - GP name: *NoInstalledUpdates* - GP path: *Control Panel\Programs* @@ -207,7 +207,7 @@ ADMX Info:
            -**ADMX_Programs/NoProgramsAndFeatures** +**ADMX_Programs/NoProgramsAndFeatures** @@ -243,7 +243,7 @@ This setting doesn't prevent users from using other tools and methods to view or -ADMX Info: +ADMX Info: - GP Friendly name: *Hide "Programs and Features" page* - GP name: *NoProgramsAndFeatures* - GP path: *Control Panel\Programs* @@ -254,7 +254,7 @@ ADMX Info:
            -**ADMX_Programs/NoProgramsCPL** +**ADMX_Programs/NoProgramsCPL** @@ -281,7 +281,7 @@ ADMX Info: This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View. - + The Programs Control Panel allows users to uninstall, change, and repair programs, enable and disable Windows Features, set program defaults, view installed updates, and purchase software from Windows Marketplace. Programs published or assigned to the user by the system administrator also appear in the Programs Control Panel. If this setting is disabled or not configured, the Programs Control Panel in Category View and Programs and Features in Classic View will be available to all users. @@ -294,7 +294,7 @@ This setting doesn't prevent users from using other tools and methods to install -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the Programs Control Panel* - GP name: *NoProgramsCPL* - GP path: *Control Panel\Programs* @@ -305,7 +305,7 @@ ADMX Info:
            -**ADMX_Programs/NoWindowsFeatures** +**ADMX_Programs/NoWindowsFeatures** @@ -341,7 +341,7 @@ This setting doesn't prevent users from using other tools and methods to configu -ADMX Info: +ADMX Info: - GP Friendly name: *Hide "Windows Features"* - GP name: *NoWindowsFeatures* - GP path: *Control Panel\Programs* @@ -352,7 +352,7 @@ ADMX Info:
            -**ADMX_Programs/NoWindowsMarketplace** +**ADMX_Programs/NoWindowsMarketplace** @@ -382,7 +382,7 @@ This setting prevents users from access the "Get new programs from Windows Marke Windows Marketplace allows users to purchase and/or download various programs to their computer for installation. -Enabling this feature doesn't prevent users from navigating to Windows Marketplace using other methods. +Enabling this feature doesn't prevent users from navigating to Windows Marketplace using other methods. If this feature is disabled or isn't configured, the "Get new programs from Windows Marketplace" task link will be available to all users. @@ -393,7 +393,7 @@ If this feature is disabled or isn't configured, the "Get new programs from Wind -ADMX Info: +ADMX Info: - GP Friendly name: *Hide "Windows Marketplace"* - GP name: *NoWindowsMarketplace* - GP path: *Control Panel\Programs* diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md index d5ba645c1e..c70f47a5c0 100644 --- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md +++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/01/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_PushToInstall > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_PushToInstall policies +## ADMX_PushToInstall policies
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**ADMX_PushToInstall/DisablePushToInstall** +**ADMX_PushToInstall/DisablePushToInstall** @@ -67,7 +67,7 @@ If you enable this setting, users will not be able to push Apps to this device f -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Push To Install service* - GP name: *DisablePushToInstall* - GP path: *Windows Components\Push To Install* diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md index bcfa2454cb..dc4e1233c9 100644 --- a/windows/client-management/mdm/policy-csp-admx-radar.md +++ b/windows/client-management/mdm/policy-csp-admx-radar.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/08/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Radar > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Radar policies +## ADMX_Radar policies
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**ADMX_Radar/WdiScenarioExecutionPolicy** +**ADMX_Radar/WdiScenarioExecutionPolicy** @@ -62,16 +62,16 @@ manager: aaroncz -This policy determines the execution level for Windows Resource Exhaustion Detection and Resolution. +This policy determines the execution level for Windows Resource Exhaustion Detection and Resolution. If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes. -These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available. +These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available. If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS. -If you don't configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default. -This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. +If you don't configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default. +This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. No system restart or service restart is required for this policy to take effect; changes take effect immediately. @@ -81,7 +81,7 @@ No system restart or service restart is required for this policy to take effect; -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Scenario Execution Level* - GP name: *WdiScenarioExecutionPolicy* - GP path: *System\Troubleshooting and Diagnostics\Windows Resource Exhaustion Detection and Resolution* diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md index 08a42720fb..b1eab7660f 100644 --- a/windows/client-management/mdm/policy-csp-admx-reliability.md +++ b/windows/client-management/mdm/policy-csp-admx-reliability.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/13/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Reliability >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Reliability policies +## ADMX_Reliability policies
            @@ -44,7 +44,7 @@ manager: aaroncz
            -**ADMX_Reliability/EE_EnablePersistentTimeStamp** +**ADMX_Reliability/EE_EnablePersistentTimeStamp** @@ -85,7 +85,7 @@ If you don't configure this policy setting, the Persistent System Timestamp is r -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Persistent Time Stamp* - GP name: *EE_EnablePersistentTimeStamp* - GP path: *System* @@ -98,7 +98,7 @@ ADMX Info:
            -**ADMX_Reliability/PCH_ReportShutdownEvents** +**ADMX_Reliability/PCH_ReportShutdownEvents** @@ -138,7 +138,7 @@ Also see the "Configure Error Reporting" policy setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Report unplanned shutdown events* - GP name: *PCH_ReportShutdownEvents* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* @@ -151,7 +151,7 @@ ADMX Info:
            -**ADMX_Reliability/ShutdownEventTrackerStateFile** +**ADMX_Reliability/ShutdownEventTrackerStateFile** @@ -192,7 +192,7 @@ If you don't configure this policy setting, the default behavior for the System -ADMX Info: +ADMX Info: - GP Friendly name: *Activate Shutdown Event Tracker System State Data feature* - GP name: *ShutdownEventTrackerStateFile* - GP path: *System* @@ -205,7 +205,7 @@ ADMX Info:
            -**ADMX_Reliability/ShutdownReason** +**ADMX_Reliability/ShutdownReason** @@ -250,7 +250,7 @@ If you don't configure this policy setting, the default behavior for the Shutdow -ADMX Info: +ADMX Info: - GP Friendly name: *Display Shutdown Event Tracker* - GP name: *ShutdownReason* - GP path: *System* diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md index 5d6a8d5676..14e4979617 100644 --- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/14/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_RemoteAssistance >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_RemoteAssistance policies +## ADMX_RemoteAssistance policies
            @@ -38,7 +38,7 @@ manager: aaroncz
            -**ADMX_RemoteAssistance/RA_EncryptedTicketOnly** +**ADMX_RemoteAssistance/RA_EncryptedTicketOnly** @@ -76,7 +76,7 @@ If you don't configure this policy setting, users can configure this setting in -ADMX Info: +ADMX Info: - GP Friendly name: *Allow only Windows Vista or later connections* - GP name: *RA_EncryptedTicketOnly* - GP path: *System\Remote Assistance* @@ -87,7 +87,7 @@ ADMX Info:
            -**ADMX_RemoteAssistance/RA_Optimize_Bandwidth** +**ADMX_RemoteAssistance/RA_Optimize_Bandwidth** @@ -141,7 +141,7 @@ If you don't configure this policy setting, application-based settings are used. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on bandwidth optimization* - GP name: *RA_Optimize_Bandwidth* - GP path: *System\Remote Assistance* diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md index f4f47dc890..9f82c4971d 100644 --- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/10/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_RemovableStorage >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_RemovableStorage policies +## ADMX_RemovableStorage policies
            @@ -128,7 +128,7 @@ manager: aaroncz
            -**ADMX_RemovableStorage/AccessRights_RebootTime_1** +**ADMX_RemovableStorage/AccessRights_RebootTime_1** @@ -167,7 +167,7 @@ If you disable or don't configure this setting, the operating system does not fo -ADMX Info: +ADMX Info: - GP Friendly name: *Set time (in seconds) to force reboot* - GP name: *AccessRights_RebootTime_1* - GP path: *System\Removable Storage Access* @@ -178,7 +178,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/AccessRights_RebootTime_2** +**ADMX_RemovableStorage/AccessRights_RebootTime_2** @@ -217,7 +217,7 @@ If you disable or don't configure this setting, the operating system does not fo -ADMX Info: +ADMX Info: - GP Friendly name: *Set time (in seconds) to force reboot* - GP name: *AccessRights_RebootTime_2* - GP path: *System\Removable Storage Access* @@ -228,7 +228,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2** +**ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2** @@ -264,7 +264,7 @@ If you disable or don't configure this policy setting, execute access is allowed -ADMX Info: +ADMX Info: - GP Friendly name: *CD and DVD: Deny execute access* - GP name: *CDandDVD_DenyExecute_Access_2* - GP path: *System\Removable Storage Access* @@ -275,7 +275,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1** +**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1** @@ -310,7 +310,7 @@ If you disable or don't configure this policy setting, read access is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *CD and DVD: Deny read access* - GP name: *CDandDVD_DenyRead_Access_1* - GP path: *System\Removable Storage Access* @@ -321,7 +321,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2** +**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2** @@ -357,7 +357,7 @@ If you disable or don't configure this policy setting, read access is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *CD and DVD: Deny read access* - GP name: *CDandDVD_DenyRead_Access_2* - GP path: *System\Removable Storage Access* @@ -368,7 +368,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1** +**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1** @@ -404,7 +404,7 @@ If you disable or don't configure this policy setting, write access is allowed t -ADMX Info: +ADMX Info: - GP Friendly name: *CD and DVD: Deny write access* - GP name: *CDandDVD_DenyWrite_Access_1* - GP path: *System\Removable Storage Access* @@ -415,7 +415,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2** +**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2** @@ -451,7 +451,7 @@ If you disable or don't configure this policy setting, write access is allowed t -ADMX Info: +ADMX Info: - GP Friendly name: *CD and DVD: Deny write access* - GP name: *CDandDVD_DenyWrite_Access_2* - GP path: *System\Removable Storage Access* @@ -462,7 +462,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1** +**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1** @@ -498,7 +498,7 @@ If you disable or don't configure this policy setting, read access is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *Custom Classes: Deny read access* - GP name: *CustomClasses_DenyRead_Access_1* - GP path: *System\Removable Storage Access* @@ -509,7 +509,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2** +**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2** @@ -545,7 +545,7 @@ If you disable or don't configure this policy setting, read access is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *Custom Classes: Deny read access* - GP name: *CustomClasses_DenyRead_Access_2* - GP path: *System\Removable Storage Access* @@ -556,7 +556,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1** +**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1** @@ -592,7 +592,7 @@ If you disable or don't configure this policy setting, write access is allowed t -ADMX Info: +ADMX Info: - GP Friendly name: *Custom Classes: Deny write access* - GP name: *CustomClasses_DenyWrite_Access_1* - GP path: *System\Removable Storage Access* @@ -602,7 +602,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2** +**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2** @@ -638,7 +638,7 @@ If you disable or don't configure this policy setting, write access is allowed t -ADMX Info: +ADMX Info: - GP Friendly name: *Custom Classes: Deny write access* - GP name: *CustomClasses_DenyWrite_Access_2* - GP path: *System\Removable Storage Access* @@ -648,7 +648,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2** +**ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2** @@ -684,7 +684,7 @@ If you disable or don't configure this policy setting, execute access is allowed -ADMX Info: +ADMX Info: - GP Friendly name: *Floppy Drives: Deny execute access* - GP name: *FloppyDrives_DenyExecute_Access_2* - GP path: *System\Removable Storage Access* @@ -694,7 +694,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1** +**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1** @@ -730,7 +730,7 @@ If you disable or don't configure this policy setting, read access is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *Floppy Drives: Deny read access* - GP name: *FloppyDrives_DenyRead_Access_1* - GP path: *System\Removable Storage Access* @@ -740,7 +740,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2** +**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2** @@ -776,7 +776,7 @@ If you disable or don't configure this policy setting, read access is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *Floppy Drives: Deny read access* - GP name: *FloppyDrives_DenyRead_Access_2* - GP path: *System\Removable Storage Access* @@ -786,7 +786,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1** +**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1** @@ -821,7 +821,7 @@ If you disable or don't configure this policy setting, write access is allowed t -ADMX Info: +ADMX Info: - GP Friendly name: *Floppy Drives: Deny write access* - GP name: *FloppyDrives_DenyWrite_Access_1* - GP path: *System\Removable Storage Access* @@ -831,7 +831,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2** +**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2** @@ -867,7 +867,7 @@ If you disable or don't configure this policy setting, write access is allowed t -ADMX Info: +ADMX Info: - GP Friendly name: *Floppy Drives: Deny write access* - GP name: *FloppyDrives_DenyWrite_Access_2* - GP path: *System\Removable Storage Access* @@ -877,7 +877,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2** +**ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2** @@ -912,7 +912,7 @@ If you disable or don't configure this policy setting, execute access is allowed -ADMX Info: +ADMX Info: - GP Friendly name: *Removable Disks: Deny execute access* - GP name: *RemovableDisks_DenyExecute_Access_2* - GP path: *System\Removable Storage Access* @@ -922,7 +922,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1** +**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1** @@ -958,7 +958,7 @@ If you disable or don't configure this policy setting, read access is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *Removable Disks: Deny read access* - GP name: *RemovableDisks_DenyRead_Access_1* - GP path: *System\Removable Storage Access* @@ -968,7 +968,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2** +**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2** @@ -1003,7 +1003,7 @@ If you disable or don't configure this policy setting, read access is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *Removable Disks: Deny read access* - GP name: *RemovableDisks_DenyRead_Access_2* - GP path: *System\Removable Storage Access* @@ -1013,7 +1013,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1** +**ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1** @@ -1052,7 +1052,7 @@ If you disable or don't configure this policy setting, write access is allowed t -ADMX Info: +ADMX Info: - GP Friendly name: *Removable Disks: Deny write access* - GP name: *RemovableDisks_DenyWrite_Access_1* - GP path: *System\Removable Storage Access* @@ -1062,7 +1062,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1** +**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1** @@ -1100,7 +1100,7 @@ If you disable or don't configure this policy setting, write and read accesses a -ADMX Info: +ADMX Info: - GP Friendly name: *All Removable Storage classes: Deny all access* - GP name: *RemovableStorageClasses_DenyAll_Access_1* - GP path: *System\Removable Storage Access* @@ -1110,7 +1110,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2** +**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2** @@ -1136,7 +1136,7 @@ ADMX Info: -Configure access to all removable storage classes. +Configure access to all removable storage classes. This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class. @@ -1148,7 +1148,7 @@ If you disable or don't configure this policy setting, write and read accesses a -ADMX Info: +ADMX Info: - GP Friendly name: *All Removable Storage classes: Deny all access* - GP name: *RemovableStorageClasses_DenyAll_Access_2* - GP path: *System\Removable Storage Access* @@ -1158,7 +1158,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/Removable_Remote_Allow_Access** +**ADMX_RemovableStorage/Removable_Remote_Allow_Access** @@ -1194,7 +1194,7 @@ If you disable or don't configure this policy setting, remote users cannot open -ADMX Info: +ADMX Info: - GP Friendly name: *All Removable Storage: Allow direct access in remote sessions* - GP name: *Removable_Remote_Allow_Access* - GP path: *System\Removable Storage Access* @@ -1204,7 +1204,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2** +**ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2** @@ -1240,7 +1240,7 @@ If you disable or don't configure this policy setting, execute access is allowed -ADMX Info: +ADMX Info: - GP Friendly name: *Tape Drives: Deny execute access* - GP name: *TapeDrives_DenyExecute_Access_2* - GP path: *System\Removable Storage Access* @@ -1250,7 +1250,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1** +**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1** @@ -1285,7 +1285,7 @@ If you disable or don't configure this policy setting, read access is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *Tape Drives: Deny read access* - GP name: *TapeDrives_DenyRead_Access_1* - GP path: *System\Removable Storage Access* @@ -1295,7 +1295,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2** +**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2** @@ -1331,7 +1331,7 @@ If you disable or don't configure this policy setting, read access is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *Tape Drives: Deny read access* - GP name: *TapeDrives_DenyRead_Access_2* - GP path: *System\Removable Storage Access* @@ -1341,7 +1341,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1** +**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1** @@ -1376,7 +1376,7 @@ If you disable or don't configure this policy setting, write access is allowed t -ADMX Info: +ADMX Info: - GP Friendly name: *Tape Drives: Deny write access* - GP name: *TapeDrives_DenyWrite_Access_1* - GP path: *System\Removable Storage Access* @@ -1386,7 +1386,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2** +**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2** @@ -1422,7 +1422,7 @@ If you disable or don't configure this policy setting, write access is allowed t -ADMX Info: +ADMX Info: - GP Friendly name: *Tape Drives: Deny write access* - GP name: *TapeDrives_DenyWrite_Access_2* - GP path: *System\Removable Storage Access* @@ -1432,7 +1432,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1** +**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1** @@ -1468,7 +1468,7 @@ If you disable or don't configure this policy setting, read access is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *WPD Devices: Deny read access* - GP name: *WPDDevices_DenyRead_Access_1* - GP path: *System\Removable Storage Access* @@ -1478,7 +1478,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2** +**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2** @@ -1513,7 +1513,7 @@ If you disable or don't configure this policy setting, read access is allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *WPD Devices: Deny read access* - GP name: *WPDDevices_DenyRead_Access_2* - GP path: *System\Removable Storage Access* @@ -1523,7 +1523,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1** +**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1** @@ -1559,7 +1559,7 @@ If you disable or don't configure this policy setting, write access is allowed t -ADMX Info: +ADMX Info: - GP Friendly name: *WPD Devices: Deny write access* - GP name: *WPDDevices_DenyWrite_Access_1* - GP path: *System\Removable Storage Access* @@ -1569,7 +1569,7 @@ ADMX Info:
            -**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2** +**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2** @@ -1605,7 +1605,7 @@ If you disable or don't configure this policy setting, write access is allowed t -ADMX Info: +ADMX Info: - GP Friendly name: *WPD Devices: Deny write access* - GP name: *WPDDevices_DenyWrite_Access_2* - GP path: *System\Removable Storage Access* diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md index 6f085b0205..fa2c673c7b 100644 --- a/windows/client-management/mdm/policy-csp-admx-rpc.md +++ b/windows/client-management/mdm/policy-csp-admx-rpc.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/08/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_RPC > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_RPC policies +## ADMX_RPC policies
            @@ -44,7 +44,7 @@ manager: aaroncz
            -**ADMX_RPC/RpcExtendedErrorInformation** +**ADMX_RPC/RpcExtendedErrorInformation** @@ -99,7 +99,7 @@ You must select an error response type from the folowing options in the drop-dow -ADMX Info: +ADMX Info: - GP Friendly name: *Propagate extended error information* - GP name: *RpcExtendedErrorInformation* - GP path: *System\Remote Procedure Call* @@ -110,7 +110,7 @@ ADMX Info:
            -**ADMX_RPC/RpcIgnoreDelegationFailure** +**ADMX_RPC/RpcIgnoreDelegationFailure** @@ -140,7 +140,7 @@ This policy setting controls whether the RPC Runtime ignores delegation failures The constrained delegation model, introduced in Windows Server 2003, doesn't report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation. -If you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation. +If you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation. If you don't configure this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation. @@ -156,7 +156,7 @@ If you enable this policy setting, then: -ADMX Info: +ADMX Info: - GP Friendly name: *Ignore Delegation Failure* - GP name: *RpcIgnoreDelegationFailure* - GP path: *System\Remote Procedure Call* @@ -168,7 +168,7 @@ ADMX Info:
            -**ADMX_RPC/RpcMinimumHttpConnectionTimeout** +**ADMX_RPC/RpcMinimumHttpConnectionTimeout** @@ -194,7 +194,7 @@ ADMX Info: -This policy setting controls the idle connection timeout for RPC/HTTP connections. +This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases, RPC/HTTP clients may encounter errors because connections will be timed out faster than expected. Using this policy setting you can force the RPC Runtime and the RPC/HTTP Proxy to use a lower connection timeout. @@ -215,7 +215,7 @@ If you enable this policy setting, and the IIS server running the RPC HTTP proxy -ADMX Info: +ADMX Info: - GP Friendly name: *Set Minimum Idle Connection Timeout for RPC/HTTP connections* - GP name: *RpcMinimumHttpConnectionTimeout* - GP path: *System\Remote Procedure Call* @@ -226,7 +226,7 @@ ADMX Info:
            -**ADMX_RPC/RpcStateInformation** +**ADMX_RPC/RpcStateInformation** @@ -256,13 +256,13 @@ This policy setting determines whether the RPC Runtime maintains RPC state infor If you disable this policy setting, the RPC runtime defaults to "Auto2" level. -If you don't configure this policy setting, the RPC defaults to "Auto2" level. +If you don't configure this policy setting, the RPC defaults to "Auto2" level. If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information from the following: - "None" indicates that the system doesn't maintain any RPC state information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting isn't recommended for most installations. - "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory. -- "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server. +- "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server. - "Server" directs RPC to maintain basic state information on the computer, regardless of its capacity. - "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it's recommended for use only while you're investigating an RPC problem. @@ -274,7 +274,7 @@ If you enable this policy setting, you can use the drop-down box to determine wh -ADMX Info: +ADMX Info: - GP Friendly name: *Maintain RPC Troubleshooting State Information* - GP name: *RpcStateInformation* - GP path: *System\Remote Procedure Call* diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md index fec515d046..943789cbb8 100644 --- a/windows/client-management/mdm/policy-csp-admx-scripts.md +++ b/windows/client-management/mdm/policy-csp-admx-scripts.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/17/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Scripts > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Scripts policies +## ADMX_Scripts policies
            @@ -68,7 +68,7 @@ manager: aaroncz
            -**ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled** +**ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled** @@ -104,7 +104,7 @@ If you disable or don't configure this policy setting, user account cross-forest -ADMX Info: +ADMX Info: - GP Friendly name: *Allow logon scripts when NetBIOS or WINS is disabled* - GP name: *Allow_Logon_Script_NetbiosDisabled* - GP path: *System\Scripts* @@ -115,7 +115,7 @@ ADMX Info:
            -**ADMX_Scripts/MaxGPOScriptWaitPolicy** +**ADMX_Scripts/MaxGPOScriptWaitPolicy** @@ -141,13 +141,13 @@ ADMX Info: -This policy setting determines how long the system waits for scripts applied by Group Policy to run. +This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total time allowed for all logon, logoff, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts haven't finished running when the specified time expires, the system stops script processing and records an error event. -If you enable this setting, then, in the Seconds box, you can type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0. +If you enable this setting, then, in the Seconds box, you can type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0. -This interval is important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the "Run logon scripts synchronously" setting to direct the system to wait for the logon scripts to complete before loading the desktop. +This interval is important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the "Run logon scripts synchronously" setting to direct the system to wait for the logon scripts to complete before loading the desktop. An excessively long interval can delay the system and cause inconvenience to users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely. @@ -157,7 +157,7 @@ If you disable or don't configure this setting, the system lets the combined set -ADMX Info: +ADMX Info: - GP Friendly name: *Specify maximum wait time for Group Policy scripts* - GP name: *MaxGPOScriptWaitPolicy* - GP path: *System\Scripts* @@ -168,7 +168,7 @@ ADMX Info:
            -**ADMX_Scripts/Run_Computer_PS_Scripts_First** +**ADMX_Scripts/Run_Computer_PS_Scripts_First** @@ -194,25 +194,25 @@ ADMX Info: -This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. - -If you enable this policy setting, within each applicable Group Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. +This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. -For example, assume the following scenario: +If you enable this policy setting, within each applicable Group Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. -There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A. +For example, assume the following scenario: + +There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A. GPO B and GPO C include the following computer startup scripts: - GPO B: B.cmd, B.ps1 - GPO C: C.cmd, C.ps1 -Assume also that there are two computers, DesktopIT and DesktopSales. +Assume also that there are two computers, DesktopIT and DesktopSales. For DesktopIT, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for DesktopIT: - Within GPO B: B.ps1, B.cmd - Within GPO C: C.ps1, C.cmd - + For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for DesktopSales: - Within GPO B: B.cmd, B.ps1 @@ -227,7 +227,7 @@ For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the script -ADMX Info: +ADMX Info: - GP Friendly name: *Run Windows PowerShell scripts first at computer startup, shutdown* - GP name: *Run_Computer_PS_Scripts_First* - GP path: *System\Scripts* @@ -238,7 +238,7 @@ ADMX Info:
            -**ADMX_Scripts/Run_Legacy_Logon_Script_Hidden** +**ADMX_Scripts/Run_Legacy_Logon_Script_Hidden** @@ -264,7 +264,7 @@ ADMX Info: -This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. +This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default, Windows displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it doesn't display logon scripts written for Windows. @@ -278,7 +278,7 @@ Also, see the "Run Logon Scripts Visible" setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Run legacy logon scripts hidden* - GP name: *Run_Legacy_Logon_Script_Hidden* - GP path: *System\Scripts* @@ -289,7 +289,7 @@ ADMX Info:
            -**ADMX_Scripts/Run_Logoff_Script_Visible** +**ADMX_Scripts/Run_Logoff_Script_Visible** @@ -327,7 +327,7 @@ If you disable or don't configure this policy setting, the instructions are supp -ADMX Info: +ADMX Info: - GP Friendly name: *Display instructions in logoff scripts as they run* - GP name: *Run_Logoff_Script_Visible* - GP path: *System\Scripts* @@ -338,7 +338,7 @@ ADMX Info:
            -**ADMX_Scripts/Run_Logon_Script_Sync_1** +**ADMX_Scripts/Run_Logon_Script_Sync_1** @@ -376,7 +376,7 @@ This policy setting appears in the Computer Configuration and User Configuration -ADMX Info: +ADMX Info: - GP Friendly name: *Run logon scripts synchronously* - GP name: *Run_Logon_Script_Sync_1* - GP path: *System\Scripts* @@ -387,7 +387,7 @@ ADMX Info:
            -**ADMX_Scripts/Run_Logon_Script_Sync_2** +**ADMX_Scripts/Run_Logon_Script_Sync_2** @@ -425,7 +425,7 @@ This policy setting appears in the Computer Configuration and User Configuration -ADMX Info: +ADMX Info: - GP Friendly name: *Run logon scripts synchronously* - GP name: *Run_Logon_Script_Sync_2* - GP path: *System\Scripts* @@ -436,7 +436,7 @@ ADMX Info:
            -**ADMX_Scripts/Run_Logon_Script_Visible** +**ADMX_Scripts/Run_Logon_Script_Visible** @@ -474,7 +474,7 @@ If you disable or don't configure this policy setting, the instructions are supp -ADMX Info: +ADMX Info: - GP Friendly name: *Display instructions in logon scripts as they run* - GP name: *Run_Logon_Script_Visible* - GP path: *System\Scripts* @@ -485,7 +485,7 @@ ADMX Info:
            -**ADMX_Scripts/Run_Shutdown_Script_Visible** +**ADMX_Scripts/Run_Shutdown_Script_Visible** @@ -523,7 +523,7 @@ If you disable or don't configure this policy setting, the instructions are supp -ADMX Info: +ADMX Info: - GP Friendly name: *Display instructions in shutdown scripts as they run* - GP name: *Run_Shutdown_Script_Visible* - GP path: *System\Scripts* @@ -534,7 +534,7 @@ ADMX Info:
            -**ADMX_Scripts/Run_Startup_Script_Sync** +**ADMX_Scripts/Run_Startup_Script_Sync** @@ -575,7 +575,7 @@ If you disable or don't configure this policy setting, a startup can't run until -ADMX Info: +ADMX Info: - GP Friendly name: *Run startup scripts asynchronously* - GP name: *Run_Startup_Script_Sync* - GP path: *System\Scripts* @@ -586,7 +586,7 @@ ADMX Info:
            -**ADMX_Scripts/Run_Startup_Script_Visible** +**ADMX_Scripts/Run_Startup_Script_Visible** @@ -627,7 +627,7 @@ If you disable or don't configure this policy setting, the instructions are supp -ADMX Info: +ADMX Info: - GP Friendly name: *Display instructions in startup scripts as they run* - GP name: *Run_Startup_Script_Visible* - GP path: *System\Scripts* @@ -638,7 +638,7 @@ ADMX Info:
            -**ADMX_Scripts/Run_User_PS_Scripts_First** +**ADMX_Scripts/Run_User_PS_Scripts_First** @@ -665,25 +665,25 @@ ADMX Info: -This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user sign in and sign out. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. - -If you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user sign in and sign out. +This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user sign in and sign out. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. -For example, assume the following scenario: +If you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user sign in and sign out. -There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A. +For example, assume the following scenario: + +There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A. GPO B and GPO C include the following user logon scripts: - GPO B: B.cmd, B.ps1 - GPO C: C.cmd, C.ps1 -Assume also that there are two users, Qin Hong and Tamara Johnston. +Assume also that there are two users, Qin Hong and Tamara Johnston. For Qin, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin: - Within GPO B: B.ps1, B.cmd - Within GPO C: C.ps1, C.cmd - + For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for Tamara: - Within GPO B: B.cmd, B.ps1 @@ -700,7 +700,7 @@ This policy setting appears in the Computer Configuration and User Configuration -ADMX Info: +ADMX Info: - GP Friendly name: *Run Windows PowerShell scripts first at user logon, logoff* - GP name: *Run_User_PS_Scripts_First* - GP path: *System\Scripts* diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index 354380bdd2..37bf96fbf0 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/18/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_sdiageng > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_sdiageng policies +## ADMX_sdiageng policies
            @@ -41,7 +41,7 @@ manager: aaroncz
            -**ADMX_sdiageng/BetterWhenConnected** +**ADMX_sdiageng/BetterWhenConnected** @@ -77,7 +77,7 @@ If you disable this policy setting, users can only access and search troubleshoo -ADMX Info: +ADMX Info: - GP Friendly name: *Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)* - GP name: *BetterWhenConnected* - GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics* @@ -88,7 +88,7 @@ ADMX Info:
            -**ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy** +**ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy** @@ -127,7 +127,7 @@ If this policy setting is disabled, the users cannot access or run the troublesh -ADMX Info: +ADMX Info: - GP Friendly name: *Troubleshooting: Allow users to access and run Troubleshooting Wizards* - GP name: *ScriptedDiagnosticsExecutionPolicy* - GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics* @@ -138,7 +138,7 @@ ADMX Info:
            -**ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy** +**ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy** @@ -174,7 +174,7 @@ If you disable or don't configure this policy setting, the scripted diagnostics -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Security Policy for Scripted Diagnostics* - GP name: *ScriptedDiagnosticsSecurityPolicy* - GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics* diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md index 84cea15e19..fb23412261 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/17/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            -## ADMX_sdiagschd policies +## ADMX_sdiagschd policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**ADMX_sdiagschd/ScheduledDiagnosticsExecutionPolicy** +**ADMX_sdiagschd/ScheduledDiagnosticsExecutionPolicy** @@ -62,21 +62,21 @@ manager: aaroncz -This policy determines whether scheduled diagnostics will run to proactively detect and resolve system problems. +This policy determines whether scheduled diagnostics will run to proactively detect and resolve system problems. If you enable this policy setting, you must choose an execution level from the following: -- If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution. -- If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input. +- If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution. +- If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input. -If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis. +If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis. If you don't configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting and resolution by default. No reboots or service restarts are required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics won't be executed. The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Console. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Scheduled Maintenance Behavior* - GP name: *ScheduledDiagnosticsExecutionPolicy* - GP path: *System\Troubleshooting and Diagnostics\Scheduled Maintenance* diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index 66efb88c7f..39be50a3c1 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/18/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Securitycenter > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Securitycenter policies +## ADMX_Securitycenter policies
            @@ -35,7 +35,7 @@ manager: aaroncz
            -**ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain** +**ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain** @@ -61,15 +61,15 @@ manager: aaroncz -This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. +This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. -The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed. +The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed. Security Center can only be turned off for computers that are joined to a Windows domain. When a computer isn't joined to a Windows domain, the policy setting will have no effect. -If you don't configure this policy setting, the Security Center is turned off for domain members. +If you don't configure this policy setting, the Security Center is turned off for domain members. -If you enable this policy setting, Security Center is turned on for all users. +If you enable this policy setting, Security Center is turned on for all users. If you disable this policy setting, Security Center is turned off for domain members. @@ -78,7 +78,7 @@ If you disable this policy setting, Security Center is turned off for domain mem -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Security Center (Domain PCs only)* - GP name: *SecurityCenter_SecurityCenterInDomain* - GP path: *Windows Components\Security Center* diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md index 37049367dc..bb64624c96 100644 --- a/windows/client-management/mdm/policy-csp-admx-sensors.md +++ b/windows/client-management/mdm/policy-csp-admx-sensors.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/22/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Sensors > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Sensors policies +## ADMX_Sensors policies
            @@ -47,7 +47,7 @@ manager: aaroncz
            -**ADMX_Sensors/DisableLocationScripting_1** +**ADMX_Sensors/DisableLocationScripting_1** @@ -83,7 +83,7 @@ If you disable or don't configure this policy setting, all location scripts will -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off location scripting* - GP name: *DisableLocationScripting_1* - GP path: *Windows Components\Location and Sensors* @@ -94,7 +94,7 @@ ADMX Info:
            -**ADMX_Sensors/DisableLocationScripting_2** +**ADMX_Sensors/DisableLocationScripting_2** @@ -130,7 +130,7 @@ If you disable or don't configure this policy setting, all location scripts will -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off location scripting* - GP name: *DisableLocationScripting_2* - GP path: *Windows Components\Location and Sensors* @@ -141,7 +141,7 @@ ADMX Info:
            -**ADMX_Sensors/DisableLocation_1** +**ADMX_Sensors/DisableLocation_1** @@ -177,7 +177,7 @@ If you disable or don't configure this policy setting, all programs on this comp -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off location* - GP name: *DisableLocation_1* - GP path: *Windows Components\Location and Sensors* @@ -188,7 +188,7 @@ ADMX Info:
            -**ADMX_Sensors/DisableSensors_1** +**ADMX_Sensors/DisableSensors_1** @@ -224,7 +224,7 @@ If you disable or don't configure this policy setting, all programs on this comp -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off sensors* - GP name: *DisableSensors_1* - GP path: *Windows Components\Location and Sensors* @@ -235,7 +235,7 @@ ADMX Info:
            -**ADMX_Sensors/DisableSensors_2** +**ADMX_Sensors/DisableSensors_2** @@ -271,7 +271,7 @@ If you disable or don't configure this policy setting, all programs on this comp -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off sensors* - GP name: *DisableSensors_2* - GP path: *Windows Components\Location and Sensors* diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md index 2f5de5c9a8..893b05aac3 100644 --- a/windows/client-management/mdm/policy-csp-admx-servermanager.md +++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/18/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            -## ADMX_ServerManager policies +## ADMX_ServerManager policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -45,7 +45,7 @@ manager: aaroncz
            -**ADMX_ServerManager/Do_not_display_Manage_Your_Server_page** +**ADMX_ServerManager/Do_not_display_Manage_Your_Server_page** @@ -71,13 +71,13 @@ manager: aaroncz -This policy setting allows you to turn off the automatic display of Server Manager at sign in. +This policy setting allows you to turn off the automatic display of Server Manager at sign in. -If you enable this policy setting, Server Manager isn't displayed automatically when a user signs in to the server. +If you enable this policy setting, Server Manager isn't displayed automatically when a user signs in to the server. -If you disable this policy setting, Server Manager is displayed automatically when a user signs in to the server. +If you disable this policy setting, Server Manager is displayed automatically when a user signs in to the server. -If you don't configure this policy setting, Server Manager is displayed when a user signs in to the server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or “Do not start Server Manager automatically at logon” (Windows Server 2012) option is selected, the console isn't displayed automatically at a sign in. +If you don't configure this policy setting, Server Manager is displayed when a user signs in to the server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or “Do not start Server Manager automatically at logon” (Windows Server 2012) option is selected, the console isn't displayed automatically at a sign in. > [!NOTE] > Regardless of the status of this policy setting, Server Manager is available from the Start menu or the Windows taskbar. @@ -86,7 +86,7 @@ If you don't configure this policy setting, Server Manager is displayed when a u -ADMX Info: +ADMX Info: - GP Friendly name: *Do not display Server Manager automatically at logon* - GP name: *Do_not_display_Manage_Your_Server_page* - GP path: *System\Server Manager* @@ -98,7 +98,7 @@ ADMX Info: -**ADMX_ServerManager/ServerManagerAutoRefreshRate** +**ADMX_ServerManager/ServerManagerAutoRefreshRate** @@ -124,11 +124,11 @@ ADMX Info: -This policy setting allows you to set the refresh interval for Server Manager. Each refresh provides Server Manager with updated information about which roles and features are installed on servers that you're managing by using Server Manager. Server Manager also monitors the status of roles and features installed on managed servers. +This policy setting allows you to set the refresh interval for Server Manager. Each refresh provides Server Manager with updated information about which roles and features are installed on servers that you're managing by using Server Manager. Server Manager also monitors the status of roles and features installed on managed servers. -- If you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting instead of the “Configure Refresh Interval” setting (in Windows Server 2008 and Windows Server 2008 R2), or the “Refresh the data shown in Server Manager every [x] [minutes/hours/days]” setting (in Windows Server 2012) that is configured in the Server Manager console. +- If you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting instead of the “Configure Refresh Interval” setting (in Windows Server 2008 and Windows Server 2008 R2), or the “Refresh the data shown in Server Manager every [x] [minutes/hours/days]” setting (in Windows Server 2012) that is configured in the Server Manager console. -- If you disable this policy setting, Server Manager doesn't refresh automatically. If you don't configure this policy setting, Server Manager uses the refresh interval settings that are specified in the Server Manager console. +- If you disable this policy setting, Server Manager doesn't refresh automatically. If you don't configure this policy setting, Server Manager uses the refresh interval settings that are specified in the Server Manager console. > [!NOTE] > The default refresh interval for Server Manager is two minutes in Windows Server 2008 and Windows Server 2008 R2, or 10 minutes in Windows Server 2012. @@ -138,7 +138,7 @@ This policy setting allows you to set the refresh interval for Server Manager. E -ADMX Info: +ADMX Info: - GP Friendly name: *Configure the refresh interval for Server Manager* - GP name: *ServerManagerAutoRefreshRate* - GP path: *System\Server Manager* @@ -149,7 +149,7 @@ ADMX Info:
            -**ADMX_ServerManager/DoNotLaunchInitialConfigurationTasks** +**ADMX_ServerManager/DoNotLaunchInitialConfigurationTasks** @@ -175,9 +175,9 @@ ADMX Info: -This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at a sign in on Windows Server 2008 and Windows Server 2008 R2. +This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at a sign in on Windows Server 2008 and Windows Server 2008 R2. -If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator signs in to the server. +If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator signs in to the server. If you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server. @@ -187,7 +187,7 @@ If you don't configure this policy setting, the Initial Configuration Tasks wind -ADMX Info: +ADMX Info: - GP Friendly name: *Do not display Initial Configuration Tasks window automatically at logon* - GP name: *DoNotLaunchInitialConfigurationTasks* - GP path: *System\Server Manager* @@ -198,7 +198,7 @@ ADMX Info:
            -**ADMX_ServerManager/DoNotLaunchServerManager** +**ADMX_ServerManager/DoNotLaunchServerManager** @@ -224,11 +224,11 @@ ADMX Info: -This policy setting allows you to turn off the automatic display of the Manage Your Server page. +This policy setting allows you to turn off the automatic display of the Manage Your Server page. -- If you enable this policy setting, the Manage Your Server page isn't displayed each time an administrator signs in to the server. +- If you enable this policy setting, the Manage Your Server page isn't displayed each time an administrator signs in to the server. -- If you disable or don't configure this policy setting, the Manage Your Server page is displayed each time an administrator signs in to the server. +- If you disable or don't configure this policy setting, the Manage Your Server page is displayed each time an administrator signs in to the server. However, if the administrator has selected the "Don’t display this page at logon" option at the bottom of the Manage Your Server page, the page isn't displayed. @@ -236,7 +236,7 @@ However, if the administrator has selected the "Don’t display this page at log -ADMX Info: +ADMX Info: - GP Friendly name: *Do not display Manage Your Server page at logon* - GP name: *DoNotLaunchServerManager* - GP path: *System\Server Manager* diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index 07ca3a013c..9f50b7554c 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/18/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,7 +18,7 @@ manager: aaroncz
            -## ADMX_Servicing policies +## ADMX_Servicing policies
            @@ -30,7 +30,7 @@ manager: aaroncz
            -**ADMX_Servicing/Servicing** +**ADMX_Servicing/Servicing** @@ -58,7 +58,7 @@ manager: aaroncz This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed. -If you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path to the new location in the "Alternate source file path" text box. Multiple locations can be specified when each path is separated by a semicolon. +If you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path to the new location in the "Alternate source file path" text box. Multiple locations can be specified when each path is separated by a semicolon. The network location can be either a folder, or a WIM file. If it's a WIM file, the location should be specified by prefixing the path with “wim:” and include the index of the image to use in the WIM file, for example, “wim:\\server\share\install.wim:3”. @@ -68,7 +68,7 @@ If you disable or don't configure this policy setting, or if the required files -ADMX Info: +ADMX Info: - GP Friendly name: *Specify settings for optional component installation and component repair* - GP name: *Servicing* - GP path: *System* diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md index c68630eec1..167deff26e 100644 --- a/windows/client-management/mdm/policy-csp-admx-settingsync.md +++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/01/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_SettingSync > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_SettingSync policies +## ADMX_SettingSync policies
            @@ -59,7 +59,7 @@ manager: aaroncz
            -**ADMX_SettingSync/DisableAppSyncSettingSync** +**ADMX_SettingSync/DisableAppSyncSettingSync** @@ -97,7 +97,7 @@ If you don't set or disable this setting, syncing of the "AppSync" group is on b -ADMX Info: +ADMX Info: - GP Friendly name: *Do not sync Apps* - GP name: *DisableAppSyncSettingSync* - GP path: *Windows Components\Sync your settings* @@ -108,7 +108,7 @@ ADMX Info:
            -**ADMX_SettingSync/DisableApplicationSettingSync** +**ADMX_SettingSync/DisableApplicationSettingSync** @@ -146,7 +146,7 @@ If you don't set or disable this setting, syncing of the "app settings" group is -ADMX Info: +ADMX Info: - GP Friendly name: *Do not sync app settings* - GP name: *DisableApplicationSettingSync* - GP path: *Windows Components\Sync your settings* @@ -157,7 +157,7 @@ ADMX Info:
            -**ADMX_SettingSync/DisableCredentialsSettingSync** +**ADMX_SettingSync/DisableCredentialsSettingSync** @@ -195,7 +195,7 @@ If you don't set or disable this setting, syncing of the "passwords" group is on -ADMX Info: +ADMX Info: - GP Friendly name: *Do not sync passwords* - GP name: *DisableCredentialsSettingSync* - GP path: *Windows Components\Sync your settings* @@ -206,7 +206,7 @@ ADMX Info:
            -**ADMX_SettingSync/DisableDesktopThemeSettingSync** +**ADMX_SettingSync/DisableDesktopThemeSettingSync** @@ -244,7 +244,7 @@ If you don't set or disable this setting, syncing of the "desktop personalizatio -ADMX Info: +ADMX Info: - GP Friendly name: *Do not sync desktop personalization* - GP name: *DisableDesktopThemeSettingSync* - GP path: *Windows Components\Sync your settings* @@ -255,7 +255,7 @@ ADMX Info:
            -**ADMX_SettingSync/DisablePersonalizationSettingSync** +**ADMX_SettingSync/DisablePersonalizationSettingSync** @@ -293,7 +293,7 @@ If you don't set or disable this setting, syncing of the "personalize" group is -ADMX Info: +ADMX Info: - GP Friendly name: *Do not sync personalize* - GP name: *DisablePersonalizationSettingSync* - GP path: *Windows Components\Sync your settings* @@ -304,7 +304,7 @@ ADMX Info:
            -**ADMX_SettingSync/DisableSettingSync** +**ADMX_SettingSync/DisableSettingSync** @@ -342,7 +342,7 @@ If you don't set or disable this setting, "sync your settings" is on by default -ADMX Info: +ADMX Info: - GP Friendly name: *Do not sync* - GP name: *DisableSettingSync* - GP path: *Windows Components\Sync your settings* @@ -353,7 +353,7 @@ ADMX Info:
            -**ADMX_SettingSync/DisableStartLayoutSettingSync** +**ADMX_SettingSync/DisableStartLayoutSettingSync** @@ -391,7 +391,7 @@ If you don't set or disable this setting, syncing of the "Start layout" group is -ADMX Info: +ADMX Info: - GP Friendly name: *Do not sync start settings* - GP name: *DisableStartLayoutSettingSync* - GP path: *Windows Components\Sync your settings* @@ -402,7 +402,7 @@ ADMX Info:
            -**ADMX_SettingSync/DisableSyncOnPaidNetwork** +**ADMX_SettingSync/DisableSyncOnPaidNetwork** @@ -438,7 +438,7 @@ If you don't set or disable this setting, syncing on metered connections is conf -ADMX Info: +ADMX Info: - GP Friendly name: *Do not sync on metered connections* - GP name: *DisableSyncOnPaidNetwork* - GP path: *Windows Components\Sync your settings* @@ -449,7 +449,7 @@ ADMX Info:
            -**ADMX_SettingSync/DisableWindowsSettingSync** +**ADMX_SettingSync/DisableWindowsSettingSync** @@ -487,7 +487,7 @@ If you don't set or disable this setting, syncing of the "Other Windows settings -ADMX Info: +ADMX Info: - GP Friendly name: *Do not sync other Windows settings* - GP name: *DisableWindowsSettingSync* - GP path: *Windows Components\Sync your settings* diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md index a018d51a65..c8fb6904dc 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md +++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/21/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_SharedFolders > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_SharedFolders policies +## ADMX_SharedFolders policies
            @@ -37,7 +37,7 @@ manager: aaroncz
            -**ADMX_SharedFolders/PublishDfsRoots** +**ADMX_SharedFolders/PublishDfsRoots** @@ -67,7 +67,7 @@ This policy setting determines whether the user can publish DFS roots in Active If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS . -If you disable this policy setting, users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled. +If you disable this policy setting, users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled. > [!NOTE] > The default is to allow shared folders to be published when this setting is not configured. @@ -76,7 +76,7 @@ If you disable this policy setting, users cannot publish DFS roots in AD DS and -ADMX Info: +ADMX Info: - GP Friendly name: *Allow DFS roots to be published* - GP name: *PublishDfsRoots* - GP path: *Shared Folders* @@ -88,7 +88,7 @@ ADMX Info:
            -**ADMX_SharedFolders/PublishSharedFolders** +**ADMX_SharedFolders/PublishSharedFolders** @@ -118,7 +118,7 @@ This policy setting determines whether the user can publish shared folders in Ac If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS. -If you disable this policy setting, users can't publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled. +If you disable this policy setting, users can't publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled. > [!NOTE] > The default is to allow shared folders to be published when this setting is not configured. @@ -127,7 +127,7 @@ If you disable this policy setting, users can't publish shared folders in AD DS, -ADMX Info: +ADMX Info: - GP Friendly name: *Allow shared folders to be published* - GP name: *PublishSharedFolders* - GP path: *Shared Folders* diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md index 77f8afb7f8..a1593e1849 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharing.md +++ b/windows/client-management/mdm/policy-csp-admx-sharing.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/21/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Sharing > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Sharing policies +## ADMX_Sharing policies
            @@ -34,7 +34,7 @@ manager: aaroncz
            -**ADMX_Sharing/NoInplaceSharing** +**ADMX_Sharing/NoInplaceSharing** @@ -70,7 +70,7 @@ If you disable or don't configure this policy setting, users can share files out -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent users from sharing files within their profile.* - GP name: *NoInplaceSharing* - GP path: *Windows Components\Network Sharing* diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md index fa6a4ebe37..c13e597795 100644 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/18/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            -## ADMX_ShellCommandPromptRegEditTools policies +## ADMX_ShellCommandPromptRegEditTools policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -45,7 +45,7 @@ manager: aaroncz
            -**ADMX_ShellCommandPromptRegEditTools/DisallowApps** +**ADMX_ShellCommandPromptRegEditTools/DisallowApps** @@ -72,13 +72,13 @@ manager: aaroncz This policy setting prevents users from running the interactive command prompt `Cmd.exe`. - + This policy setting also determines whether batch files (.cmd and .bat) can run on the computer. -If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. . +If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. . + +If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally. -If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally. - > [!NOTE] > Don't prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services. @@ -87,7 +87,7 @@ If you disable this policy setting or don't configure it, users can run Cmd.exe -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent access to the command prompt* - GP name: *DisallowApps* - GP path: *System* @@ -99,7 +99,7 @@ ADMX Info: -**ADMX_ShellCommandPromptRegEditTools/DisableRegedit** +**ADMX_ShellCommandPromptRegEditTools/DisableRegedit** @@ -125,11 +125,11 @@ ADMX Info: -This policy setting disables the Windows registry editor `Regedit.exe`. +This policy setting disables the Windows registry editor `Regedit.exe`. -If you enable this policy setting and the user tries to start `Regedit.exe`, a message appears explaining that a policy setting prevents the action. +If you enable this policy setting and the user tries to start `Regedit.exe`, a message appears explaining that a policy setting prevents the action. -If you disable this policy setting or don't configure it, users can run `Regedit.exe` normally. +If you disable this policy setting or don't configure it, users can run `Regedit.exe` normally. To prevent users from using other administrative tools, use the "Run only specified Windows applications" policy setting. @@ -137,7 +137,7 @@ To prevent users from using other administrative tools, use the "Run only specif -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent access to registry editing tools* - GP name: *DisableRegedit* - GP path: *System\Server Manager* @@ -148,7 +148,7 @@ ADMX Info:
            -**ADMX_ShellCommandPromptRegEditTools/DisableCMD** +**ADMX_ShellCommandPromptRegEditTools/DisableCMD** @@ -174,15 +174,15 @@ ADMX Info: -This policy setting limits the Windows programs that users have permission to run on the computer. +This policy setting limits the Windows programs that users have permission to run on the computer. -If you enable this policy setting, users can only run programs that you add to the list of allowed applications. +If you enable this policy setting, users can only run programs that you add to the list of allowed applications. If you disable this policy setting or don't configure it, users can run all applications. This policy setting only prevents users from running programs that are started by the File Explorer process. -It doesn't prevent users from running programs such as Task Manager, which is started by the system process or by other processes. Also, if users have access to the command prompt `Cmd.exe`, this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. +It doesn't prevent users from running programs such as Task Manager, which is started by the system process or by other processes. Also, if users have access to the command prompt `Cmd.exe`, this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. -Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. +Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe). @@ -190,7 +190,7 @@ To create a list of allowed applications, click Show. In the Show Contents dial -ADMX Info: +ADMX Info: - GP Friendly name: *Run only specified Windows applications* - GP name: *DisableCMD* - GP path: *System* @@ -201,7 +201,7 @@ ADMX Info:
            -**ADMX_ShellCommandPromptRegEditTools/RestrictApps** +**ADMX_ShellCommandPromptRegEditTools/RestrictApps** @@ -227,13 +227,13 @@ ADMX Info: -This policy setting prevents Windows from running the programs you specify in this policy setting. +This policy setting prevents Windows from running the programs you specify in this policy setting. -If you enable this policy setting, users can't run programs that you add to the list of disallowed applications. +If you enable this policy setting, users can't run programs that you add to the list of disallowed applications. -If you disable this policy setting or don't configure it, users can run any programs. +If you disable this policy setting or don't configure it, users can run any programs. -This policy setting only prevents users from running programs that are started by the File Explorer process. It doesn't prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. +This policy setting only prevents users from running programs that are started by the File Explorer process. It doesn't prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. @@ -244,7 +244,7 @@ To create a list of allowed applications, click Show. In the Show Contents dialo -ADMX Info: +ADMX Info: - GP Friendly name: *Don't run specified Windows applications* - GP name: *RestrictApps* - GP path: *System* diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index 8145f4e15f..0109708486 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/23/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Smartcard > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Smartcard policies +## ADMX_Smartcard policies
            @@ -80,7 +80,7 @@ manager: aaroncz
            -**ADMX_Smartcard/AllowCertificatesWithNoEKU** +**ADMX_Smartcard/AllowCertificatesWithNoEKU** @@ -122,7 +122,7 @@ If you disable or don't configure this policy setting, only certificates that co -ADMX Info: +ADMX Info: - GP Friendly name: *Allow certificates with no extended key usage certificate attribute* - GP name: *AllowCertificatesWithNoEKU* - GP path: *Windows Components\Smart Card* @@ -133,7 +133,7 @@ ADMX Info:
            -**ADMX_Smartcard/AllowIntegratedUnblock** +**ADMX_Smartcard/AllowIntegratedUnblock** @@ -171,7 +171,7 @@ If you disable or don't configure this policy setting then the integrated unbloc -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Integrated Unblock screen to be displayed at the time of logon* - GP name: *AllowIntegratedUnblock* - GP path: *Windows Components\Smart Card* @@ -182,7 +182,7 @@ ADMX Info:
            -**ADMX_Smartcard/AllowSignatureOnlyKeys** +**ADMX_Smartcard/AllowSignatureOnlyKeys** @@ -218,7 +218,7 @@ If you disable or don't configure this policy setting, any available smart card -ADMX Info: +ADMX Info: - GP Friendly name: *Allow signature keys valid for Logon* - GP name: *AllowSignatureOnlyKeys* - GP path: *Windows Components\Smart Card* @@ -229,7 +229,7 @@ ADMX Info:
            -**ADMX_Smartcard/AllowTimeInvalidCertificates** +**ADMX_Smartcard/AllowTimeInvalidCertificates** @@ -257,7 +257,7 @@ ADMX Info: This policy setting permits those certificates to be displayed for a sign-in, which are either expired or not yet valid. -Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls displaying of the certificate on the client machine. +Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls displaying of the certificate on the client machine. If you enable this policy setting, certificates will be listed on the sign-in screen regardless of whether they have an invalid time or their time validity has expired. @@ -267,7 +267,7 @@ If you disable or don't configure this policy setting, certificates that are exp -ADMX Info: +ADMX Info: - GP Friendly name: *Allow time invalid certificates* - GP name: *AllowTimeInvalidCertificates* - GP path: *Windows Components\Smart Card* @@ -278,7 +278,7 @@ ADMX Info:
            -**ADMX_Smartcard/CertPropEnabledString** +**ADMX_Smartcard/CertPropEnabledString** @@ -314,7 +314,7 @@ If you disable this policy setting, certificate propagation won't occur and the -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on certificate propagation from smart card* - GP name: *CertPropEnabledString* - GP path: *Windows Components\Smart Card* @@ -325,7 +325,7 @@ ADMX Info:
            -**ADMX_Smartcard/CertPropRootCleanupString** +**ADMX_Smartcard/CertPropRootCleanupString** @@ -351,9 +351,9 @@ ADMX Info: -This policy setting allows you to manage the cleanup behavior of root certificates. +This policy setting allows you to manage the cleanup behavior of root certificates. -If you enable this policy setting, then root certificate cleanup will occur according to the option selected. +If you enable this policy setting, then root certificate cleanup will occur according to the option selected. If you disable or don't configure this setting then root certificate cleanup will occur on a sign out. @@ -361,7 +361,7 @@ If you disable or don't configure this setting then root certificate cleanup wil -ADMX Info: +ADMX Info: - GP Friendly name: *Configure root certificate clean up* - GP name: *CertPropRootCleanupString* - GP path: *Windows Components\Smart Card* @@ -372,7 +372,7 @@ ADMX Info:
            -**ADMX_Smartcard/CertPropRootEnabledString** +**ADMX_Smartcard/CertPropRootEnabledString** @@ -411,7 +411,7 @@ If you disable this policy setting, then root certificates won't be propagated f -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on root certificate propagation from smart card* - GP name: *CertPropRootEnabledString* - GP path: *Windows Components\Smart Card* @@ -422,7 +422,7 @@ ADMX Info:
            -**ADMX_Smartcard/DisallowPlaintextPin** +**ADMX_Smartcard/DisallowPlaintextPin** @@ -448,9 +448,9 @@ ADMX Info: -This policy setting prevents plaintext PINs from being returned by Credential Manager. +This policy setting prevents plaintext PINs from being returned by Credential Manager. -If you enable this policy setting, Credential Manager doesn't return a plaintext PIN. +If you enable this policy setting, Credential Manager doesn't return a plaintext PIN. If you disable or don't configure this policy setting, plaintext PINs can be returned by Credential Manager. @@ -461,7 +461,7 @@ If you disable or don't configure this policy setting, plaintext PINs can be ret -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent plaintext PINs from being returned by Credential Manager* - GP name: *DisallowPlaintextPin* - GP path: *Windows Components\Smart Card* @@ -472,7 +472,7 @@ ADMX Info:
            -**ADMX_Smartcard/EnumerateECCCerts** +**ADMX_Smartcard/EnumerateECCCerts** @@ -505,14 +505,14 @@ If you enable this policy setting, ECC certificates on a smart card can be used If you disable or don't configure this policy setting, ECC certificates on a smart card can't be used to sign in to a domain. > [!NOTE] -> This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting. +> This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting. > If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow ECC certificates to be used for logon and authentication* - GP name: *EnumerateECCCerts* - GP path: *Windows Components\Smart Card* @@ -523,7 +523,7 @@ ADMX Info:
            -**ADMX_Smartcard/FilterDuplicateCerts** +**ADMX_Smartcard/FilterDuplicateCerts** @@ -553,7 +553,7 @@ This policy setting lets you configure if all your valid logon certificates are During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This scenario can cause confusion as to which certificate to select for a sign in. The common case for this behavior is when a certificate is renewed and the old one hasn't yet expired. Two certificates are determined to be the same if they're issued from the same template with the same major version and they're for the same user (determined by their UPN). -If there are two or more of the "same" certificate on a smart card and this policy is enabled, then the certificate that is used for a sign in on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown. +If there are two or more of the "same" certificate on a smart card and this policy is enabled, then the certificate that is used for a sign in on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown. > [!NOTE] > This setting will be applied after this policy: "Allow time invalid certificates" @@ -566,7 +566,7 @@ If you disable this policy setting, no filtering will take place. -ADMX Info: +ADMX Info: - GP Friendly name: *Filter duplicate logon certificates* - GP name: *FilterDuplicateCerts* - GP path: *Windows Components\Smart Card* @@ -577,7 +577,7 @@ ADMX Info:
            -**ADMX_Smartcard/ForceReadingAllCertificates** +**ADMX_Smartcard/ForceReadingAllCertificates** @@ -615,7 +615,7 @@ If you disable or don't configure this setting, Windows will only attempt to rea -ADMX Info: +ADMX Info: - GP Friendly name: *Force the reading of all certificates from the smart card* - GP name: *ForceReadingAllCertificates* - GP path: *Windows Components\Smart Card* @@ -626,7 +626,7 @@ ADMX Info:
            -**ADMX_Smartcard/IntegratedUnblockPromptString** +**ADMX_Smartcard/IntegratedUnblockPromptString** @@ -654,7 +654,7 @@ ADMX Info: This policy setting allows you to manage the displayed message when a smart card is blocked. -If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked. +If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked. > [!NOTE] > The following policy setting must be enabled: "Allow Integrated Unblock screen to be displayed at the time of logon". @@ -665,7 +665,7 @@ If you disable or don't configure this policy setting, the default message will -ADMX Info: +ADMX Info: - GP Friendly name: *Display string when smart card is blocked* - GP name: *IntegratedUnblockPromptString* - GP path: *Windows Components\Smart Card* @@ -676,7 +676,7 @@ ADMX Info:
            -**ADMX_Smartcard/ReverseSubject** +**ADMX_Smartcard/ReverseSubject** @@ -702,11 +702,11 @@ ADMX Info: -This policy setting lets you reverse the subject name from how it's stored in the certificate when displaying it during a sign in. +This policy setting lets you reverse the subject name from how it's stored in the certificate when displaying it during a sign in. By default the User Principal Name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN isn't present, then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization. -If you enable this policy setting or don't configure this setting, then the subject name will be reversed. +If you enable this policy setting or don't configure this setting, then the subject name will be reversed. If you disable, the subject name will be displayed as it appears in the certificate. @@ -714,7 +714,7 @@ If you disable, the subject name will be displayed as it appears in the certific -ADMX Info: +ADMX Info: - GP Friendly name: *Reverse the subject name stored in a certificate when displaying* - GP name: *ReverseSubject* - GP path: *Windows Components\Smart Card* @@ -725,7 +725,7 @@ ADMX Info:
            -**ADMX_Smartcard/SCPnPEnabled** +**ADMX_Smartcard/SCPnPEnabled** @@ -764,7 +764,7 @@ If you disable this policy setting, Smart Card Plug and Play will be disabled an -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Smart Card Plug and Play service* - GP name: *SCPnPEnabled* - GP path: *Windows Components\Smart Card* @@ -775,7 +775,7 @@ ADMX Info:
            -**ADMX_Smartcard/SCPnPNotification** +**ADMX_Smartcard/SCPnPNotification** @@ -814,7 +814,7 @@ If you disable this policy setting, a confirmation message won't be displayed wh -ADMX Info: +ADMX Info: - GP Friendly name: *Notify user of successful smart card driver installation* - GP name: *SCPnPNotification* - GP path: *Windows Components\Smart Card* @@ -825,7 +825,7 @@ ADMX Info:
            -**ADMX_Smartcard/X509HintsNeeded** +**ADMX_Smartcard/X509HintsNeeded** @@ -861,7 +861,7 @@ If you disable or don't configure this policy setting, an optional field that al -ADMX Info: +ADMX Info: - GP Friendly name: *Allow user name hint* - GP name: *X509HintsNeeded* - GP path: *Windows Components\Smart Card* diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index a65f75e734..f836464795 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/24/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Snmp > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Snmp policies +## ADMX_Snmp policies
            @@ -41,7 +41,7 @@ manager: aaroncz
            -**ADMX_Snmp/SNMP_Communities** +**ADMX_Snmp/SNMP_Communities** @@ -89,7 +89,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify -ADMX Info: +ADMX Info: - GP Friendly name: *Specify communities* - GP name: *SNMP_Communities* - GP path: *Network\SNMP* @@ -100,7 +100,7 @@ ADMX Info:
            -**ADMX_Snmp/SNMP_PermittedManagers** +**ADMX_Snmp/SNMP_PermittedManagers** @@ -147,7 +147,7 @@ Also, see the other two SNMP policy settings: "Specify trap configuration" and " -ADMX Info: +ADMX Info: - GP Friendly name: *Specify permitted managers* - GP name: *SNMP_PermittedManagers* - GP path: *Network\SNMP* @@ -158,7 +158,7 @@ ADMX Info:
            -**ADMX_Snmp/SNMP_Traps_Public** +**ADMX_Snmp/SNMP_Traps_Public** @@ -203,7 +203,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify -ADMX Info: +ADMX Info: - GP Friendly name: *Specify traps for public community* - GP name: *SNMP_Traps_Public* - GP path: *Network\SNMP* diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md index dcc94a5737..6fbbe28ec7 100644 --- a/windows/client-management/mdm/policy-csp-admx-soundrec.md +++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/01/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            -## ADMX_SoundRec policies +## ADMX_SoundRec policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1** +**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1** @@ -65,18 +65,18 @@ manager: aaroncz -This policy specifies whether Sound Recorder can run. +This policy specifies whether Sound Recorder can run. -Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file. +Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file. -If you enable this policy setting, Sound Recorder won't run. +If you enable this policy setting, Sound Recorder won't run. If you disable or don't configure this policy setting, Sound Recorder can run. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow Sound Recorder to run* - GP name: *Soundrec_DiableApplication_TitleText_1* - GP path: *Windows Components\Sound Recorder* @@ -88,7 +88,7 @@ ADMX Info: -**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2** +**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2** @@ -114,18 +114,18 @@ ADMX Info: -This policy specifies whether Sound Recorder can run. +This policy specifies whether Sound Recorder can run. -Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file. +Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file. -If you enable this policy setting, Sound Recorder won't run. +If you enable this policy setting, Sound Recorder won't run. If you disable or don't configure this policy setting, Sound Recorder can be run. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow Sound Recorder to run* - GP name: *Soundrec_DiableApplication_TitleText_2* - GP path: *Windows Components\Sound Recorder* diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md index b5f0f4d1cb..c232d02342 100644 --- a/windows/client-management/mdm/policy-csp-admx-srmfci.md +++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/18/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_srmfci > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_srmfci policies +## ADMX_srmfci policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_srmfci/EnableShellAccessCheck** +**ADMX_srmfci/EnableShellAccessCheck** @@ -71,7 +71,7 @@ This group policy setting should be set on Windows clients to enable access-deni -ADMX Info: +ADMX Info: - GP Friendly name: *Enable access-denied assistance on client for all file types* - GP name: *EnableShellAccessCheck* - GP path: *System\Access-Denied Assistance* @@ -82,7 +82,7 @@ ADMX Info:
            -**ADMX_srmfci/AccessDeniedConfiguration** +**ADMX_srmfci/AccessDeniedConfiguration** @@ -108,18 +108,18 @@ ADMX Info: -This policy setting specifies the message that users see when they're denied access to a file or folder. You can customize the Access Denied message to include more text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access. +This policy setting specifies the message that users see when they're denied access to a file or folder. You can customize the Access Denied message to include more text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access. -If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied. +If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied. -If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionalities controlled by this policy setting, regardless of the file server configuration. +If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionalities controlled by this policy setting, regardless of the file server configuration. If you don't configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message. -ADMX Info: +ADMX Info: - GP Friendly name: *Customize message for Access Denied errors* - GP name: *AccessDeniedConfiguration* - GP path: *System\Access-Denied Assistance* diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index 8c6e907ba3..2b0f792270 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/20/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_StartMenu > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_StartMenu policies +## ADMX_StartMenu policies
            @@ -233,7 +233,7 @@ manager: aaroncz
            -**ADMX_StartMenu/AddSearchInternetLinkInStartMenu** +**ADMX_StartMenu/AddSearchInternetLinkInStartMenu** @@ -269,7 +269,7 @@ If you don't configure this policy (default), there won't be a "Search the Inter -ADMX Info: +ADMX Info: - GP Friendly name: *Add Search Internet link to Start Menu* - GP name: *AddSearchInternetLinkInStartMenu* - GP path: *Start Menu and Taskbar* @@ -280,7 +280,7 @@ ADMX Info:
            -**ADMX_StartMenu/ClearRecentDocsOnExit** +**ADMX_StartMenu/ClearRecentDocsOnExit** @@ -327,7 +327,7 @@ This policy also doesn't clear items that the user may have pinned to the Jump L -ADMX Info: +ADMX Info: - GP Friendly name: *Clear history of recently opened documents on exit* - GP name: *ClearRecentDocsOnExit* - GP path: *Start Menu and Taskbar* @@ -338,7 +338,7 @@ ADMX Info:
            -**ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu** +**ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu** @@ -372,7 +372,7 @@ If you disable or don't configure this policy, the start menu recent programs li -ADMX Info: +ADMX Info: - GP Friendly name: *Clear the recent programs list for new users* - GP name: *ClearRecentProgForNewUserInStartMenu* - GP path: *Start Menu and Taskbar* @@ -383,7 +383,7 @@ ADMX Info:
            -**ADMX_StartMenu/ClearTilesOnExit** +**ADMX_StartMenu/ClearTilesOnExit** @@ -419,7 +419,7 @@ This setting doesn't prevent new notifications from appearing. See the "Turn off -ADMX Info: +ADMX Info: - GP Friendly name: *Clear tile notifications during log on* - GP name: *ClearTilesOnExit* - GP path: *Start Menu and Taskbar* @@ -430,7 +430,7 @@ ADMX Info:
            -**ADMX_StartMenu/DesktopAppsFirstInAppsView** +**ADMX_StartMenu/DesktopAppsFirstInAppsView** @@ -466,7 +466,7 @@ If you disable or don't configure this policy setting, the desktop apps won't be -ADMX Info: +ADMX Info: - GP Friendly name: *List desktop apps first in the Apps view* - GP name: *DesktopAppsFirstInAppsView* - GP path: *Start Menu and Taskbar* @@ -477,7 +477,7 @@ ADMX Info:
            -**ADMX_StartMenu/DisableGlobalSearchOnAppsView** +**ADMX_StartMenu/DisableGlobalSearchOnAppsView** @@ -515,7 +515,7 @@ If you disable or don’t configure this policy setting, the user can configure -ADMX Info: +ADMX Info: - GP Friendly name: *Search just apps from the Apps view* - GP name: *DisableGlobalSearchOnAppsView* - GP path: *Start Menu and Taskbar* @@ -526,7 +526,7 @@ ADMX Info:
            -**ADMX_StartMenu/ForceStartMenuLogOff** +**ADMX_StartMenu/ForceStartMenuLogOff** @@ -571,7 +571,7 @@ Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\ -ADMX Info: +ADMX Info: - GP Friendly name: *Add Logoff to the Start Menu* - GP name: *ForceStartMenuLogOff* - GP path: *Start Menu and Taskbar* @@ -582,7 +582,7 @@ ADMX Info:
            -**ADMX_StartMenu/GoToDesktopOnSignIn** +**ADMX_StartMenu/GoToDesktopOnSignIn** @@ -620,7 +620,7 @@ If you don’t configure this policy setting, the default setting for the user -ADMX Info: +ADMX Info: - GP Friendly name: *Go to the desktop instead of Start when signing in* - GP name: *GoToDesktopOnSignIn* - GP path: *Start Menu and Taskbar* @@ -631,7 +631,7 @@ ADMX Info:
            -**ADMX_StartMenu/GreyMSIAds** +**ADMX_StartMenu/GreyMSIAds** @@ -669,10 +669,10 @@ If you disable this setting or don't configure it, all Start menu shortcuts appe > Enabling this setting can make the Start menu slow to open. -> +> -ADMX Info: +ADMX Info: - GP Friendly name: *Gray unavailable Windows Installer programs Start Menu shortcuts* - GP name: *GreyMSIAds* - GP path: *Start Menu and Taskbar* @@ -683,7 +683,7 @@ ADMX Info:
            -**ADMX_StartMenu/HidePowerOptions** +**ADMX_StartMenu/HidePowerOptions** @@ -719,7 +719,7 @@ If you disable or don't configure this policy setting, the Power button and the -ADMX Info: +ADMX Info: - GP Friendly name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands* - GP name: *HidePowerOptions* - GP path: *Start Menu and Taskbar* @@ -730,7 +730,7 @@ ADMX Info:
            -**ADMX_StartMenu/Intellimenus** +**ADMX_StartMenu/Intellimenus** @@ -771,7 +771,7 @@ To Turn off personalized menus without specifying a setting, click Start, click -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off personalized menus* - GP name: *Intellimenus* - GP path: *Start Menu and Taskbar* @@ -782,7 +782,7 @@ ADMX Info:
            -**ADMX_StartMenu/LockTaskbar** +**ADMX_StartMenu/LockTaskbar** @@ -823,7 +823,7 @@ If you disable this setting or don't configure it, the user can configure the ta -ADMX Info: +ADMX Info: - GP Friendly name: *Lock the Taskbar* - GP name: *LockTaskbar* - GP path: *Start Menu and Taskbar* @@ -834,7 +834,7 @@ ADMX Info:
            -**ADMX_StartMenu/MemCheckBoxInRunDlg** +**ADMX_StartMenu/MemCheckBoxInRunDlg** @@ -870,7 +870,7 @@ Enabling this setting adds a check box to the Run dialog box, giving users the o -ADMX Info: +ADMX Info: - GP Friendly name: *Add "Run in Separate Memory Space" check box to Run dialog box* - GP name: *MemCheckBoxInRunDlg* - GP path: *Start Menu and Taskbar* @@ -881,7 +881,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoAutoTrayNotify** +**ADMX_StartMenu/NoAutoTrayNotify** @@ -921,7 +921,7 @@ If you don't configure it, the user can choose if they want notifications collap -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off notification area cleanup* - GP name: *NoAutoTrayNotify* - GP path: *Start Menu and Taskbar* @@ -932,7 +932,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoBalloonTip** +**ADMX_StartMenu/NoBalloonTip** @@ -970,7 +970,7 @@ If you disable this setting or don't configure it, all pop-up text is displayed -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Balloon Tips on Start Menu items* - GP name: *NoBalloonTip* - GP path: *Start Menu and Taskbar* @@ -981,7 +981,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoChangeStartMenu** +**ADMX_StartMenu/NoChangeStartMenu** @@ -1017,7 +1017,7 @@ If you disable or don't configure this setting, you'll allow a user to select an -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent users from customizing their Start Screen* - GP name: *NoChangeStartMenu* - GP path: *Start Menu and Taskbar* @@ -1028,7 +1028,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoClose** +**ADMX_StartMenu/NoClose** @@ -1067,7 +1067,7 @@ If you disable or don't configure this policy setting, the Power button and the -ADMX Info: +ADMX Info: - GP Friendly name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands* - GP name: *NoClose* - GP path: *Start Menu and Taskbar* @@ -1078,7 +1078,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoCommonGroups** +**ADMX_StartMenu/NoCommonGroups** @@ -1114,7 +1114,7 @@ To see the Program menu items in the All Users profile, on the system drive, go -ADMX Info: +ADMX Info: - GP Friendly name: *Remove common program groups from Start Menu* - GP name: *NoCommonGroups* - GP path: *Start Menu and Taskbar* @@ -1125,7 +1125,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoFavoritesMenu** +**ADMX_StartMenu/NoFavoritesMenu** @@ -1159,7 +1159,7 @@ If you disable or don't configure this setting, the Display Favorite item is ava > [!NOTE] > The Favorites menu doesn't appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Customize. If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu options. -> +> > The items that appear in the Favorites menu when you install Windows are preconfigured by the system to appeal to most users. However, users can add and remove items from this menu, and system administrators can create a customized Favorites menu for a user group. > > This setting only affects the Start menu. The Favorites item still appears in File Explorer and in Internet Explorer. @@ -1168,7 +1168,7 @@ If you disable or don't configure this setting, the Display Favorite item is ava -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Favorites menu from Start Menu* - GP name: *NoFavoritesMenu* - GP path: *Start Menu and Taskbar* @@ -1179,7 +1179,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoFind** +**ADMX_StartMenu/NoFind** @@ -1222,7 +1222,7 @@ If you disable or don't configure this policy setting, the Search link is availa -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Search link from Start Menu* - GP name: *NoFind* - GP path: *Start Menu and Taskbar* @@ -1233,7 +1233,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoGamesFolderOnStartMenu** +**ADMX_StartMenu/NoGamesFolderOnStartMenu** @@ -1267,7 +1267,7 @@ If you disable or don't configure this policy, the start menu will show a link t -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Games link from Start Menu* - GP name: *NoGamesFolderOnStartMenu* - GP path: *Start Menu and Taskbar* @@ -1278,7 +1278,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoHelp** +**ADMX_StartMenu/NoHelp** @@ -1316,7 +1316,7 @@ This policy setting only affects the Start menu. It doesn't remove the Help menu -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Help menu from Start Menu* - GP name: *NoHelp* - GP path: *Start Menu and Taskbar* @@ -1327,7 +1327,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoInstrumentation** +**ADMX_StartMenu/NoInstrumentation** @@ -1367,7 +1367,7 @@ This policy setting doesn't prevent users from pinning programs to the Start Me -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off user tracking* - GP name: *NoInstrumentation* - GP path: *Start Menu and Taskbar* @@ -1378,7 +1378,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoMoreProgramsList** +**ADMX_StartMenu/NoMoreProgramsList** @@ -1419,7 +1419,7 @@ If you disable or don't configure this setting, the all apps list will be visibl -ADMX Info: +ADMX Info: - GP Friendly name: *Remove All Programs list from the Start menu* - GP name: *NoMoreProgramsList* - GP path: *Start Menu and Taskbar* @@ -1430,7 +1430,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoNetAndDialupConnect** +**ADMX_StartMenu/NoNetAndDialupConnect** @@ -1472,7 +1472,7 @@ Also, see the "Disable programs on Settings menu" and "Disable Control Panel" po -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Network Connections from Start Menu* - GP name: *NoNetAndDialupConnect* - GP path: *Start Menu and Taskbar* @@ -1483,7 +1483,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoPinnedPrograms** +**ADMX_StartMenu/NoPinnedPrograms** @@ -1519,7 +1519,7 @@ If you disable this setting or don't configure it, the "Pinned Programs" list re -ADMX Info: +ADMX Info: - GP Friendly name: *Remove pinned programs list from the Start Menu* - GP name: *NoPinnedPrograms* - GP path: *Start Menu and Taskbar* @@ -1530,7 +1530,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoRecentDocsMenu** +**ADMX_StartMenu/NoRecentDocsMenu** @@ -1577,7 +1577,7 @@ This setting also doesn't hide document shortcuts displayed in the Open dialog b -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Recent Items menu from Start Menu* - GP name: *NoRecentDocsMenu* - GP path: *Start Menu and Taskbar* @@ -1588,7 +1588,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoResolveSearch** +**ADMX_StartMenu/NoResolveSearch** @@ -1629,7 +1629,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use -ADMX Info: +ADMX Info: - GP Friendly name: *Do not use the search-based method when resolving shell shortcuts* - GP name: *NoResolveSearch* - GP path: *Start Menu and Taskbar* @@ -1640,7 +1640,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoResolveTrack** +**ADMX_StartMenu/NoResolveTrack** @@ -1680,7 +1680,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use -ADMX Info: +ADMX Info: - GP Friendly name: *Do not use the tracking-based method when resolving shell shortcuts* - GP name: *NoResolveTrack* - GP path: *Start Menu and Taskbar* @@ -1691,7 +1691,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoRun** +**ADMX_StartMenu/NoRun** @@ -1746,7 +1746,7 @@ If you disable or don't configure this setting, users will be able to access the -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Run menu from Start Menu* - GP name: *NoRun* - GP path: *Start Menu and Taskbar* @@ -1757,7 +1757,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoSMConfigurePrograms** +**ADMX_StartMenu/NoSMConfigurePrograms** @@ -1798,7 +1798,7 @@ If you disable or don't configure this policy setting, the Default Programs link -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Default Programs link from the Start menu.* - GP name: *NoSMConfigurePrograms* - GP path: *Start Menu and Taskbar* @@ -1809,7 +1809,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoSMMyDocuments** +**ADMX_StartMenu/NoSMMyDocuments** @@ -1850,7 +1850,7 @@ Also, see the "Remove Documents icon on the desktop" policy setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Documents icon from Start Menu* - GP name: *NoSMMyDocuments* - GP path: *Start Menu and Taskbar* @@ -1861,7 +1861,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoSMMyMusic** +**ADMX_StartMenu/NoSMMyMusic** @@ -1897,7 +1897,7 @@ If you disable or don't configure this policy setting, the Music icon is availab -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Music icon from Start Menu* - GP name: *NoSMMyMusic* - GP path: *Start Menu and Taskbar* @@ -1908,7 +1908,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoSMMyNetworkPlaces** +**ADMX_StartMenu/NoSMMyNetworkPlaces** @@ -1944,7 +1944,7 @@ If you disable or don't configure this policy setting, the Network icon is avail -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Network icon from Start Menu* - GP name: *NoSMMyNetworkPlaces* - GP path: *Start Menu and Taskbar* @@ -1955,7 +1955,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoSMMyPictures** +**ADMX_StartMenu/NoSMMyPictures** @@ -1991,7 +1991,7 @@ If you disable or don't configure this policy setting, the Pictures icon is avai -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Pictures icon from Start Menu* - GP name: *NoSMMyPictures* - GP path: *Start Menu and Taskbar* @@ -2002,7 +2002,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoSearchCommInStartMenu** +**ADMX_StartMenu/NoSearchCommInStartMenu** @@ -2036,7 +2036,7 @@ If you disable or don't configure this policy, the start menu will search for co -ADMX Info: +ADMX Info: - GP Friendly name: *Do not search communications* - GP name: *NoSearchCommInStartMenu* - GP path: *Start Menu and Taskbar* @@ -2047,7 +2047,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoSearchComputerLinkInStartMenu** +**ADMX_StartMenu/NoSearchComputerLinkInStartMenu** @@ -2081,7 +2081,7 @@ If you disable or don't configure this policy, the "See all results" link will b -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Search Computer link* - GP name: *NoSearchComputerLinkInStartMenu* - GP path: *Start Menu and Taskbar* @@ -2092,7 +2092,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu** +**ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu** @@ -2126,7 +2126,7 @@ If you disable or don't configure this policy, a "See more results" link will be -ADMX Info: +ADMX Info: - GP Friendly name: *Remove See More Results / Search Everywhere link* - GP name: *NoSearchEverywhereLinkInStartMenu* - GP path: *Start Menu and Taskbar* @@ -2137,7 +2137,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoSearchFilesInStartMenu** +**ADMX_StartMenu/NoSearchFilesInStartMenu** @@ -2171,7 +2171,7 @@ If you disable or don't configure this policy setting, the Start menu will searc -ADMX Info: +ADMX Info: - GP Friendly name: *Do not search for files* - GP name: *NoSearchFilesInStartMenu* - GP path: *Start Menu and Taskbar* @@ -2182,7 +2182,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoSearchInternetInStartMenu** +**ADMX_StartMenu/NoSearchInternetInStartMenu** @@ -2216,7 +2216,7 @@ If you disable or don't configure this policy, the start menu will search for in -ADMX Info: +ADMX Info: - GP Friendly name: *Do not search Internet* - GP name: *NoSearchInternetInStartMenu* - GP path: *Start Menu and Taskbar* @@ -2227,7 +2227,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoSearchProgramsInStartMenu** +**ADMX_StartMenu/NoSearchProgramsInStartMenu** @@ -2261,7 +2261,7 @@ If you disable or don't configure this policy setting, the Start menu search box -ADMX Info: +ADMX Info: - GP Friendly name: *Do not search programs and Control Panel items* - GP name: *NoSearchProgramsInStartMenu* - GP path: *Start Menu and Taskbar* @@ -2272,7 +2272,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoSetFolders** +**ADMX_StartMenu/NoSetFolders** @@ -2312,7 +2312,7 @@ Also, see the "Disable Control Panel," "Disable Display in Control Panel," and " -ADMX Info: +ADMX Info: - GP Friendly name: *Remove programs on Settings menu* - GP name: *NoSetFolders* - GP path: *Start Menu and Taskbar* @@ -2323,7 +2323,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoSetTaskbar** +**ADMX_StartMenu/NoSetTaskbar** @@ -2361,7 +2361,7 @@ If you disable or don't configure this policy setting, the Taskbar and Start Men -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changes to Taskbar and Start Menu Settings* - GP name: *NoSetTaskbar* - GP path: *Start Menu and Taskbar* @@ -2372,7 +2372,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoStartMenuDownload** +**ADMX_StartMenu/NoStartMenuDownload** @@ -2408,7 +2408,7 @@ If you disable or don't configure this policy setting, the Downloads link is ava -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Downloads link from Start Menu* - GP name: *NoStartMenuDownload* - GP path: *Start Menu and Taskbar* @@ -2419,7 +2419,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoStartMenuHomegroup** +**ADMX_StartMenu/NoStartMenuHomegroup** @@ -2453,7 +2453,7 @@ If you disable or don't configure this policy, users can use the Start Menu opti -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Homegroup link from Start Menu* - GP name: *NoStartMenuHomegroup* - GP path: *Start Menu and Taskbar* @@ -2464,7 +2464,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoStartMenuRecordedTV** +**ADMX_StartMenu/NoStartMenuRecordedTV** @@ -2500,7 +2500,7 @@ If you disable or don't configure this policy setting, the Recorded TV link is a -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Recorded TV link from Start Menu* - GP name: *NoStartMenuRecordedTV* - GP path: *Start Menu and Taskbar* @@ -2511,7 +2511,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoStartMenuSubFolders** +**ADMX_StartMenu/NoStartMenuSubFolders** @@ -2551,7 +2551,7 @@ If you disable this setting or don't configure it, Windows 2000 Professional and -ADMX Info: +ADMX Info: - GP Friendly name: *Remove user's folders from the Start Menu* - GP name: *NoStartMenuSubFolders* - GP path: *Start Menu and Taskbar* @@ -2562,7 +2562,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoStartMenuVideos** +**ADMX_StartMenu/NoStartMenuVideos** @@ -2598,7 +2598,7 @@ If you disable or don't configure this policy setting, the Videos link is availa -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Videos link from Start Menu* - GP name: *NoStartMenuVideos* - GP path: *Start Menu and Taskbar* @@ -2609,7 +2609,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoStartPage** +**ADMX_StartMenu/NoStartPage** @@ -2649,7 +2649,7 @@ If you don't configure this setting, the default is the new style, and the user -ADMX Info: +ADMX Info: - GP Friendly name: *Force classic Start Menu* - GP name: *NoStartPage* - GP path: *Start Menu and Taskbar* @@ -2660,7 +2660,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoTaskBarClock** +**ADMX_StartMenu/NoTaskBarClock** @@ -2696,7 +2696,7 @@ If you disable or don't configure this setting, the default behavior of the cloc -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Clock from the system notification area* - GP name: *NoTaskBarClock* - GP path: *Start Menu and Taskbar* @@ -2707,7 +2707,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoTaskGrouping** +**ADMX_StartMenu/NoTaskGrouping** @@ -2745,7 +2745,7 @@ If you disable or don't configure it, items on the taskbar that share the same p -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent grouping of taskbar items* - GP name: *NoTaskGrouping* - GP path: *Start Menu and Taskbar* @@ -2756,7 +2756,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoToolbarsOnTaskbar** +**ADMX_StartMenu/NoToolbarsOnTaskbar** @@ -2794,7 +2794,7 @@ If this setting is disabled or isn't configured, the taskbar displays all toolba -ADMX Info: +ADMX Info: - GP Friendly name: *Do not display any custom toolbars in the taskbar* - GP name: *NoToolbarsOnTaskbar* - GP path: *Start Menu and Taskbar* @@ -2805,7 +2805,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoTrayContextMenu** +**ADMX_StartMenu/NoTrayContextMenu** @@ -2843,7 +2843,7 @@ This policy setting doesn't prevent users from using other methods to issue the -ADMX Info: +ADMX Info: - GP Friendly name: *Remove access to the context menus for the taskbar* - GP name: *NoTrayContextMenu* - GP path: *Start Menu and Taskbar* @@ -2854,7 +2854,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoTrayItemsDisplay** +**ADMX_StartMenu/NoTrayItemsDisplay** @@ -2895,7 +2895,7 @@ If this setting is disabled or isn't configured, the notification area is shown -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the notification area* - GP name: *NoTrayItemsDisplay* - GP path: *Start Menu and Taskbar* @@ -2906,7 +2906,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoUninstallFromStart** +**ADMX_StartMenu/NoUninstallFromStart** @@ -2940,7 +2940,7 @@ If you disable this setting or don't configure it, users can access the uninstal -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent users from uninstalling applications from Start* - GP name: *NoUninstallFromStart* - GP path: *Start Menu and Taskbar* @@ -2951,7 +2951,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoUserFolderOnStartMenu** +**ADMX_StartMenu/NoUserFolderOnStartMenu** @@ -2985,7 +2985,7 @@ If you disable or don't configure this policy, the start menu will display a lin -ADMX Info: +ADMX Info: - GP Friendly name: *Remove user folder link from Start Menu* - GP name: *NoUserFolderOnStartMenu* - GP path: *Start Menu and Taskbar* @@ -2996,7 +2996,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoUserNameOnStartMenu** +**ADMX_StartMenu/NoUserNameOnStartMenu** @@ -3032,7 +3032,7 @@ If you disable or don't configure this policy setting, the user name label appea -ADMX Info: +ADMX Info: - GP Friendly name: *Remove user name from Start Menu* - GP name: *NoUserNameOnStartMenu* - GP path: *Start Menu and Taskbar* @@ -3043,7 +3043,7 @@ ADMX Info:
            -**ADMX_StartMenu/NoWindowsUpdate** +**ADMX_StartMenu/NoWindowsUpdate** @@ -3085,7 +3085,7 @@ Also, see the "Hide the "Add programs from Microsoft" option" policy setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Remove links and access to Windows Update* - GP name: *NoWindowsUpdate* - GP path: *Start Menu and Taskbar* @@ -3096,7 +3096,7 @@ ADMX Info:
            -**ADMX_StartMenu/PowerButtonAction** +**ADMX_StartMenu/PowerButtonAction** @@ -3134,7 +3134,7 @@ If you disable or don't configure this setting, the Start Menu power button will -ADMX Info: +ADMX Info: - GP Friendly name: *Change Start Menu power button* - GP name: *PowerButtonAction* - GP path: *Start Menu and Taskbar* @@ -3145,7 +3145,7 @@ ADMX Info:
            -**ADMX_StartMenu/QuickLaunchEnabled** +**ADMX_StartMenu/QuickLaunchEnabled** @@ -3183,7 +3183,7 @@ If you don't configure this policy setting, then users will be able to turn the -ADMX Info: +ADMX Info: - GP Friendly name: *Show QuickLaunch on Taskbar* - GP name: *QuickLaunchEnabled* - GP path: *Start Menu and Taskbar* @@ -3194,7 +3194,7 @@ ADMX Info:
            -**ADMX_StartMenu/RemoveUnDockPCButton** +**ADMX_StartMenu/RemoveUnDockPCButton** @@ -3228,7 +3228,7 @@ If you disable this setting or don't configure it, the "Undock PC" button remain -ADMX Info: +ADMX Info: - GP Friendly name: *Remove the "Undock PC" button from the Start Menu* - GP name: *RemoveUnDockPCButton* - GP path: *Start Menu and Taskbar* @@ -3239,7 +3239,7 @@ ADMX Info:
            -**ADMX_StartMenu/ShowAppsViewOnStart** +**ADMX_StartMenu/ShowAppsViewOnStart** @@ -3275,7 +3275,7 @@ If you disable or don’t configure this policy setting, the Start screen will a -ADMX Info: +ADMX Info: - GP Friendly name: *Show the Apps view automatically when the user goes to Start* - GP name: *ShowAppsViewOnStart* - GP path: *Start Menu and Taskbar* @@ -3286,7 +3286,7 @@ ADMX Info:
            -**ADMX_StartMenu/ShowRunAsDifferentUserInStart** +**ADMX_StartMenu/ShowRunAsDifferentUserInStart** @@ -3325,7 +3325,7 @@ If you disable this setting or don't configure it, users can't access the "Run a -ADMX Info: +ADMX Info: - GP Friendly name: *Show "Run as different user" command on Start* - GP name: *ShowRunAsDifferentUserInStart* - GP path: *Start Menu and Taskbar* @@ -3336,7 +3336,7 @@ ADMX Info:
            -**ADMX_StartMenu/ShowRunInStartMenu** +**ADMX_StartMenu/ShowRunInStartMenu** @@ -3372,7 +3372,7 @@ If the Remove Run link from Start Menu policy is set, the Add the Run command to -ADMX Info: +ADMX Info: - GP Friendly name: *Add the Run command to the Start Menu* - GP name: *ShowRunInStartMenu* - GP path: *Start Menu and Taskbar* @@ -3383,7 +3383,7 @@ ADMX Info:
            -**ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey** +**ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey** @@ -3415,7 +3415,7 @@ ADMX Info: -ADMX Info: +ADMX Info: - GP Friendly name: *Show Start on the display the user is using when they press the Windows logo key* - GP name: *ShowStartOnDisplayWithForegroundOnWinKey* - GP path: *Start Menu and Taskbar* @@ -3426,7 +3426,7 @@ ADMX Info:
            -**ADMX_StartMenu/StartMenuLogOff** +**ADMX_StartMenu/StartMenuLogOff** @@ -3469,7 +3469,7 @@ See also: "Remove Logoff" policy setting in User Configuration\Administrative Te -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Logoff on the Start Menu* - GP name: *StartMenuLogOff* - GP path: *Start Menu and Taskbar* @@ -3480,7 +3480,7 @@ ADMX Info:
            -**ADMX_StartMenu/StartPinAppsWhenInstalled** +**ADMX_StartMenu/StartPinAppsWhenInstalled** @@ -3513,7 +3513,7 @@ This policy setting allows pinning apps to Start by default, when they're includ -ADMX Info: +ADMX Info: - GP Friendly name: *Pin Apps to Start when installed* - GP name: *StartPinAppsWhenInstalled* - GP path: *Start Menu and Taskbar* diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md index 4ca5a3d3a1..e99e6c400f 100644 --- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/13/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_SystemRestore > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_SystemRestore policies +## ADMX_SystemRestore policies
            @@ -35,7 +35,7 @@ manager: aaroncz
            -**ADMX_SystemRestore/SR_DisableConfig** +**ADMX_SystemRestore/SR_DisableConfig** @@ -75,7 +75,7 @@ Also, see the "Turn off System Restore" policy setting. If the "Turn off System -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Configuration* - GP name: *SR_DisableConfig* - GP path: *System\System Restore* diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md index cfc57b2098..519c161fc4 100644 --- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md +++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/23/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_TabletShell > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_TabletShell policies +## ADMX_TabletShell policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_TabletShell/DisableInkball_1** +**ADMX_TabletShell/DisableInkball_1** @@ -65,9 +65,9 @@ manager: aaroncz -This policy setting prevents start of InkBall game. +This policy setting prevents start of InkBall game. -If you enable this policy, the InkBall game won't run. +If you enable this policy, the InkBall game won't run. If you disable this policy, the InkBall game will run. If you don't configure this policy, the InkBall game will run. @@ -75,7 +75,7 @@ If you disable this policy, the InkBall game will run. If you don't configure t -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow Inkball to run* - GP name: *DisableInkball_1* - GP path: *Windows Components\Tablet PC\Accessories* @@ -87,7 +87,7 @@ ADMX Info:
            -**ADMX_TabletShell/DisableNoteWriterPrinting_1** +**ADMX_TabletShell/DisableNoteWriterPrinting_1** @@ -113,9 +113,9 @@ ADMX Info: -This policy setting prevents printing to Journal Note Writer. +This policy setting prevents printing to Journal Note Writer. -If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print it will fail. +If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print it will fail. If you disable this policy, you'll be able to use this feature to print to a Journal Note. If you don't configure this policy, users will be able to use this feature to print to a Journal Note. @@ -124,7 +124,7 @@ If you disable this policy, you'll be able to use this feature to print to a Jou -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow printing to Journal Note Writer* - GP name: *DisableNoteWriterPrinting_1* - GP path: *Windows Components\Tablet PC\Accessories* diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md index 3436685cc9..1052c71018 100644 --- a/windows/client-management/mdm/policy-csp-admx-taskbar.md +++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/26/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,14 +17,14 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -## ADMX_Taskbar policies +## ADMX_Taskbar policies
            @@ -99,7 +99,7 @@ manager: aaroncz
            -**ADMX_Taskbar/DisableNotificationCenter** +**ADMX_Taskbar/DisableNotificationCenter** @@ -139,7 +139,7 @@ If you disable or don't configure this policy setting, Notification and Security -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Notifications and Action Center* - GP name: *DisableNotificationCenter* - GP path: *Start Menu and Taskbar* @@ -150,7 +150,7 @@ ADMX Info:
            -**ADMX_Taskbar/EnableLegacyBalloonNotifications** +**ADMX_Taskbar/EnableLegacyBalloonNotifications** @@ -180,7 +180,7 @@ This policy disables the functionality that converts balloons to toast notificat If you enable this policy setting, system and application notifications will render as balloons instead of toast notifications. -Enable this policy setting if a specific app or system component that uses balloon notifications has compatibility issues with toast notifications. +Enable this policy setting if a specific app or system component that uses balloon notifications has compatibility issues with toast notifications. If you disable or don’t configure this policy setting, all notifications will appear as toast notifications. @@ -190,7 +190,7 @@ If you disable or don’t configure this policy setting, all notifications will -ADMX Info: +ADMX Info: - GP Friendly name: *Disable showing balloon notifications as toasts.* - GP name: *EnableLegacyBalloonNotifications* - GP path: *Start Menu and Taskbar* @@ -201,7 +201,7 @@ ADMX Info:
            -**ADMX_Taskbar/HideSCAHealth** +**ADMX_Taskbar/HideSCAHealth** @@ -236,7 +236,7 @@ If you disable or don't configure this policy setting, the Security and Maintena -ADMX Info: +ADMX Info: - GP Friendly name: *Remove the Security and Maintenance icon* - GP name: *HideSCAHealth* - GP path: *Start Menu and Taskbar* @@ -247,7 +247,7 @@ ADMX Info:
            -**ADMX_Taskbar/HideSCANetwork** +**ADMX_Taskbar/HideSCANetwork** @@ -282,7 +282,7 @@ If you disable or don't configure this policy setting, the networking icon is di -ADMX Info: +ADMX Info: - GP Friendly name: *Remove the networking icon* - GP name: *HideSCANetwork* - GP path: *Start Menu and Taskbar* @@ -293,7 +293,7 @@ ADMX Info:
            -**ADMX_Taskbar/HideSCAPower** +**ADMX_Taskbar/HideSCAPower** @@ -328,7 +328,7 @@ If you disable or don't configure this policy setting, the battery meter is disp -ADMX Info: +ADMX Info: - GP Friendly name: *Remove the battery meter* - GP name: *HideSCAPower* - GP path: *Start Menu and Taskbar* @@ -339,7 +339,7 @@ ADMX Info:
            -**ADMX_Taskbar/HideSCAVolume** +**ADMX_Taskbar/HideSCAVolume** @@ -374,7 +374,7 @@ If you disable or don't configure this policy setting, the volume control icon i -ADMX Info: +ADMX Info: - GP Friendly name: *Remove the volume control icon* - GP name: *HideSCAVolume* - GP path: *Start Menu and Taskbar* @@ -385,7 +385,7 @@ ADMX Info:
            -**ADMX_Taskbar/NoBalloonFeatureAdvertisements** +**ADMX_Taskbar/NoBalloonFeatureAdvertisements** @@ -420,7 +420,7 @@ If you disable don't configure this policy setting, feature advertisement balloo -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off feature advertisement balloon notifications* - GP name: *NoBalloonFeatureAdvertisements* - GP path: *Start Menu and Taskbar* @@ -431,7 +431,7 @@ ADMX Info:
            -**ADMX_Taskbar/NoPinningStoreToTaskbar** +**ADMX_Taskbar/NoPinningStoreToTaskbar** @@ -466,7 +466,7 @@ If you disable or don't configure this policy setting, users can pin the Store a -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow pinning Store app to the Taskbar* - GP name: *NoPinningStoreToTaskbar* - GP path: *Start Menu and Taskbar* @@ -477,7 +477,7 @@ ADMX Info:
            -**ADMX_Taskbar/NoPinningToDestinations** +**ADMX_Taskbar/NoPinningToDestinations** @@ -512,7 +512,7 @@ If you disable or don't configure this policy setting, users can pin files, fold -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow pinning items in Jump Lists* - GP name: *NoPinningToDestinations* - GP path: *Start Menu and Taskbar* @@ -523,7 +523,7 @@ ADMX Info:
            -**ADMX_Taskbar/NoPinningToTaskbar** +**ADMX_Taskbar/NoPinningToTaskbar** @@ -558,7 +558,7 @@ If you disable or don't configure this policy setting, users can change the prog -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow pinning programs to the Taskbar* - GP name: *NoPinningToTaskbar* - GP path: *Start Menu and Taskbar* @@ -570,7 +570,7 @@ ADMX Info:
            -**ADMX_Taskbar/NoRemoteDestinations** +**ADMX_Taskbar/NoRemoteDestinations** @@ -602,7 +602,7 @@ The Start Menu and Taskbar display Jump Lists off of programs. These menus inclu If you enable this policy setting, the Start Menu and Taskbar only track the files that the user opens locally on this computer. Files that the user opens over the network from remote computers aren't tracked or shown in the Jump Lists. Use this setting to reduce network traffic, particularly over slow network connections. -If you disable or don't configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer. +If you disable or don't configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer. > [!NOTE] > This setting does not prevent Windows from displaying remote files that the user has explicitly pinned to the Jump Lists. See the "Do not allow pinning items in Jump Lists" policy setting. @@ -611,7 +611,7 @@ If you disable or don't configure this policy setting, all files that the user o -ADMX Info: +ADMX Info: - GP Friendly name: *Do not display or track items in Jump Lists from remote locations* - GP name: *NoRemoteDestinations* - GP path: *Start Menu and Taskbar* @@ -623,7 +623,7 @@ ADMX Info:
            -**ADMX_Taskbar/NoSystraySystemPromotion** +**ADMX_Taskbar/NoSystraySystemPromotion** @@ -658,7 +658,7 @@ If you disable or don't configure this policy setting, newly added notification -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off automatic promotion of notification icons to the taskbar* - GP name: *NoSystraySystemPromotion* - GP path: *Start Menu and Taskbar* @@ -670,7 +670,7 @@ ADMX Info:
            -**ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar** +**ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar** @@ -707,7 +707,7 @@ If you don’t configure this policy setting, the default setting for the user -ADMX Info: +ADMX Info: - GP Friendly name: *Show Windows Store apps on the taskbar* - GP name: *ShowWindowsStoreAppsOnTaskbar* - GP path: *Start Menu and Taskbar* @@ -720,7 +720,7 @@ ADMX Info:
            -**ADMX_Taskbar/TaskbarLockAll** +**ADMX_Taskbar/TaskbarLockAll** @@ -755,7 +755,7 @@ If you disable or don't configure this policy setting, the user will be able to -ADMX Info: +ADMX Info: - GP Friendly name: *Lock all taskbar settings* - GP name: *TaskbarLockAll* - GP path: *Start Menu and Taskbar* @@ -768,7 +768,7 @@ ADMX Info:
            -**ADMX_Taskbar/TaskbarNoAddRemoveToolbar** +**ADMX_Taskbar/TaskbarNoAddRemoveToolbar** @@ -802,7 +802,7 @@ If you disable or don't configure this policy setting, the users and application -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent users from adding or removing toolbars* - GP name: *TaskbarNoAddRemoveToolbar* - GP path: *Start Menu and Taskbar* @@ -815,7 +815,7 @@ ADMX Info:
            -**ADMX_Taskbar/TaskbarNoDragToolbar** +**ADMX_Taskbar/TaskbarNoDragToolbar** @@ -849,7 +849,7 @@ If you disable or don't configure this policy setting, users are able to rearran -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent users from rearranging toolbars* - GP name: *TaskbarNoDragToolbar* - GP path: *Start Menu and Taskbar* @@ -861,7 +861,7 @@ ADMX Info:
            -**ADMX_Taskbar/TaskbarNoMultimon** +**ADMX_Taskbar/TaskbarNoMultimon** @@ -896,7 +896,7 @@ If you disable or don't configure this policy setting, users can show taskbars o -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow taskbars on more than one display* - GP name: *TaskbarNoMultimon* - GP path: *Start Menu and Taskbar* @@ -909,7 +909,7 @@ ADMX Info:
            -**ADMX_Taskbar/TaskbarNoNotification** +**ADMX_Taskbar/TaskbarNoNotification** @@ -944,7 +944,7 @@ If you disable or don't configure this policy setting, notification balloons are -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off all balloon notifications* - GP name: *TaskbarNoNotification* - GP path: *Start Menu and Taskbar* @@ -955,7 +955,7 @@ ADMX Info:
            -**ADMX_Taskbar/TaskbarNoPinnedList** +**ADMX_Taskbar/TaskbarNoPinnedList** @@ -990,7 +990,7 @@ If you disable or don't configure this policy setting, users can pin programs so -ADMX Info: +ADMX Info: - GP Friendly name: *Remove pinned programs from the Taskbar* - GP name: *TaskbarNoPinnedList* - GP path: *Start Menu and Taskbar* @@ -1002,7 +1002,7 @@ ADMX Info:
            -**ADMX_Taskbar/TaskbarNoRedock** +**ADMX_Taskbar/TaskbarNoRedock** @@ -1038,7 +1038,7 @@ If you disable or don't configure this policy setting, users are able to drag th -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent users from moving taskbar to another screen dock location* - GP name: *TaskbarNoRedock* - GP path: *Start Menu and Taskbar* @@ -1050,7 +1050,7 @@ ADMX Info: -**ADMX_Taskbar/TaskbarNoResize** +**ADMX_Taskbar/TaskbarNoResize** @@ -1085,7 +1085,7 @@ If you disable or don't configure this policy setting, users are able to resize -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent users from resizing the taskbar* - GP name: *TaskbarNoResize* - GP path: *Start Menu and Taskbar* @@ -1097,7 +1097,7 @@ ADMX Info:
            -**ADMX_Taskbar/TaskbarNoThumbnail** +**ADMX_Taskbar/TaskbarNoThumbnail** @@ -1132,7 +1132,7 @@ If you disable or don't configure this policy setting, the taskbar thumbnails ar -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off taskbar thumbnails* - GP name: *TaskbarNoThumbnail* - GP path: *Start Menu and Taskbar* diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index 7ef48341ef..dfdf0bc374 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/23/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,14 +17,14 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -## ADMX_tcpip policies +## ADMX_tcpip policies
            @@ -72,7 +72,7 @@ manager: aaroncz
            -**ADMX_tcpip/6to4_Router_Name** +**ADMX_tcpip/6to4_Router_Name** @@ -107,7 +107,7 @@ If you disable or do not configure this policy setting, the local host setting i -ADMX Info: +ADMX Info: - GP Friendly name: *Set 6to4 Relay Name* - GP name: *6to4_Router_Name* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* @@ -118,7 +118,7 @@ ADMX Info:
            -**ADMX_tcpip/6to4_Router_Name_Resolution_Interval** +**ADMX_tcpip/6to4_Router_Name_Resolution_Interval** @@ -153,7 +153,7 @@ If you disable or do not configure this policy setting, the local host setting i -ADMX Info: +ADMX Info: - GP Friendly name: *Set 6to4 Relay Name Resolution Interval* - GP name: *6to4_Router_Name_Resolution_Interval* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* @@ -164,7 +164,7 @@ ADMX Info:
            -**ADMX_tcpip/6to4_State** +**ADMX_tcpip/6to4_State** @@ -203,7 +203,7 @@ If you enable this policy setting, you can configure 6to4 with one of the follow -ADMX Info: +ADMX Info: - GP Friendly name: *Set 6to4 State* - GP name: *6to4_State* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* @@ -214,7 +214,7 @@ ADMX Info:
            -**ADMX_tcpip/IPHTTPS_ClientState** +**ADMX_tcpip/IPHTTPS_ClientState** @@ -253,7 +253,7 @@ If you enable this policy setting, you can specify an IP-HTTPS server URL. You w -ADMX Info: +ADMX Info: - GP Friendly name: *Set IP-HTTPS State* - GP name: *IPHTTPS_ClientState* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* @@ -264,7 +264,7 @@ ADMX Info:
            -**ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State** +**ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State** @@ -299,7 +299,7 @@ If you disable this policy setting, IP Stateless Autoconfiguration Limits will b -ADMX Info: +ADMX Info: - GP Friendly name: *Set IP Stateless Autoconfiguration Limits State* - GP name: *IP_Stateless_Autoconfiguration_Limits_State* - GP path: *Network\TCPIP Settings\Parameters* @@ -310,7 +310,7 @@ ADMX Info:
            -**ADMX_tcpip/ISATAP_Router_Name** +**ADMX_tcpip/ISATAP_Router_Name** @@ -345,7 +345,7 @@ If you disable or do not configure this policy setting, the local host setting i -ADMX Info: +ADMX Info: - GP Friendly name: *Set ISATAP Router Name* - GP name: *ISATAP_Router_Name* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* @@ -356,7 +356,7 @@ ADMX Info:
            -**ADMX_tcpip/ISATAP_State** +**ADMX_tcpip/ISATAP_State** @@ -395,7 +395,7 @@ If you enable this policy setting, you can configure ISATAP with one of the foll -ADMX Info: +ADMX Info: - GP Friendly name: *Set ISATAP State* - GP name: *ISATAP_State* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* @@ -406,7 +406,7 @@ ADMX Info:
            -**ADMX_tcpip/Teredo_Client_Port** +**ADMX_tcpip/Teredo_Client_Port** @@ -441,7 +441,7 @@ If you disable or do not configure this policy setting, the local host setting i -ADMX Info: +ADMX Info: - GP Friendly name: *Set Teredo Client Port* - GP name: *Teredo_Client_Port* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* @@ -452,7 +452,7 @@ ADMX Info:
            -**ADMX_tcpip/Teredo_Default_Qualified** +**ADMX_tcpip/Teredo_Default_Qualified** @@ -489,7 +489,7 @@ Policy Enabled State: If Default Qualified is enabled, Teredo will attempt quali -ADMX Info: +ADMX Info: - GP Friendly name: *Set Teredo Default Qualified* - GP name: *Teredo_Default_Qualified* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* @@ -500,7 +500,7 @@ ADMX Info:
            -**ADMX_tcpip/Teredo_Refresh_Rate** +**ADMX_tcpip/Teredo_Refresh_Rate** @@ -538,7 +538,7 @@ If you disable or do not configure this policy setting, the refresh rate is conf -ADMX Info: +ADMX Info: - GP Friendly name: *Set Teredo Refresh Rate* - GP name: *Teredo_Refresh_Rate* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* @@ -549,7 +549,7 @@ ADMX Info:
            -**ADMX_tcpip/Teredo_Server_Name** +**ADMX_tcpip/Teredo_Server_Name** @@ -584,7 +584,7 @@ If you disable or do not configure this policy setting, the local settings on th -ADMX Info: +ADMX Info: - GP Friendly name: *Set Teredo Server Name* - GP name: *Teredo_Server_Name* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* @@ -595,7 +595,7 @@ ADMX Info:
            -**ADMX_tcpip/Teredo_State** +**ADMX_tcpip/Teredo_State** @@ -635,7 +635,7 @@ If you enable this policy setting, you can configure Teredo with one of the foll -ADMX Info: +ADMX Info: - GP Friendly name: *Set Teredo State* - GP name: *Teredo_State* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* @@ -646,7 +646,7 @@ ADMX Info:
            -**ADMX_tcpip/Windows_Scaling_Heuristics_State** +**ADMX_tcpip/Windows_Scaling_Heuristics_State** @@ -683,7 +683,7 @@ If you disable this policy setting, Window Scaling Heuristics will be disabled a -ADMX Info: +ADMX Info: - GP Friendly name: *Set Window Scaling Heuristics State* - GP name: *Windows_Scaling_Heuristics_State* - GP path: *Network\TCPIP Settings\Parameters* @@ -693,7 +693,7 @@ ADMX Info:
            -> +> diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index f4dd3f6be6..bd72791e61 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/21/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_TerminalServer > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_TerminalServer policies +## ADMX_TerminalServer policies
            @@ -302,7 +302,7 @@ manager: aaroncz
            -**ADMX_TerminalServer/TS_AUTO_RECONNECT** +**ADMX_TerminalServer/TS_AUTO_RECONNECT** @@ -337,7 +337,7 @@ If the status is set to Disabled, automatic reconnection of clients is prohibite -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic reconnection* - GP name: *TS_AUTO_RECONNECT* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* @@ -350,7 +350,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CAMERA_REDIRECTION** +**ADMX_TerminalServer/TS_CAMERA_REDIRECTION** @@ -376,16 +376,16 @@ ADMX Info: -This policy setting lets you control the redirection of video capture devices to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services allows redirection of video capture devices. +This policy setting lets you control the redirection of video capture devices to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services allows redirection of video capture devices. -If you enable this policy setting, users can't redirect their video capture devices to the remote computer. +If you enable this policy setting, users can't redirect their video capture devices to the remote computer. If you disable or don't configure this policy setting, users can redirect their video capture devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the video capture devices to redirect to the remote computer. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow video capture redirection* - GP name: *TS_CAMERA_REDIRECTION* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -398,7 +398,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY** +**ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY** @@ -424,13 +424,13 @@ ADMX Info: -This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. +This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. -A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections. +A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections. -If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected. +If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected. -If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server. +If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server. >[!NOTE] >If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting. @@ -438,7 +438,7 @@ If no certificate can be found that was created with the specified certificate t -ADMX Info: +ADMX Info: - GP Friendly name: *Server authentication certificate template* - GP name: *TS_CERTIFICATE_TEMPLATE_POLICY* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* @@ -451,7 +451,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1** +**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1** @@ -477,7 +477,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1** +**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1** @@ -505,11 +505,11 @@ ADMX Info: This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. -This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying a .rdp file). +This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying a .rdp file). -If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. +If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. -If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. +If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. >[!NOTE] >You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected. @@ -517,7 +517,7 @@ If you disable this policy setting, users can't run .rdp files that are signed w -ADMX Info: +ADMX Info: - GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings* - GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_1* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* @@ -529,7 +529,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2** +**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2** @@ -555,13 +555,13 @@ ADMX Info: -This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. +This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. -This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection (RDC) client without specifying a .rdp file). +This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection (RDC) client without specifying a .rdp file). -If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. +If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. -If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. +If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. >[!NOTE] >You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected. @@ -569,7 +569,7 @@ If you disable this policy setting, users can't run .rdp files that are signed w -ADMX Info: +ADMX Info: - GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings* - GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_2* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* @@ -582,7 +582,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1** +**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1** @@ -608,16 +608,16 @@ ADMX Info: -This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer. +This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer. -If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect. +If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect. If you disable this policy setting, users can't run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow .rdp files from unknown publishers* - GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_1* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* @@ -630,7 +630,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2** +**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2** @@ -656,16 +656,16 @@ ADMX Info: -This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer. +This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer. -If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect. +If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect. If you disable this policy setting, users can't run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow .rdp files from unknown publishers* - GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_2* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* @@ -678,7 +678,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_AUDIO** +**ADMX_TerminalServer/TS_CLIENT_AUDIO** @@ -704,20 +704,20 @@ ADMX Info: -This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session. +This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session. -Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the video playback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled. +Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the video playback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled. -By default, audio and video playback redirection isn't allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional. +By default, audio and video playback redirection isn't allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional. -If you enable this policy setting, audio and video playback redirection is allowed. +If you enable this policy setting, audio and video playback redirection is allowed. If you disable this policy setting, audio and video playback redirection isn't allowed, even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file. If you don't configure this policy setting, audio and video playback redirection isn't specified at the Group Policy level. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow audio and video playback redirection* - GP name: *TS_CLIENT_AUDIO* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -730,7 +730,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE** +**ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE** @@ -758,16 +758,16 @@ ADMX Info: This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session. Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). -Users can record audio by using an audio input device on the local computer, such as a built-in microphone. By default, audio recording redirection isn't allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2. +Users can record audio by using an audio input device on the local computer, such as a built-in microphone. By default, audio recording redirection isn't allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2. -If you enable this policy setting, audio recording redirection is allowed. +If you enable this policy setting, audio recording redirection is allowed. If you disable this policy setting, audio recording redirection isn't allowed, even if audio recording redirection is specified in RDC. If you don't configure this policy setting, Audio recording redirection isn't specified at the Group Policy level. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow audio recording redirection* - GP name: *TS_CLIENT_AUDIO_CAPTURE* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -780,7 +780,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY** +**ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY** @@ -808,18 +808,18 @@ ADMX Info: This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links. If you enable this policy setting, you must select one of the following values: High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This audio transmission requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that is being used. -If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection. The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer. +If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection. The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer. -For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used. +For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used. -Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic. +Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic. If you disable or don't configure this policy setting, audio playback quality will be set to Dynamic. -ADMX Info: +ADMX Info: - GP Friendly name: *Limit audio playback quality* - GP name: *TS_CLIENT_AUDIO_QUALITY* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -832,7 +832,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_CLIPBOARD** +**ADMX_TerminalServer/TS_CLIENT_CLIPBOARD** @@ -858,20 +858,20 @@ ADMX Info: -This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session. +This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session. -You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection. +You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection. -If you enable this policy setting, users can't redirect Clipboard data. +If you enable this policy setting, users can't redirect Clipboard data. -If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection. +If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection. If you don't configure this policy setting, Clipboard redirection isn't specified at the Group Policy level. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow Clipboard redirection* - GP name: *TS_CLIENT_CLIPBOARD* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -884,7 +884,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_COM** +**ADMX_TerminalServer/TS_CLIENT_COM** @@ -910,20 +910,20 @@ ADMX Info: -This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session. +This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session. -You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they're logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection. +You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they're logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection. -If you enable this policy setting, users can't redirect server data to the local COM port. +If you enable this policy setting, users can't redirect server data to the local COM port. -If you disable this policy setting, Remote Desktop Services always allows COM port redirection. +If you disable this policy setting, Remote Desktop Services always allows COM port redirection. If you don't configure this policy setting, COM port redirection isn't specified at the Group Policy level. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow COM port redirection* - GP name: *TS_CLIENT_COM* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -936,7 +936,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_DEFAULT_M** +**ADMX_TerminalServer/TS_CLIENT_DEFAULT_M** @@ -962,20 +962,20 @@ ADMX Info: -This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server. +This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server. -By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior. +By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior. -If you enable this policy setting, the default printer is the printer specified on the remote computer. +If you enable this policy setting, the default printer is the printer specified on the remote computer. -If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection. +If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection. If you don't configure this policy setting, the default printer isn't specified at the Group Policy level. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not set default client printer to be default printer in a session* - GP name: *TS_CLIENT_DEFAULT_M* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* @@ -988,7 +988,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE** +**ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE** @@ -1014,16 +1014,16 @@ ADMX Info: -This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available. +This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available. -If you use this setting, the Remote Desktop Client will use only software decoding. For example, if you've a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you'll know that there are more issues to investigate. +If you use this setting, the Remote Desktop Client will use only software decoding. For example, if you've a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you'll know that there are more issues to investigate. If you disable this setting or leave it not configured, the Remote Desktop client will use hardware accelerated decoding if supported hardware is available. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow hardware accelerated decoding* - GP name: *TS_CLIENT_DISABLE_HARDWARE_MODE* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* @@ -1036,7 +1036,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1** +**ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1** @@ -1062,7 +1062,7 @@ ADMX Info: -This policy specifies whether to allow Remote Desktop Connection Controls whether a user can save passwords using Remote Desktop Connection. +This policy specifies whether to allow Remote Desktop Connection Controls whether a user can save passwords using Remote Desktop Connection. If you enable this setting, the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When users open an RDP file using Remote Desktop Connection and save their settings, any password that previously existed in the RDP file will be deleted. @@ -1071,7 +1071,7 @@ If you disable this setting or leave it not configured, the user will be able to -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow passwords to be saved* - GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_1* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* @@ -1084,7 +1084,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_LPT** +**ADMX_TerminalServer/TS_CLIENT_LPT** @@ -1110,16 +1110,16 @@ ADMX Info: -This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection. +This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection. -If you enable this policy setting, users in a Remote Desktop Services session can't redirect server data to the local LPT port. +If you enable this policy setting, users in a Remote Desktop Services session can't redirect server data to the local LPT port. If you disable this policy setting, LPT port redirection is always allowed. If you don't configure this policy setting, LPT port redirection isn't specified at the Group Policy level. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow LPT port redirection* - GP name: *TS_CLIENT_LPT* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -1132,7 +1132,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_PNP** +**ADMX_TerminalServer/TS_CLIENT_PNP** @@ -1158,11 +1158,11 @@ ADMX Info: -This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services doesn't allow redirection of supported Plug and Play and RemoteFX USB devices. +This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services doesn't allow redirection of supported Plug and Play and RemoteFX USB devices. -If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer. +If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer. -If you enable this policy setting, users can't redirect their supported Plug and Play devices to the remote computer. If you don't configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it's running Windows Server 2012 R2 and earlier versions. +If you enable this policy setting, users can't redirect their supported Plug and Play devices to the remote computer. If you don't configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it's running Windows Server 2012 R2 and earlier versions. >[!NOTE] >You can disable redirection of specific types of supported Plug and Play devices by using Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings. @@ -1170,7 +1170,7 @@ If you enable this policy setting, users can't redirect their supported Plug and -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow supported Plug and Play device redirection* - GP name: *TS_CLIENT_PNP* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -1183,7 +1183,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_PRINTER** +**ADMX_TerminalServer/TS_CLIENT_PRINTER** @@ -1209,18 +1209,18 @@ ADMX Info: -This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions. You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping. +This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions. You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping. -If you enable this policy setting, users can't redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions. +If you enable this policy setting, users can't redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions. -If you disable this policy setting, users can redirect print jobs with client printer mapping. +If you disable this policy setting, users can redirect print jobs with client printer mapping. If you don't configure this policy setting, client printer mapping isn't specified at the Group Policy level. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow client printer redirection* - GP name: *TS_CLIENT_PRINTER* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* @@ -1233,7 +1233,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1** +**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1** @@ -1259,23 +1259,23 @@ ADMX Info: -This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers. +This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers. -If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. +If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. -If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher. +If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher. >[!NOTE] ->You can define this policy setting in the Computer Configuration node or in the User Configuration node. +>You can define this policy setting in the Computer Configuration node or in the User Configuration node. -If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. +If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list contains a string that isn't a certificate thumbprint, it's ignored. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers* - GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* @@ -1288,7 +1288,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2** +**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2** @@ -1314,23 +1314,23 @@ ADMX Info: -This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers. +This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers. -If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. +If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. -If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher. +If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher. >[!NOTE] ->You can define this policy setting in the Computer Configuration node or in the User Configuration node. +>You can define this policy setting in the Computer Configuration node or in the User Configuration node. -If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. +If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list contains a string that isn't a certificate thumbprint, it's ignored. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers* - GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* @@ -1343,7 +1343,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP** +**ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP** @@ -1369,16 +1369,16 @@ ADMX Info: -This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol. +This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol. -If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol. +If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol. If you disable or don't configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn Off UDP On Client* - GP name: *TS_CLIENT_TURN_OFF_UDP* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* @@ -1391,7 +1391,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_COLORDEPTH** +**ADMX_TerminalServer/TS_COLORDEPTH** @@ -1417,24 +1417,24 @@ ADMX Info: -This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections. You can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load. +This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections. You can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load. -If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used. +If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used. -If you disable or don't configure this policy setting, the color depth for connections isn't specified at the Group Policy level. +If you disable or don't configure this policy setting, the color depth for connections isn't specified at the Group Policy level. >[!NOTE] -> 1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional. ->2. The value specified in this policy setting isn't applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections. ->3. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format: -> - a. Value specified by this policy setting -> - b. Maximum color depth supported by the client +> 1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional. +>2. The value specified in this policy setting isn't applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections. +>3. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format: +> - a. Value specified by this policy setting +> - b. Maximum color depth supported by the client > - c. Value requested by the client If the client doesn't support at least 16 bits, the connection is terminated. -ADMX Info: +ADMX Info: - GP Friendly name: *Limit maximum color depth* - GP name: *TS_COLORDEPTH* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -1447,7 +1447,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES** +**ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES** @@ -1473,21 +1473,21 @@ ADMX Info: -This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed. +This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed. >[!NOTE] ->If you want to limit the size of an individual user profile, use the "Limit profile size" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles. +>If you want to limit the size of an individual user profile, use the "Limit profile size" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles. If you enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user profile cache is checked. -When the size of the entire roaming user profile cache exceeds the maximum size that you've specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified. +When the size of the entire roaming user profile cache exceeds the maximum size that you've specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified. If you disable or don't configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the local drive. Note: This policy setting is ignored if the "Prevent Roaming Profile changes from propagating to the server" policy setting located in Computer Configuration\Policies\Administrative Templates\System\User Profiles is enabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Limit the size of the entire roaming user profile cache* - GP name: *TS_DELETE_ROAMING_USER_PROFILES* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles* @@ -1500,7 +1500,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER** +**ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER** @@ -1526,18 +1526,18 @@ ADMX Info: -This policy specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services. +This policy specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services. -You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 don't display wallpaper by default to Remote Desktop Services sessions. +You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 don't display wallpaper by default to Remote Desktop Services sessions. -If the status is set to Enabled, wallpaper never appears in a Remote Desktop Services session. +If the status is set to Enabled, wallpaper never appears in a Remote Desktop Services session. If the status is set to Disabled, wallpaper might appear in a Remote Desktop Services session, depending on the client configuration. If the status is set to Not Configured, the default behavior applies. -ADMX Info: +ADMX Info: - GP Friendly name: *Enforce Removal of Remote Desktop Wallpaper* - GP name: *TS_DISABLE_REMOTE_DESKTOP_WALLPAPER* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -1549,7 +1549,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU** +**ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU** @@ -1575,11 +1575,11 @@ ADMX Info: -This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions. If you enable this policy setting, all Remote Desktop Services sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter. +This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions. If you enable this policy setting, all Remote Desktop Services sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter. -If you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter. +If you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter. -If you don't configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default. +If you don't configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default. >[!NOTE] >The policy setting enables load-balancing of graphics processing units (GPU) on a computer with more than one GPU installed. The GPU configuration of the local session isn't affected by this policy setting. @@ -1587,7 +1587,7 @@ If you don't configure this policy setting, Remote Desktop Services sessions on -ADMX Info: +ADMX Info: - GP Friendly name: *Use hardware graphics adapters for all Remote Desktop Services sessions* - GP name: *TS_DX_USE_FULL_HWGPU* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -1600,7 +1600,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_EASY_PRINT** +**ADMX_TerminalServer/TS_EASY_PRINT** @@ -1626,11 +1626,11 @@ ADMX Info: -This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. +This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. -If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session. +If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session. -If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session. +If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session. >[!NOTE] >If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored. @@ -1638,7 +1638,7 @@ If you disable this policy setting, the RD Session Host server tries to find a s -ADMX Info: +ADMX Info: - GP Friendly name: *Use Remote Desktop Easy Print printer driver first* - GP name: *TS_EASY_PRINT* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* @@ -1651,7 +1651,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_EASY_PRINT_User** +**ADMX_TerminalServer/TS_EASY_PRINT_User** @@ -1677,11 +1677,11 @@ ADMX Info: -This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. +This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. -If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session. +If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session. -If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session. +If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session. >[!NOTE] >If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored. @@ -1689,7 +1689,7 @@ If you disable this policy setting, the RD Session Host server tries to find a s -ADMX Info: +ADMX Info: - GP Friendly name: *Use Remote Desktop Easy Print printer driver first* - GP name: *TS_EASY_PRINT_User* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* @@ -1702,7 +1702,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_EnableVirtualGraphics** +**ADMX_TerminalServer/TS_EnableVirtualGraphics** @@ -1728,20 +1728,20 @@ ADMX Info: -This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server. When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). +This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server. When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). -By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme. +By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme. -If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1. +If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1. -If you disable this policy setting, RemoteFX will be disabled. +If you disable this policy setting, RemoteFX will be disabled. If you don't configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure RemoteFX* - GP name: *TS_EnableVirtualGraphics* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* @@ -1754,7 +1754,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE** +**ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE** @@ -1780,16 +1780,16 @@ ADMX Info: -This policy setting allows you to specify the RD Session Host server fallback printer driver behavior. By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server doesn't have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session. +This policy setting allows you to specify the RD Session Host server fallback printer driver behavior. By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server doesn't have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session. -If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one isn't found, the client's printer isn't available. You can choose to change this default behavior. The available options are: +If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one isn't found, the client's printer isn't available. You can choose to change this default behavior. The available options are: -- **Do nothing if one is not found** - If there's a printer driver mismatch, the server will attempt to find a suitable driver. If one isn't found, the client's printer isn't available. This behavior is the default behavior. -- **Default to PCL if one is not found** - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver. -- **Default to PS if one is not found**- If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver. -- **Show both PCL and PS if one is not found**- If no suitable driver can be found, show both PS and PCL-based fallback printer drivers. +- **Do nothing if one is not found** - If there's a printer driver mismatch, the server will attempt to find a suitable driver. If one isn't found, the client's printer isn't available. This behavior is the default behavior. +- **Default to PCL if one is not found** - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver. +- **Default to PS if one is not found**- If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver. +- **Show both PCL and PS if one is not found**- If no suitable driver can be found, show both PS and PCL-based fallback printer drivers. -If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server won't attempt to use the fallback printer driver. If you don't configure this policy setting, the fallback printer driver behavior is off by default. +If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server won't attempt to use the fallback printer driver. If you don't configure this policy setting, the fallback printer driver behavior is off by default. >[!NOTE] >If the **Do not allow client printer redirection** setting is enabled, this policy setting is ignored and the fallback printer driver is disabled. @@ -1797,7 +1797,7 @@ If you disable this policy setting, the RD Session Host server fallback driver i -ADMX Info: +ADMX Info: - GP Friendly name: *Specify RD Session Host server fallback printer driver behavior* - GP name: *TS_FALLBACKPRINTDRIVERTYPE* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection* @@ -1810,7 +1810,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_FORCIBLE_LOGOFF** +**ADMX_TerminalServer/TS_FORCIBLE_LOGOFF** @@ -1836,11 +1836,11 @@ ADMX Info: -This policy setting determines whether an administrator attempting to connect remotely to the console of a server can sign out an administrator currently signed in to the console. This policy is useful when the currently connected administrator doesn't want to be signed out by another administrator. If the connected administrator is signed out, any data not previously saved is lost. +This policy setting determines whether an administrator attempting to connect remotely to the console of a server can sign out an administrator currently signed in to the console. This policy is useful when the currently connected administrator doesn't want to be signed out by another administrator. If the connected administrator is signed out, any data not previously saved is lost. -If you enable this policy setting, signing out the connected administrator isn't allowed. +If you enable this policy setting, signing out the connected administrator isn't allowed. -If you disable or don't configure this policy setting, signing out the connected administrator is allowed. +If you disable or don't configure this policy setting, signing out the connected administrator is allowed. >[!NOTE] >The console session is also known as Session 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the command line. @@ -1848,7 +1848,7 @@ If you disable or don't configure this policy setting, signing out the connected -ADMX Info: +ADMX Info: - GP Friendly name: *Deny logoff of an administrator logged in to the console session* - GP name: *TS_FORCIBLE_LOGOFF* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* @@ -1913,7 +1913,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD** +**ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD** @@ -1939,11 +1939,11 @@ ADMX Info: -This policy specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. +This policy specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. -By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client. +By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client. -To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you enable this setting, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default. +To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you enable this setting, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default. If you disable or don't configure this policy setting, the authentication method that is specified by the user is used, if one is specified. If an authentication method isn't specified, the Negotiate protocol that is enabled on the client or a smart card can be used for authentication. @@ -1952,7 +1952,7 @@ If you disable or don't configure this policy setting, the authentication method -ADMX Info: +ADMX Info: - GP Friendly name: *Set RD Gateway authentication method* - GP name: *TS_GATEWAY_POLICY_AUTH_METHOD* - GP path: *Windows Components\Remote Desktop Services\RD Gateway* @@ -1963,7 +1963,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER** +**ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER** @@ -1989,16 +1989,16 @@ ADMX Info: -This policy specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting. +This policy specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting. -By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client. +By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client. >[!NOTE] ->It's highly recommended that you also specify the authentication method by using the **Set RD Gateway authentication method** policy setting. If you don't specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used. +>It's highly recommended that you also specify the authentication method by using the **Set RD Gateway authentication method** policy setting. If you don't specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used. -To allow users to overwrite the **Set RD Gateway server address** policy setting and connect to another RD Gateway server, you must select the **Allow users to change this setting** check box and users will be allowed to specify an alternate RD Gateway server. +To allow users to overwrite the **Set RD Gateway server address** policy setting and connect to another RD Gateway server, you must select the **Allow users to change this setting** check box and users will be allowed to specify an alternate RD Gateway server. -Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default. +Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default. >[!NOTE] >If you disable or don't configure this policy setting, but enable the **Enable connections through RD Gateway** policy setting, client connection attempts to any remote computer will fail, if the client can't connect directly to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server. @@ -2006,7 +2006,7 @@ Users can specify an alternative RD Gateway server by configuring settings on th -ADMX Info: +ADMX Info: - GP Friendly name: *Set RD Gateway server address* - GP name: *TS_GATEWAY_POLICY_SERVER* - GP path: *Windows Components\Remote Desktop Services\RD Gateway* @@ -2018,7 +2018,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY** +**ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY** @@ -2044,22 +2044,22 @@ ADMX Info: -This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server. +This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server. -If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting. +If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting. -If you disable this policy setting, the server doesn't join a farm in RD Connection Broker, and user session tracking isn't performed. If the policy setting is disabled, you can't use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker. +If you disable this policy setting, the server doesn't join a farm in RD Connection Broker, and user session tracking isn't performed. If the policy setting is disabled, you can't use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker. -If the policy setting isn't configured, the policy setting isn't specified at the Group Policy level. +If the policy setting isn't configured, the policy setting isn't specified at the Group Policy level. ->[!NOTE] ->1. If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings. +>[!NOTE] +>1. If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings. >2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. -ADMX Info: +ADMX Info: - GP Friendly name: *Join RD Connection Broker* - GP name: *TS_JOIN_SESSION_DIRECTORY* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* @@ -2072,7 +2072,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_KEEP_ALIVE** +**ADMX_TerminalServer/TS_KEEP_ALIVE** @@ -2098,18 +2098,18 @@ ADMX Info: -This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state. +This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state. -After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client signs in to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active. +After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client signs in to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active. -If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999. +If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999. If you disable or don't configure this policy setting, a keep-alive interval isn't set and the server won't check the session state. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure keep-alive connection interval* - GP name: *TS_KEEP_ALIVE* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* @@ -2122,7 +2122,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_LICENSE_SECGROUP** +**ADMX_TerminalServer/TS_LICENSE_SECGROUP** @@ -2148,13 +2148,13 @@ ADMX Info: -This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs). +This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs). -You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one. +You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one. -If you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server. By default, the RDS Endpoint Servers group is empty. +If you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server. By default, the RDS Endpoint Servers group is empty. -If you disable or don't configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group isn't deleted or changed in any way by disabling or not configuring this policy setting. +If you disable or don't configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group isn't deleted or changed in any way by disabling or not configuring this policy setting. >[!NOTE] >You should only enable this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain. @@ -2162,7 +2162,7 @@ If you disable or don't configure this policy setting, the Remote Desktop licens -ADMX Info: +ADMX Info: - GP Friendly name: *License server security group* - GP name: *TS_LICENSE_SECGROUP* - GP path: *Windows Components\Remote Desktop Services\RD Licensing* @@ -2175,7 +2175,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_LICENSE_SERVERS** +**ADMX_TerminalServer/TS_LICENSE_SERVERS** @@ -2201,20 +2201,20 @@ ADMX Info: -This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers. +This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers. -If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers can't be located, the RD Session Host server will attempt automatic license server discovery. +If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers can't be located, the RD Session Host server will attempt automatic license server discovery. + +In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order: +1. Remote Desktop license servers that are published in Active Directory Domain Services. +2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server. -In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order: -1. Remote Desktop license servers that are published in Active Directory Domain Services. -2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server. - 1If you disable or don't configure this policy setting, the RD Session Host server doesn't specify a license server at the Group Policy level. -ADMX Info: +ADMX Info: - GP Friendly name: *Use the specified Remote Desktop license servers* - GP name: *TS_LICENSE_SERVERS* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing* @@ -2227,7 +2227,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_LICENSE_TOOLTIP** +**ADMX_TerminalServer/TS_LICENSE_TOOLTIP** @@ -2253,18 +2253,18 @@ ADMX Info: -This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server. +This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server. -By default, notifications are displayed on an RD Session Host server after you sign in as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire. +By default, notifications are displayed on an RD Session Host server after you sign in as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire. -If you enable this policy setting, these notifications won't be displayed on the RD Session Host server. +If you enable this policy setting, these notifications won't be displayed on the RD Session Host server. If you disable or don't configure this policy setting, these notifications will be displayed on the RD Session Host server after you sign in as a local administrator. -ADMX Info: +ADMX Info: - GP Friendly name: *Hide notifications about RD Licensing problems that affect the RD Session Host server* - GP name: *TS_LICENSE_TOOLTIP* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing* @@ -2277,7 +2277,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_LICENSING_MODE** +**ADMX_TerminalServer/TS_LICENSING_MODE** @@ -2303,21 +2303,21 @@ ADMX Info: -This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server. +This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server. -You can use this policy setting to select one of three licensing modes: Per User, Per Device, and Azure Active Directory Per User. -- Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server. -- Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server. -- Azure AD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in Azure AD. +You can use this policy setting to select one of three licensing modes: Per User, Per Device, and Azure Active Directory Per User. +- Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server. +- Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server. +- Azure AD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in Azure AD. -If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host. +If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host. If you disable or don't configure this policy setting, the licensing mode isn't specified at the Group Policy level. -ADMX Info: +ADMX Info: - GP Friendly name: *Set the Remote Desktop licensing mode* - GP name: *TS_LICENSING_MODE* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing* @@ -2330,7 +2330,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_MAX_CON_POLICY** +**ADMX_TerminalServer/TS_MAX_CON_POLICY** @@ -2356,23 +2356,23 @@ ADMX Info: -This policy specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, other users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. +This policy specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, other users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. -By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions. +By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions. -To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999. +To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999. -If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server. +If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server. -If the status is set to Disabled or Not Configured, limits to the number of connections aren't enforced at the Group Policy level. +If the status is set to Disabled or Not Configured, limits to the number of connections aren't enforced at the Group Policy level. ->[!NOTE] +>[!NOTE] >This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote Desktop Session Host role service installed). -ADMX Info: +ADMX Info: - GP Friendly name: *Limit number of connections* - GP name: *TS_MAX_CON_POLICY* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* @@ -2385,7 +2385,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_MAXDISPLAYRES** +**ADMX_TerminalServer/TS_MAXDISPLAYRES** @@ -2411,16 +2411,16 @@ ADMX Info: -This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load. +This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load. -If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session. +If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session. If you disable or don't configure this policy setting, the maximum resolution that can be used by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the Remote Desktop Session Host Configuration tool. -ADMX Info: +ADMX Info: - GP Friendly name: *Limit maximum display resolution* - GP name: *TS_MAXDISPLAYRES* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -2433,7 +2433,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_MAXMONITOR** +**ADMX_TerminalServer/TS_MAXMONITOR** @@ -2459,16 +2459,16 @@ ADMX Info: -This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load. +This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load. -If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16. +If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16. If you disable or don't configure this policy setting, the number of monitors that can be used to display a Remote Desktop Services session isn't specified at the Group Policy level. -ADMX Info: +ADMX Info: - GP Friendly name: *Limit number of monitors* - GP name: *TS_MAXMONITOR* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -2481,7 +2481,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_NoDisconnectMenu** +**ADMX_TerminalServer/TS_NoDisconnectMenu** @@ -2507,21 +2507,21 @@ ADMX Info: -This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions. You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server. +This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions. You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server. -If you enable this policy setting, "Disconnect" doesn't appear as an option in the drop-down list in the Shut Down Windows dialog box. +If you enable this policy setting, "Disconnect" doesn't appear as an option in the drop-down list in the Shut Down Windows dialog box. -If you disable or don't configure this policy setting, "Disconnect" isn't removed from the list in the Shut Down Windows dialog box. +If you disable or don't configure this policy setting, "Disconnect" isn't removed from the list in the Shut Down Windows dialog box. >[!NOTE] ->This policy setting affects only the Shut Down Windows dialog box. It doesn't prevent users from using other methods to disconnect from a Remote Desktop Services session. +>This policy setting affects only the Shut Down Windows dialog box. It doesn't prevent users from using other methods to disconnect from a Remote Desktop Services session. This policy setting also doesn't prevent disconnected sessions at the server. You can control how long a disconnected session remains active on the server by configuring the **Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Limits\Set time limit for disconnected sessions** policy setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Remove "Disconnect" option from Shut Down dialog* - GP name: *TS_NoDisconnectMenu* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -2534,7 +2534,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_NoSecurityMenu** +**ADMX_TerminalServer/TS_NoSecurityMenu** @@ -2560,16 +2560,16 @@ ADMX Info: -This policy specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently. +This policy specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently. -If the status is set to Enabled, Windows Security doesn't appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer. +If the status is set to Enabled, Windows Security doesn't appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer. If the status is set to Disabled or Not Configured, Windows Security remains in the Settings menu. -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Windows Security item from Start menu* - GP name: *TS_NoSecurityMenu* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -2582,7 +2582,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_PreventLicenseUpgrade** +**ADMX_TerminalServer/TS_PreventLicenseUpgrade** @@ -2608,22 +2608,22 @@ ADMX Info: -This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems. +This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems. -A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003. +A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003. -By default, if the most appropriate RDS CAL isn't available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following types of clients: -- A client connecting to a Windows Server 2003 terminal server -- A client connecting to a Windows 2000 terminal server +By default, if the most appropriate RDS CAL isn't available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following types of clients: +- A client connecting to a Windows Server 2003 terminal server +- A client connecting to a Windows 2000 terminal server -If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server isn't available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client won't be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server hasn't expired. +If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server isn't available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client won't be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server hasn't expired. If you disable or don't configure this policy setting, the license server will exhibit the default behavior noted earlier. -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent license upgrade* - GP name: *TS_PreventLicenseUpgrade* - GP path: *Windows Components\Remote Desktop Services\RD Licensing* @@ -2636,7 +2636,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP** +**ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP** @@ -2662,21 +2662,21 @@ ADMX Info: -This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server. +This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server. -If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user won't be prompted to provide credentials. +If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user won't be prompted to provide credentials. ->[!NOTE] ->If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration. +>[!NOTE] +>If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration. -If you disable or don't configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server. +If you disable or don't configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server. For Windows Server 2003 and Windows 2000 Server, a user will be prompted on the terminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection. -ADMX Info: +ADMX Info: - GP Friendly name: *Prompt for credentials on the client computer* - GP name: *TS_PROMT_CREDS_CLIENT_COMP* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* @@ -2689,7 +2689,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_RADC_DefaultConnection** +**ADMX_TerminalServer/TS_RADC_DefaultConnection** @@ -2716,11 +2716,11 @@ ADMX Info: -This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of [http://contoso.com/rdweb/Feed/webfeed.aspx](http://contoso.com/rdweb/Feed/webfeed.aspx). +This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of [http://contoso.com/rdweb/Feed/webfeed.aspx](http://contoso.com/rdweb/Feed/webfeed.aspx). -- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user can't change the default connection URL. The user's default sign-in credentials are used when setting up the default connection URL. +- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user can't change the default connection URL. The user's default sign-in credentials are used when setting up the default connection URL. -- If you disable or don't configure this policy setting, the user has no default connection URL. +- If you disable or don't configure this policy setting, the user has no default connection URL. RemoteApp programs that are installed through RemoteApp and Desktop Connections from an untrusted server can compromise the security of a user's account. @@ -2729,7 +2729,7 @@ RemoteApp programs that are installed through RemoteApp and Desktop Connections -ADMX Info: +ADMX Info: - GP Friendly name: *Specify default connection URL* - GP name: *TS_RADC_DefaultConnection* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -2740,7 +2740,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration** +**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration** @@ -2767,9 +2767,9 @@ ADMX Info: -This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete. +This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete. -- If you enable this policy setting, user sign in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers. +- If you enable this policy setting, user sign in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers. - If you disable or don't configure this policy setting, the Start screen is shown and apps are registered in the background. @@ -2778,7 +2778,7 @@ This policy setting allows you to specify whether the app registration is comple -ADMX Info: +ADMX Info: - GP Friendly name: *Suspend user sign-in to complete app registration* - GP name: *TS_RDSAppX_WaitForRegistration* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -2789,7 +2789,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_RemoteControl_1** +**ADMX_TerminalServer/TS_RemoteControl_1** @@ -2816,7 +2816,7 @@ ADMX Info: -This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. +This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. @@ -2825,7 +2825,7 @@ To make changes to this setting effective, you must restart Volume Shadow Copy ( -ADMX Info: +ADMX Info: - GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers* - GP name: *TS_RemoteControl_1* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -2836,7 +2836,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_RemoteControl_2** +**ADMX_TerminalServer/TS_RemoteControl_2** @@ -2863,7 +2863,7 @@ ADMX Info: -This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. +This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service. @@ -2872,7 +2872,7 @@ To make changes to this setting effective, you must restart Volume Shadow Copy ( -ADMX Info: +ADMX Info: - GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers* - GP name: *TS_RemoteControl_2* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -2883,7 +2883,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** +**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics** @@ -2910,19 +2910,19 @@ ADMX Info: -This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. +This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. -You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). -If you've a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. - -By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. +You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). +If you've a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. + +By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. If you disable or don't configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior). -ADMX Info: +ADMX Info: - GP Friendly name: *Optimize visual experience when using RemoteFX* - GP name: *TS_RemoteDesktopVirtualGraphics* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* @@ -2934,7 +2934,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_SD_ClustName** +**ADMX_TerminalServer/TS_SD_ClustName** @@ -2960,13 +2960,13 @@ ADMX Info: -This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. +This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. -Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name doesn't have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker. +Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name doesn't have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker. -- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker. +- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker. -- If you disable or don't configure this policy setting, the farm name isn't specified at the Group Policy level. +- If you disable or don't configure this policy setting, the farm name isn't specified at the Group Policy level. > [!NOTE] > This policy setting isn't effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. @@ -2976,7 +2976,7 @@ For Windows Server 2008, this policy setting is supported on at least Windows Se -ADMX Info: +ADMX Info: - GP Friendly name: *Configure RD Connection Broker farm name* - GP name: *TS_SD_ClustName* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* @@ -2987,7 +2987,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS** +**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS** @@ -3013,13 +3013,13 @@ ADMX Info: -This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server. +This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server. -- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm. +- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm. -- If you disable this policy setting, the IP address of the RD Session Host server isn't sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you don't want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. +- If you disable this policy setting, the IP address of the RD Session Host server isn't sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you don't want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. -If you don't configure this policy setting, the Use IP address redirection policy setting isn't enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. +If you don't configure this policy setting, the Use IP address redirection policy setting isn't enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. > [!NOTE] > For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. @@ -3027,7 +3027,7 @@ If you don't configure this policy setting, the Use IP address redirection polic -ADMX Info: +ADMX Info: - GP Friendly name: *Use IP Address Redirection* - GP name: *TS_SD_EXPOSE_ADDRESS* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* @@ -3038,7 +3038,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_SD_Loc** +**ADMX_TerminalServer/TS_SD_Loc** @@ -3064,10 +3064,10 @@ ADMX Info: -This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. -The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server. +This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. +The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server. -- If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers. +- If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers. - If you disable or don't configure this policy setting, the policy setting isn't specified at the Group Policy level. @@ -3081,7 +3081,7 @@ The specified server must be running the Remote Desktop Connection Broker servic -ADMX Info: +ADMX Info: - GP Friendly name: *Configure RD Connection Broker server name* - GP name: *TS_SD_Loc* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker* @@ -3093,7 +3093,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY** +**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY** @@ -3119,22 +3119,22 @@ ADMX Info: -This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections. +This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections. -- If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. +- If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. -The following security methods are available: +The following security methods are available: -- **Negotiate**: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it's used to authenticate the RD Session Host server. If TLS isn't supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended. -- **RDP**: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended. -- **SSL (TLS 1.0)**: The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS isn't supported, the connection fails. This enablement is the recommended setting for this policy. +- **Negotiate**: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it's used to authenticate the RD Session Host server. If TLS isn't supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended. +- **RDP**: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended. +- **SSL (TLS 1.0)**: The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS isn't supported, the connection fails. This enablement is the recommended setting for this policy. If you disable or don't configure this policy setting, the security method to be used for remote connections to RD Session Host servers isn't specified at the Group Policy level. -ADMX Info: +ADMX Info: - GP Friendly name: *Require use of specific security layer for remote (RDP) connections* - GP name: *TS_SECURITY_LAYER_POLICY* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* @@ -3146,7 +3146,7 @@ ADMX Info:
            -**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT** +**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT** @@ -3172,21 +3172,21 @@ ADMX Info: -This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency). -You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect. +This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency). +You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect. -- If you disable Connect Time Detect, Remote Desktop Protocol won't determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection. +- If you disable Connect Time Detect, Remote Desktop Protocol won't determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection. -- If you disable Continuous Network Detect, Remote Desktop Protocol won't try to adapt the remote user experience to varying network quality. +- If you disable Continuous Network Detect, Remote Desktop Protocol won't try to adapt the remote user experience to varying network quality. -- If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol won't try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it won't try to adapt the user experience to varying network quality. +- If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol won't try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it won't try to adapt the user experience to varying network quality. - If you disable or don't configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality. -ADMX Info: +ADMX Info: - GP Friendly name: *Select network detection on the server* - GP name: *TS_SELECT_NETWORK_DETECT* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* @@ -3199,7 +3199,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SELECT_TRANSPORT** +**ADMX_TerminalServer/TS_SELECT_TRANSPORT** @@ -3225,18 +3225,18 @@ ADMX Info: -This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server. +This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server. -- If you enable this policy setting, you must specify if you would like RDP to use UDP. You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)" +- If you enable this policy setting, you must specify if you would like RDP to use UDP. You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)" -If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP. If the UDP connection isn't successful or if you select "Use only TCP," all of the RDP traffic will use TCP. +If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP. If the UDP connection isn't successful or if you select "Use only TCP," all of the RDP traffic will use TCP. - If you disable or don't configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience. -ADMX Info: +ADMX Info: - GP Friendly name: *Select RDP transport protocols* - GP name: *TS_SELECT_TRANSPORT* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* @@ -3249,7 +3249,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP** +**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP** @@ -3275,17 +3275,17 @@ ADMX Info: -This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. -This policy setting applies only to RemoteApp programs and doesn't apply to remote desktop sessions. +This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. +This policy setting applies only to RemoteApp programs and doesn't apply to remote desktop sessions. -- If you enable or don't configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics. +- If you enable or don't configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics. - If you disable this policy setting, RemoteApp programs published from this RD Session Host server won't use these advanced graphics. You may want to choose this option if you discover that applications published as RemoteApp programs don't support these advanced graphics. -ADMX Info: +ADMX Info: - GP Friendly name: *Use advanced RemoteFX graphics for RemoteApp* - GP name: *TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -3298,7 +3298,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SERVER_AUTH** +**ADMX_TerminalServer/TS_SERVER_AUTH** @@ -3324,20 +3324,20 @@ ADMX Info: -This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client can't authenticate the RD Session Host server. +This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client can't authenticate the RD Session Host server. -- If you enable this policy setting, you must specify one of the following settings: +- If you enable this policy setting, you must specify one of the following settings: - - Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client can't authenticate the RD Session Host server. - - Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server can't be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server. - - don't connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated. + - Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client can't authenticate the RD Session Host server. + - Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server can't be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server. + - don't connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated. - If you disable or don't configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client can't authenticate the RD Session Host server. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure server authentication for client* - GP name: *TS_SERVER_AUTH* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client* @@ -3350,7 +3350,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED** +**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED** @@ -3376,16 +3376,16 @@ ADMX Info: -This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. +This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. -- When you enable hardware encoding, if an error occurs, we'll attempt to use software encoding. +- When you enable hardware encoding, if an error occurs, we'll attempt to use software encoding. - If you disable or don't configure this policy, we'll always use software encoding. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure H.264/AVC hardware encoding for Remote Desktop Connections* - GP name: *TS_SERVER_AVC_HW_ENCODE_PREFERRED* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -3398,7 +3398,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED** +**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED** @@ -3424,14 +3424,14 @@ ADMX Info: -This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. +This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444. -ADMX Info: +ADMX Info: - GP Friendly name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections* - GP name: *TS_SERVER_AVC444_MODE_PREFERRED* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -3444,7 +3444,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SERVER_COMPRESSOR** +**ADMX_TerminalServer/TS_SERVER_COMPRESSOR** @@ -3470,22 +3470,22 @@ ADMX Info: -This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, servers use an RDP compression algorithm that is based on the server's hardware configuration. +This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, servers use an RDP compression algorithm that is based on the server's hardware configuration. -- If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. +- If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. -If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth. +If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth. -In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used. You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you're using a hardware device that is designed to optimize network traffic. +In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used. You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you're using a hardware device that is designed to optimize network traffic. -Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed. +Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed. - If you disable or don't configure this policy setting, the default RDP compression algorithm will be used. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure compression for RemoteFX data* - GP name: *TS_SERVER_COMPRESSOR* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -3498,7 +3498,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY** +**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY** @@ -3523,22 +3523,22 @@ ADMX Info:
            -This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered. +This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered. -- If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes. +- If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes. -- If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality. +- If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality. -- If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth. +- If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth. -- If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data isn't impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you enable this setting for specific cases only. +- If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data isn't impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you enable this setting for specific cases only. - If you disable or don't configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure image quality for RemoteFX Adaptive Graphics* - GP name: *TS_SERVER_IMAGE_QUALITY* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -3551,7 +3551,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SERVER_LEGACY_RFX** +**ADMX_TerminalServer/TS_SERVER_LEGACY_RFX** @@ -3576,18 +3576,18 @@ ADMX Info:
            -This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server. +This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server. -When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme. +When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme. -- If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1. +- If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1. - If you disable this policy setting, RemoteFX will be disabled. If you don't configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure RemoteFX* - GP name: *TS_SERVER_LEGACY_RFX* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* @@ -3600,7 +3600,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SERVER_PROFILE** +**ADMX_TerminalServer/TS_SERVER_PROFILE** @@ -3626,17 +3626,17 @@ ADMX Info: -This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available network bandwidth. +This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available network bandwidth. -If you enable this policy setting, the RemoteFX experience could be set to one of the following options: -1. Let the system choose the experience for the network condition -2. Optimize for server scalability +If you enable this policy setting, the RemoteFX experience could be set to one of the following options: +1. Let the system choose the experience for the network condition +2. Optimize for server scalability 3. Optimize for minimum bandwidth usage. If you disable or don't configure this policy setting, the RemoteFX experience will change dynamically based on the network condition." -ADMX Info: +ADMX Info: - GP Friendly name: *Configure RemoteFX Adaptive Graphics* - GP name: *TS_SERVER_PROFILE* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -3649,7 +3649,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SERVER_VISEXP** +**ADMX_TerminalServer/TS_SERVER_VISEXP** @@ -3675,16 +3675,16 @@ ADMX Info: -This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience. By default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation. +This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience. By default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation. -- If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text. +- If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text. - If you disable or don't configure this policy setting, Remote Desktop Services sessions are optimized for rich multimedia. -ADMX Info: +ADMX Info: - GP Friendly name: *Optimize visual experience for Remote Desktop Service Sessions* - GP name: *TS_SERVER_VISEXP* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2* @@ -3697,7 +3697,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER** +**ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER** @@ -3723,16 +3723,16 @@ ADMX Info: -This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections. +This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections. -- If you enable or don't configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver. +- If you enable or don't configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver. - If you disable this policy setting, Remote Desktop Connections won't use WDDM graphics display driver. In this case, the Remote Desktop Connections will use XDDM graphics display driver. For this change to take effect, you must restart Windows. -ADMX Info: +ADMX Info: - GP Friendly name: *Use WDDM graphics display driver for Remote Desktop Connections* - GP name: *TS_SERVER_WDDM_GRAPHICS_DRIVER* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -3745,7 +3745,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_Session_End_On_Limit_1** +**ADMX_TerminalServer/TS_Session_End_On_Limit_1** @@ -3771,22 +3771,22 @@ ADMX Info: -This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy. +This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy. -See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings. +See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings. -- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit. +- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit. -- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. +- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. -This policy setting only applies to time-out limits that are explicitly set by the administrator. +This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting doesn't apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence. -ADMX Info: +ADMX Info: - GP Friendly name: *End session when time limits are reached* - GP name: *TS_Session_End_On_Limit_1* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* @@ -3799,7 +3799,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_Session_End_On_Limit_2** +**ADMX_TerminalServer/TS_Session_End_On_Limit_2** @@ -3825,22 +3825,22 @@ ADMX Info: -This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy. +This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy. -See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings. +See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings. -- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit. +- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit. -- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. +- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. -This policy setting only applies to time-out limits that are explicitly set by the administrator. +This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting doesn't apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence. -ADMX Info: +ADMX Info: - GP Friendly name: *End session when time limits are reached* - GP name: *TS_Session_End_On_Limit_2* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* @@ -3853,7 +3853,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1** +**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1** @@ -3879,12 +3879,12 @@ ADMX Info: -This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session. -When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server. +This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session. +When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server. -- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply. +- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply. -- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. +- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. >[!NOTE] > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. @@ -3892,7 +3892,7 @@ When a session is in a disconnected state, running programs are kept active even -ADMX Info: +ADMX Info: - GP Friendly name: *Set time limit for disconnected sessions* - GP name: *TS_SESSIONS_Disconnected_Timeout_1* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* @@ -3905,7 +3905,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2** +**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2** @@ -3931,12 +3931,12 @@ ADMX Info: -This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session. -When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server. +This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session. +When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server. -- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply. +- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply. -- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. +- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. >[!NOTE] > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. @@ -3944,7 +3944,7 @@ When a session is in a disconnected state, running programs are kept active even -ADMX Info: +ADMX Info: - GP Friendly name: *Set time limit for disconnected sessions* - GP name: *TS_SESSIONS_Disconnected_Timeout_2* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* @@ -3957,7 +3957,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1** +**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1** @@ -3983,13 +3983,13 @@ ADMX Info: -This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected. +This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected. -- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply. +- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply. -- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. +- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. -If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. +If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. >[!NOTE] > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. @@ -3997,7 +3997,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when -ADMX Info: +ADMX Info: - GP Friendly name: *Set time limit for active but idle Remote Desktop Services sessions* - GP name: *TS_SESSIONS_Idle_Limit_1* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* @@ -4010,7 +4010,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2** +**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2** @@ -4036,13 +4036,13 @@ ADMX Info: -This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected. +This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected. -- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply. +- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply. -- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. +- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. -If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. +If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. >[!NOTE] > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. @@ -4050,7 +4050,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when -ADMX Info: +ADMX Info: - GP Friendly name: *Set time limit for active but idle Remote Desktop Services sessions* - GP name: *TS_SESSIONS_Idle_Limit_2* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* @@ -4063,7 +4063,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SESSIONS_Limits_1** +**ADMX_TerminalServer/TS_SESSIONS_Limits_1** @@ -4089,13 +4089,13 @@ ADMX Info: -This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected. +This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected. -- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply. +- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply. -- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. +- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. -If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. +If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. >[!NOTE] > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. @@ -4104,7 +4104,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when -ADMX Info: +ADMX Info: - GP Friendly name: *Set time limit for active Remote Desktop Services sessions* - GP name: *TS_SESSIONS_Limits_1* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* @@ -4117,7 +4117,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SESSIONS_Limits_2** +**ADMX_TerminalServer/TS_SESSIONS_Limits_2** @@ -4143,13 +4143,13 @@ ADMX Info: -This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected. +This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected. -- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply. +- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply. -- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. +- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. -If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. +If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. >[!NOTE] > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. @@ -4158,7 +4158,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when -ADMX Info: +ADMX Info: - GP Friendly name: *Set time limit for active Remote Desktop Services sessions* - GP name: *TS_SESSIONS_Limits_2* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits* @@ -4171,7 +4171,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SINGLE_SESSION** +**ADMX_TerminalServer/TS_SINGLE_SESSION** @@ -4197,9 +4197,9 @@ ADMX Info: -This policy setting allows you to restrict users to a single Remote Desktop Services session. If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. +This policy setting allows you to restrict users to a single Remote Desktop Services session. If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. -If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in. +If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in. If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. If you don't configure this policy setting, this policy setting isn't specified at the Group Policy level. @@ -4207,7 +4207,7 @@ If you disable this policy setting, users are allowed to make unlimited simultan -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session* - GP name: *TS_SINGLE_SESSION* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* @@ -4220,7 +4220,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_SMART_CARD** +**ADMX_TerminalServer/TS_SMART_CARD** @@ -4246,11 +4246,11 @@ ADMX Info: -This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session. +This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session. -- If you enable this policy setting, Remote Desktop Services users can't use a smart card to sign in to a Remote Desktop Services session. +- If you enable this policy setting, Remote Desktop Services users can't use a smart card to sign in to a Remote Desktop Services session. -- If you disable or don't configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection. +- If you disable or don't configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection. >[!NOTE] > The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain. @@ -4258,7 +4258,7 @@ This policy setting allows you to control the redirection of smart card devices -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow smart card device redirection* - GP name: *TS_SMART_CARD* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -4271,7 +4271,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_START_PROGRAM_1** +**ADMX_TerminalServer/TS_START_PROGRAM_1** @@ -4297,11 +4297,11 @@ ADMX Info: -Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. +Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. -The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. +The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. -If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) +If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) >[!NOTE] > This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides. @@ -4309,7 +4309,7 @@ If you leave Working Directory blank, the program runs with its default working -ADMX Info: +ADMX Info: - GP Friendly name: *Start a program on connection* - GP name: *TS_START_PROGRAM_1* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -4322,7 +4322,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_START_PROGRAM_2** +**ADMX_TerminalServer/TS_START_PROGRAM_2** @@ -4348,11 +4348,11 @@ ADMX Info: -Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. +Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. -The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. +The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. -If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) +If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) >[!NOTE] > This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides. @@ -4360,7 +4360,7 @@ If you leave Working Directory blank, the program runs with its default working -ADMX Info: +ADMX Info: - GP Friendly name: *Start a program on connection* - GP name: *TS_START_PROGRAM_2* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -4373,7 +4373,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_TEMP_DELETE** +**ADMX_TerminalServer/TS_TEMP_DELETE** @@ -4399,19 +4399,19 @@ ADMX Info: -This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at sign out. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user signs out from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user signs out. +This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at sign out. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user signs out from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user signs out. -If you enable this policy setting, a user's per-session temporary folders are retained when the user signs out from a session. +If you enable this policy setting, a user's per-session temporary folders are retained when the user signs out from a session. + +If you disable this policy setting, temporary folders are deleted when a user signs out, even if the server administrator specifies otherwise. If you don't configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at sign out, unless specified otherwise by the server administrator. -If you disable this policy setting, temporary folders are deleted when a user signs out, even if the server administrator specifies otherwise. If you don't configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at sign out, unless specified otherwise by the server administrator. - >[!NOTE] > This setting only takes effect if per-session temporary folders are in use on the server. If you enable the don't use temporary folders per session policy setting, this policy setting has no effect. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not delete temp folders upon exit* - GP name: *TS_TEMP_DELETE* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders* @@ -4424,7 +4424,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_TEMP_PER_SESSION** +**ADMX_TerminalServer/TS_TEMP_PER_SESSION** @@ -4450,18 +4450,18 @@ ADMX Info: -This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders. +This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders. -You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the session ID. +You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the session ID. -- If you enable this policy setting, per-session temporary folders aren't created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer. +- If you enable this policy setting, per-session temporary folders aren't created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer. - If you disable this policy setting, per-session temporary folders are always created, even if the server administrator specifies otherwise. If you don't configure this policy setting, per-session temporary folders are created unless the server administrator specifies otherwise. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not use temporary folders per session* - GP name: *TS_TEMP_PER_SESSION* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders* @@ -4474,7 +4474,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_TIME_ZONE** +**ADMX_TerminalServer/TS_TIME_ZONE** @@ -4500,11 +4500,11 @@ ADMX Info: -This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session. +This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session. -- If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone). +- If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone). -- If you disable or don't configure this policy setting, the client computer doesn't redirect its time zone information and the session time zone is the same as the server time zone. +- If you disable or don't configure this policy setting, the client computer doesn't redirect its time zone information and the session time zone is the same as the server time zone. >[!NOTE] > Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later. @@ -4512,7 +4512,7 @@ This policy setting allows you to specify whether the client computer redirects -ADMX Info: +ADMX Info: - GP Friendly name: *Allow time zone redirection* - GP name: *TS_TIME_ZONE* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection* @@ -4525,7 +4525,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY** +**ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY** @@ -4551,11 +4551,11 @@ ADMX Info: -This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default, administrators are able to make such changes. +This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default, administrators are able to make such changes. -- If you enable this policy setting, the default security descriptors for existing groups on the RD Session Host server can't be changed. All the security descriptors are read-only. +- If you enable this policy setting, the default security descriptors for existing groups on the RD Session Host server can't be changed. All the security descriptors are read-only. -- If you disable or don't configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider. +- If you disable or don't configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider. >[!NOTE] > The preferred method of managing user access is by adding a user to the Remote Desktop Users group. @@ -4563,7 +4563,7 @@ This policy setting specifies whether to disable the administrator rights to cus -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow local administrators to customize permissions* - GP name: *TS_TSCC_PERMISSIONS_POLICY* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* @@ -4576,7 +4576,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP** +**ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP** @@ -4602,11 +4602,11 @@ ADMX Info: -This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy. +This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy. -- If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings. +- If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings. -- If you disable or don't configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program isn't specified, the desktop is always displayed on the remote computer after the client connects to the remote computer. +- If you disable or don't configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program isn't specified, the desktop is always displayed on the remote computer after the client connects to the remote computer. >[!NOTE] > If this policy setting is enabled, then the "Start a program on connection" policy setting is ignored. @@ -4614,7 +4614,7 @@ This policy setting determines whether the desktop is always displayed after a c -ADMX Info: +ADMX Info: - GP Friendly name: *Always show desktop on connection* - GP name: *TS_TURNOFF_SINGLEAPP* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment* @@ -4627,7 +4627,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_UIA** +**ADMX_TerminalServer/TS_UIA** @@ -4653,18 +4653,18 @@ ADMX Info: -This policy setting allows you to restrict users to a single Remote Desktop Services session. +This policy setting allows you to restrict users to a single Remote Desktop Services session. -If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in. +If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in. -- If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. +- If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. - If you don't configure this policy setting, this policy setting isn't specified at the Group Policy level. -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session* - GP name: *TS_UIA* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections* @@ -4677,7 +4677,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE** +**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE** @@ -4703,16 +4703,16 @@ ADMX Info: -This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices won't be available for local usage on this computer. +This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices won't be available for local usage on this computer. -If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. +If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. If you disable or don't configure this policy setting, other supported RemoteFX USB devices aren't available for RDP redirection by using any user account. For this change to take effect, you must restart Windows. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow RDP redirection of other supported RemoteFX USB devices from this computer* - GP name: *TS_USB_REDIRECTION_DISABLE* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection* @@ -4725,7 +4725,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY** +**ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY** @@ -4751,18 +4751,18 @@ ADMX Info: -This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process. +This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process. -- If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported. +- If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported. -- If you disable this policy setting, Network Level Authentication isn't required for user authentication before allowing remote connections to the RD Session Host server. If you don't configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default. +- If you disable this policy setting, Network Level Authentication isn't required for user authentication before allowing remote connections to the RD Session Host server. If you don't configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default. Disabling this policy setting provides less security because user authentication will occur later in the remote connection process. -ADMX Info: +ADMX Info: - GP Friendly name: *Require user authentication for remote connections by using Network Level Authentication* - GP name: *TS_USER_AUTHENTICATION_POLICY* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* @@ -4775,7 +4775,7 @@ ADMX Info: -**ADMX_TerminalServer/TS_USER_HOME** +**ADMX_TerminalServer/TS_USER_HOME** @@ -4801,20 +4801,20 @@ ADMX Info: -This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections. +This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections. -- If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected. +- If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected. -If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. +If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. -- If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server. +- If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server. If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Server authentication certificate template* - GP name: *TS_USER_HOME* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security* @@ -4826,8 +4826,8 @@ ADMX Info:
            - -**ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES** + +**ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES** @@ -4853,11 +4853,11 @@ ADMX Info: -This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server. +This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server. -- If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile. +- If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile. -- If you disable or don't configure this policy setting, mandatory user profiles aren't used by users connecting remotely to the RD Session Host server. +- If you disable or don't configure this policy setting, mandatory user profiles aren't used by users connecting remotely to the RD Session Host server. For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" policy setting. @@ -4865,7 +4865,7 @@ For this policy setting to take effect, you must also enable and configure the " -ADMX Info: +ADMX Info: - GP Friendly name: *Use mandatory profiles on the RD Session Host server* - GP name: *TS_USER_MANDATORY_PROFILES* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles* @@ -4876,9 +4876,9 @@ ADMX Info:
            - + -**ADMX_TerminalServer/TS_USER_PROFILES** +**ADMX_TerminalServer/TS_USER_PROFILES** @@ -4904,21 +4904,21 @@ ADMX Info: -This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles. By default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles. If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user. +This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles. By default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles. If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user. -To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Don't specify a placeholder for the user account name, because Remote Desktop Services automatically adds this location when the user signs in and the profile is created. +To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Don't specify a placeholder for the user account name, because Remote Desktop Services automatically adds this location when the user signs in and the profile is created. -If the specified network share doesn't exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server. +If the specified network share doesn't exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server. -If you disable or don't configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box. +If you disable or don't configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box. -1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session. +1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session. 2. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile. -ADMX Info: +ADMX Info: - GP Friendly name: *Set path for Remote Desktop Services Roaming User Profile* - GP name: *TS_USER_PROFILES* - GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles* diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index b8a2fd7483..fe4ac226e4 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/25/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,19 +17,19 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -## ADMX_Thumbnails policies +## ADMX_Thumbnails policies
            ADMX_Thumbnails/DisableThumbnails -
            +
            ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders
            @@ -41,7 +41,7 @@ manager: aaroncz
            -**ADMX_Thumbnails/DisableThumbnails** +**ADMX_Thumbnails/DisableThumbnails** @@ -69,7 +69,7 @@ manager: aaroncz This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer. -File Explorer displays thumbnail images by default. +File Explorer displays thumbnail images by default. If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images. @@ -78,7 +78,7 @@ If you disable or do not configure this policy setting, File Explorer displays o -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the display of thumbnails and only display icons.* - GP name: *DisableThumbnails* - GP path: *Windows Components\File Explorer* @@ -89,7 +89,7 @@ ADMX Info:
            -**ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders** +**ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders** @@ -126,7 +126,7 @@ If you disable or do not configure this policy setting, File Explorer displays o -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the display of thumbnails and only display icons on network folders* - GP name: *DisableThumbnailsOnNetworkFolders* - GP path: *Windows Components\File Explorer* @@ -137,7 +137,7 @@ ADMX Info:
            -**ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders** +**ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders** @@ -172,9 +172,9 @@ If you enable this policy setting, File Explorer does not create, read from, or If you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files. -> +> -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the caching of thumbnails in hidden thumbs.db files* - GP name: *DisableThumbsDBOnNetworkFolders* - GP path: *Windows Components\File Explorer* diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md index 776951f78d..dc53725e32 100644 --- a/windows/client-management/mdm/policy-csp-admx-touchinput.md +++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/23/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            -## ADMX_TouchInput policies +## ADMX_TouchInput policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -45,7 +45,7 @@ manager: aaroncz
            -**ADMX_TouchInput/TouchInputOff_1** +**ADMX_TouchInput/TouchInputOff_1** @@ -71,13 +71,13 @@ manager: aaroncz -This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. +This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. -If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features. +If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features. -If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features. +If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features. -If you don't configure this setting, touch input is on by default. +If you don't configure this setting, touch input is on by default. >[!NOTE] > Changes to this setting won't take effect until the user signs out. @@ -85,7 +85,7 @@ If you don't configure this setting, touch input is on by default. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Tablet PC touch input* - GP name: *TouchInputOff_1* - GP path: *Windows Components\Tablet PC\Touch Input* @@ -94,7 +94,7 @@ ADMX Info: -**ADMX_TouchInput/TouchInputOff_2** +**ADMX_TouchInput/TouchInputOff_2** @@ -120,13 +120,13 @@ ADMX Info: -This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. +This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. -If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features. +If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features. -If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features. +If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features. -If you don't configure this setting, touch input is on by default. +If you don't configure this setting, touch input is on by default. >[!NOTE] >Changes to this setting won't take effect until the user signs out. @@ -134,7 +134,7 @@ If you don't configure this setting, touch input is on by default. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Tablet PC touch input* - GP name: *TouchInputOff_2* - GP path: *Windows Components\Tablet PC\Touch Input* @@ -146,7 +146,7 @@ ADMX Info:
            -**ADMX_TouchInput/PanningEverywhereOff_1** +**ADMX_TouchInput/PanningEverywhereOff_1** @@ -172,11 +172,11 @@ ADMX Info: -This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content. +This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content. -If you enable this setting, the user won't be able to pan windows by touch. +If you enable this setting, the user won't be able to pan windows by touch. -If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default. +If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default. > [!NOTE] > Changes to this setting won't take effect until the user logs off. @@ -184,7 +184,7 @@ If you disable this setting, the user can pan windows by touch. If you don't con -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Touch Panning* - GP name: *PanningEverywhereOff_1* - GP path: *Windows Components\Tablet PC\Touch Input* @@ -194,7 +194,7 @@ ADMX Info:
            -**ADMX_TouchInput/PanningEverywhereOff_2** +**ADMX_TouchInput/PanningEverywhereOff_2** @@ -220,11 +220,11 @@ ADMX Info: -This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content. +This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content. -If you enable this setting, the user won't be able to pan windows by touch. +If you enable this setting, the user won't be able to pan windows by touch. -If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default. +If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default. > [!NOTE] > Changes to this setting won't take effect until the user logs off. @@ -232,7 +232,7 @@ If you disable this setting, the user can pan windows by touch. If you don't con -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Touch Panning* - GP name: *PanningEverywhereOff_2* - GP path: *Windows Components\Tablet PC\Touch Input* diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index 2e39f46e4f..3bc2c09515 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/25/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_TPM > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_TPM policies +## ADMX_TPM policies
            @@ -62,7 +62,7 @@ manager: aaroncz
            -**ADMX_TPM/BlockedCommandsList_Name** +**ADMX_TPM/BlockedCommandsList_Name** @@ -97,7 +97,7 @@ If you disable or don't configure this policy setting, only those TPM commands s -ADMX Info: +ADMX Info: - GP Friendly name: *Configure the list of blocked TPM commands* - GP name: *BlockedCommandsList_Name* - GP path: *System\Trusted Platform Module Services* @@ -108,7 +108,7 @@ ADMX Info:
            -**ADMX_TPM/ClearTPMIfNotReady_Name** +**ADMX_TPM/ClearTPMIfNotReady_Name** @@ -139,7 +139,7 @@ This policy setting configures the system to prompt the user to clear the TPM if -ADMX Info: +ADMX Info: - GP Friendly name: *Configure the system to clear the TPM if it is not in a ready state.* - GP name: *ClearTPMIfNotReady_Name* - GP path: *System\Trusted Platform Module Services* @@ -150,7 +150,7 @@ ADMX Info:
            -**ADMX_TPM/IgnoreDefaultList_Name** +**ADMX_TPM/IgnoreDefaultList_Name** @@ -182,12 +182,12 @@ If you enable this policy setting, Windows will ignore the computer's default li The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Policy list of blocked TPM commands. -If you disable or don't configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Policy and local lists of blocked TPM commands. +If you disable or don't configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Policy and local lists of blocked TPM commands. -ADMX Info: +ADMX Info: - GP Friendly name: *Ignore the default list of blocked TPM commands* - GP name: *IgnoreDefaultList_Name* - GP path: *System\Trusted Platform Module Services* @@ -198,7 +198,7 @@ ADMX Info:
            -**ADMX_TPM/IgnoreLocalList_Name** +**ADMX_TPM/IgnoreLocalList_Name** @@ -235,7 +235,7 @@ If you disable or don't configure this policy setting, Windows will block the TP -ADMX Info: +ADMX Info: - GP Friendly name: *Ignore the local list of blocked TPM commands* - GP name: *IgnoreLocalList_Name* - GP path: *System\Trusted Platform Module Services* @@ -246,7 +246,7 @@ ADMX Info:
            -**ADMX_TPM/OSManagedAuth_Name** +**ADMX_TPM/OSManagedAuth_Name** @@ -290,7 +290,7 @@ Choose the operating system managed TPM authentication setting of "None" for com -ADMX Info: +ADMX Info: - GP Friendly name: *Configure the level of TPM owner authorization information available to the operating system* - GP name: *OSManagedAuth_Name* - GP path: *System\Trusted Platform Module Services* @@ -301,7 +301,7 @@ ADMX Info:
            -**ADMX_TPM/OptIntoDSHA_Name** +**ADMX_TPM/OptIntoDSHA_Name** @@ -332,7 +332,7 @@ This Policy enables Device Health Attestation reporting (DHA-report) on supporte -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Device Health Attestation Monitoring and Reporting* - GP name: *OptIntoDSHA_Name* - GP path: *System\Device Health Attestation Service* @@ -343,7 +343,7 @@ ADMX Info:
            -**ADMX_TPM/StandardUserAuthorizationFailureDuration_Name** +**ADMX_TPM/StandardUserAuthorizationFailureDuration_Name** @@ -390,7 +390,7 @@ If this value isn't configured, a default value of 480 minutes (8 hours) is used > -ADMX Info: +ADMX Info: - GP Friendly name: *Standard User Lockout Duration* - GP name: *StandardUserAuthorizationFailureDuration_Name* - GP path: *System\Trusted Platform Module Services* @@ -401,7 +401,7 @@ ADMX Info:
            -**ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name** +**ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name** @@ -450,7 +450,7 @@ A value of 0 means the OS won't allow standard users to send commands to the TPM -ADMX Info: +ADMX Info: - GP Friendly name: *Standard User Individual Lockout Threshold* - GP name: *StandardUserAuthorizationFailureIndividualThreshold_Name* - GP path: *System\Trusted Platform Module Services* @@ -461,7 +461,7 @@ ADMX Info:
            -**ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name** +**ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name** @@ -510,7 +510,7 @@ A value of 0 means the OS won't allow standard users to send commands to the TPM -ADMX Info: +ADMX Info: - GP Friendly name: *Standard User Total Lockout Threshold* - GP name: *StandardUserAuthorizationFailureTotalThreshold_Name* - GP path: *System\Trusted Platform Module Services* @@ -521,7 +521,7 @@ ADMX Info:
            -**ADMX_TPM/UseLegacyDAP_Name** +**ADMX_TPM/UseLegacyDAP_Name** @@ -552,7 +552,7 @@ This policy setting configures the TPM to use the Dictionary Attack Prevention P -ADMX Info: +ADMX Info: - GP Friendly name: *Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.* - GP name: *UseLegacyDAP_Name* - GP path: *System\Trusted Platform Module Services* diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index c5a2aabcc3..a563dfb775 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/30/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_UserExperienceVirtualization > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_UserExperienceVirtualization policies +## ADMX_UserExperienceVirtualization policies
            @@ -410,7 +410,7 @@ manager: aaroncz
            -**ADMX_UserExperienceVirtualization/Calculator** +**ADMX_UserExperienceVirtualization/Calculator** @@ -441,7 +441,7 @@ This policy setting configures the synchronization of user settings of Calculato By default, the user settings of Calculator synchronize between computers. Use the policy setting to prevent the user settings of Calculator from synchronization between computers. -If you enable this policy setting, the Calculator user settings continue to synchronize. +If you enable this policy setting, the Calculator user settings continue to synchronize. If you disable this policy setting, Calculator user settings are excluded from the synchronization settings. @@ -450,7 +450,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Calculator* - GP name: *Calculator* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -461,7 +461,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/ConfigureSyncMethod** +**ADMX_UserExperienceVirtualization/ConfigureSyncMethod** @@ -488,13 +488,13 @@ ADMX Info: -This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ computers. +This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ computers. With Sync Method set to ”SyncProvider,” the UE-V Agent uses a built-in sync provider to keep user settings synchronized between the computer and the settings storage location. This is the default value. You can disable the sync provider on computers that never go offline and are always connected to the settings storage location. -When SyncMethod is set to “None,” the UE-V Agent uses no sync provider. Settings are written directly to the settings storage location rather than being cached to sync later. +When SyncMethod is set to “None,” the UE-V Agent uses no sync provider. Settings are written directly to the settings storage location rather than being cached to sync later. -Set SyncMethod to “External” when an external synchronization engine is being deployed for settings sync. This could use OneDrive, Work Folders, SharePoint or any other engine that uses a local folder to synchronize data between users’ computers. In this mode, UE-V writes settings data to the local folder specified in the settings storage path. +Set SyncMethod to “External” when an external synchronization engine is being deployed for settings sync. This could use OneDrive, Work Folders, SharePoint or any other engine that uses a local folder to synchronize data between users’ computers. In this mode, UE-V writes settings data to the local folder specified in the settings storage path. These settings are then synchronized to other computers by an external synchronization engine. UE-V has no control over this synchronization. It only reads and writes the settings data when the normal UE-V triggers take place. With notifications enabled, UE-V users receive a message when the settings sync is delayed. The notification delay policy setting defines the delay before a notification appears. @@ -506,7 +506,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Sync Method* - GP name: *ConfigureSyncMethod* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -517,7 +517,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/ConfigureVdi** +**ADMX_UserExperienceVirtualization/ConfigureVdi** @@ -544,11 +544,11 @@ ADMX Info: -This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment. +This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment. -UE-V settings rollback data and checkpoints are normally stored only on the local computer. With this policy setting enabled, the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session. +UE-V settings rollback data and checkpoints are normally stored only on the local computer. With this policy setting enabled, the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session. -Enable this setting to register a VDI-specific settings location template and restore data on computers in pooled VDI environments that reset to a clean state on logout. With this policy enabled you can roll settings back to the state when UE-V was installed or to “last-known-good” configurations. Only enable this policy setting on computers running in a non-persistent VDI environment. The VDI Collection Name defines the name of the virtual desktop collection containing the virtual computers. +Enable this setting to register a VDI-specific settings location template and restore data on computers in pooled VDI environments that reset to a clean state on logout. With this policy enabled you can roll settings back to the state when UE-V was installed or to “last-known-good” configurations. Only enable this policy setting on computers running in a non-persistent VDI environment. The VDI Collection Name defines the name of the virtual desktop collection containing the virtual computers. If you enable this policy setting, the UE-V rollback state is copied to the settings storage location on logout and restored on login. @@ -558,7 +558,7 @@ If you don't configure this policy, no UE-V rollback state is copied to the sett -ADMX Info: +ADMX Info: - GP Friendly name: *VDI Configuration* - GP name: *ConfigureVdi* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -569,7 +569,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/ContactITDescription** +**ADMX_UserExperienceVirtualization/ContactITDescription** @@ -606,7 +606,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Contact IT Link Text* - GP name: *ContactITDescription* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -617,7 +617,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/ContactITUrl** +**ADMX_UserExperienceVirtualization/ContactITUrl** @@ -645,7 +645,7 @@ ADMX Info: This policy setting specifies the URL for the Contact IT link in the Company Settings Center. -If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto. +If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto. If you disable this policy setting, the Company Settings Center doesn't display an IT Contact link. @@ -653,7 +653,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Contact IT URL* - GP name: *ContactITUrl* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -664,7 +664,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/DisableWin8Sync** +**ADMX_UserExperienceVirtualization/DisableWin8Sync** @@ -693,11 +693,11 @@ ADMX Info: This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps. -By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location. +By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location. If you enable this policy setting, the UE-V Agent won't synchronize settings for Windows apps. -If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps. +If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps. If you don't configure this policy setting, any defined values are deleted. @@ -707,7 +707,7 @@ If you don't configure this policy setting, any defined values are deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *don't synchronize Windows Apps* - GP name: *DisableWin8Sync* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -718,7 +718,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/DisableWindowsOSSettings** +**ADMX_UserExperienceVirtualization/DisableWindowsOSSettings** @@ -756,7 +756,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Synchronize Windows settings* - GP name: *DisableWindowsOSSettings* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -767,7 +767,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/EnableUEV** +**ADMX_UserExperienceVirtualization/EnableUEV** @@ -793,14 +793,14 @@ ADMX Info: -This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. +This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect. With Auto-register inbox templates enabled, the UE-V inbox templates such as Office 2016 will be automatically registered when the UE-V Service is enabled. If this option is changed, it will only take effect when UE-V service is re-enabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Enable UEV* - GP name: *EnableUEV* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -811,7 +811,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/Finance** +**ADMX_UserExperienceVirtualization/Finance** @@ -849,7 +849,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Finance* - GP name: *Finance* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* @@ -860,7 +860,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled** +**ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled** @@ -897,7 +897,7 @@ If you don't configure this policy setting, any defined values are deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *First Use Notification* - GP name: *FirstUseNotificationEnabled* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -908,7 +908,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/Games** +**ADMX_UserExperienceVirtualization/Games** @@ -946,7 +946,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Games* - GP name: *Games* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* @@ -957,7 +957,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/InternetExplorer8** +**ADMX_UserExperienceVirtualization/InternetExplorer8** @@ -986,9 +986,9 @@ ADMX Info: This policy setting configures the synchronization of user settings for Internet Explorer 8. -By default, the user settings of Internet Explorer 8 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 8 from synchronization between computers. +By default, the user settings of Internet Explorer 8 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 8 from synchronization between computers. -If you enable this policy setting, the Internet Explorer 8 user settings continue to synchronize. +If you enable this policy setting, the Internet Explorer 8 user settings continue to synchronize. If you disable this policy setting, Internet Explorer 8 user settings are excluded from the synchronization settings. @@ -997,7 +997,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer 8* - GP name: *InternetExplorer8* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1008,7 +1008,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/InternetExplorer9** +**ADMX_UserExperienceVirtualization/InternetExplorer9** @@ -1036,8 +1036,8 @@ ADMX Info: This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Internet Explorer 9 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 9 from synchronization between computers. - -If you enable this policy setting, the Internet Explorer 9 user settings continue to synchronize. + +If you enable this policy setting, the Internet Explorer 9 user settings continue to synchronize. If you disable this policy setting, Internet Explorer 9 user settings are excluded from the synchronization settings. @@ -1047,7 +1047,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer 9* - GP name: *InternetExplorer9* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1058,7 +1058,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/InternetExplorer10** +**ADMX_UserExperienceVirtualization/InternetExplorer10** @@ -1087,7 +1087,7 @@ ADMX Info: This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Internet Explorer 10 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 10 from synchronization between computers. -If you enable this policy setting, the Internet Explorer 10 user settings continue to synchronize. +If you enable this policy setting, the Internet Explorer 10 user settings continue to synchronize. If you disable this policy setting, Internet Explorer 10 user settings are excluded from the synchronization settings. @@ -1096,7 +1096,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer 10* - GP name: *InternetExplorer10* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1107,7 +1107,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/InternetExplorer11** +**ADMX_UserExperienceVirtualization/InternetExplorer11** @@ -1145,7 +1145,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer 11* - GP name: *InternetExplorer11* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1156,7 +1156,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/InternetExplorerCommon** +**ADMX_UserExperienceVirtualization/InternetExplorerCommon** @@ -1195,7 +1195,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer Common Settings* - GP name: *InternetExplorerCommon* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1205,7 +1205,7 @@ ADMX Info: -**ADMX_UserExperienceVirtualization/Maps** +**ADMX_UserExperienceVirtualization/Maps** @@ -1243,7 +1243,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Maps* - GP name: *Maps* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* @@ -1254,7 +1254,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes** +**ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes** @@ -1281,7 +1281,7 @@ ADMX Info: -This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent doesn't report information about package file size. +This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent doesn't report information about package file size. If you enable this policy setting, specify the threshold file size in bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log. @@ -1290,7 +1290,7 @@ If you disable or don't configure this policy setting, no event is written to th -ADMX Info: +ADMX Info: - GP Friendly name: *Settings package size warning threshold* - GP name: *MaxPackageSizeInBytes* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -1301,7 +1301,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access** @@ -1328,18 +1328,18 @@ ADMX Info: -This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers. +This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers. If you enable this policy setting, Microsoft Access 2010 user settings continue to synchronize. -If you disable this policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings. +If you disable this policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings. If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Access 2010* - GP name: *MicrosoftOffice2010Access* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1350,7 +1350,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common** @@ -1377,18 +1377,18 @@ ADMX Info: -This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers. +This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers. If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications continue to synchronize. -If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabled +If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabled If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 2010 Common Settings* - GP name: *MicrosoftOffice2010Common* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1399,7 +1399,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel** @@ -1426,18 +1426,18 @@ ADMX Info: -This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers. +This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers. If you enable this policy setting, Microsoft Excel 2010 user settings continue to synchronize. -If you disable this policy setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings. +If you disable this policy setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings. If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Excel 2010* - GP name: *MicrosoftOffice2010Excel* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1448,7 +1448,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath** @@ -1487,7 +1487,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft InfoPath 2010* - GP name: *MicrosoftOffice2010InfoPath* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1498,7 +1498,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync** @@ -1525,18 +1525,18 @@ ADMX Info: -This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers. +This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers. If you enable this policy setting, Microsoft Lync 2010 user settings continue to synchronize. -If you disable this policy setting, Microsoft Lync 2010 user settings are excluded from the synchronization settings. +If you disable this policy setting, Microsoft Lync 2010 user settings are excluded from the synchronization settings. If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Lync 2010* - GP name: *MicrosoftOffice2010Lync* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1547,7 +1547,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote** @@ -1584,7 +1584,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft OneNote 2010* - GP name: *MicrosoftOffice2010OneNote* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1595,7 +1595,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook** @@ -1633,7 +1633,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Outlook 2010* - GP name: *MicrosoftOffice2010Outlook* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1644,7 +1644,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint** @@ -1683,7 +1683,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft PowerPoint 2010* - GP name: *MicrosoftOffice2010PowerPoint* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1694,7 +1694,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project** @@ -1732,7 +1732,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Project 2010* - GP name: *MicrosoftOffice2010Project* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1743,7 +1743,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher** @@ -1782,7 +1782,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Publisher 2010* - GP name: *MicrosoftOffice2010Publisher* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1793,7 +1793,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner** @@ -1831,7 +1831,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft SharePoint Designer 2010* - GP name: *MicrosoftOffice2010SharePointDesigner* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1842,7 +1842,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace** @@ -1881,7 +1881,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft SharePoint Workspace 2010* - GP name: *MicrosoftOffice2010SharePointWorkspace* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1892,7 +1892,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio** @@ -1930,7 +1930,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Visio 2010* - GP name: *MicrosoftOffice2010Visio* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1941,7 +1941,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word** @@ -1979,7 +1979,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Word 2010* - GP name: *MicrosoftOffice2010Word* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -1990,7 +1990,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access** @@ -2027,7 +2027,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Access 2013* - GP name: *MicrosoftOffice2013Access* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2038,7 +2038,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup** @@ -2076,7 +2076,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Access 2013 backup only* - GP name: *MicrosoftOffice2013AccessBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2087,7 +2087,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common** @@ -2125,7 +2125,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 2013 Common Settings* - GP name: *MicrosoftOffice2013Common* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2136,7 +2136,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup** @@ -2169,14 +2169,14 @@ Microsoft Office Suite 2013 has user settings which are common between applicati If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be backed up. -If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications won't be backed up. +If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications won't be backed up. If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Common 2013 backup only* - GP name: *MicrosoftOffice2013CommonBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2187,7 +2187,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel** @@ -2226,7 +2226,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Excel 2013* - GP name: *MicrosoftOffice2013Excel* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2237,7 +2237,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup** @@ -2275,7 +2275,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Excel 2013 backup only* - GP name: *MicrosoftOffice2013ExcelBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2286,7 +2286,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath** @@ -2324,7 +2324,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft InfoPath 2013* - GP name: *MicrosoftOffice2013InfoPath* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2335,7 +2335,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup** @@ -2374,7 +2374,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *InfoPath 2013 backup only* - GP name: *MicrosoftOffice2013InfoPathBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2385,7 +2385,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync** @@ -2423,7 +2423,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Lync 2013* - GP name: *MicrosoftOffice2013Lync* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2434,7 +2434,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup** @@ -2473,7 +2473,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Lync 2013 backup only* - GP name: *MicrosoftOffice2013LyncBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2484,7 +2484,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness** @@ -2523,7 +2523,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft OneDrive for Business 2013* - GP name: *MicrosoftOffice2013OneDriveForBusiness* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2534,7 +2534,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote** @@ -2573,7 +2573,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft OneNote 2013* - GP name: *MicrosoftOffice2013OneNote* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2584,7 +2584,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup** @@ -2623,7 +2623,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *OneNote 2013 backup only* - GP name: *MicrosoftOffice2013OneNoteBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2634,7 +2634,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook** @@ -2672,7 +2672,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Outlook 2013* - GP name: *MicrosoftOffice2013Outlook* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2683,7 +2683,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup** @@ -2722,7 +2722,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Outlook 2013 backup only* - GP name: *MicrosoftOffice2013OutlookBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2733,7 +2733,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint** @@ -2772,7 +2772,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft PowerPoint 2013* - GP name: *MicrosoftOffice2013PowerPoint* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2783,7 +2783,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup** @@ -2822,7 +2822,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *PowerPoint 2013 backup only* - GP name: *MicrosoftOffice2013PowerPointBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2833,7 +2833,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project** @@ -2871,7 +2871,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Project 2013* - GP name: *MicrosoftOffice2013Project* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2882,7 +2882,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup** @@ -2920,7 +2920,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Project 2013 backup only* - GP name: *MicrosoftOffice2013ProjectBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2931,7 +2931,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher** @@ -2970,7 +2970,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Publisher 2013* - GP name: *MicrosoftOffice2013Publisher* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -2981,7 +2981,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup** @@ -3020,7 +3020,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Publisher 2013 backup only* - GP name: *MicrosoftOffice2013PublisherBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3031,7 +3031,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner** @@ -3070,7 +3070,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft SharePoint Designer 2013* - GP name: *MicrosoftOffice2013SharePointDesigner* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3120,7 +3120,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *SharePoint Designer 2013 backup only* - GP name: *MicrosoftOffice2013SharePointDesignerBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3169,7 +3169,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 2013 Upload Center* - GP name: *MicrosoftOffice2013UploadCenter* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3180,7 +3180,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio** @@ -3219,7 +3219,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Visio 2013* - GP name: *MicrosoftOffice2013Visio* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3230,7 +3230,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup** @@ -3269,7 +3269,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Visio 2013 backup only* - GP name: *MicrosoftOffice2013VisioBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3280,7 +3280,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word** @@ -3318,7 +3318,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Word 2013* - GP name: *MicrosoftOffice2013Word* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3329,7 +3329,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup** @@ -3367,7 +3367,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Word 2013 backup only* - GP name: *MicrosoftOffice2013WordBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3378,7 +3378,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access** @@ -3416,7 +3416,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Access 2016* - GP name: *MicrosoftOffice2016Access* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3427,7 +3427,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup** @@ -3466,7 +3466,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Access 2016 backup only* - GP name: *MicrosoftOffice2016AccessBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3477,7 +3477,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common** @@ -3516,7 +3516,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 2016 Common Settings* - GP name: *MicrosoftOffice2016Common* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3527,7 +3527,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup** @@ -3559,7 +3559,7 @@ Microsoft Office Suite 2016 has user settings which are common between applicati If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be backed up. -If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications won't be backed up. +If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications won't be backed up. If you don't configure this policy setting, any defined values will be deleted. @@ -3567,7 +3567,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Common 2016 backup only* - GP name: *MicrosoftOffice2016CommonBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3578,7 +3578,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel** @@ -3617,7 +3617,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Excel 2016* - GP name: *MicrosoftOffice2016Excel* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3628,7 +3628,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup** @@ -3667,7 +3667,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Excel 2016 backup only* - GP name: *MicrosoftOffice2016ExcelBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3678,7 +3678,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync** @@ -3717,7 +3717,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Lync 2016* - GP name: *MicrosoftOffice2016Lync* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3728,7 +3728,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup** @@ -3767,7 +3767,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Lync 2016 backup only* - GP name: *MicrosoftOffice2016LyncBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3778,7 +3778,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness** @@ -3817,7 +3817,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft OneDrive for Business 2016* - GP name: *MicrosoftOffice2016OneDriveForBusiness* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3828,7 +3828,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote** @@ -3866,7 +3866,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft OneNote 2016* - GP name: *MicrosoftOffice2016OneNote* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3877,7 +3877,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup** @@ -3916,7 +3916,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *OneNote 2016 backup only* - GP name: *MicrosoftOffice2016OneNoteBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3927,7 +3927,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook** @@ -3965,7 +3965,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Outlook 2016* - GP name: *MicrosoftOffice2016Outlook* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -3976,7 +3976,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup** @@ -4015,7 +4015,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Outlook 2016 backup only* - GP name: *MicrosoftOffice2016OutlookBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4026,7 +4026,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint** @@ -4064,7 +4064,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft PowerPoint 2016* - GP name: *MicrosoftOffice2016PowerPoint* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4075,7 +4075,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup** @@ -4113,7 +4113,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *PowerPoint 2016 backup only* - GP name: *MicrosoftOffice2016PowerPointBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4124,7 +4124,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project** @@ -4164,7 +4164,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Project 2016* - GP name: *MicrosoftOffice2016Project* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4175,7 +4175,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup** @@ -4213,7 +4213,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Project 2016 backup only* - GP name: *MicrosoftOffice2016ProjectBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4224,7 +4224,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher** @@ -4263,7 +4263,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Publisher 2016* - GP name: *MicrosoftOffice2016Publisher* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4274,7 +4274,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup** @@ -4313,7 +4313,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Publisher 2016 backup only* - GP name: *MicrosoftOffice2016PublisherBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4363,7 +4363,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 2016 Upload Center* - GP name: *MicrosoftOffice2016UploadCenter* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4374,7 +4374,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio** @@ -4412,7 +4412,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Visio 2016* - GP name: *MicrosoftOffice2016Visio* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4423,7 +4423,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup** @@ -4462,7 +4462,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Visio 2016 backup only* - GP name: *MicrosoftOffice2016VisioBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4473,7 +4473,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word** @@ -4511,7 +4511,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Word 2016* - GP name: *MicrosoftOffice2016Word* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4522,7 +4522,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup** +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup** @@ -4561,7 +4561,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Word 2016 backup only* - GP name: *MicrosoftOffice2016WordBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4572,7 +4572,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013** @@ -4611,7 +4611,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Access 2013* - GP name: *MicrosoftOffice365Access2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4622,7 +4622,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016** @@ -4661,7 +4661,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Access 2016* - GP name: *MicrosoftOffice365Access2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4672,7 +4672,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013** @@ -4711,7 +4711,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Common 2013* - GP name: *MicrosoftOffice365Common2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4761,7 +4761,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Common 2016* - GP name: *MicrosoftOffice365Common2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4772,7 +4772,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013** @@ -4811,7 +4811,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Excel 2013* - GP name: *MicrosoftOffice365Excel2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4822,7 +4822,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016** @@ -4861,7 +4861,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Excel 2016* - GP name: *MicrosoftOffice365Excel2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4872,7 +4872,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013** @@ -4910,7 +4910,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 InfoPath 2013* - GP name: *MicrosoftOffice365InfoPath2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4921,7 +4921,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013** @@ -4960,7 +4960,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Lync 2013* - GP name: *MicrosoftOffice365Lync2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -4971,7 +4971,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016** @@ -5010,7 +5010,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Lync 2016* - GP name: *MicrosoftOffice365Lync2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5021,7 +5021,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013** @@ -5060,7 +5060,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 OneNote 2013* - GP name: *MicrosoftOffice365OneNote2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5071,7 +5071,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016** @@ -5110,7 +5110,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 OneNote 2016* - GP name: *MicrosoftOffice365OneNote2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5121,7 +5121,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013** @@ -5160,7 +5160,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Outlook 2013* - GP name: *MicrosoftOffice365Outlook2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5171,7 +5171,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016** @@ -5210,7 +5210,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Outlook 2016* - GP name: *MicrosoftOffice365Outlook2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5221,7 +5221,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013** @@ -5260,7 +5260,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 PowerPoint 2013* - GP name: *MicrosoftOffice365PowerPoint2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5271,7 +5271,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016** @@ -5310,7 +5310,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 PowerPoint 2016* - GP name: *MicrosoftOffice365PowerPoint2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5321,7 +5321,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013** @@ -5360,7 +5360,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Project 2013* - GP name: *MicrosoftOffice365Project2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5410,7 +5410,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Project 2016* - GP name: *MicrosoftOffice365Project2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5421,7 +5421,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013** @@ -5460,7 +5460,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Publisher 2013* - GP name: *MicrosoftOffice365Publisher2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5471,7 +5471,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016** @@ -5509,7 +5509,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Publisher 2016* - GP name: *MicrosoftOffice365Publisher2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5520,7 +5520,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013** @@ -5559,7 +5559,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 SharePoint Designer 2013* - GP name: *MicrosoftOffice365SharePointDesigner2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5570,7 +5570,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013** @@ -5608,7 +5608,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Visio 2013* - GP name: *MicrosoftOffice365Visio2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5619,7 +5619,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016** @@ -5658,7 +5658,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Visio 2016* - GP name: *MicrosoftOffice365Visio2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5669,7 +5669,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013** @@ -5708,7 +5708,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Word 2013* - GP name: *MicrosoftOffice365Word2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5719,7 +5719,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016** +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016** @@ -5758,7 +5758,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Microsoft Office 365 Word 2016* - GP name: *MicrosoftOffice365Word2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5769,7 +5769,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/Music** +**ADMX_UserExperienceVirtualization/Music** @@ -5807,7 +5807,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Music* - GP name: *Music* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* @@ -5818,7 +5818,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/News** +**ADMX_UserExperienceVirtualization/News** @@ -5857,7 +5857,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *News* - GP name: *News* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* @@ -5868,7 +5868,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/Notepad** +**ADMX_UserExperienceVirtualization/Notepad** @@ -5897,7 +5897,7 @@ ADMX Info: This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchronize between computers. Use the policy setting to prevent the user settings of Notepad from synchronization between computers. -If you enable this policy setting, the Notepad user settings continue to synchronize. +If you enable this policy setting, the Notepad user settings continue to synchronize. If you disable this policy setting, Notepad user settings are excluded from the synchronization settings. @@ -5907,7 +5907,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Notepad* - GP name: *Notepad* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* @@ -5918,7 +5918,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/Reader** +**ADMX_UserExperienceVirtualization/Reader** @@ -5952,13 +5952,13 @@ If you enable this policy setting, Reader user settings continue to sync. If you disable this policy setting, Reader user settings are excluded from the synchronization. If you don't configure this policy setting, any defined values will be deleted. - + -ADMX Info: +ADMX Info: - GP Friendly name: *Reader* - GP name: *Reader* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* @@ -5969,7 +5969,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/RepositoryTimeout** +**ADMX_UserExperienceVirtualization/RepositoryTimeout** @@ -5996,9 +5996,9 @@ ADMX Info: -This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. You can use this setting to override the default value of 2000 milliseconds. +This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. You can use this setting to override the default value of 2000 milliseconds. -If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings. +If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings. If you disable or don't configure this policy setting, the default value of 2000 milliseconds is used. @@ -6006,7 +6006,7 @@ If you disable or don't configure this policy setting, the default value of 2000 -ADMX Info: +ADMX Info: - GP Friendly name: *Synchronization timeout* - GP name: *RepositoryTimeout* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -6017,7 +6017,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/SettingsStoragePath** +**ADMX_UserExperienceVirtualization/SettingsStoragePath** @@ -6046,15 +6046,15 @@ ADMX Info: This policy setting configures where the settings package files that contain user settings are stored. -If you enable this policy setting, the user settings are stored in the specified location. +If you enable this policy setting, the user settings are stored in the specified location. -If you disable or don't configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment. +If you disable or don't configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment. -ADMX Info: +ADMX Info: - GP Friendly name: *Settings storage path* - GP name: *SettingsStoragePath* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -6065,7 +6065,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath** +**ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath** @@ -6100,7 +6100,7 @@ If you specify a UNC path and leave the option to replace the default Microsoft If you specify a UNC path and check the option to replace the default Microsoft templates, all of the default Microsoft templates installed by the UE-V Agent will be deleted from the computer and only the templates located in the settings template catalog will be used. -If you disable this policy setting, the UE-V Agent won't use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent won't restore the default Microsoft templates. +If you disable this policy setting, the UE-V Agent won't use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent won't restore the default Microsoft templates. If you don't configure this policy setting, any defined values will be deleted. @@ -6108,7 +6108,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Settings template catalog path* - GP name: *SettingsTemplateCatalogPath* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -6119,7 +6119,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/Sports** +**ADMX_UserExperienceVirtualization/Sports** @@ -6158,7 +6158,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Sports* - GP name: *Sports* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* @@ -6169,7 +6169,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/SyncEnabled** +**ADMX_UserExperienceVirtualization/SyncEnabled** @@ -6202,7 +6202,7 @@ This policy setting allows you to enable or disable User Experience Virtualizati -ADMX Info: +ADMX Info: - GP Friendly name: *Use User Experience Virtualization (UE-V)* - GP name: *SyncEnabled* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -6252,7 +6252,7 @@ If you don't configure this policy setting, any defined values are deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Sync settings over metered connections* - GP name: *SyncOverMeteredNetwork* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -6263,7 +6263,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming** +**ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming** @@ -6302,7 +6302,7 @@ If you don't configure this policy setting, any defined values are deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Sync settings over metered connections even when roaming* - GP name: *SyncOverMeteredNetworkWhenRoaming* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -6313,7 +6313,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/SyncProviderPingEnabled** +**ADMX_UserExperienceVirtualization/SyncProviderPingEnabled** @@ -6344,15 +6344,15 @@ This policy setting allows you to configure the User Experience Virtualization ( If you enable this policy setting, the sync provider pings the settings storage location before synchronizing settings packages. -If you disable this policy setting, the sync provider doesn’t ping the settings storage location before synchronizing settings packages. +If you disable this policy setting, the sync provider doesn’t ping the settings storage location before synchronizing settings packages. -If you don't configure this policy, any defined values will be deleted. +If you don't configure this policy, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Ping the settings storage location before sync* - GP name: *SyncProviderPingEnabled* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -6363,7 +6363,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps** +**ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps** @@ -6401,7 +6401,7 @@ If you don't configure this policy setting, any defined values are deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Sync Unlisted Windows Apps* - GP name: *SyncUnlistedWindows8Apps* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -6412,7 +6412,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/Travel** +**ADMX_UserExperienceVirtualization/Travel** @@ -6451,7 +6451,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Travel* - GP name: *Travel* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* @@ -6462,7 +6462,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/TrayIconEnabled** +**ADMX_UserExperienceVirtualization/TrayIconEnabled** @@ -6497,7 +6497,7 @@ If you don't configure this policy setting, any defined values are deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Tray Icon* - GP name: *TrayIconEnabled* - GP path: *Windows Components\Microsoft User Experience Virtualization* @@ -6508,7 +6508,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/Video** +**ADMX_UserExperienceVirtualization/Video** @@ -6547,7 +6547,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Video* - GP name: *Video* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* @@ -6558,7 +6558,7 @@ ADMX Info:
            -**ADMX_UserExperienceVirtualization/Weather** +**ADMX_UserExperienceVirtualization/Weather** @@ -6597,7 +6597,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *Weather* - GP name: *Weather* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* @@ -6637,7 +6637,7 @@ ADMX Info: This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchronize between computers. Use the policy setting to prevent the user settings of WordPad from synchronization between computers. -If you enable this policy setting, the WordPad user settings continue to synchronize. +If you enable this policy setting, the WordPad user settings continue to synchronize. If you disable this policy setting, WordPad user settings are excluded from the synchronization settings. @@ -6647,7 +6647,7 @@ If you don't configure this policy setting, any defined values will be deleted. -ADMX Info: +ADMX Info: - GP Friendly name: *WordPad* - GP name: *Wordpad* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index f6d9875e16..4147a72554 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/11/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -## ADMX_UserProfiles policies +## ADMX_UserProfiles policies
            @@ -56,7 +56,7 @@ manager: aaroncz
            -**ADMX_UserProfiles/CleanupProfiles** +**ADMX_UserProfiles/CleanupProfiles** @@ -87,14 +87,14 @@ This policy setting allows an administrator to automatically delete user profile > [!NOTE] > One day is interpreted as 24 hours after a specific user profile was accessed. -If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that haven't been used within the specified number of days. +If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that haven't been used within the specified number of days. If you disable or don't configure this policy setting, User Profile Service won't automatically delete any profiles on the next system restart. -ADMX Info: +ADMX Info: - GP Friendly name: *Delete user profiles older than a specified number of days on system restart* - GP name: *CleanupProfiles* - GP path: *System\User Profiles* @@ -105,7 +105,7 @@ ADMX Info:
            -**ADMX_UserProfiles/DontForceUnloadHive** +**ADMX_UserProfiles/DontForceUnloadHive** @@ -131,7 +131,7 @@ ADMX Info: -This policy setting controls whether Windows forcefully unloads the user's registry at sign out, even if there are open handles to the per-user registry keys. +This policy setting controls whether Windows forcefully unloads the user's registry at sign out, even if there are open handles to the per-user registry keys. > [!NOTE] > This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile. @@ -143,7 +143,7 @@ If you disable or don't configure this policy setting, Windows will always unloa -ADMX Info: +ADMX Info: - GP Friendly name: *Do not forcefully unload the users registry at user logoff* - GP name: *DontForceUnloadHive* - GP path: *System\User Profiles* @@ -154,7 +154,7 @@ ADMX Info:
            -**ADMX_UserProfiles/LeaveAppMgmtData** +**ADMX_UserProfiles/LeaveAppMgmtData** @@ -194,7 +194,7 @@ If you disable or don't configure this policy setting, Windows will delete the e -ADMX Info: +ADMX Info: - GP Friendly name: *Leave Windows Installer and Group Policy Software Installation Data* - GP name: *LeaveAppMgmtData* - GP path: *System\User Profiles* @@ -205,7 +205,7 @@ ADMX Info:
            -**ADMX_UserProfiles/LimitSize** +**ADMX_UserProfiles/LimitSize** @@ -246,7 +246,7 @@ If you enable this policy setting, you can: -ADMX Info: +ADMX Info: - GP Friendly name: *Limit profile size* - GP name: *LimitSize* - GP path: *System\User Profiles* @@ -257,7 +257,7 @@ ADMX Info:
            -**ADMX_UserProfiles/ProfileErrorAction** +**ADMX_UserProfiles/ProfileErrorAction** @@ -283,7 +283,7 @@ ADMX Info: -This policy setting will automatically sign out a user when Windows can't load their profile. +This policy setting will automatically sign out a user when Windows can't load their profile. If Windows can't access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from logging on the user with a temporary profile. @@ -296,7 +296,7 @@ Also, see the "Delete cached copies of roaming profiles" policy setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not log users on with temporary profiles* - GP name: *ProfileErrorAction* - GP path: *System\User Profiles* @@ -307,7 +307,7 @@ ADMX Info:
            -**ADMX_UserProfiles/SlowLinkTimeOut** +**ADMX_UserProfiles/SlowLinkTimeOut** @@ -333,7 +333,7 @@ ADMX Info: -This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed. +This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed. To determine the network performance characteristics, a connection is made to the file share storing the user's profile and 64 kilobytes of data is transferred. From that connection and data transfer, the network's latency and connection speed are determined. @@ -346,7 +346,7 @@ If you disable or don't configure this policy setting, Windows considers the net -ADMX Info: +ADMX Info: - GP Friendly name: *Control slow network connection timeout for user profiles* - GP name: *SlowLinkTimeOut* - GP path: *System\User Profiles* @@ -357,7 +357,7 @@ ADMX Info:
            -**ADMX_UserProfiles/USER_HOME** +**ADMX_UserProfiles/USER_HOME** @@ -401,7 +401,7 @@ If the "Set Remote Desktop Services User Home Directory" policy setting is enabl -ADMX Info: +ADMX Info: - GP Friendly name: *Set user home folder* - GP name: *USER_HOME* - GP path: *System\User Profiles* @@ -412,7 +412,7 @@ ADMX Info:
            -**ADMX_UserProfiles/UserInfoAccessAction** +**ADMX_UserProfiles/UserInfoAccessAction** @@ -450,7 +450,7 @@ If you don't configure or disable this policy the user will have full control ov -ADMX Info: +ADMX Info: - GP Friendly name: *User management of sharing user name, account picture, and domain information with apps (not desktop apps)* - GP name: *UserInfoAccessAction* - GP path: *System\User Profiles* diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index 9ec5b2733d..86709f4f7f 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/28/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_W32Time > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_W32Time policies +## ADMX_W32Time policies
            @@ -44,7 +44,7 @@ manager: aaroncz
            -**ADMX_W32Time/W32TIME_POLICY_CONFIG** +**ADMX_W32Time/W32TIME_POLICY_CONFIG** @@ -156,7 +156,7 @@ This parameter controls the frequency at which an event that indicates the numbe -ADMX Info: +ADMX Info: - GP Friendly name: *Global Configuration Settings* - GP name: *W32TIME_POLICY_CONFIG* - GP path: *System\Windows Time Service* @@ -167,7 +167,7 @@ ADMX Info:
            -**ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT** +**ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT** @@ -200,7 +200,7 @@ If you enable this policy setting, you can specify the following parameters for If you disable or don't configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters. **NtpServer** -The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is ""time.windows.com,0x09"". +The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is ""time.windows.com,0x09"". **Type** This value controls the authentication that W32time uses. The default value is NT5DS. @@ -224,7 +224,7 @@ This value is a bitmask that controls events that may be logged to the System lo -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Windows NTP Client* - GP name: *W32TIME_POLICY_CONFIGURE_NTPCLIENT* - GP path: *System\Windows Time Service\Time Providers* @@ -235,7 +235,7 @@ ADMX Info:
            -**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT** +**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT** @@ -273,7 +273,7 @@ If you disable or don't configure this policy setting, the local computer clock -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Windows NTP Client* - GP name: *W32TIME_POLICY_ENABLE_NTPCLIENT* - GP path: *System\Windows Time Service\Time Providers* @@ -284,7 +284,7 @@ ADMX Info:
            -**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER** +**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER** @@ -319,7 +319,7 @@ If you disable or don't configure this policy setting, your computer can't servi -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Windows NTP Server* - GP name: *W32TIME_POLICY_ENABLE_NTPSERVER* - GP path: *System\Windows Time Service\Time Providers* diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md index d396e0aaae..7f28dbb59b 100644 --- a/windows/client-management/mdm/policy-csp-admx-wcm.md +++ b/windows/client-management/mdm/policy-csp-admx-wcm.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/22/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_WCM > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_WCM policies +## ADMX_WCM policies
            @@ -41,7 +41,7 @@ manager: aaroncz
            -**ADMX_WCM/WCM_DisablePowerManagement** +**ADMX_WCM/WCM_DisablePowerManagement** @@ -76,7 +76,7 @@ If this policy setting isn't configured or is disabled, power management is enab -ADMX Info: +ADMX Info: - GP Friendly name: *Disable power management in connected standby mode* - GP name: *WCM_DisablePowerManagement* - GP path: *Network\Windows Connection Manager* @@ -87,7 +87,7 @@ ADMX Info:
            -**ADMX_WCM/WCM_EnableSoftDisconnect** +**ADMX_WCM/WCM_EnableSoftDisconnect** @@ -131,7 +131,7 @@ This policy setting depends on other group policy settings. For example, if 'Min -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Windows to soft-disconnect a computer from a network* - GP name: *WCM_EnableSoftDisconnect* - GP path: *Network\Windows Connection Manager* @@ -142,7 +142,7 @@ ADMX Info:
            -**ADMX_WCM/WCM_MinimizeConnections** +**ADMX_WCM/WCM_MinimizeConnections** @@ -171,7 +171,7 @@ ADMX Info: This policy setting determines if a computer can have multiple connections to the internet or to a Windows domain. If multiple connections are allowed, it then determines how network traffic will be routed. If this policy setting is set to 0, a computer can have simultaneous connections to the internet, to a Windows domain, or to both. Internet traffic can be routed over any connection - including a cellular connection and any metered network. This value of 0 was previously the "Disabled" state for this policy setting. This option was first available in Windows 8. - + If this policy setting is set to 1, any new automatic internet connection is blocked when the computer has at least one active internet connection to a preferred type of network. Here's the order of preference (from most preferred to least preferred): Ethernet, WLAN, then cellular. Ethernet is always preferred when connected. Users can still manually connect to any network. This value of 1 was previously the "Enabled" state for this policy setting. This option was first available in Windows 8. If this policy setting is set to 2, the behavior is similar to 1. However, if a cellular data connection is available, it will always stay connected for services that require a cellular connection. When the user is connected to a WLAN or Ethernet connection, no internet traffic will be routed over the cellular connection. This option was first available in Windows 10 (Version 1703). @@ -183,7 +183,7 @@ This policy setting is related to the "Enable Windows to soft-disconnect a compu -ADMX Info: +ADMX Info: - GP Friendly name: *Minimize the number of simultaneous connections to the Internet or a Windows Domain* - GP name: *WCM_MinimizeConnections* - GP path: *Network\Windows Connection Manager* diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md index b3a2aefd94..0ecf7ba8f3 100644 --- a/windows/client-management/mdm/policy-csp-admx-wdi.md +++ b/windows/client-management/mdm/policy-csp-admx-wdi.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/09/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            -## ADMX_WDI policies +## ADMX_WDI policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_WDI/WdiDpsScenarioExecutionPolicy** +**ADMX_WDI/WdiDpsScenarioExecutionPolicy** @@ -65,21 +65,21 @@ manager: aaroncz -This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data. +This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data. -If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached. +If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached. -If you disable or don't configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. +If you disable or don't configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. >[!NOTE] -> This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenario data won't be deleted. +> This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenario data won't be deleted. > > The DPS can be configured with the Services snap-in to the Microsoft Management Console. -ADMX Info: +ADMX Info: - GP Friendly name: *Diagnostics: Configure scenario retention* - GP name: *WdiDpsScenarioExecutionPolicy* - GP path: *System\Troubleshooting and Diagnostics* @@ -90,7 +90,7 @@ ADMX Info:
            -**ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy** +**ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy** @@ -116,21 +116,21 @@ ADMX Info: -This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios. +This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios. -If you enable this policy setting, you must select an execution level from the drop-down menu. +If you enable this policy setting, you must select an execution level from the drop-down menu. -- If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. -- If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available. +- If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. +- If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available. -If you disable this policy setting, Windows can't detect, troubleshoot, or resolve any problems that are handled by the DPS. +If you disable this policy setting, Windows can't detect, troubleshoot, or resolve any problems that are handled by the DPS. If you don't configure this policy setting, the DPS enables all scenarios for resolution by default, unless you configure separate scenario-specific policy settings. This policy setting takes precedence over any scenario-specific policy settings when it's enabled or disabled. Scenario-specific policy settings only take effect if this policy setting isn't configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. -ADMX Info: +ADMX Info: - GP Friendly name: *Diagnostics: Configure scenario execution level* - GP name: *WdiDpsScenarioDataSizeLimitPolicy* - GP path: *System\Troubleshooting and Diagnostics* diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index 410eda6d2b..ead17d11d3 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/28/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_WinCal > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_WinCal policies +## ADMX_WinCal policies
            @@ -38,7 +38,7 @@ manager: aaroncz
            -**ADMX_WinCal/TurnOffWinCal_1** +**ADMX_WinCal/TurnOffWinCal_1** @@ -74,7 +74,7 @@ The default is for Windows Calendar to be turned on. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Calendar* - GP name: *TurnOffWinCal_1* - GP path: *Windows Components\Windows Calendar* @@ -87,7 +87,7 @@ ADMX Info:
            -**ADMX_WinCal/TurnOffWinCal_2** +**ADMX_WinCal/TurnOffWinCal_2** @@ -124,7 +124,7 @@ The default is for Windows Calendar to be turned on. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Calendar* - GP name: *TurnOffWinCal_2* - GP path: *Windows Components\Windows Calendar* diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md index c575e5f9a8..f84f3fae7a 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md +++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/27/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,13 +17,13 @@ manager: aaroncz
            -## ADMX_WindowsColorSystem policies +## ADMX_WindowsColorSystem policies > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**WindowsColorSystem/ProhibitChangingInstalledProfileList_1** +**WindowsColorSystem/ProhibitChangingInstalledProfileList_1** @@ -65,16 +65,16 @@ manager: aaroncz -This policy setting affects the ability of users to install or uninstall color profiles. +This policy setting affects the ability of users to install or uninstall color profiles. -- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles. +- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles. - If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles. -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit installing or uninstalling color profiles* - GP name: *ProhibitChangingInstalledProfileList_1* - GP path: *Windows Components\Windows Color System* @@ -85,7 +85,7 @@ ADMX Info:
            -**WindowsColorSystem/ProhibitChangingInstalledProfileList_2** +**WindowsColorSystem/ProhibitChangingInstalledProfileList_2** @@ -111,16 +111,16 @@ ADMX Info: -This policy setting affects the ability of users to install or uninstall color profiles. +This policy setting affects the ability of users to install or uninstall color profiles. -- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles. +- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles. - If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles. -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit installing or uninstalling color profiles* - GP name: *ProhibitChangingInstalledProfileList_2* - GP path: *Windows Components\Windows Color System* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index 8d93498e0d..4591005023 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/28/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_WindowsConnectNow > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_WindowsConnectNow policies +## ADMX_WindowsConnectNow policies
            @@ -41,7 +41,7 @@ manager: aaroncz
            -**ADMX_WindowsConnectNow/WCN_DisableWcnUi_1** +**ADMX_WindowsConnectNow/WCN_DisableWcnUi_1** @@ -67,20 +67,20 @@ manager: aaroncz -This policy setting prohibits access to Windows Connect Now (WCN) wizards. +This policy setting prohibits access to Windows Connect Now (WCN) wizards. -- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. +- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. -All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. +All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. -- If you disable or don't configure this policy setting, users can access the wizard tasks. +- If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit access of the Windows Connect Now wizards* - GP name: *WCN_DisableWcnUi_1* - GP path: *Network\Windows Connect Now* @@ -91,7 +91,7 @@ ADMX Info:
            -**ADMX_WindowsConnectNow/WCN_DisableWcnUi_2** +**ADMX_WindowsConnectNow/WCN_DisableWcnUi_2** @@ -117,13 +117,13 @@ ADMX Info: -This policy setting prohibits access to Windows Connect Now (WCN) wizards. +This policy setting prohibits access to Windows Connect Now (WCN) wizards. -- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. +- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. -All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. +All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. -- If you disable or don't configure this policy setting, users can access the wizard tasks. +- If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. @@ -131,7 +131,7 @@ They are "Set up a wireless router or access point" and "Add a wireless device." -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit access of the Windows Connect Now wizards* - GP name: *WCN_DisableWcnUi_2* - GP path: *Network\Windows Connect Now* @@ -142,7 +142,7 @@ ADMX Info:
            -**ADMX_WindowsConnectNow/WCN_EnableRegistrar** +**ADMX_WindowsConnectNow/WCN_EnableRegistrar** @@ -170,12 +170,12 @@ ADMX Info: This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives. -More options are available to allow discovery and configuration over a specific medium. +More options are available to allow discovery and configuration over a specific medium. -- If you enable this policy setting, more choices are available to turn off the operations over a specific medium. -- If you disable this policy setting, operations are disabled over all media. +- If you enable this policy setting, more choices are available to turn off the operations over a specific medium. +- If you disable this policy setting, operations are disabled over all media. -If you don't configure this policy setting, operations are enabled over all media. +If you don't configure this policy setting, operations are enabled over all media. The default for this policy setting allows operations over all media. @@ -183,7 +183,7 @@ The default for this policy setting allows operations over all media. -ADMX Info: +ADMX Info: - GP Friendly name: *Configuration of wireless settings using Windows Connect Now* - GP name: *WCN_EnableRegistrar* - GP path: *Network\Windows Connect Now* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index 5dd0274b06..ea9501ebec 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -8,24 +8,24 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/29/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_WindowsExplorer > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_WindowsExplorer policies +## ADMX_WindowsExplorer policies
            @@ -247,7 +247,7 @@ manager: aaroncz
            -**ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS** +**ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS** @@ -286,7 +286,7 @@ If you disable or do not configure this policy setting, Folder Redirection does -ADMX Info: +ADMX Info: - GP Friendly name: *Verify old and new Folder Redirection targets point to the same share before redirecting* - GP name: *CheckSameSourceAndTargetForFRAndDFS* - GP path: *Windows Components\File Explorer* @@ -298,7 +298,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/ClassicShell** +**ADMX_WindowsExplorer/ClassicShell** @@ -336,7 +336,7 @@ If you disable or not configure this policy, the default File Explorer behavior -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Classic Shell* - GP name: *ClassicShell* - GP path: *Windows Components\File Explorer* @@ -347,7 +347,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/ConfirmFileDelete** +**ADMX_WindowsExplorer/ConfirmFileDelete** @@ -382,7 +382,7 @@ If you disable or do not configure this setting, the default behavior of not dis -ADMX Info: +ADMX Info: - GP Friendly name: *Display confirmation dialog when deleting files* - GP name: *ConfirmFileDelete* - GP path: *Windows Components\File Explorer* @@ -393,7 +393,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/DefaultLibrariesLocation** +**ADMX_WindowsExplorer/DefaultLibrariesLocation** @@ -429,7 +429,7 @@ If you disable or do not configure this policy setting, no changes are made to t -ADMX Info: +ADMX Info: - GP Friendly name: *Location where all default Library definition files for users/machines reside.* - GP name: *DefaultLibrariesLocation* - GP path: *Windows Components\File Explorer* @@ -440,7 +440,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage** +**ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage** @@ -476,7 +476,7 @@ This disables access to user-defined properties, and properties stored in NTFS s -ADMX Info: +ADMX Info: - GP Friendly name: *Disable binding directly to IPropertySetStorage without intermediate layers.* - GP name: *DisableBindDirectlyToPropertySetStorage* - GP path: *Windows Components\File Explorer* @@ -487,7 +487,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/DisableIndexedLibraryExperience** +**ADMX_WindowsExplorer/DisableIndexedLibraryExperience** @@ -517,7 +517,7 @@ This policy setting allows you to turn off Windows Libraries features that need If you enable this policy, some Windows Libraries features will be turned off to better handle included folders that have been redirected to non-indexed network locations. -Setting this policy will: +Setting this policy will: - Disable all Arrangement views except for "By Folder" - Disable all Search filter suggestions other than "Date Modified" and "Size" @@ -532,7 +532,7 @@ If you disable or do not configure this policy, all default Windows Libraries fe -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Libraries features that rely on indexed file data* - GP name: *DisableIndexedLibraryExperience* - GP path: *Windows Components\File Explorer* @@ -544,7 +544,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/DisableKnownFolders** +**ADMX_WindowsExplorer/DisableKnownFolders** @@ -583,7 +583,7 @@ You can specify a known folder using its known folder ID or using its canonical -ADMX Info: +ADMX Info: - GP Friendly name: *Disable Known Folders* - GP name: *DisableKnownFolders* - GP path: *Windows Components\File Explorer* @@ -594,7 +594,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/DisableSearchBoxSuggestions** +**ADMX_WindowsExplorer/DisableSearchBoxSuggestions** @@ -633,7 +633,7 @@ These suggestions are based on their past entries into the Search Box. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off display of recent search entries in the File Explorer search box* - GP name: *DisableSearchBoxSuggestions* - GP path: *Windows Components\File Explorer* @@ -645,7 +645,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath** +**ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath** @@ -683,7 +683,7 @@ This policy setting determines whether remote paths can be used for file shortcu -ADMX Info: +ADMX Info: - GP Friendly name: *Allow the use of remote paths in file shortcut icons* - GP name: *EnableShellShortcutIconRemotePath* - GP path: *Windows Components\File Explorer* @@ -695,7 +695,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/EnableSmartScreen** +**ADMX_WindowsExplorer/EnableSmartScreen** @@ -721,14 +721,14 @@ ADMX Info: -This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. +This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. -If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options: +If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options: - Warn and prevent bypass -- Warn +- Warn If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app. @@ -740,7 +740,7 @@ If you do not configure this policy, SmartScreen will be enabled by default, but -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Windows Defender SmartScreen* - GP name: *EnableSmartScreen* - GP path: *Windows Components\File Explorer* @@ -751,7 +751,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/EnforceShellExtensionSecurity** +**ADMX_WindowsExplorer/EnforceShellExtensionSecurity** @@ -789,7 +789,7 @@ For shell extensions to run on a per-user basis, there must be an entry at HKEY_ -ADMX Info: +ADMX Info: - GP Friendly name: *Allow only per user or approved shell extensions* - GP name: *EnforceShellExtensionSecurity* - GP path: *Windows Components\File Explorer* @@ -800,7 +800,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized** +**ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized** @@ -837,7 +837,7 @@ If you disable or do not configure this policy setting, users can choose how the -ADMX Info: +ADMX Info: - GP Friendly name: *Start File Explorer with ribbon minimized* - GP name: *ExplorerRibbonStartsMinimized* - GP path: *Windows Components\File Explorer* @@ -848,7 +848,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/HideContentViewModeSnippets** +**ADMX_WindowsExplorer/HideContentViewModeSnippets** @@ -883,7 +883,7 @@ This policy setting allows you to turn off the display of snippets in Content vi -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the display of snippets in Content view mode* - GP name: *HideContentViewModeSnippets* - GP path: *Windows Components\File Explorer* @@ -894,7 +894,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet** @@ -934,7 +934,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_Internet* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone* @@ -945,7 +945,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown** @@ -985,7 +985,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_InternetLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone* @@ -996,7 +996,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet** @@ -1037,7 +1037,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_Intranet* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone* @@ -1048,7 +1048,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown** @@ -1089,7 +1089,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_IntranetLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone* @@ -1100,7 +1100,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine** @@ -1141,7 +1141,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_LocalMachine* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone* @@ -1152,7 +1152,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown** @@ -1193,7 +1193,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_LocalMachineLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone* @@ -1204,7 +1204,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted** @@ -1245,7 +1245,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_Restricted* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone* @@ -1256,7 +1256,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown** @@ -1297,7 +1297,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_RestrictedLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone* @@ -1308,7 +1308,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted** @@ -1349,7 +1349,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_Trusted* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone* @@ -1360,7 +1360,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown** @@ -1401,7 +1401,7 @@ Changes to this setting may not be applied until the user logs off from Windows. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_TrustedLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone* @@ -1412,7 +1412,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet** @@ -1451,7 +1451,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie -ADMX Info: +ADMX Info: - GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_Internet* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone* @@ -1462,7 +1462,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown** @@ -1501,7 +1501,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie -ADMX Info: +ADMX Info: - GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_InternetLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone* @@ -1512,7 +1512,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet** @@ -1551,7 +1551,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie -ADMX Info: +ADMX Info: - GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_Intranet* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone* @@ -1562,7 +1562,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown** @@ -1601,7 +1601,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie -ADMX Info: +ADMX Info: - GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_IntranetLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone* @@ -1612,7 +1612,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine** @@ -1651,7 +1651,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie -ADMX Info: +ADMX Info: - GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_LocalMachine* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone* @@ -1662,7 +1662,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown** @@ -1701,7 +1701,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie -ADMX Info: +ADMX Info: - GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_LocalMachineLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone* @@ -1712,7 +1712,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted** @@ -1751,7 +1751,7 @@ If you do not configure this policy setting, users cannot perform OpenSearch que -ADMX Info: +ADMX Info: - GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_Restricted* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone* @@ -1763,7 +1763,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown** @@ -1802,7 +1802,7 @@ If you do not configure this policy setting, users cannot perform OpenSearch que -ADMX Info: +ADMX Info: - GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_RestrictedLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone* @@ -1814,7 +1814,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted** @@ -1853,7 +1853,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie -ADMX Info: +ADMX Info: - GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_Trusted* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone* @@ -1864,7 +1864,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown** +**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown** @@ -1903,7 +1903,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie -ADMX Info: +ADMX Info: - GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_TrustedLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone* @@ -1914,7 +1914,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo** +**ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo** @@ -1952,7 +1952,7 @@ If you disable or do not configure this policy setting, Windows searches for the -ADMX Info: +ADMX Info: - GP Friendly name: *Do not track Shell shortcuts during roaming* - GP name: *LinkResolveIgnoreLinkInfo* - GP path: *Windows Components\File Explorer* @@ -1963,7 +1963,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/MaxRecentDocs** +**ADMX_WindowsExplorer/MaxRecentDocs** @@ -1999,7 +1999,7 @@ If you disable or do not configure this policy setting, by default, the system d -ADMX Info: +ADMX Info: - GP Friendly name: *Maximum number of recent documents* - GP name: *MaxRecentDocs* - GP path: *Windows Components\File Explorer* @@ -2010,7 +2010,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoBackButton** +**ADMX_WindowsExplorer/NoBackButton** @@ -2046,7 +2046,7 @@ If you disable or do not configure this policy setting, the Back button is displ -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the common dialog back button* - GP name: *NoBackButton* - GP path: *Windows Components\File Explorer\Common Open File Dialog* @@ -2057,7 +2057,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoCDBurning** +**ADMX_WindowsExplorer/NoCDBurning** @@ -2096,7 +2096,7 @@ If you disable or do not configure this policy setting, users are able to use th -ADMX Info: +ADMX Info: - GP Friendly name: *Remove CD Burning features* - GP name: *NoCDBurning* - GP path: *Windows Components\File Explorer* @@ -2107,7 +2107,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoCacheThumbNailPictures** +**ADMX_WindowsExplorer/NoCacheThumbNailPictures** @@ -2146,7 +2146,7 @@ If you disable or do not configure this policy setting, thumbnail views are cach -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off caching of thumbnail pictures* - GP name: *NoCacheThumbNailPictures* - GP path: *Windows Components\File Explorer* @@ -2157,7 +2157,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoChangeAnimation** +**ADMX_WindowsExplorer/NoChangeAnimation** @@ -2195,7 +2195,7 @@ If you disable or do not configure this policy setting, users are allowed to tur -ADMX Info: +ADMX Info: - GP Friendly name: *Remove UI to change menu animation setting* - GP name: *NoChangeAnimation* - GP path: *Windows Components\File Explorer* @@ -2206,7 +2206,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators** +**ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators** @@ -2240,7 +2240,7 @@ Effects, such as transitory underlines, are designed to enhance the user's exper -ADMX Info: +ADMX Info: - GP Friendly name: *Remove UI to change keyboard navigation indicator setting* - GP name: *NoChangeKeyboardNavigationIndicators* - GP path: *Windows Components\File Explorer* @@ -2251,7 +2251,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoDFSTab** +**ADMX_WindowsExplorer/NoDFSTab** @@ -2287,7 +2287,7 @@ If you disable or do not configure this policy setting, the DFS tab is available -ADMX Info: +ADMX Info: - GP Friendly name: *Remove DFS tab* - GP name: *NoDFSTab* - GP path: *Windows Components\File Explorer* @@ -2298,7 +2298,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoDrives** +**ADMX_WindowsExplorer/NoDrives** @@ -2339,7 +2339,7 @@ If you disable or do not configure this policy setting, all drives are displayed -ADMX Info: +ADMX Info: - GP Friendly name: *Hide these specified drives in My Computer* - GP name: *NoDrives* - GP path: *Windows Components\File Explorer* @@ -2350,7 +2350,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoEntireNetwork** +**ADMX_WindowsExplorer/NoEntireNetwork** @@ -2391,7 +2391,7 @@ To remove computers in the user's workgroup or domain from lists of network reso -ADMX Info: +ADMX Info: - GP Friendly name: *No Entire Network in Network Locations* - GP name: *NoEntireNetwork* - GP path: *Windows Components\File Explorer* @@ -2402,7 +2402,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoFileMRU** +**ADMX_WindowsExplorer/NoFileMRU** @@ -2439,7 +2439,7 @@ To see an example of the standard Open dialog box, start WordPad and, on the **F -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the dropdown list of recent files* - GP name: *NoFileMRU* - GP path: *Windows Components\File Explorer\Common Open File Dialog* @@ -2450,7 +2450,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoFileMenu** +**ADMX_WindowsExplorer/NoFileMenu** @@ -2484,7 +2484,7 @@ This setting does not prevent users from using other methods to perform tasks av -ADMX Info: +ADMX Info: - GP Friendly name: *Remove File menu from File Explorer* - GP name: *NoFileMenu* - GP path: *Windows Components\File Explorer* @@ -2495,7 +2495,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoFolderOptions** +**ADMX_WindowsExplorer/NoFolderOptions** @@ -2533,7 +2533,7 @@ If you disable or do not configure this policy setting, users can open Folder Op -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon* - GP name: *NoFolderOptions* - GP path: *Windows Components\File Explorer* @@ -2544,7 +2544,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoHardwareTab** +**ADMX_WindowsExplorer/NoHardwareTab** @@ -2576,7 +2576,7 @@ Removes the Hardware tab. This setting removes the Hardware tab from Mouse, Keyb -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Hardware tab* - GP name: *NoHardwareTab* - GP path: *Windows Components\File Explorer* @@ -2587,7 +2587,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoManageMyComputerVerb** +**ADMX_WindowsExplorer/NoManageMyComputerVerb** @@ -2626,7 +2626,7 @@ This setting does not remove the Computer Management item from the Start menu (S -ADMX Info: +ADMX Info: - GP Friendly name: *Hides the Manage item on the File Explorer context menu* - GP name: *NoManageMyComputerVerb* - GP path: *Windows Components\File Explorer* @@ -2637,7 +2637,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoMyComputerSharedDocuments** +**ADMX_WindowsExplorer/NoMyComputerSharedDocuments** @@ -2672,7 +2672,7 @@ This policy setting allows you to remove the Shared Documents folder from My Com -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Shared Documents from My Computer* - GP name: *NoMyComputerSharedDocuments* - GP path: *Windows Components\File Explorer* @@ -2683,7 +2683,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoNetConnectDisconnect** +**ADMX_WindowsExplorer/NoNetConnectDisconnect** @@ -2724,7 +2724,7 @@ This setting does not prevent users from connecting to another computer by typin -ADMX Info: +ADMX Info: - GP Friendly name: *Remove "Map Network Drive" and "Disconnect Network Drive"* - GP name: *NoNetConnectDisconnect* - GP path: *Windows Components\File Explorer* @@ -2735,7 +2735,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoNewAppAlert** +**ADMX_WindowsExplorer/NoNewAppAlert** @@ -2769,7 +2769,7 @@ If this MDM Policy is enabled, no notifications will be shown. If the MDM Policy -ADMX Info: +ADMX Info: - GP Friendly name: *Do not show the 'new application installed' notification* - GP name: *NoNewAppAlert* - GP path: *Windows Components\File Explorer* @@ -2780,7 +2780,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoPlacesBar** +**ADMX_WindowsExplorer/NoPlacesBar** @@ -2814,7 +2814,7 @@ To see an example of the standard Open dialog box, start WordPad and, on the **F -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the common dialog places bar* - GP name: *NoPlacesBar* - GP path: *Windows Components\File Explorer\Common Open File Dialog* @@ -2825,7 +2825,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoRecycleFiles** +**ADMX_WindowsExplorer/NoRecycleFiles** @@ -2861,7 +2861,7 @@ If you disable or do not configure this setting, files and folders deleted using -ADMX Info: +ADMX Info: - GP Friendly name: *Do not move deleted files to the Recycle Bin* - GP name: *NoRecycleFiles* - GP path: *Windows Components\File Explorer* @@ -2872,7 +2872,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoRunAsInstallPrompt** +**ADMX_WindowsExplorer/NoRunAsInstallPrompt** @@ -2912,7 +2912,7 @@ By default, users aren't prompted for alternate logon credentials when installin -ADMX Info: +ADMX Info: - GP Friendly name: *Do not request alternate credentials* - GP name: *NoRunAsInstallPrompt* - GP path: *Windows Components\File Explorer* @@ -2923,7 +2923,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoSearchInternetTryHarderButton** +**ADMX_WindowsExplorer/NoSearchInternetTryHarderButton** @@ -2959,7 +2959,7 @@ If you do not configure this policy (default), there will be an "Internet" link -ADMX Info: +ADMX Info: - GP Friendly name: *Remove the Search the Internet "Search again" link* - GP name: *NoSearchInternetTryHarderButton* - GP path: *Windows Components\File Explorer* @@ -2970,7 +2970,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoSecurityTab** +**ADMX_WindowsExplorer/NoSecurityTab** @@ -3006,7 +3006,7 @@ If you disable or do not configure this setting, users will be able to access th -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Security tab* - GP name: *NoSecurityTab* - GP path: *Windows Components\File Explorer* @@ -3017,7 +3017,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoShellSearchButton** +**ADMX_WindowsExplorer/NoShellSearchButton** @@ -3053,7 +3053,7 @@ This policy setting does not affect the Search items on the File Explorer contex -ADMX Info: +ADMX Info: - GP Friendly name: *Remove Search button from File Explorer* - GP name: *NoShellSearchButton* - GP path: *Windows Components\File Explorer* @@ -3064,7 +3064,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoStrCmpLogical** +**ADMX_WindowsExplorer/NoStrCmpLogical** @@ -3101,7 +3101,7 @@ If you disable or do not configure this policy setting, File Explorer will sort -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off numerical sorting in File Explorer* - GP name: *NoStrCmpLogical* - GP path: *Windows Components\File Explorer* @@ -3112,7 +3112,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoViewContextMenu** +**ADMX_WindowsExplorer/NoViewContextMenu** @@ -3146,7 +3146,7 @@ If you enable this setting, menus do not appear when you right-click the desktop -ADMX Info: +ADMX Info: - GP Friendly name: *Remove File Explorer's default context menu* - GP name: *NoViewContextMenu* - GP path: *Windows Components\File Explorer* @@ -3157,7 +3157,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoViewOnDrive** +**ADMX_WindowsExplorer/NoViewOnDrive** @@ -3198,7 +3198,7 @@ To use this setting, select a drive or combination of drives from the drop-down -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent access to drives from My Computer* - GP name: *NoViewOnDrive* - GP path: *Windows Components\File Explorer* @@ -3209,7 +3209,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoWindowsHotKeys** +**ADMX_WindowsExplorer/NoWindowsHotKeys** @@ -3247,7 +3247,7 @@ If you disable or do not configure this setting, the Windows Key hotkeys are ava -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Key hotkeys* - GP name: *NoWindowsHotKeys* - GP path: *Windows Components\File Explorer* @@ -3258,7 +3258,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/NoWorkgroupContents** +**ADMX_WindowsExplorer/NoWorkgroupContents** @@ -3298,7 +3298,7 @@ To remove network computers from lists of network resources, use the "No Entire -ADMX Info: +ADMX Info: - GP Friendly name: *No Computers Near Me in Network Locations* - GP name: *NoWorkgroupContents* - GP path: *Windows Components\File Explorer* @@ -3309,7 +3309,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/PlacesBar** +**ADMX_WindowsExplorer/PlacesBar** @@ -3356,7 +3356,7 @@ If you disable or do not configure this setting the default list of items will b -ADMX Info: +ADMX Info: - GP Friendly name: *Items displayed in Places Bar* - GP name: *PlacesBar* - GP path: *Windows Components\File Explorer\Common Open File Dialog* @@ -3367,7 +3367,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/PromptRunasInstallNetPath** +**ADMX_WindowsExplorer/PromptRunasInstallNetPath** @@ -3410,7 +3410,7 @@ If the dialog box does not appear, the installation proceeds with the current us -ADMX Info: +ADMX Info: - GP Friendly name: *Request credentials for network installations* - GP name: *PromptRunasInstallNetPath* - GP path: *Windows Components\File Explorer* @@ -3421,7 +3421,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/RecycleBinSize** +**ADMX_WindowsExplorer/RecycleBinSize** @@ -3460,7 +3460,7 @@ If you disable or do not configure this setting, users can change the total amou -ADMX Info: +ADMX Info: - GP Friendly name: *Maximum allowed Recycle Bin size* - GP name: *RecycleBinSize* - GP path: *Windows Components\File Explorer* @@ -3471,7 +3471,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1** +**ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1** @@ -3509,7 +3509,7 @@ If you do not configure this policy setting the protocol is in the protected mod -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off shell protocol protected mode* - GP name: *ShellProtocolProtectedModeTitle_1* - GP path: *Windows Components\File Explorer* @@ -3520,7 +3520,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2** +**ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2** @@ -3558,7 +3558,7 @@ If you do not configure this policy setting the protocol is in the protected mod -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off shell protocol protected mode* - GP name: *ShellProtocolProtectedModeTitle_2* - GP path: *Windows Components\File Explorer* @@ -3569,7 +3569,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/ShowHibernateOption** +**ADMX_WindowsExplorer/ShowHibernateOption** @@ -3607,7 +3607,7 @@ If you do not configure this policy setting, users will be able to choose whethe -ADMX Info: +ADMX Info: - GP Friendly name: *Show hibernate in the power options menu* - GP name: *ShowHibernateOption* - GP path: *Windows Components\File Explorer* @@ -3618,7 +3618,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/ShowSleepOption** +**ADMX_WindowsExplorer/ShowSleepOption** @@ -3656,7 +3656,7 @@ If you do not configure this policy setting, users will be able to choose whethe -ADMX Info: +ADMX Info: - GP Friendly name: *Show sleep in the power options menu* - GP name: *ShowSleepOption* - GP path: *Windows Components\File Explorer* @@ -3667,7 +3667,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/TryHarderPinnedLibrary** +**ADMX_WindowsExplorer/TryHarderPinnedLibrary** @@ -3707,7 +3707,7 @@ If you disable or do not configure this policy setting, no Libraries or Search C -ADMX Info: +ADMX Info: - GP Friendly name: *Pin Libraries or Search Connectors to the "Search again" links and the Start menu* - GP name: *TryHarderPinnedLibrary* - GP path: *Windows Components\File Explorer* @@ -3718,7 +3718,7 @@ ADMX Info:
            -**ADMX_WindowsExplorer/TryHarderPinnedOpenSearch** +**ADMX_WindowsExplorer/TryHarderPinnedOpenSearch** diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md index e2b7d6b653..ec4e8d2adf 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/13/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_WindowsMediaDRM > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_WindowsMediaDRM policies +## ADMX_WindowsMediaDRM policies
            @@ -35,7 +35,7 @@ manager: aaroncz
            -**ADMX_WindowsMediaDRM/DisableOnline** +**ADMX_WindowsMediaDRM/DisableOnline** @@ -73,7 +73,7 @@ When this policy is either disabled or not configured, Windows Media DRM functio -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent Windows Media DRM Internet Access* - GP name: *DisableOnline* - GP path: *Windows Components\Windows Media Digital Rights Management* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 15f9ca5c47..4780dc6eef 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -8,22 +8,22 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/09/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_WindowsMediaPlayer > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_WindowsMediaPlayer policies +## ADMX_WindowsMediaPlayer policies
            @@ -95,7 +95,7 @@ manager: aaroncz
            -**ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings** +**ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings** @@ -143,7 +143,7 @@ If you don't configure this policy setting, users can configure the HTTP proxy s -ADMX Info: +ADMX Info: - GP Friendly name: *Configure HTTP Proxy* - GP name: *ConfigureHTTPProxySettings* - GP path: *Windows Components\Windows Media Player\Networking* @@ -154,7 +154,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings** +**ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings** @@ -201,7 +201,7 @@ If you don't configure this policy setting, users can configure the MMS proxy se -ADMX Info: +ADMX Info: - GP Friendly name: *Configure MMS Proxy* - GP name: *ConfigureMMSProxySettings* - GP path: *Windows Components\Windows Media Player\Networking* @@ -212,7 +212,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings** +**ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings** @@ -257,7 +257,7 @@ If you don't configure this policy setting, users can configure the RTSP proxy s -ADMX Info: +ADMX Info: - GP Friendly name: *Configure RTSP Proxy* - GP name: *ConfigureRTSPProxySettings* - GP path: *Windows Components\Windows Media Player\Networking* @@ -268,7 +268,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/DisableAutoUpdate** +**ADMX_WindowsMediaPlayer/DisableAutoUpdate** @@ -307,7 +307,7 @@ If you disable or don't configure this policy setting, the dialog boxes are disp -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent Automatic Updates* - GP name: *DisableAutoUpdate* - GP path: *Windows Components\Windows Media Player* @@ -318,7 +318,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/DisableNetworkSettings** +**ADMX_WindowsMediaPlayer/DisableNetworkSettings** @@ -354,7 +354,7 @@ If you disable or don't configure this policy setting, the Network tab appears a -ADMX Info: +ADMX Info: - GP Friendly name: *Hide Network Tab* - GP name: *DisableNetworkSettings* - GP path: *Windows Components\Windows Media Player\Networking* @@ -365,7 +365,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration** +**ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration** @@ -403,7 +403,7 @@ If you don't configure this policy setting, and the "Set and lock skin" policy s -ADMX Info: +ADMX Info: - GP Friendly name: *Do Not Show First Use Dialog Boxes* - GP name: *DisableSetupFirstUseConfiguration* - GP path: *Windows Components\Windows Media Player* @@ -414,7 +414,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/DoNotShowAnchor** +**ADMX_WindowsMediaPlayer/DoNotShowAnchor** @@ -452,7 +452,7 @@ When this policy isn't configured and the Set and Lock Skin policy is enabled, s -ADMX Info: +ADMX Info: - GP Friendly name: *Do Not Show Anchor* - GP name: *DoNotShowAnchor* - GP path: *Windows Components\Windows Media Player\User Interface* @@ -463,7 +463,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/DontUseFrameInterpolation** +**ADMX_WindowsMediaPlayer/DontUseFrameInterpolation** @@ -503,7 +503,7 @@ Video smoothing is available only on the Windows XP Home Edition and Windows XP -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent Video Smoothing* - GP name: *DontUseFrameInterpolation* - GP path: *Windows Components\Windows Media Player* @@ -514,7 +514,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/EnableScreenSaver** +**ADMX_WindowsMediaPlayer/EnableScreenSaver** @@ -552,7 +552,7 @@ If you don't configure this policy setting, users can change the setting for the -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Screen Saver* - GP name: *EnableScreenSaver* - GP path: *Windows Components\Windows Media Player\Playback* @@ -563,7 +563,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/HidePrivacyTab** +**ADMX_WindowsMediaPlayer/HidePrivacyTab** @@ -601,7 +601,7 @@ If you disable or don't configure this policy setting, the Privacy tab isn't hid -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent Automatic Updates* - GP name: *HidePrivacyTab* - GP path: *Windows Components\Windows Media Player\User Interface* @@ -612,7 +612,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/HideSecurityTab** +**ADMX_WindowsMediaPlayer/HideSecurityTab** @@ -648,7 +648,7 @@ If you disable or don't configure this policy setting, users can configure the s -ADMX Info: +ADMX Info: - GP Friendly name: *Hide Security Tab* - GP name: *HideSecurityTab* - GP path: *Windows Components\Windows Media Player\User Interface* @@ -659,7 +659,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/NetworkBuffering** +**ADMX_WindowsMediaPlayer/NetworkBuffering** @@ -700,7 +700,7 @@ If you disable or don't configure this policy setting, users can change the buff -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Network Buffering* - GP name: *NetworkBuffering* - GP path: *Windows Components\Windows Media Player\Networking* @@ -711,7 +711,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/PolicyCodecUpdate** +**ADMX_WindowsMediaPlayer/PolicyCodecUpdate** @@ -749,7 +749,7 @@ If you don't configure this policy setting, users can change the setting for the -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent Codec Download* - GP name: *PolicyCodecUpdate* - GP path: *Windows Components\Windows Media Player\Playback* @@ -760,7 +760,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval** +**ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval** @@ -796,7 +796,7 @@ If you disable or don't configure this policy setting, users can change the sett -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent CD and DVD Media Information Retrieval* - GP name: *PreventCDDVDMetadataRetrieval* - GP path: *Windows Components\Windows Media Player* @@ -807,7 +807,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/PreventLibrarySharing** +**ADMX_WindowsMediaPlayer/PreventLibrarySharing** @@ -843,7 +843,7 @@ If you disable or don't configure this policy setting, anyone using Windows Medi -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent Media Sharing* - GP name: *PreventLibrarySharing* - GP path: *Windows Components\Windows Media Player* @@ -854,7 +854,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval** +**ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval** @@ -890,7 +890,7 @@ If you disable or don't configure this policy setting, users can change the sett -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent Music File Media Information Retrieval* - GP name: *PreventMusicFileMetadataRetrieval* - GP path: *Windows Components\Windows Media Player* @@ -901,7 +901,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut** +**ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut** @@ -937,7 +937,7 @@ If you disable or don't configure this policy setting, the user can choose wheth -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent Quick Launch Toolbar Shortcut Creation* - GP name: *PreventQuickLaunchShortcut* - GP path: *Windows Components\Windows Media Player* @@ -948,7 +948,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval** +**ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval** @@ -983,7 +983,7 @@ If you disable or don't configure this policy setting, the Player automatically -ADMX Info: +ADMX Info: - GP Friendly name: *PPrevent Radio Station Preset Retrieval* - GP name: *PreventRadioPresetsRetrieval* - GP path: *Windows Components\Windows Media Player* @@ -994,7 +994,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut** +**ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut** @@ -1030,7 +1030,7 @@ If you disable or don't configure this policy setting, users can choose whether -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent Desktop Shortcut Creation* - GP name: *PreventWMPDeskTopShortcut* - GP path: *Windows Components\Windows Media Player* @@ -1041,7 +1041,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/SkinLockDown** +**ADMX_WindowsMediaPlayer/SkinLockDown** @@ -1081,7 +1081,7 @@ If you disable or don't configure this policy setting, users can display the Pla -ADMX Info: +ADMX Info: - GP Friendly name: *Set and Lock Skin* - GP name: *SkinLockDown* - GP path: *Windows Components\Windows Media Player\User Interface* @@ -1092,7 +1092,7 @@ ADMX Info:
            -**ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols** +**ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols** @@ -1132,7 +1132,7 @@ If you disable this policy setting, the Protocols for MMS URLs and Multicast str -ADMX Info: +ADMX Info: - GP Friendly name: *Streaming Media Protocols* - GP name: *WindowsStreamingMediaProtocols* - GP path: *Windows Components\Windows Media Player\Networking* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md index 902f22ebc8..64095a1e38 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/16/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_WindowsRemoteManagement >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_WindowsRemoteManagement policies +## ADMX_WindowsRemoteManagement policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**ADMX_WindowsRemoteManagement/DisallowKerberos_1** +**ADMX_WindowsRemoteManagement/DisallowKerberos_1** @@ -68,7 +68,7 @@ manager: aaroncz This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network. -If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. +If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client. @@ -76,7 +76,7 @@ If you disable or do not configure this policy setting, the WinRM service accept -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow Kerberos authentication* - GP name: *DisallowKerberos_1* - GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Service* @@ -88,7 +88,7 @@ ADMX Info:
            -**ADMX_WindowsRemoteManagement/DisallowKerberos_2** +**ADMX_WindowsRemoteManagement/DisallowKerberos_2** @@ -125,7 +125,7 @@ If you disable or do not configure this policy setting, the WinRM client uses th -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow Kerberos authentication* - GP name: *DisallowKerberos_2* - GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Client* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md index 3a56097a51..58716cdc30 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md @@ -8,16 +8,16 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/26/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_WindowsStore >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -26,7 +26,7 @@ manager: aaroncz
            -## ADMX_WindowsStore policies +## ADMX_WindowsStore policies
            @@ -50,7 +50,7 @@ manager: aaroncz
            -**ADMX_WindowsStore/DisableAutoDownloadWin8** +**ADMX_WindowsStore/DisableAutoDownloadWin8** @@ -86,7 +86,7 @@ If you don't configure this setting, the automatic download of app updates is de -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Automatic Download of updates on Win8 machines* - GP name: *DisableAutoDownloadWin8* - GP path: *Windows Components\Store* @@ -99,7 +99,7 @@ ADMX Info:
            -**ADMX_WindowsStore/DisableOSUpgrade_1** +**ADMX_WindowsStore/DisableOSUpgrade_1** @@ -136,7 +136,7 @@ If you disable or do not configure this setting the Store application will offer -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the offer to update to the latest version of Windows* - GP name: *DisableOSUpgrade_1* - GP path: *Windows Components\Store* @@ -149,7 +149,7 @@ ADMX Info:
            -**ADMX_WindowsStore/DisableOSUpgrade_2** +**ADMX_WindowsStore/DisableOSUpgrade_2** @@ -186,7 +186,7 @@ If you disable or do not configure this setting the Store application will offer -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the offer to update to the latest version of Windows* - GP name: *DisableOSUpgrade_2* - GP path: *Windows Components\Store* @@ -199,7 +199,7 @@ ADMX Info:
            -**ADMX_WindowsStore/RemoveWindowsStore_1** +**ADMX_WindowsStore/RemoveWindowsStore_1** @@ -236,7 +236,7 @@ If you disable or don't configure this setting, access to the Store application -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the Store application* - GP name: *RemoveWindowsStore_1* - GP path: *Windows Components\Store* @@ -249,7 +249,7 @@ ADMX Info:
            -**ADMX_WindowsStore/RemoveWindowsStore_2** +**ADMX_WindowsStore/RemoveWindowsStore_2** @@ -286,7 +286,7 @@ If you disable or don't configure this setting, access to the Store application -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the Store application* - GP name: *RemoveWindowsStore_2* - GP path: *Windows Components\Store* diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md index 0f1c09fbca..73b315b10d 100644 --- a/windows/client-management/mdm/policy-csp-admx-wininit.md +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/29/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_WinInit >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_WinInit policies +## ADMX_WinInit policies
            @@ -42,7 +42,7 @@ manager: aaroncz
            -**ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription** +**ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription** @@ -79,7 +79,7 @@ If you disable or don't configure this policy setting, the system creates the na -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off legacy remote shutdown interface* - GP name: *DisableNamedPipeShutdownPolicyDescription* - GP path: *Windows Components\Shutdown Options* @@ -90,7 +90,7 @@ ADMX Info:
            -**ADMX_WinInit/Hiberboot** +**ADMX_WinInit/Hiberboot** @@ -117,7 +117,7 @@ ADMX Info: -This policy setting controls the use of fast startup. +This policy setting controls the use of fast startup. If you enable this policy setting, the system requires hibernate to be enabled. @@ -127,7 +127,7 @@ If you disable or don't configure this policy setting, the local setting is used -ADMX Info: +ADMX Info: - GP Friendly name: *Require use of fast startup* - GP name: *Hiberboot* - GP path: *System\Shutdown* @@ -138,7 +138,7 @@ ADMX Info:
            -**ADMX_WinInit/ShutdownTimeoutHungSessionsDescription** +**ADMX_WinInit/ShutdownTimeoutHungSessionsDescription** @@ -175,7 +175,7 @@ If you disable or don't configure this policy setting, the default timeout value -ADMX Info: +ADMX Info: - GP Friendly name: *Timeout for hung logon sessions during shutdown* - GP name: *ShutdownTimeoutHungSessionsDescription* - GP path: *Windows Components\Shutdown Options* diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index 767e746db8..a68509b294 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/09/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_WinLogon >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_WinLogon policies +## ADMX_WinLogon policies
            @@ -51,7 +51,7 @@ manager: aaroncz
            -**ADMX_WinLogon/CustomShell** +**ADMX_WinLogon/CustomShell** @@ -91,7 +91,7 @@ If you disable this setting or don't configure it, the setting is ignored and th -ADMX Info: +ADMX Info: - GP Friendly name: *Custom User Interface* - GP name: *CustomShell* - GP path: *System* @@ -102,7 +102,7 @@ ADMX Info:
            -**ADMX_WinLogon/DisplayLastLogonInfoDescription** +**ADMX_WinLogon/DisplayLastLogonInfoDescription** @@ -141,7 +141,7 @@ If you disable or don't configure this setting, messages about the previous sign -ADMX Info: +ADMX Info: - GP Friendly name: *Display information about previous logons during user logon* - GP name: *DisplayLastLogonInfoDescription* - GP path: *Windows Components\Windows Logon Options* @@ -153,7 +153,7 @@ ADMX Info: -**ADMX_WinLogon/LogonHoursNotificationPolicyDescription** +**ADMX_WinLogon/LogonHoursNotificationPolicyDescription** @@ -193,7 +193,7 @@ If you disable or don't configure this setting, users receive warnings before th -ADMX Info: +ADMX Info: - GP Friendly name: *Remove logon hours expiration warnings* - GP name: *LogonHoursNotificationPolicyDescription* - GP path: *Windows Components\Windows Logon Options* @@ -204,7 +204,7 @@ ADMX Info:
            -**ADMX_WinLogon/LogonHoursPolicyDescription** +**ADMX_WinLogon/LogonHoursPolicyDescription** @@ -246,7 +246,7 @@ If you disable or don't configure this setting, the system takes no action when -ADMX Info: +ADMX Info: - GP Friendly name: *Set action to take when logon hours expire* - GP name: *LogonHoursPolicyDescription* - GP path: *Windows Components\Windows Logon Options* @@ -257,7 +257,7 @@ ADMX Info:
            -**ADMX_WinLogon/ReportCachedLogonPolicyDescription** +**ADMX_WinLogon/ReportCachedLogonPolicyDescription** @@ -295,7 +295,7 @@ If disabled or not configured, no pop up will be displayed to the user. -ADMX Info: +ADMX Info: - GP Friendly name: *Report when logon server was not available during user logon* - GP name: *ReportCachedLogonPolicyDescription* - GP path: *Windows Components\Windows Logon Options* @@ -306,7 +306,7 @@ ADMX Info:
            -**ADMX_WinLogon/SoftwareSASGeneration** +**ADMX_WinLogon/SoftwareSASGeneration** @@ -335,7 +335,7 @@ ADMX Info: This policy setting controls whether the software can simulate the Secure Attention Sequence (SAS). -If you enable this policy setting, you have one of four options: +If you enable this policy setting, you have one of four options: - If you set this policy setting to "None," user mode software can't simulate the SAS. - If you set this policy setting to "Services," services can simulate the SAS. @@ -348,7 +348,7 @@ If you disable or don't configure this setting, only Ease of Access applications -ADMX Info: +ADMX Info: - GP Friendly name: *Disable or enable software Secure Attention Sequence* - GP name: *SoftwareSASGeneration* - GP path: *Windows Components\Windows Logon Options* diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md index 7d744cb320..bf627b853f 100644 --- a/windows/client-management/mdm/policy-csp-admx-winsrv.md +++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 02/25/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_Winsrv >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_Winsrv policies +## ADMX_Winsrv policies
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**ADMX_Winsrv/AllowBlockingAppsAtShutdown** +**ADMX_Winsrv/AllowBlockingAppsAtShutdown** @@ -77,7 +77,7 @@ By default, such applications are automatically terminated if they attempt to ca -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off automatic termination of applications that block or cancel shutdown* - GP name: *AllowBlockingAppsAtShutdown* - GP path: *System\Shutdown Options* diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md index 146fa04b1b..bcb613a6e9 100644 --- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md +++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/27/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_wlansvc >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_wlansvc policies +## ADMX_wlansvc policies
            @@ -42,7 +42,7 @@ manager: aaroncz
            -**ADMX_wlansvc/SetCost** +**ADMX_wlansvc/SetCost** @@ -73,14 +73,14 @@ This policy setting configures the cost of Wireless LAN (WLAN) connections on th If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all WLAN connections on the local machine: - Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. -- Fixed: Use of this connection isn't restricted by usage charges and capacity constraints up to a certain data limit. +- Fixed: Use of this connection isn't restricted by usage charges and capacity constraints up to a certain data limit. - Variable: This connection is costed on a per byte basis. If this policy setting is disabled or isn't configured, the cost of Wireless LAN connections is Unrestricted by default. -ADMX Info: +ADMX Info: - GP Friendly name: *Set Cost* - GP name: *IncludeCmdLine* - GP path: *Network\WLAN Service\WLAN Media Cost* @@ -91,7 +91,7 @@ ADMX Info:
            -**ADMX_wlansvc/SetPINEnforced** +**ADMX_wlansvc/SetPINEnforced** @@ -127,7 +127,7 @@ If this policy setting is disabled or isn't configured, by default Push Button p -ADMX Info: +ADMX Info: - GP Friendly name: *Require PIN pairing* - GP name: *SetPINEnforced* - GP path: *Network\Wireless Display* @@ -138,7 +138,7 @@ ADMX Info:
            -**ADMX_wlansvc/SetPINPreferred** +**ADMX_wlansvc/SetPINPreferred** @@ -174,7 +174,7 @@ If this policy setting is disabled or isn't configured, by default Push Button p -ADMX Info: +ADMX Info: - GP Friendly name: *Prefer PIN pairing* - GP name: *SetPINPreferred* - GP path: *Network\Wireless Display* diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md index b027226ee8..c899ec246c 100644 --- a/windows/client-management/mdm/policy-csp-admx-wordwheel.md +++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/22/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_WordWheel > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_WordWheel policies +## ADMX_WordWheel policies
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**ADMX_WordWheel/CustomSearch** +**ADMX_WordWheel/CustomSearch** @@ -62,16 +62,16 @@ manager: aaroncz -Set up the menu name and URL for the custom Internet search provider. +Set up the menu name and URL for the custom Internet search provider. -- If you enable this setting, the specified menu name and URL will be used for Internet searches. +- If you enable this setting, the specified menu name and URL will be used for Internet searches. - If you disable or not configure this setting, the default Internet search provider will be used. -ADMX Info: +ADMX Info: - GP Friendly name: *Custom Instant Search Internet search provider* - GP name: *CustomSearch* - GP path: *Windows Components\Instant Search* diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md index 56d08ee87f..faf4206757 100644 --- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md +++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/22/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_WorkFoldersClient > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_WorkFoldersClient policies +## ADMX_WorkFoldersClient policies
            @@ -43,7 +43,7 @@ manager: aaroncz
            -**ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker** +**ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker** @@ -71,7 +71,7 @@ manager: aaroncz This policy setting specifies whether Work Folders should be set up automatically for all users of the affected computer. -- If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer. +- If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer. This folder creation prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting doesn't apply to a user, Work Folders isn't automatically set up. - If you disable or don't configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user. @@ -81,7 +81,7 @@ This folder creation prevents users from choosing not to use Work Folders on the -ADMX Info: +ADMX Info: - GP Friendly name: *Force automatic setup for all users* - GP name: *Pol_UserEnableTokenBroker* - GP path: *Windows Components\Work Folders* @@ -93,7 +93,7 @@ ADMX Info:
            -**ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders** +**ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders** @@ -119,20 +119,20 @@ ADMX Info: -This policy setting specifies the Work Folders server for affected users, and whether or not users are allowed to change settings when setting up Work Folders on a domain-joined computer. +This policy setting specifies the Work Folders server for affected users, and whether or not users are allowed to change settings when setting up Work Folders on a domain-joined computer. -- If you enable this policy setting, affected users receive Work Folders settings when they sign in to a domain-joined PC. +- If you enable this policy setting, affected users receive Work Folders settings when they sign in to a domain-joined PC. -If this policy setting is disabled or not configured, no Work Folders settings are specified for the affected users, though users can manually set up Work Folders by using the Work Folders Control Panel item. The "Work Folders URL" can specify either the URL used by the organization for Work Folders discovery, or the specific URL of the file server that stores the affected users' data. The "Work Folders Local Path" specifies the local folder used on the client machine to sync files. This path may contain environment variables. +If this policy setting is disabled or not configured, no Work Folders settings are specified for the affected users, though users can manually set up Work Folders by using the Work Folders Control Panel item. The "Work Folders URL" can specify either the URL used by the organization for Work Folders discovery, or the specific URL of the file server that stores the affected users' data. The "Work Folders Local Path" specifies the local folder used on the client machine to sync files. This path may contain environment variables. > [!NOTE] > In order for this configuration to take effect, a valid 'Work Folders URL' must also be specified. -The “On-demand file access preference” option controls whether to enable on-demand file access. When enabled, the user controls which files in Work Folders are available offline on a given PC. The rest of the files in Work Folders are always visible and don’t take up any space on the PC, but the user must be connected to the Internet to access them. If you enable this policy setting, on-demand file access is enabled. +The “On-demand file access preference” option controls whether to enable on-demand file access. When enabled, the user controls which files in Work Folders are available offline on a given PC. The rest of the files in Work Folders are always visible and don’t take up any space on the PC, but the user must be connected to the Internet to access them. If you enable this policy setting, on-demand file access is enabled. -- If you disable this policy setting, on-demand file access is disabled, and enough storage space to store all the user’s files is required on each of their PCs. +- If you disable this policy setting, on-demand file access is disabled, and enough storage space to store all the user’s files is required on each of their PCs. -If you specify User choice or don't configure this policy setting, the user decides whether to enable on-demand file access. However, if the Force automatic setup policy setting is enabled, Work Folders is set up automatically with on-demand file access enabled. +If you specify User choice or don't configure this policy setting, the user decides whether to enable on-demand file access. However, if the Force automatic setup policy setting is enabled, Work Folders is set up automatically with on-demand file access enabled. The "Force automatic setup" option specifies that Work Folders should be set up automatically without prompting users. This automatic setup prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. By default, Work Folders is stored in the "%USERPROFILE%\Work Folders" folder. If this option isn't specified, users must use the Work Folders Control Panel item on their computers to set up Work Folders. @@ -140,7 +140,7 @@ The "Force automatic setup" option specifies that Work Folders should be set up -ADMX Info: +ADMX Info: - GP Friendly name: *Specify Work Folders settings* - GP name: *Pol_UserEnableWorkFolders* - GP path: *Windows Components\Work Folders* @@ -151,7 +151,7 @@ ADMX Info:
            -**ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders** +**ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders** @@ -183,7 +183,7 @@ This policy specifies whether Work Folders should use Token Broker for interacti -ADMX Info: +ADMX Info: - GP Friendly name: *Enables the use of Token Broker for AD FS authentication* - GP name: *Pol_MachineEnableWorkFolders* - GP path: *Windows Components\Work Folders* diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md index 6397e4e333..723dc623f2 100644 --- a/windows/client-management/mdm/policy-csp-admx-wpn.md +++ b/windows/client-management/mdm/policy-csp-admx-wpn.md @@ -8,23 +8,23 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/13/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ADMX_WPN >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ADMX_WPN policies +## ADMX_WPN policies
            @@ -51,7 +51,7 @@ manager: aaroncz
            -**ADMX_WPN/NoCallsDuringQuietHours** +**ADMX_WPN/NoCallsDuringQuietHours** @@ -90,7 +90,7 @@ If you don't configure this policy setting, voice and video calls will be allowe -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off calls during Quiet Hours* - GP name: *NoCallsDuringQuietHours* - GP path: *Start Menu and Taskbar\Notifications* @@ -101,7 +101,7 @@ ADMX Info:
            -**ADMX_WPN/NoLockScreenToastNotification** +**ADMX_WPN/NoLockScreenToastNotification** @@ -140,7 +140,7 @@ No reboots or service restarts are required for this policy setting to take effe -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off toast notifications on the lock screen* - GP name: *NoLockScreenToastNotification* - GP path: *Start Menu and Taskbar\Notifications* @@ -151,7 +151,7 @@ ADMX Info:
            -**ADMX_WPN/NoQuietHours** +**ADMX_WPN/NoQuietHours** @@ -190,7 +190,7 @@ If you don't configure this policy setting, Quiet Hours are enabled by default b -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Quiet Hours* - GP name: *NoQuietHours* - GP path: *Start Menu and Taskbar\Notifications* @@ -201,7 +201,7 @@ ADMX Info:
            -**ADMX_WPN/NoToastNotification** +**ADMX_WPN/NoToastNotification** @@ -244,7 +244,7 @@ No reboots or service restarts are required for this policy setting to take effe -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off toast notifications* - GP name: *NoToastNotification* - GP path: *Start Menu and Taskbar\Notifications* @@ -255,7 +255,7 @@ ADMX Info:
            -**ADMX_WPN/QuietHoursDailyBeginMinute** +**ADMX_WPN/QuietHoursDailyBeginMinute** @@ -294,7 +294,7 @@ If you don't configure this policy setting, a default value will be used, which -ADMX Info: +ADMX Info: - GP Friendly name: *Set the time Quiet Hours begins each day* - GP name: *QuietHoursDailyBeginMinute* - GP path: *Start Menu and Taskbar\Notifications* @@ -305,7 +305,7 @@ ADMX Info:
            -**ADMX_WPN/QuietHoursDailyEndMinute** +**ADMX_WPN/QuietHoursDailyEndMinute** @@ -344,7 +344,7 @@ If you don't configure this policy setting, a default value will be used, which -ADMX Info: +ADMX Info: - GP Friendly name: *Set the time Quiet Hours ends each day* - GP name: *QuietHoursDailyEndMinute* - GP path: *Start Menu and Taskbar\Notifications* diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index db27b3a605..70e57eef1e 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -19,7 +19,7 @@ manager: aaroncz
            -## ApplicationDefaults policies +## ApplicationDefaults policies
            @@ -34,7 +34,7 @@ manager: aaroncz
            -**ApplicationDefaults/DefaultAssociationsConfiguration** +**ApplicationDefaults/DefaultAssociationsConfiguration** @@ -61,12 +61,12 @@ manager: aaroncz This policy allows an administrator to set default file type and protocol associations. When set, default associations are applied on sign in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml). Then, it needs to be base64 encoded before being added to SyncML. - + If policy is enabled and the client machine is having Azure Active Directory, the associations assigned in SyncML are processed and default associations are applied. -ADMX Info: +ADMX Info: - GP Friendly name: *Set a default associations configuration file* - GP name: *DefaultAssociationsConfiguration* - GP element: *DefaultAssociationsConfiguration_TextBox* @@ -133,7 +133,7 @@ Here's the SyncMl example:
            -**ApplicationDefaults/EnableAppUriHandlers** +**ApplicationDefaults/EnableAppUriHandlers** @@ -169,7 +169,7 @@ If you don't configure this policy setting, the default behavior depends on the -ADMX Info: +ADMX Info: - GP Friendly name: *Configure web-to-app linking with app URI handlers* - GP name: *EnableAppUriHandlers* - GP path: *System/Group Policy* diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index a9bd9d1f06..3c8b32b9eb 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 02/11/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## ApplicationManagement policies +## ApplicationManagement policies
            @@ -38,8 +38,8 @@ manager: aaroncz
            ApplicationManagement/AllowSharedUserAppData
            -
            - ApplicationManagement/BlockNonAdminUserInstall +
            + ApplicationManagement/BlockNonAdminUserInstall
            ApplicationManagement/DisableStoreOriginatedApps @@ -71,7 +71,7 @@ manager: aaroncz
            -**ApplicationManagement/AllowAutomaticAppArchiving** +**ApplicationManagement/AllowAutomaticAppArchiving** @@ -107,7 +107,7 @@ If you don't configure this policy setting (default), then the system will follo -ADMX Info: +ADMX Info: - GP Friendly name: *Allow all trusted apps to install* - GP name: *AllowAutomaticAppArchiving* - GP path: *Windows Components/App Package Deployment* @@ -127,7 +127,7 @@ The following list shows the supported values:
            -**ApplicationManagement/AllowAllTrustedApps** +**ApplicationManagement/AllowAllTrustedApps** @@ -159,7 +159,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow all trusted apps to install* - GP name: *AppxDeploymentAllowAllTrustedApps* - GP path: *Windows Components/App Package Deployment* @@ -179,7 +179,7 @@ The following list shows the supported values:
            -**ApplicationManagement/AllowAppStoreAutoUpdate** +**ApplicationManagement/AllowAppStoreAutoUpdate** @@ -212,7 +212,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Automatic Download and Install of updates* - GP name: *DisableAutoInstall* - GP path: *Windows Components/Store* @@ -231,7 +231,7 @@ The following list shows the supported values:
            -**ApplicationManagement/AllowDeveloperUnlock** +**ApplicationManagement/AllowDeveloperUnlock** @@ -263,7 +263,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Allows development of Windows Store apps and installing them from an integrated development environment (IDE)* - GP name: *AllowDevelopmentWithoutDevLicense* - GP path: *Windows Components/App Package Deployment* @@ -283,7 +283,7 @@ The following list shows the supported values:
            -**ApplicationManagement/AllowGameDVR** +**ApplicationManagement/AllowGameDVR** @@ -318,7 +318,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Enables or disables Windows Game Recording and Broadcasting* - GP name: *AllowGameDVR* - GP path: *Windows Components/Windows Game Recording and Broadcasting* @@ -337,7 +337,7 @@ The following list shows the supported values:
            -**ApplicationManagement/AllowSharedUserAppData** +**ApplicationManagement/AllowSharedUserAppData** @@ -368,7 +368,7 @@ The following list shows the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Allow a Windows app to share application data between users* - GP name: *AllowSharedLocalAppData* - GP path: *Windows Components/App Package Deployment* @@ -378,7 +378,7 @@ ADMX Info: The following list shows the supported values: -- 0 (default) – Prevented/not allowed, but Microsoft Edge downloads book files to a per-user folder for each user. +- 0 (default) – Prevented/not allowed, but Microsoft Edge downloads book files to a per-user folder for each user. - 1 – Allowed. Microsoft Edge downloads book files into a shared folder. For this policy to work correctly, you must also enable the Allow a Windows app to share application data between users group policy. Also, the users must be signed in with a school or work account. Most restricted value: 0 @@ -388,7 +388,7 @@ Most restricted value: 0
            -**ApplicationManagement/BlockNonAdminUserInstall** +**ApplicationManagement/BlockNonAdminUserInstall** @@ -424,7 +424,7 @@ If you disable or don't configure this policy, all users will be able to initiat -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent non-admin users from installing packaged Windows apps* - GP name: *BlockNonAdminUserInstall* - GP path: *Windows Components/App Package Deployment* @@ -432,7 +432,7 @@ ADMX Info: -The following list shows the supported values: +The following list shows the supported values: - 0 (default) - Disabled. All users will be able to initiate installation of Windows app packages. - 1 - Enabled. Non-administrator users won't be able to initiate installation of Windows app packages. @@ -447,7 +447,7 @@ The following list shows the supported values:
            -**ApplicationManagement/DisableStoreOriginatedApps** +**ApplicationManagement/DisableStoreOriginatedApps** @@ -477,7 +477,7 @@ Added in Windows 10, version 1607. Boolean value that disables the launch of al -ADMX Info: +ADMX Info: - GP Friendly name: *Disable all apps from Microsoft Store* - GP name: *DisableStoreApps* - GP path: *Windows Components/Store* @@ -496,7 +496,7 @@ The following list shows the supported values:
            -**ApplicationManagement/LaunchAppAfterLogOn** +**ApplicationManagement/LaunchAppAfterLogOn** @@ -524,11 +524,11 @@ The following list shows the supported values: List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are launched after a sign in. This policy allows the IT admin to specify a list of applications that users can run after logging on to the device. -For this policy to work, the Windows apps need to declare in their manifest that they'll use the startup task. Example of the declaration here: +For this policy to work, the Windows apps need to declare in their manifest that they'll use the startup task. Example of the declaration here: ```xml - - + + ``` @@ -550,7 +550,7 @@ For this policy to work, the Windows apps need to declare in their manifest that
            -**ApplicationManagement/MSIAllowUserControlOverInstall** +**ApplicationManagement/MSIAllowUserControlOverInstall** @@ -588,7 +588,7 @@ This policy setting is designed for less restrictive environments. It can be use -ADMX Info: +ADMX Info: - GP Friendly name: *Allow user control over installs* - GP name: *EnableUserControl* - GP path: *Windows Components/Windows Installer* @@ -604,7 +604,7 @@ This setting supports a range of values between 0 and 1.
            -**ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges** +**ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges** @@ -645,7 +645,7 @@ If you disable or don't configure this policy setting, the system applies the cu -ADMX Info: +ADMX Info: - GP Friendly name: *Always install with elevated privileges* - GP name: *AlwaysInstallElevated* - GP path: *Windows Components/Windows Installer* @@ -661,7 +661,7 @@ This setting supports a range of values between 0 and 1.
            -**ApplicationManagement/RequirePrivateStoreOnly** +**ApplicationManagement/RequirePrivateStoreOnly** @@ -695,7 +695,7 @@ Most restricted value is 1. -ADMX Info: +ADMX Info: - GP Friendly name: *Only display the private store within the Microsoft Store* - GP name: *RequirePrivateStoreOnly* - GP path: *Windows Components/Store* @@ -714,7 +714,7 @@ The following list shows the supported values:
            -**ApplicationManagement/RestrictAppDataToSystemVolume** +**ApplicationManagement/RestrictAppDataToSystemVolume** @@ -746,7 +746,7 @@ Most restricted value is 1. -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent users' app data from being stored on non-system volumes* - GP name: *RestrictAppDataToSystemVolume* - GP path: *Windows Components/App Package Deployment* @@ -765,7 +765,7 @@ The following list shows the supported values:
            -**ApplicationManagement/RestrictAppToSystemVolume** +**ApplicationManagement/RestrictAppToSystemVolume** @@ -797,7 +797,7 @@ Most restricted value is 1. -ADMX Info: +ADMX Info: - GP Friendly name: *Disable installing Windows apps on non-system volumes* - GP name: *DisableDeploymentToNonSystemVolumes* - GP path: *Windows Components/App Package Deployment* @@ -816,7 +816,7 @@ The following list shows the supported values:
            -**ApplicationManagement/ScheduleForceRestartForUpdateFailures** +**ApplicationManagement/ScheduleForceRestartForUpdateFailures** @@ -842,7 +842,7 @@ The following list shows the supported values: -To ensure apps are up-to-date, this policy allows the admins to set a recurring or one time date to restart apps whose update failed due to the app being in use allowing the update to be applied. +To ensure apps are up-to-date, this policy allows the admins to set a recurring or one time date to restart apps whose update failed due to the app being in use allowing the update to be applied. Value type is string. @@ -856,28 +856,28 @@ Value type is string. Sample SyncML: ```xml - - - - 2 - - - ./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/ScheduleForceRestartForUpdateFailures - - - - xml - - - - - - - + + + + 2 + + + ./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/ScheduleForceRestartForUpdateFailures + + + + xml + + + + + + + ``` XSD: @@ -908,11 +908,11 @@ XSD: - - - - - + + + + + diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index ab3b3c38da..d7ccf330a4 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -8,24 +8,24 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - AppRuntime > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## AppRuntime policies +## AppRuntime policies
            @@ -37,7 +37,7 @@ manager: aaroncz
            -**AppRuntime/AllowMicrosoftAccountsToBeOptional** +**AppRuntime/AllowMicrosoftAccountsToBeOptional** @@ -74,7 +74,7 @@ If you disable or do not configure this policy setting, users will need to sign -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Microsoft accounts to be optional* - GP name: *AppxRuntimeMicrosoftAccountsOptional* - GP path: *Windows Components/App runtime* diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 9803e28948..f257399257 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -8,24 +8,24 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - AppVirtualization > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## AppVirtualization policies +## AppVirtualization policies
            @@ -118,7 +118,7 @@ manager: aaroncz
            -**AppVirtualization/AllowAppVClient** +**AppVirtualization/AllowAppVClient** @@ -151,7 +151,7 @@ This policy setting allows you to enable or disable Microsoft Application Virtua -ADMX Info: +ADMX Info: - GP Friendly name: *Enable App-V Client* - GP name: *EnableAppV* - GP path: *System/App-V* @@ -163,7 +163,7 @@ ADMX Info:
            -**AppVirtualization/AllowDynamicVirtualization** +**AppVirtualization/AllowDynamicVirtualization** @@ -195,7 +195,7 @@ This policy enables Dynamic Virtualization of supported shell extensions, browse -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Dynamic Virtualization* - GP name: *Virtualization_JITVEnable* - GP path: *System/App-V/Virtualization* @@ -207,7 +207,7 @@ ADMX Info:
            -**AppVirtualization/AllowPackageCleanup** +**AppVirtualization/AllowPackageCleanup** @@ -239,7 +239,7 @@ Enables automatic cleanup of App-v packages that were added after Windows 10 ann -ADMX Info: +ADMX Info: - GP Friendly name: *Enable automatic cleanup of unused appv packages* - GP name: *PackageManagement_AutoCleanupEnable* - GP path: *System/App-V/PackageManagement* @@ -251,7 +251,7 @@ ADMX Info:
            -**AppVirtualization/AllowPackageScripts** +**AppVirtualization/AllowPackageScripts** @@ -283,7 +283,7 @@ This policy enables scripts defined in the package manifest of configuration fil -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Package Scripts* - GP name: *Scripting_Enable_Package_Scripts* - GP path: *System/App-V/Scripting* @@ -295,7 +295,7 @@ ADMX Info:
            -**AppVirtualization/AllowPublishingRefreshUX** +**AppVirtualization/AllowPublishingRefreshUX** @@ -326,7 +326,7 @@ This policy enables a UX to display to the user when a publishing refresh is per -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Publishing Refresh UX* - GP name: *Enable_Publishing_Refresh_UX* - GP path: *System/App-V/Publishing* @@ -338,7 +338,7 @@ ADMX Info:
            -**AppVirtualization/AllowReportingServer** +**AppVirtualization/AllowReportingServer** @@ -380,7 +380,7 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t -ADMX Info: +ADMX Info: - GP Friendly name: *Reporting Server* - GP name: *Reporting_Server_Policy* - GP path: *System/App-V/Reporting* @@ -392,7 +392,7 @@ ADMX Info:
            -**AppVirtualization/AllowRoamingFileExclusions** +**AppVirtualization/AllowRoamingFileExclusions** @@ -425,7 +425,7 @@ This policy specifies the file paths relative to %userprofile% that do not roam -ADMX Info: +ADMX Info: - GP Friendly name: *Roaming File Exclusions* - GP name: *Integration_Roaming_File_Exclusions* - GP path: *System/App-V/Integration* @@ -437,7 +437,7 @@ ADMX Info:
            -**AppVirtualization/AllowRoamingRegistryExclusions** +**AppVirtualization/AllowRoamingRegistryExclusions** @@ -470,7 +470,7 @@ This policy specifies the registry paths that do not roam with a user profile. E -ADMX Info: +ADMX Info: - GP Friendly name: *Roaming Registry Exclusions* - GP name: *Integration_Roaming_Registry_Exclusions* - GP path: *System/App-V/Integration* @@ -482,7 +482,7 @@ ADMX Info:
            -**AppVirtualization/AllowStreamingAutoload** +**AppVirtualization/AllowStreamingAutoload** @@ -514,7 +514,7 @@ This policy specifies how new packages should be loaded automatically by App-V o -ADMX Info: +ADMX Info: - GP Friendly name: *Specify what to load in background (also known as AutoLoad)* - GP name: *Steaming_Autoload* - GP path: *System/App-V/Streaming* @@ -526,7 +526,7 @@ ADMX Info:
            -**AppVirtualization/ClientCoexistenceAllowMigrationmode** +**AppVirtualization/ClientCoexistenceAllowMigrationmode** @@ -558,7 +558,7 @@ Migration mode allows the App-V client to modify shortcuts and FTAs for packages -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Migration Mode* - GP name: *Client_Coexistence_Enable_Migration_mode* - GP path: *System/App-V/Client Coexistence* @@ -570,7 +570,7 @@ ADMX Info:
            -**AppVirtualization/IntegrationAllowRootGlobal** +**AppVirtualization/IntegrationAllowRootGlobal** @@ -604,7 +604,7 @@ This policy specifies the location where symbolic links are created to the curre -ADMX Info: +ADMX Info: - GP Friendly name: *Integration Root User* - GP name: *Integration_Root_User* - GP path: *System/App-V/Integration* @@ -616,7 +616,7 @@ ADMX Info:
            -**AppVirtualization/IntegrationAllowRootUser** +**AppVirtualization/IntegrationAllowRootUser** @@ -649,7 +649,7 @@ This policy specifies the location where symbolic links are created to the curre -ADMX Info: +ADMX Info: - GP Friendly name: *Integration Root Global* - GP name: *Integration_Root_Global* - GP path: *System/App-V/Integration* @@ -661,7 +661,7 @@ ADMX Info:
            -**AppVirtualization/PublishingAllowServer1** +**AppVirtualization/PublishingAllowServer1** @@ -711,7 +711,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D -ADMX Info: +ADMX Info: - GP Friendly name: *Publishing Server 1 Settings* - GP name: *Publishing_Server1_Policy* - GP path: *System/App-V/Publishing* @@ -723,7 +723,7 @@ ADMX Info:
            -**AppVirtualization/PublishingAllowServer2** +**AppVirtualization/PublishingAllowServer2** @@ -773,7 +773,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D -ADMX Info: +ADMX Info: - GP Friendly name: *Publishing Server 2 Settings* - GP name: *Publishing_Server2_Policy* - GP path: *System/App-V/Publishing* @@ -785,7 +785,7 @@ ADMX Info:
            -**AppVirtualization/PublishingAllowServer3** +**AppVirtualization/PublishingAllowServer3** @@ -835,7 +835,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D -ADMX Info: +ADMX Info: - GP Friendly name: *Publishing Server 3 Settings* - GP name: *Publishing_Server3_Policy* - GP path: *System/App-V/Publishing* @@ -847,7 +847,7 @@ ADMX Info:
            -**AppVirtualization/PublishingAllowServer4** +**AppVirtualization/PublishingAllowServer4** @@ -897,7 +897,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D -ADMX Info: +ADMX Info: - GP Friendly name: *Publishing Server 4 Settings* - GP name: *Publishing_Server4_Policy* - GP path: *System/App-V/Publishing* @@ -909,7 +909,7 @@ ADMX Info:
            -**AppVirtualization/PublishingAllowServer5** +**AppVirtualization/PublishingAllowServer5** @@ -959,7 +959,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D -ADMX Info: +ADMX Info: - GP Friendly name: *Publishing Server 5 Settings* - GP name: *Publishing_Server5_Policy* - GP path: *System/App-V/Publishing* @@ -971,7 +971,7 @@ ADMX Info:
            -**AppVirtualization/StreamingAllowCertificateFilterForClient_SSL** +**AppVirtualization/StreamingAllowCertificateFilterForClient_SSL** @@ -1003,7 +1003,7 @@ This policy specifies the path to a valid certificate in the certificate store. -ADMX Info: +ADMX Info: - GP Friendly name: *Certificate Filter For Client SSL* - GP name: *Streaming_Certificate_Filter_For_Client_SSL* - GP path: *System/App-V/Streaming* @@ -1015,7 +1015,7 @@ ADMX Info:
            -**AppVirtualization/StreamingAllowHighCostLaunch** +**AppVirtualization/StreamingAllowHighCostLaunch** @@ -1047,7 +1047,7 @@ This setting controls whether virtualized applications are launched on Windows 8 -ADMX Info: +ADMX Info: - GP Friendly name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection* - GP name: *Streaming_Allow_High_Cost_Launch* - GP path: *System/App-V/Streaming* @@ -1059,7 +1059,7 @@ ADMX Info:
            -**AppVirtualization/StreamingAllowLocationProvider** +**AppVirtualization/StreamingAllowLocationProvider** @@ -1091,7 +1091,7 @@ This policy specifies the CLSID for a compatible implementation of the AppvPacka -ADMX Info: +ADMX Info: - GP Friendly name: *Location Provider* - GP name: *Streaming_Location_Provider* - GP path: *System/App-V/Streaming* @@ -1103,7 +1103,7 @@ ADMX Info:
            -**AppVirtualization/StreamingAllowPackageInstallationRoot** +**AppVirtualization/StreamingAllowPackageInstallationRoot** @@ -1135,7 +1135,7 @@ This policy specifies directory where all new applications and updates will be i -ADMX Info: +ADMX Info: - GP Friendly name: *Package Installation Root* - GP name: *Streaming_Package_Installation_Root* - GP path: *System/App-V/Streaming* @@ -1147,7 +1147,7 @@ ADMX Info:
            -**AppVirtualization/StreamingAllowPackageSourceRoot** +**AppVirtualization/StreamingAllowPackageSourceRoot** @@ -1179,7 +1179,7 @@ This policy overrides source location for downloading package content. -ADMX Info: +ADMX Info: - GP Friendly name: *Package Source Root* - GP name: *Streaming_Package_Source_Root* - GP path: *System/App-V/Streaming* @@ -1191,7 +1191,7 @@ ADMX Info:
            -**AppVirtualization/StreamingAllowReestablishmentInterval** +**AppVirtualization/StreamingAllowReestablishmentInterval** @@ -1223,7 +1223,7 @@ This policy specifies the number of seconds between attempts to reestablish a dr -ADMX Info: +ADMX Info: - GP Friendly name: *Reestablishment Interval* - GP name: *Streaming_Reestablishment_Interval* - GP path: *System/App-V/Streaming* @@ -1235,7 +1235,7 @@ ADMX Info:
            -**AppVirtualization/StreamingAllowReestablishmentRetries** +**AppVirtualization/StreamingAllowReestablishmentRetries** @@ -1267,7 +1267,7 @@ This policy specifies the number of times to retry a dropped session. -ADMX Info: +ADMX Info: - GP Friendly name: *Reestablishment Retries* - GP name: *Streaming_Reestablishment_Retries* - GP path: *System/App-V/Streaming* @@ -1279,7 +1279,7 @@ ADMX Info:
            -**AppVirtualization/StreamingSharedContentStoreMode** +**AppVirtualization/StreamingSharedContentStoreMode** @@ -1312,7 +1312,7 @@ This policy specifies that streamed package contents will be not be saved to the -ADMX Info: +ADMX Info: - GP Friendly name: *Shared Content Store (SCS) mode* - GP name: *Streaming_Shared_Content_Store_Mode* - GP path: *System/App-V/Streaming* @@ -1324,7 +1324,7 @@ ADMX Info:
            -**AppVirtualization/StreamingSupportBranchCache** +**AppVirtualization/StreamingSupportBranchCache** @@ -1356,7 +1356,7 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Support for BranchCache* - GP name: *Streaming_Support_Branch_Cache* - GP path: *System/App-V/Streaming* @@ -1368,7 +1368,7 @@ ADMX Info:
            -**AppVirtualization/StreamingVerifyCertificateRevocationList** +**AppVirtualization/StreamingVerifyCertificateRevocationList** @@ -1400,7 +1400,7 @@ Verifies Server certificate revocation status before streaming using HTTPS. -ADMX Info: +ADMX Info: - GP Friendly name: *Verify certificate revocation list* - GP name: *Streaming_Verify_Certificate_Revocation_List* - GP path: *System/App-V/Streaming* @@ -1412,7 +1412,7 @@ ADMX Info:
            -**AppVirtualization/VirtualComponentsAllowList** +**AppVirtualization/VirtualComponentsAllowList** @@ -1444,7 +1444,7 @@ This policy specifies a list of process paths (may contain wildcards) which are -ADMX Info: +ADMX Info: - GP Friendly name: *Virtual Component Process Allow List* - GP name: *Virtualization_JITVAllowList* - GP path: *System/App-V/Virtualization* diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 2878642c3e..bd3a05bc12 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -8,17 +8,17 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - AttachmentManager >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -26,7 +26,7 @@ manager: aaroncz
            -## AttachmentManager policies +## AttachmentManager policies
            @@ -44,7 +44,7 @@ manager: aaroncz
            -**AttachmentManager/DoNotPreserveZoneInformation** +**AttachmentManager/DoNotPreserveZoneInformation** @@ -84,7 +84,7 @@ If you don't configure this policy setting, Windows marks file attachments with -ADMX Info: +ADMX Info: - GP Friendly name: *Do not preserve zone information in file attachments* - GP name: *AM_MarkZoneOnSavedAtttachments* - GP path: *Windows Components/Attachment Manager* @@ -96,7 +96,7 @@ ADMX Info:
            -**AttachmentManager/HideZoneInfoMechanism** +**AttachmentManager/HideZoneInfoMechanism** @@ -135,7 +135,7 @@ If you don't configure this policy setting, Windows hides the check box and Unbl -ADMX Info: +ADMX Info: - GP Friendly name: *Hide mechanisms to remove zone information* - GP name: *AM_RemoveZoneInfo* - GP path: *Windows Components/Attachment Manager* @@ -147,7 +147,7 @@ ADMX Info:
            -**AttachmentManager/NotifyAntivirusPrograms** +**AttachmentManager/NotifyAntivirusPrograms** @@ -186,7 +186,7 @@ If you don't configure this policy setting, Windows doesn't call the registered -ADMX Info: +ADMX Info: - GP Friendly name: *Notify antivirus programs when opening attachments* - GP name: *AM_CallIOfficeAntiVirus* - GP path: *Windows Components/Attachment Manager* diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index f70ec5324f..f21586fb2d 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -15,7 +15,7 @@ ms.date: 09/27/2019
            -## Audit policies +## Audit policies
            @@ -201,7 +201,7 @@ ms.date: 09/27/2019
            -**Audit/AccountLogonLogoff_AuditAccountLockout** +**Audit/AccountLogonLogoff_AuditAccountLockout** @@ -238,15 +238,15 @@ Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Account Lockout* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* -The following are the supported values: +The following are the supported values: - 0—Off/None -- 1 (default)—Success +- 1 (default)—Success - 2—Failure - 3—Success+Failure @@ -262,7 +262,7 @@ The following are the supported values:
            -**Audit/AccountLogonLogoff_AuditGroupMembership** +**Audit/AccountLogonLogoff_AuditGroupMembership** @@ -297,13 +297,13 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser -GP Info: +GP Info: - GP Friendly name: *Audit Group Membership* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -321,7 +321,7 @@ The following are the supported values:
            -**Audit/AccountLogonLogoff_AuditIPsecExtendedMode** +**Audit/AccountLogonLogoff_AuditIPsecExtendedMode** @@ -357,13 +357,13 @@ Volume: High. -GP Info: +GP Info: - GP Friendly name: *Audit IPsec Extended Mode* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -381,7 +381,7 @@ The following are the supported values:
            -**Audit/AccountLogonLogoff_AuditIPsecMainMode** +**Audit/AccountLogonLogoff_AuditIPsecMainMode** @@ -416,13 +416,13 @@ If you don't configure this policy setting, no audit event is generated during a Volume: High. -GP Info: +GP Info: - GP Friendly name: *Audit IPsec Main Mode* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -440,7 +440,7 @@ The following are the supported values:
            -**Audit/AccountLogonLogoff_AuditIPsecQuickMode** +**Audit/AccountLogonLogoff_AuditIPsecQuickMode** @@ -474,13 +474,13 @@ If you configure this policy setting, an audit event is generated during an IPse Volume: High. -GP Info: +GP Info: - GP Friendly name: *Audit IPsec Quick Mode* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -498,7 +498,7 @@ The following are the supported values:
            -**Audit/AccountLogonLogoff_AuditLogoff** +**Audit/AccountLogonLogoff_AuditLogoff** @@ -533,13 +533,13 @@ If you don't configure this policy setting, no audit event is generated when a s Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Logoff* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* -The following are the supported values: +The following are the supported values: - 0—Off/None - 1 (default)—Success - 2—Failure @@ -557,7 +557,7 @@ The following are the supported values:
            -**Audit/AccountLogonLogoff_AuditLogon** +**Audit/AccountLogonLogoff_AuditLogon** @@ -585,8 +585,8 @@ The following are the supported values: This policy setting allows you to audit events generated by user account sign-in attempts on the computer. -Events in this subcategory are related to the creation of sign in sessions and occur on the computer that was accessed. For an interactive sign in, the security audit event is generated on the computer that the user account signed in to. For a network sign in, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. -The following events are included: +Events in this subcategory are related to the creation of sign in sessions and occur on the computer that was accessed. For an interactive sign in, the security audit event is generated on the computer that the user account signed in to. For a network sign in, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. +The following events are included: - Successful sign in attempts. - Failed sign in attempts. - Sign-in attempts using explicit credentials. This event is generated when a process attempts to sign in an account by explicitly specifying that account’s credentials. This process most commonly occurs in batch sign-in configurations, such as scheduled tasks or when using the RUNAS command. @@ -596,13 +596,13 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser -GP Info: +GP Info: - GP Friendly name: *Audit Logon* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* -The following are the supported values: +The following are the supported values: - 0—Off/None - 1 (default)—Success - 2—Failure @@ -620,7 +620,7 @@ The following are the supported values:
            -**Audit/AccountLogonLogoff_AuditNetworkPolicyServer** +**Audit/AccountLogonLogoff_AuditNetworkPolicyServer** @@ -655,13 +655,13 @@ Volume: Medium or High on NPS and IAS server. No volume on other computers. -GP Info: +GP Info: - GP Friendly name: *Audit Network Policy Server* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* -The following are the supported values: +The following are the supported values: - 0—Off/None - 1—Success - 2—Failure @@ -679,7 +679,7 @@ The following are the supported values:
            -**Audit/AccountLogonLogoff_AuditOtherLogonLogoffEvents** +**Audit/AccountLogonLogoff_AuditOtherLogonLogoffEvents** @@ -706,7 +706,7 @@ The following are the supported values: -This policy setting allows you to audit other logon/logoff-related events that aren't covered in the “Logon/Logoff” policy setting, such as the following: +This policy setting allows you to audit other logon/logoff-related events that aren't covered in the “Logon/Logoff” policy setting, such as the following: - Terminal Services session disconnections. - New Terminal Services sessions. - Locking and unlocking a workstation. @@ -719,13 +719,13 @@ This policy setting allows you to audit other logon/logoff-related events that a Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Other Logon Logoff Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* -The following values are the supported values: +The following values are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -743,7 +743,7 @@ The following values are the supported values:
            -**Audit/AccountLogonLogoff_AuditSpecialLogon** +**Audit/AccountLogonLogoff_AuditSpecialLogon** @@ -770,20 +770,20 @@ The following values are the supported values: -This policy setting allows you to audit events generated by special sign ins, such as: +This policy setting allows you to audit events generated by special sign ins, such as: - The use of a special sign in, which is a sign in that has administrator-equivalent privileges and can be used to elevate a process to a higher level. - A sign in by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during sign in and the subcategory is enabled, an event is logged. For more information about this feature, see [Audit Special Logon](/windows/security/threat-protection/auditing/audit-special-logon). Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Special Logon* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* -The following are the supported values: +The following are the supported values: - 0—Off/None - 1 (default)—Success - 2—Failure @@ -801,7 +801,7 @@ The following are the supported values:
            -**Audit/AccountLogonLogoff_AuditUserDeviceClaims** +**Audit/AccountLogonLogoff_AuditUserDeviceClaims** @@ -838,13 +838,13 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser -GP Info: +GP Info: - GP Friendly name: *Audit User Device Claims* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -862,7 +862,7 @@ The following are the supported values:
            -**Audit/AccountLogon_AuditCredentialValidation** +**Audit/AccountLogon_AuditCredentialValidation** @@ -897,13 +897,13 @@ Volume: High on domain controllers. -GP Info: +GP Info: - GP Friendly name: *Audit Credential Validation* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon* ] -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -921,7 +921,7 @@ The following are the supported values:
            -**Audit/AccountLogon_AuditKerberosAuthenticationService** +**Audit/AccountLogon_AuditKerberosAuthenticationService** @@ -957,13 +957,13 @@ Volume: High on Kerberos Key Distribution Center servers. -GP Info: +GP Info: - GP Friendly name: *Audit Kerberos Authentication Service* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -981,7 +981,7 @@ The following are the supported values:
            -**Audit/AccountLogon_AuditKerberosServiceTicketOperations** +**Audit/AccountLogon_AuditKerberosServiceTicketOperations** @@ -1016,13 +1016,13 @@ If you don't configure this policy setting, no audit event is generated after a Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Kerberos Service Ticket Operations* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -1040,7 +1040,7 @@ The following are the supported values:
            -**Audit/AccountLogon_AuditOtherAccountLogonEvents** +**Audit/AccountLogon_AuditOtherAccountLogonEvents** @@ -1073,13 +1073,13 @@ Currently, there are no events in this subcategory. -GP Info: +GP Info: - GP Friendly name: *Audit Other Account Logon Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -1097,7 +1097,7 @@ The following are the supported values:
            -**Audit/AccountManagement_AuditApplicationGroupManagement** +**Audit/AccountManagement_AuditApplicationGroupManagement** @@ -1124,7 +1124,7 @@ The following are the supported values: -This policy setting allows you to audit events generated by changes to application groups as follows: +This policy setting allows you to audit events generated by changes to application groups as follows: - Application group is created, changed, or deleted. - Member is added or removed from an application group. @@ -1134,13 +1134,13 @@ If you don't configure this policy setting, no audit event is generated when an Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Application Group Management* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -1158,7 +1158,7 @@ The following are the supported values:
            -**Audit/AccountManagement_AuditComputerAccountManagement** +**Audit/AccountManagement_AuditComputerAccountManagement** @@ -1193,13 +1193,13 @@ If you don't configure this policy setting, no audit event is generated when a c Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Computer Account Management* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -1217,7 +1217,7 @@ The following are the supported values:
            -**Audit/AccountManagement_AuditDistributionGroupManagement** +**Audit/AccountManagement_AuditDistributionGroupManagement** @@ -1244,7 +1244,7 @@ The following are the supported values: -This policy setting allows you to audit events generated by changes to distribution groups as follows: +This policy setting allows you to audit events generated by changes to distribution groups as follows: - Distribution group is created, changed, or deleted. - Member is added or removed from a distribution group. - Distribution group type is changed. @@ -1258,13 +1258,13 @@ If you don't configure this policy setting, no audit event is generated when a d Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Distribution Group Management* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -1282,7 +1282,7 @@ The following are the supported values:
            -**Audit/AccountManagement_AuditOtherAccountManagementEvents** +**Audit/AccountManagement_AuditOtherAccountManagementEvents** @@ -1309,7 +1309,7 @@ The following are the supported values: -This policy setting allows you to audit events generated by other user account changes that aren't covered in this category, such as: +This policy setting allows you to audit events generated by other user account changes that aren't covered in this category, such as: - The password hash of a user account was accessed. This change happens during an Active Directory Management Tool password migration. - The Password Policy Checking API was called. Calls to this function can be part of an attack when a malicious application tests the policy to reduce the number of attempts during a password dictionary attack. - Changes to the Default Domain Group Policy under the following Group Policy paths: @@ -1322,13 +1322,13 @@ Computer Configuration\Windows Settings\Security Settings\Account Policies\Accou Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Other Account Management Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -1346,7 +1346,7 @@ The following are the supported values:
            -**Audit/AccountManagement_AuditSecurityGroupManagement** +**Audit/AccountManagement_AuditSecurityGroupManagement** @@ -1373,7 +1373,7 @@ The following are the supported values: -This policy setting allows you to audit events generated by changes to security groups, such as: +This policy setting allows you to audit events generated by changes to security groups, such as: - Security group is created, changed, or deleted. - Member is added or removed from a security group. - Group type is changed. @@ -1384,13 +1384,13 @@ If you don't configure this policy setting, no audit event is generated when a s Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Security Group Management* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management* -The following are the supported values: +The following are the supported values: - 0—Off/None - 1 (default)—Success - 2—Failure @@ -1408,7 +1408,7 @@ The following are the supported values:
            -**Audit/AccountManagement_AuditUserAccountManagement** +**Audit/AccountManagement_AuditUserAccountManagement** @@ -1435,8 +1435,8 @@ The following are the supported values: -This policy setting allows you to audit changes to user accounts. -The events included are as follows: +This policy setting allows you to audit changes to user accounts. +The events included are as follows: - A user account is created, changed, deleted; renamed, disabled, enabled, locked out, or unlocked. - A user account’s password is set or changed. - A security identifier (SID) is added to the SID History of a user account. @@ -1444,19 +1444,19 @@ The events included are as follows: - Permissions on administrative user accounts are changed. - Credential Manager credentials are backed up or restored. -If you configure this policy setting, an audit event is generated when an attempt to change a user account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. +If you configure this policy setting, an audit event is generated when an attempt to change a user account is made. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you don't configure this policy setting, no audit event is generated when a user account changes. Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit User Account Management* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management* -The following are the supported values: +The following are the supported values: - 0—Off/None - 1 (default)—Success - 2—Failure @@ -1474,7 +1474,7 @@ The following are the supported values:
            -**Audit/DSAccess_AuditDetailedDirectoryServiceReplication** +**Audit/DSAccess_AuditDetailedDirectoryServiceReplication** @@ -1507,13 +1507,13 @@ Volume: High. -GP Info: +GP Info: - GP Friendly name: *Audit Detailed Directory Service Replication* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/DS Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -1531,7 +1531,7 @@ The following are the supported values:
            -**Audit/DSAccess_AuditDirectoryServiceAccess** +**Audit/DSAccess_AuditDirectoryServiceAccess** @@ -1558,7 +1558,7 @@ The following are the supported values: -This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed. +This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed. Only AD DS objects with a matching system access control list (SACL) are logged. @@ -1567,13 +1567,13 @@ Events in this subcategory are similar to the Directory Service Access events av Volume: High on domain controllers. None on client computers. -GP Info: +GP Info: - GP Friendly name: *Audit Directory Service Access* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/DS Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -1591,7 +1591,7 @@ The following are the supported values:
            -**Audit/DSAccess_AuditDirectoryServiceChanges** +**Audit/DSAccess_AuditDirectoryServiceChanges** @@ -1633,13 +1633,13 @@ If you don't configure this policy setting, no audit event is generated when an Volume: High on domain controllers only. -GP Info: +GP Info: - GP Friendly name: *Audit Directory Service Changes* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/DS Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -1657,7 +1657,7 @@ The following are the supported values:
            -**Audit/DSAccess_AuditDirectoryServiceReplication** +**Audit/DSAccess_AuditDirectoryServiceReplication** @@ -1695,13 +1695,13 @@ If you don't configure this policy setting, no audit event is generated during A Volume: Medium on domain controllers. None on client computers. -GP Info: +GP Info: - GP Friendly name: *Audit Directory Service Replication* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/DS Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -1719,7 +1719,7 @@ The following are the supported values:
            -**Audit/DetailedTracking_AuditDPAPIActivity** +**Audit/DetailedTracking_AuditDPAPIActivity** @@ -1754,13 +1754,13 @@ If you don't configure this policy setting, no audit event is generated when an Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit DPAPI Activity* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -1777,7 +1777,7 @@ The following are the supported values:
            -**Audit/DetailedTracking_AuditPNPActivity** +**Audit/DetailedTracking_AuditPNPActivity** @@ -1812,13 +1812,13 @@ If you don't configure this policy setting, no audit event is generated when an Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit PNP Activity* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -1835,7 +1835,7 @@ The following are the supported values:
            -**Audit/DetailedTracking_AuditProcessCreation** +**Audit/DetailedTracking_AuditProcessCreation** @@ -1870,13 +1870,13 @@ If you don't configure this policy setting, no audit event is generated when a p Volume: Depends on how the computer is used. -GP Info: +GP Info: - GP Friendly name: *Audit Process Creation* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -1893,7 +1893,7 @@ The following are the supported values:
            -**Audit/DetailedTracking_AuditProcessTermination** +**Audit/DetailedTracking_AuditProcessTermination** @@ -1920,7 +1920,7 @@ The following are the supported values: -This policy setting allows you to audit events generated when a process ends. +This policy setting allows you to audit events generated when a process ends. If you configure this policy setting, an audit event is generated when a process ends. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you don't configure this policy setting, no audit event is generated when a process ends. @@ -1928,13 +1928,13 @@ If you don't configure this policy setting, no audit event is generated when a p Volume: Depends on how the computer is used. -GP Info: +GP Info: - GP Friendly name: *Audit Process Termination* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking* -The following are the supported values: +The following are the supported values: - 0—Off/None - 1—Success - 2—Failure @@ -1951,7 +1951,7 @@ The following are the supported values:
            -**Audit/DetailedTracking_AuditRPCEvents** +**Audit/DetailedTracking_AuditRPCEvents** @@ -1986,13 +1986,13 @@ If you don't configure this policy setting, no audit event is generated when a r Volume: High on RPC servers. -GP Info: +GP Info: - GP Friendly name: *Audit RPC Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2009,7 +2009,7 @@ The following are the supported values:
            -**Audit/DetailedTracking_AuditTokenRightAdjusted** +**Audit/DetailedTracking_AuditTokenRightAdjusted** @@ -2041,13 +2041,13 @@ This policy setting allows you to audit events generated by adjusting the privil Volume: High. -GP Info: +GP Info: - GP Friendly name: *Audit Token Right Adjusted* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2065,7 +2065,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditApplicationGenerated** +**Audit/ObjectAccess_AuditApplicationGenerated** @@ -2093,7 +2093,7 @@ The following are the supported values: This policy setting allows you to audit applications that generate events using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function. -Events in this subcategory include: +Events in this subcategory include: - Creation of an application client context. - Deletion of an application client context. - Initialization of an application client context. @@ -2102,13 +2102,13 @@ Events in this subcategory include: Volume: Depends on the applications that are generating them. -GP Info: +GP Info: - GP Friendly name: *Audit Application Generated* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2125,7 +2125,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditCentralAccessPolicyStaging** +**Audit/ObjectAccess_AuditCentralAccessPolicyStaging** @@ -2154,9 +2154,9 @@ The following are the supported values: This policy setting allows you to audit access requests where the permission granted or denied by a proposed policy differs from the current central access policy on an object. -If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that of the permission granted by the proposed policy. The resulting audit event will be generated as follows: +If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that of the permission granted by the proposed policy. The resulting audit event will be generated as follows: 1. Success audits, when configured, records access attempts when the current central access policy grants access but the proposed policy denies access. -2. Failure audits when configured records access attempts when: +2. Failure audits when configured records access attempts when: - The current central access policy doesn't grant access but the proposed policy grants access. - A principal requests the maximum access rights they're allowed and the access rights granted by the current central access policy are different than the access rights granted by the proposed policy. @@ -2164,13 +2164,13 @@ Volume: Potentially high on a file server when the proposed policy differs signi -GP Info: +GP Info: - GP Friendly name: *Audit Central Access Policy Staging* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2188,7 +2188,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditCertificationServices** +**Audit/ObjectAccess_AuditCertificationServices** @@ -2216,7 +2216,7 @@ The following are the supported values: This policy setting allows you to audit Active Directory Certificate Services (AD CS) operations. -AD CS operations include: +AD CS operations include: - AD CS startup/shutdown/backup/restore. - Changes to the certificate revocation list (CRL). @@ -2238,13 +2238,13 @@ AD CS operations include: Volume: Medium or Low on computers running Active Directory Certificate Services. -GP Info: +GP Info: - GP Friendly name: *Audit Certification Services* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2261,7 +2261,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditDetailedFileShare** +**Audit/ObjectAccess_AuditDetailedFileShare** @@ -2298,13 +2298,13 @@ If you configure this policy setting, an audit event is generated when an attemp Volume: High on a file server or domain controller because of SYSVOL network access required by Group Policy. -GP Info: +GP Info: - GP Friendly name: *Audit Detailed File Share* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2321,7 +2321,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditFileShare** +**Audit/ObjectAccess_AuditFileShare** @@ -2358,13 +2358,13 @@ If you configure this policy setting, an audit event is generated when an attemp Volume: High on a file server or domain controller because of SYSVOL network access required by Group Policy. -GP Info: +GP Info: - GP Friendly name: *Audit File Share* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2381,7 +2381,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditFileSystem** +**Audit/ObjectAccess_AuditFileSystem** @@ -2419,13 +2419,13 @@ If you don't configure this policy setting, no audit event is generated when an Volume: Depends on how the file system SACLs are configured. -GP Info: +GP Info: - GP Friendly name: *Audit File System* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2442,7 +2442,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditFilteringPlatformConnection** +**Audit/ObjectAccess_AuditFilteringPlatformConnection** @@ -2469,8 +2469,8 @@ The following are the supported values: -This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). -The following events are included: +This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). +The following events are included: - The Windows Firewall Service blocks an application from accepting incoming connections on the network. - The WFP allows a connection. - The WFP blocks a connection. @@ -2488,13 +2488,13 @@ If you don't configure this policy setting, no audit event is generated when con Volume: High. -GP Info: +GP Info: - GP Friendly name: *Audit Filtering Platform Connection* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2511,7 +2511,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditFilteringPlatformPacketDrop** +**Audit/ObjectAccess_AuditFilteringPlatformPacketDrop** @@ -2544,13 +2544,13 @@ Volume: High. -GP Info: +GP Info: - GP Friendly name: *Audit Filtering Platform Packet Drop* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2567,7 +2567,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditHandleManipulation** +**Audit/ObjectAccess_AuditHandleManipulation** @@ -2605,13 +2605,13 @@ If you don't configure this policy setting, no audit event is generated when a h Volume: Depends on how SACLs are configured. -GP Info: +GP Info: - GP Friendly name: *Audit Handle Manipulation* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2628,7 +2628,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditKernelObject** +**Audit/ObjectAccess_AuditKernelObject** @@ -2655,7 +2655,7 @@ The following are the supported values: -This policy setting allows you to audit attempts to access the kernel, which includes mutexes and semaphores. +This policy setting allows you to audit attempts to access the kernel, which includes mutexes and semaphores. Only kernel objects with a matching System Access Control List (SACL) generate security audit events. > [!Note] @@ -2664,13 +2664,13 @@ Only kernel objects with a matching System Access Control List (SACL) generate s Volume: High if auditing access of global system objects is enabled. -GP Info: +GP Info: - GP Friendly name: *Audit Kernel Object* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2687,7 +2687,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditOtherObjectAccessEvents** +**Audit/ObjectAccess_AuditOtherObjectAccessEvents** @@ -2714,15 +2714,15 @@ The following are the supported values: -This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects. -For scheduler jobs, the following are audited: +This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects. +For scheduler jobs, the following are audited: - Job created. - Job deleted. - Job enabled. - Job disabled. - Job updated. -For COM+ objects, the following are audited: +For COM+ objects, the following are audited: - Catalog object added. - Catalog object updated. - Catalog object deleted. @@ -2730,13 +2730,13 @@ For COM+ objects, the following are audited: Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Other Object Access Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2753,7 +2753,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditRegistry** +**Audit/ObjectAccess_AuditRegistry** @@ -2791,13 +2791,13 @@ If you don't configure this policy setting, no audit event is generated when an Volume: Depends on how registry SACLs are configured. -GP Info: +GP Info: - GP Friendly name: *Audit Registry* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2814,7 +2814,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditRemovableStorage** +**Audit/ObjectAccess_AuditRemovableStorage** @@ -2849,13 +2849,13 @@ If you don't configure this policy setting, no audit event is generated when an -GP Info: +GP Info: - GP Friendly name: *Audit Removable Storage* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2872,7 +2872,7 @@ The following are the supported values:
            -**Audit/ObjectAccess_AuditSAM** +**Audit/ObjectAccess_AuditSAM** @@ -2900,7 +2900,7 @@ The following are the supported values: This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects. -SAM objects include: +SAM objects include: - SAM_ALIAS -- A local group. - SAM_GROUP -- A group that isn't a local group. - SAM_USER – A user account. @@ -2917,13 +2917,13 @@ Volume: High on domain controllers. For more information about reducing the numb -GP Info: +GP Info: - GP Friendly name: *Audit SAM* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -2940,7 +2940,7 @@ The following are the supported values:
            -**Audit/PolicyChange_AuditAuthenticationPolicyChange** +**Audit/PolicyChange_AuditAuthenticationPolicyChange** @@ -2967,12 +2967,12 @@ The following are the supported values: -This policy setting allows you to audit events generated by changes to the authentication policy, such as: +This policy setting allows you to audit events generated by changes to the authentication policy, such as: - Creation of forest and domain trusts. - Modification of forest and domain trusts. - Removal of forest and domain trusts. - Changes to Kerberos policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy. -- Granting of any of the following user rights to a user or group: +- Granting of any of the following user rights to a user or group: - Access This Computer From the Network. - Allow Logon Locally. - Allow Logon Through Terminal Services. @@ -2989,13 +2989,13 @@ If you don't configure this policy setting, no audit event is generated when the Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Authentication Policy Change* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change* -The following are the supported values: +The following are the supported values: - 0—Off/None - 1 (default)—Success - 2—Failure @@ -3013,7 +3013,7 @@ The following are the supported values:
            -**Audit/PolicyChange_AuditAuthorizationPolicyChange** +**Audit/PolicyChange_AuditAuthorizationPolicyChange** @@ -3040,7 +3040,7 @@ The following are the supported values: -This policy setting allows you to audit events generated by changes to the authorization policy, such as: +This policy setting allows you to audit events generated by changes to the authorization policy, such as: - Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that aren't audited through the “Authentication Policy Change” subcategory. - Removal of user rights (privileges), such as SeCreateTokenPrivilege, that aren't audited through the “Authentication Policy Change” subcategory. - Changes in the Encrypted File System (EFS) policy. @@ -3053,13 +3053,13 @@ If you don't configure this policy setting, no audit event is generated when the Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Authorization Policy Change* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -3077,7 +3077,7 @@ The following are the supported values:
            -**Audit/PolicyChange_AuditFilteringPlatformPolicyChange** +**Audit/PolicyChange_AuditFilteringPlatformPolicyChange** @@ -3104,7 +3104,7 @@ The following are the supported values: -This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP), such as: +This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP), such as: - IPsec services status. - Changes to IPsec policy settings. - Changes to Windows Firewall policy settings. @@ -3116,13 +3116,13 @@ If you don't configure this policy setting, no audit event is generated when a c Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Filtering Platform Policy Change* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -3140,7 +3140,7 @@ The following are the supported values:
            -**Audit/PolicyChange_AuditMPSSVCRuleLevelPolicyChange** +**Audit/PolicyChange_AuditMPSSVCRuleLevelPolicyChange** @@ -3167,8 +3167,8 @@ The following are the supported values: -This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. -Events include: +This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. +Events include: - Reporting of active policies when Windows Firewall service starts. - Changes to Windows Firewall rules. - Changes to Windows Firewall exception list. @@ -3182,13 +3182,13 @@ If you don't configure this policy setting, no audit event is generated by chang Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit MPSSVC Rule Level Policy Change* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -3206,7 +3206,7 @@ The following are the supported values:
            -**Audit/PolicyChange_AuditOtherPolicyChangeEvents** +**Audit/PolicyChange_AuditOtherPolicyChangeEvents** @@ -3233,7 +3233,7 @@ The following are the supported values: -This policy setting allows you to audit events generated by other security policy changes that aren't audited in the policy change category, such as: +This policy setting allows you to audit events generated by other security policy changes that aren't audited in the policy change category, such as: - Trusted Platform Module (TPM) configuration changes. - Kernel-mode cryptographic self tests. - Cryptographic provider operations. @@ -3244,13 +3244,13 @@ This policy setting allows you to audit events generated by other security polic Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Other Policy Change Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -3268,7 +3268,7 @@ The following are the supported values:
            -**Audit/PolicyChange_AuditPolicyChange** +**Audit/PolicyChange_AuditPolicyChange** @@ -3295,7 +3295,7 @@ The following are the supported values: -This policy setting allows you to audit changes in the security audit policy settings, such as: +This policy setting allows you to audit changes in the security audit policy settings, such as: - Settings permissions and audit settings on the Audit Policy object. - Changes to the system audit policy. - Registration of security event sources. @@ -3311,13 +3311,13 @@ This policy setting allows you to audit changes in the security audit policy set Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Policy Change* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change* -The following are the supported values: +The following are the supported values: - 0—Off/None - 1 (default)—Success - 2—Failure @@ -3335,7 +3335,7 @@ The following are the supported values:
            -**Audit/PrivilegeUse_AuditNonSensitivePrivilegeUse** +**Audit/PrivilegeUse_AuditNonSensitivePrivilegeUse** @@ -3363,7 +3363,7 @@ The following are the supported values: This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights). -The following privileges are non-sensitive: +The following privileges are non-sensitive: - Access Credential Manager as a trusted caller. - Access this computer from the network. - Add workstations to domain. @@ -3401,13 +3401,13 @@ If you don't configure this policy setting, no audit event is generated when a n Volume: Very High. -GP Info: +GP Info: - GP Friendly name: *Audit Non Sensitive Privilege Use* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Privilege Use* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -3424,7 +3424,7 @@ The following are the supported values:
            -**Audit/PrivilegeUse_AuditOtherPrivilegeUseEvents** +**Audit/PrivilegeUse_AuditOtherPrivilegeUseEvents** @@ -3455,13 +3455,13 @@ Not used. -GP Info: +GP Info: - GP Friendly name: *Audit Other Privilege Use Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Privilege Use* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -3478,7 +3478,7 @@ The following are the supported values:
            -**Audit/PrivilegeUse_AuditSensitivePrivilegeUse** +**Audit/PrivilegeUse_AuditSensitivePrivilegeUse** @@ -3505,9 +3505,9 @@ The following are the supported values: -This policy setting allows you to audit events generated when sensitive privileges (user rights) are used, such as: +This policy setting allows you to audit events generated when sensitive privileges (user rights) are used, such as: - A privileged service is called. -- One of the following privileges is called: +- One of the following privileges is called: - Act as part of the operating system. - Back up files and directories. - Create a token object. @@ -3528,13 +3528,13 @@ If you don't configure this policy setting, no audit event is generated when sen Volume: High. -GP Info: +GP Info: - GP Friendly name: *Audit Sensitive Privilege Use* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Privilege Use* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -3551,7 +3551,7 @@ The following are the supported values:
            -**Audit/System_AuditIPsecDriver** +**Audit/System_AuditIPsecDriver** @@ -3578,7 +3578,7 @@ The following are the supported values: -This policy setting allows you to audit events generated by the IPsec filter driver, such as: +This policy setting allows you to audit events generated by the IPsec filter driver, such as: - Startup and shutdown of the IPsec services. - Network packets dropped due to integrity check failure. - Network packets dropped due to replay check failure. @@ -3592,13 +3592,13 @@ If you don't configure this policy setting, no audit event is generated on an IP Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit IPsec Driver* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -3616,7 +3616,7 @@ The following are the supported values:
            -**Audit/System_AuditOtherSystemEvents** +**Audit/System_AuditOtherSystemEvents** @@ -3643,7 +3643,7 @@ The following are the supported values: -This policy setting allows you to audit any of the following events: +This policy setting allows you to audit any of the following events: - Startup and shutdown of the Windows Firewall service and driver. - Security policy processing by the Windows Firewall Service. - Cryptography key file and migration operations. @@ -3651,13 +3651,13 @@ This policy setting allows you to audit any of the following events: Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Other System Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System* -The following are the supported values: +The following are the supported values: - 0—Off/None - 1—Success - 2—Failure @@ -3675,7 +3675,7 @@ The following are the supported values:
            -**Audit/System_AuditSecurityStateChange** +**Audit/System_AuditSecurityStateChange** @@ -3702,7 +3702,7 @@ The following are the supported values: -This policy setting allows you to audit events generated by changes in the security state of the computer, such as the following events: +This policy setting allows you to audit events generated by changes in the security state of the computer, such as the following events: - Startup and shutdown of the computer. - Change of system time. - Recovering the system from CrashOnAuditFail, which is logged after a system restarts when the security event log is full and the CrashOnAuditFail registry entry is configured. @@ -3710,13 +3710,13 @@ This policy setting allows you to audit events generated by changes in the secur Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit Security State Change* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System* -The following are the supported values: +The following are the supported values: - 0—Off/None - 1 (default)—Success - 2—Failure @@ -3734,7 +3734,7 @@ The following are the supported values:
            -**Audit/System_AuditSecuritySystemExtension** +**Audit/System_AuditSecuritySystemExtension** @@ -3761,7 +3761,7 @@ The following are the supported values: -This policy setting allows you to audit events related to security system extensions or services, such as the following: +This policy setting allows you to audit events related to security system extensions or services, such as the following: - A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It's used to authenticate sign-in attempts, submit sign-in requests, and any account or password changes. Examples of security system extensions are Kerberos and NTLM. - A service is installed and registered with the Service Control Manager. The audit log contains information about the service name, binary, type, start type, and service account. @@ -3771,13 +3771,13 @@ If you don't configure this policy setting, no audit event is generated when an Volume: Low. Security system extension events are generated more often on a domain controller than on client computers or member servers. -GP Info: +GP Info: - GP Friendly name: *Audit Security System Extension* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System* -The following are the supported values: +The following are the supported values: - 0 (default)—Off/None - 1—Success - 2—Failure @@ -3795,7 +3795,7 @@ The following are the supported values:
            -**Audit/System_AuditSystemIntegrity** +**Audit/System_AuditSystemIntegrity** @@ -3822,7 +3822,7 @@ The following are the supported values: -This policy setting allows you to audit events that violate the integrity of the security subsystem, such as: +This policy setting allows you to audit events that violate the integrity of the security subsystem, such as: - Events that couldn't be written to the event log because of a problem with the auditing system. - A process that uses a local procedure call (LPC) port that isn't valid in an attempt to impersonate a client by replying, reading, or writing to or from a client address space. - The detection of a Remote Procedure Call (RPC) that compromises system integrity. @@ -3832,13 +3832,13 @@ This policy setting allows you to audit events that violate the integrity of the Volume: Low. -GP Info: +GP Info: - GP Friendly name: *Audit System Integrity* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System* -The following are the supported values: +The following are the supported values: - 0—Off/None - 1—Success - 2—Failure diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index b7a3091207..e36a54a137 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -18,7 +18,7 @@ manager: aaroncz
            -## Authentication policies +## Authentication policies
            @@ -57,7 +57,7 @@ manager: aaroncz
            -**Authentication/AllowAadPasswordReset** +**Authentication/AllowAadPasswordReset** @@ -99,7 +99,7 @@ The following list shows the supported values:
            -**Authentication/AllowEAPCertSSO** +**Authentication/AllowEAPCertSSO** @@ -141,7 +141,7 @@ The following list shows the supported values:
            -**Authentication/AllowFastReconnect** +**Authentication/AllowFastReconnect** @@ -185,7 +185,7 @@ The following list shows the supported values:
            -**Authentication/AllowFidoDeviceSignon** +**Authentication/AllowFidoDeviceSignon** @@ -231,7 +231,7 @@ The following list shows the supported values:
            -**Authentication/AllowSecondaryAuthenticationDevice** +**Authentication/AllowSecondaryAuthenticationDevice** @@ -266,7 +266,7 @@ In the next major release of Windows 10, the default for this policy for consume -ADMX Info: +ADMX Info: - GP Friendly name: *Allow companion device for secondary authentication* - GP name: *MSSecondaryAuthFactor_AllowSecondaryAuthenticationDevice* - GP path: *Windows Components/Microsoft Secondary Authentication Factor* @@ -285,7 +285,7 @@ The following list shows the supported values:
            -**Authentication/ConfigureWebSignInAllowedUrls** +**Authentication/ConfigureWebSignInAllowedUrls** @@ -331,7 +331,7 @@ Specifies the list of domains that are allowed to be navigated to in Azure Activ
            -**Authentication/ConfigureWebcamAccessDomainNames** +**Authentication/ConfigureWebcamAccessDomainNames** @@ -381,7 +381,7 @@ Web Sign-in is only supported on Azure AD Joined PCs.
            -**Authentication/EnableFastFirstSignIn** +**Authentication/EnableFastFirstSignIn** @@ -409,7 +409,7 @@ Web Sign-in is only supported on Azure AD Joined PCs. > [!Warning] -> The Web Sign-in feature is in private preview mode only and not meant or recommended for production purposes. This setting is not currently supported at this time. +> The Web Sign-in feature is in private preview mode only and not meant or recommended for production purposes. This setting is not currently supported at this time. This policy is intended for use on Shared PCs to enable a quick first sign-in experience for a user. It works by automatically connecting new non-admin Azure Active Directory (Azure AD) accounts to the pre-configured candidate local accounts. @@ -437,7 +437,7 @@ Value type is integer. Supported values:
            -**Authentication/EnableWebSignIn** +**Authentication/EnableWebSignIn** @@ -465,7 +465,7 @@ Value type is integer. Supported values: > [!Warning] -> The Web Sign-in feature is in private preview mode only and not meant or recommended for production purposes. This setting is not currently supported at this time. +> The Web Sign-in feature is in private preview mode only and not meant or recommended for production purposes. This setting is not currently supported at this time. "Web Sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for new Azure AD credentials, like Temporary Access Pass. @@ -493,7 +493,7 @@ Value type is integer. Supported values:
            -**Authentication/PreferredAadTenantDomainName** +**Authentication/PreferredAadTenantDomainName** diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index cbccee0f6f..7cd383658f 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -8,24 +8,24 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - Autoplay >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## Autoplay policies +## Autoplay policies
            @@ -43,7 +43,7 @@ manager: aaroncz
            -**Autoplay/DisallowAutoplayForNonVolumeDevices** +**Autoplay/DisallowAutoplayForNonVolumeDevices** @@ -82,7 +82,7 @@ If you disable or don't configure this policy setting, AutoPlay is enabled for n -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow Autoplay for non-volume devices* - GP name: *NoAutoplayfornonVolume* - GP path: *Windows Components/AutoPlay Policies* @@ -94,7 +94,7 @@ ADMX Info:
            -**Autoplay/SetDefaultAutoRunBehavior** +**Autoplay/SetDefaultAutoRunBehavior** @@ -141,7 +141,7 @@ If you disable or not configure this policy setting, Windows Vista or later will -ADMX Info: +ADMX Info: - GP Friendly name: *Set the default behavior for AutoRun* - GP name: *NoAutorun* - GP path: *Windows Components/AutoPlay Policies* @@ -153,7 +153,7 @@ ADMX Info:
            -**Autoplay/TurnOffAutoPlay** +**Autoplay/TurnOffAutoPlay** @@ -202,7 +202,7 @@ If you disable or don't configure this policy setting, AutoPlay is enabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Autoplay* - GP name: *Autorun* - GP path: *Windows Components/AutoPlay Policies* diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index 7aa01b7d63..ce76b05817 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -22,7 +22,7 @@ manager: aaroncz
            -## BitLocker policies +## BitLocker policies
            @@ -34,7 +34,7 @@ manager: aaroncz
            -**Bitlocker/EncryptionMethod** +**Bitlocker/EncryptionMethod** diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index 639d2c8e86..9d95819603 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -8,16 +8,16 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - BITS -The following bandwidth policies are used together to define the bandwidth-throttling schedule and transfer rate. +The following bandwidth policies are used together to define the bandwidth-throttling schedule and transfer rate. -- BITS/BandwidthThrottlingEndTime -- BITS/BandwidthThrottlingStartTime +- BITS/BandwidthThrottlingEndTime +- BITS/BandwidthThrottlingStartTime - BITS/BandwidthThrottlingTransferRate If BITS/BandwidthThrottlingStartTime or BITS/BandwidthThrottlingEndTime are NOT defined, but BITS/BandwidthThrottlingTransferRate IS defined, then default values will be used for StartTime and EndTime (8 AM and 5 PM respectively). The time policies are based on the 24-hour clock. @@ -25,7 +25,7 @@ If BITS/BandwidthThrottlingStartTime or BITS/BandwidthThrottlingEndTime are NOT
            -## BITS policies +## BITS policies
            @@ -52,7 +52,7 @@ If BITS/BandwidthThrottlingStartTime or BITS/BandwidthThrottlingEndTime are NOT
            -**BITS/BandwidthThrottlingEndTime** +**BITS/BandwidthThrottlingEndTime** @@ -98,7 +98,7 @@ Consider using this setting to prevent BITS transfers from competing for network -ADMX Info: +ADMX Info: - GP Friendly name: *Limit the maximum network bandwidth for BITS background transfers* - GP name: *BITS_MaxBandwidth* - GP element: *BITS_BandwidthLimitSchedTo* @@ -120,7 +120,7 @@ ADMX Info:
            -**BITS/BandwidthThrottlingStartTime** +**BITS/BandwidthThrottlingStartTime** @@ -165,7 +165,7 @@ Consider using this setting to prevent BITS transfers from competing for network -ADMX Info: +ADMX Info: - GP Friendly name: *Limit the maximum network bandwidth for BITS background transfers* - GP name: *BITS_MaxBandwidth* - GP element: *BITS_BandwidthLimitSchedFrom* @@ -187,7 +187,7 @@ ADMX Info:
            -**BITS/BandwidthThrottlingTransferRate** +**BITS/BandwidthThrottlingTransferRate** @@ -233,7 +233,7 @@ Consider using this setting to prevent BITS transfers from competing for network -ADMX Info: +ADMX Info: - GP Friendly name: *Limit the maximum network bandwidth for BITS background transfers* - GP name: *BITS_MaxBandwidth* - GP element: *BITS_MaxTransferRateText* @@ -255,7 +255,7 @@ ADMX Info:
            -**BITS/CostedNetworkBehaviorBackgroundPriority** +**BITS/CostedNetworkBehaviorBackgroundPriority** @@ -294,7 +294,7 @@ For example, you can specify that background jobs are by default to transfer onl -ADMX Info: +ADMX Info: - GP Friendly name: *Set default download behavior for BITS jobs on costed networks* - GP name: *BITS_SetTransferPolicyOnCostedNetwork* - GP element: *BITS_TransferPolicyNormalPriorityValue* @@ -316,7 +316,7 @@ ADMX Info:
            -**BITS/CostedNetworkBehaviorForegroundPriority** +**BITS/CostedNetworkBehaviorForegroundPriority** @@ -355,7 +355,7 @@ For example, you can specify that foreground jobs are by default to transfer onl -ADMX Info: +ADMX Info: - GP Friendly name: *Set default download behavior for BITS jobs on costed networks* - GP name: *BITS_SetTransferPolicyOnCostedNetwork* - GP element: *BITS_TransferPolicyForegroundPriorityValue* @@ -377,7 +377,7 @@ ADMX Info:
            -**BITS/JobInactivityTimeout** +**BITS/JobInactivityTimeout** @@ -412,14 +412,14 @@ Value type is integer. Default is 90 days. Supported values range: 0 - 999 -Consider increasing the timeout value if computers tend to stay offline for a long period of time and still have pending jobs. +Consider increasing the timeout value if computers tend to stay offline for a long period of time and still have pending jobs. Consider decreasing this value if you're concerned about orphaned jobs occupying disk space. If you disable or don't configure this policy setting, the default value of 90 (days) will be used for the inactive job timeout. -ADMX Info: +ADMX Info: - GP Friendly name: *Timeout for inactive BITS jobs* - GP name: *BITS_Job_Timeout* - GP element: *BITS_Job_Timeout_Time* diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 0a044cfc57..d4cf37c54e 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 02/12/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Bluetooth policies +## Bluetooth policies
            @@ -47,7 +47,7 @@ manager: aaroncz
            -**Bluetooth/AllowAdvertising** +**Bluetooth/AllowAdvertising** @@ -93,7 +93,7 @@ The following list shows the supported values:
            -**Bluetooth/AllowDiscoverableMode** +**Bluetooth/AllowDiscoverableMode** @@ -139,7 +139,7 @@ The following list shows the supported values:
            -**Bluetooth/AllowPrepairing** +**Bluetooth/AllowPrepairing** @@ -181,7 +181,7 @@ The following list shows the supported values:
            -**Bluetooth/AllowPromptedProximalConnections** +**Bluetooth/AllowPromptedProximalConnections** @@ -212,7 +212,7 @@ This policy allows the IT admin to block users on these managed devices from usi -The following list shows the supported values: +The following list shows the supported values: - 0 - Disallow. Block users on these managed devices from using Swift Pair and other proximity based scenarios - 1 - Allow (default). Allow users on these managed devices to use Swift Pair and other proximity based scenarios @@ -223,7 +223,7 @@ The following list shows the supported values:
            -**Bluetooth/LocalDeviceName** +**Bluetooth/LocalDeviceName** @@ -262,7 +262,7 @@ If this policy isn't set or is deleted, the default local radio name is used.
            -**Bluetooth/ServicesAllowedList** +**Bluetooth/ServicesAllowedList** @@ -299,7 +299,7 @@ The default value is an empty string. For more information, see [ServicesAllowed
            -**Bluetooth/SetMinimumEncryptionKeySize** +**Bluetooth/SetMinimumEncryptionKeySize** @@ -330,7 +330,7 @@ There are multiple levels of encryption strength when pairing Bluetooth devices. -The following list shows the supported values: +The following list shows the supported values: - 0 (default) - All Bluetooth traffic is allowed. - N - A number from 1 through 16 representing the bytes that must be used in the encryption process. Currently, 16 is the largest allowed value for N and 16 bytes is the largest key size that Bluetooth supports. If you want to enforce Windows to always use Bluetooth encryption, ignoring the precise encryption key strength, use 1 as the value for N. @@ -361,7 +361,7 @@ When the Bluetooth/ServicesAllowedList policy is provisioned, it will only allow - Disabling a service shall log when a service is blocked for auditing purposes - Disabling a service shall take effect upon reload of the stack or system reboot -To define which profiles and services are allowed, enter the semicolon delimited profile or service Universally Unique Identifiers (UUID). To get a profile UUID, refer to the [Service Discovery](https://www.bluetooth.com/specifications/assigned-numbers/service-discovery) page on the Bluetooth SIG website. +To define which profiles and services are allowed, enter the semicolon delimited profile or service Universally Unique Identifiers (UUID). To get a profile UUID, refer to the [Service Discovery](https://www.bluetooth.com/specifications/assigned-numbers/service-discovery) page on the Bluetooth SIG website. These UUIDs all use the same base UUID with the profile identifiers added to the beginning of the base UUID. @@ -414,7 +414,7 @@ This means that if you only want Bluetooth headsets, the UUIDs are: |Profile |Reasoning |UUID | |---------|---------|---------| |HFP (Hands Free Profile) |For voice enabled headsets |0x111E | -|A2DP Source (Advance Audio Distribution)|For streaming to Bluetooth speakers |0x110B| +|A2DP Source (Advance Audio Distribution)|For streaming to Bluetooth speakers |0x110B| |Generic Audio Service|Generic service used by Bluetooth|0x1203| |Headset Service Class|For older voice-enabled headsets|0x1108| |AV Remote Control Target Service|For controlling audio remotely|0x110C| @@ -422,7 +422,7 @@ This means that if you only want Bluetooth headsets, the UUIDs are: |AV Remote Control Controller Service|For controlling audio remotely|0x110F| |PnP Information|Used to identify devices occasionally|0x1200| -{0000111E-0000-1000-8000-00805F9B34FB};{0000110B-0000-1000-8000-00805F9B34FB};{00001203-0000-1000-8000-00805F9B34FB};{00001108-0000-1000-8000-00805F9B34FB};{0000110C-0000-1000-8000-00805F9B34FB};{0000110E-0000-1000-8000-00805F9B34FB};{0000110F-0000-1000-8000-00805F9B34FB};{00001200-0000-1000-8000-00805F9B34FB}; +{0000111E-0000-1000-8000-00805F9B34FB};{0000110B-0000-1000-8000-00805F9B34FB};{00001203-0000-1000-8000-00805F9B34FB};{00001108-0000-1000-8000-00805F9B34FB};{0000110C-0000-1000-8000-00805F9B34FB};{0000110E-0000-1000-8000-00805F9B34FB};{0000110F-0000-1000-8000-00805F9B34FB};{00001200-0000-1000-8000-00805F9B34FB}; **Classic Keyboards and Mice** @@ -434,7 +434,7 @@ This means that if you only want Bluetooth headsets, the UUIDs are: {00001124-0000-1000-8000-00805F9B34FB};{00001200-0000-1000-8000-00805F9B34FB}; -**LE Keyboards and Mice** +**LE Keyboards and Mice** |Profile |Reasoning |UUID | |---------|---------|---------| diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 6da1550f1d..e6f8aa0527 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -7,7 +7,7 @@ ms.technology: windows author: vinaypamnani-msft ms.author: vinpa ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.localizationpriority: medium --- @@ -19,7 +19,7 @@ ms.localizationpriority: medium -## Browser policies +## Browser policies
            @@ -197,7 +197,7 @@ ms.localizationpriority: medium
            -**Browser/AllowAddressBarDropdown** +**Browser/AllowAddressBarDropdown** @@ -225,14 +225,14 @@ ms.localizationpriority: medium ->*Supported versions: Microsoft Edge on Windows 10, version 1703* +>*Supported versions: Microsoft Edge on Windows 10, version 1703* [!INCLUDE [allow-address-bar-drop-down-shortdesc](../includes/allow-address-bar-drop-down-shortdesc.md)] -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Address bar drop-down list suggestions* - GP name: *AllowAddressBarDropdown* - GP path: *Windows Components/Microsoft Edge* @@ -252,7 +252,7 @@ Most restricted value: 0
            -**Browser/AllowAutofill** +**Browser/AllowAutofill** @@ -285,7 +285,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Autofill* - GP name: *AllowAutofill* - GP path: *Windows Components/Microsoft Edge* @@ -299,7 +299,7 @@ Supported values: - 0 – Prevented/not allowed. - 1 (default) – Allowed. -Most restricted value: 0 +Most restricted value: 0 To verify AllowAutofill is set to 0 (not allowed): @@ -315,7 +315,7 @@ To verify AllowAutofill is set to 0 (not allowed):
            -**Browser/AllowConfigurationUpdateForBooksLibrary** +**Browser/AllowConfigurationUpdateForBooksLibrary** @@ -349,7 +349,7 @@ To verify AllowAutofill is set to 0 (not allowed): -ADMX Info: +ADMX Info: - GP Friendly name: *Allow configuration updates for the Books Library* - GP name: *AllowConfigurationUpdateForBooksLibrary* - GP path: *Windows Components/Microsoft Edge* @@ -368,7 +368,7 @@ Supported values:
            -**Browser/AllowCookies** +**Browser/AllowCookies** @@ -400,7 +400,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure cookies* - GP name: *Cookies* - GP element: *CookiesListBox* @@ -431,7 +431,7 @@ To verify AllowCookies is set to 0 (not allowed):
            -**Browser/AllowDeveloperTools** +**Browser/AllowDeveloperTools** @@ -464,7 +464,7 @@ To verify AllowCookies is set to 0 (not allowed): -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Developer Tools* - GP name: *AllowDeveloperTools* - GP path: *Windows Components/Microsoft Edge* @@ -484,7 +484,7 @@ Most restricted value: 0
            -**Browser/AllowDoNotTrack** +**Browser/AllowDoNotTrack** @@ -516,7 +516,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Do Not Track* - GP name: *AllowDoNotTrack* - GP path: *Windows Components/Microsoft Edge* @@ -546,7 +546,7 @@ To verify AllowDoNotTrack is set to 0 (not allowed):
            -**Browser/AllowExtensions** +**Browser/AllowExtensions** @@ -574,13 +574,13 @@ To verify AllowDoNotTrack is set to 0 (not allowed): ->*Supported versions: Microsoft Edge on Windows 10, version 1607* +>*Supported versions: Microsoft Edge on Windows 10, version 1607* [!INCLUDE [allow-extensions-shortdesc](../includes/allow-extensions-shortdesc.md)] -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Extensions* - GP name: *AllowExtensions* - GP path: *Windows Components/Microsoft Edge* @@ -599,7 +599,7 @@ Supported values:
            -**Browser/AllowFlash** +**Browser/AllowFlash** @@ -633,7 +633,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Adobe Flash* - GP name: *AllowFlash* - GP path: *Windows Components/Microsoft Edge* @@ -652,7 +652,7 @@ Supported values:
            -**Browser/AllowFlashClickToRun** +**Browser/AllowFlashClickToRun** @@ -680,14 +680,14 @@ Supported values: ->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* [!INCLUDE [configure-adobe-flash-click-to-run-setting-shortdesc](../includes/configure-adobe-flash-click-to-run-setting-shortdesc.md)] -ADMX Info: +ADMX Info: - GP Friendly name: *Configure the Adobe Flash Click-to-Run setting* - GP name: *AllowFlashClickToRun* - GP path: *Windows Components/Microsoft Edge* @@ -708,7 +708,7 @@ Most restricted value: 1
            -**Browser/AllowFullScreenMode** +**Browser/AllowFullScreenMode** @@ -742,7 +742,7 @@ Most restricted value: 1 -ADMX Info: +ADMX Info: - GP Friendly name: *Allow FullScreen Mode* - GP name: *AllowFullScreenMode* - GP path: *Windows Components/Microsoft Edge* @@ -769,7 +769,7 @@ Most restricted value: 0
            -**Browser/AllowInPrivate** +**Browser/AllowInPrivate** @@ -801,7 +801,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Allow InPrivate browsing* - GP name: *AllowInPrivate* - GP path: *Windows Components/Microsoft Edge* @@ -822,7 +822,7 @@ Most restricted value: 0
            -**Browser/AllowMicrosoftCompatibilityList** +**Browser/AllowMicrosoftCompatibilityList** @@ -850,7 +850,7 @@ Most restricted value: 0 ->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* [!INCLUDE [allow-microsoft-compatibility-list-shortdesc](../includes/allow-microsoft-compatibility-list-shortdesc.md)] @@ -858,7 +858,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Microsoft Compatibility List* - GP name: *AllowCVList* - GP path: *Windows Components/Microsoft Edge* @@ -879,7 +879,7 @@ Most restricted value: 0
            -**Browser/AllowPasswordManager** +**Browser/AllowPasswordManager** @@ -912,7 +912,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Password Manager* - GP name: *AllowPasswordManager* - GP path: *Windows Components/Microsoft Edge* @@ -941,7 +941,7 @@ To verify AllowPasswordManager is set to 0 (not allowed):
            -**Browser/AllowPopups** +**Browser/AllowPopups** @@ -974,7 +974,7 @@ To verify AllowPasswordManager is set to 0 (not allowed): -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Pop-up Blocker* - GP name: *AllowPopups* - GP path: *Windows Components/Microsoft Edge* @@ -1003,7 +1003,7 @@ To verify AllowPopups is set to 0 (not allowed):
            -**Browser/AllowPrelaunch** +**Browser/AllowPrelaunch** @@ -1038,7 +1038,7 @@ To verify AllowPopups is set to 0 (not allowed): -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed* - GP name: *AllowPrelaunch* - GP path: *Windows Components/Microsoft Edge* @@ -1065,7 +1065,7 @@ Most restricted value: 0
            -**Browser/AllowPrinting** +**Browser/AllowPrinting** @@ -1099,7 +1099,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Allow printing* - GP name: *AllowPrinting* - GP path: *Windows Components/Microsoft Edge* @@ -1126,7 +1126,7 @@ Most restricted value: 0
            -**Browser/AllowSavingHistory** +**Browser/AllowSavingHistory** @@ -1160,7 +1160,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Saving History* - GP name: *AllowSavingHistory* - GP path: *Windows Components/Microsoft Edge* @@ -1187,7 +1187,7 @@ Most restricted value: 0
            -**Browser/AllowSearchEngineCustomization** +**Browser/AllowSearchEngineCustomization** @@ -1216,7 +1216,7 @@ Most restricted value: 0 ->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* [!INCLUDE [allow-search-engine-customization-shortdesc](../includes/allow-search-engine-customization-shortdesc.md)] @@ -1225,7 +1225,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Allow search engine customization* - GP name: *AllowSearchEngineCustomization* - GP path: *Windows Components/Microsoft Edge* @@ -1246,7 +1246,7 @@ Most restricted value: 0
            -**Browser/AllowSearchSuggestionsinAddressBar** +**Browser/AllowSearchSuggestionsinAddressBar** @@ -1278,7 +1278,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Configure search suggestions in Address bar* - GP name: *AllowSearchSuggestionsinAddressBar* - GP path: *Windows Components/Microsoft Edge* @@ -1300,7 +1300,7 @@ Most restricted value: 0
            -**Browser/AllowSideloadingOfExtensions** +**Browser/AllowSideloadingOfExtensions** @@ -1334,7 +1334,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Allow sideloading of Extensions* - GP name: *AllowSideloadingOfExtensions* - GP path: *Windows Components/Microsoft Edge* @@ -1361,7 +1361,7 @@ Most restricted value: 0
            -**Browser/AllowSmartScreen** +**Browser/AllowSmartScreen** @@ -1393,7 +1393,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Windows Defender SmartScreen* - GP name: *AllowSmartScreen* - GP path: *Windows Components/Microsoft Edge* @@ -1422,7 +1422,7 @@ To verify AllowSmartScreen is set to 0 (not allowed):
            -**Browser/AllowTabPreloading** +**Browser/AllowTabPreloading** @@ -1456,7 +1456,7 @@ To verify AllowSmartScreen is set to 0 (not allowed): -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Microsoft Edge to start and load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed* - GP name: *AllowTabPreloading* - GP path: *Windows Components/Microsoft Edge* @@ -1482,7 +1482,7 @@ Most restricted value: 1
            -**Browser/AllowWebContentOnNewTabPage** +**Browser/AllowWebContentOnNewTabPage** @@ -1516,7 +1516,7 @@ Most restricted value: 1 -ADMX Info: +ADMX Info: - GP Friendly name: *Allow web content on New Tab page* - GP name: *AllowWebContentOnNewTabPage* - GP path: *Windows Components/Microsoft Edge* @@ -1542,7 +1542,7 @@ Supported values:
            -**Browser/AlwaysEnableBooksLibrary** +**Browser/AlwaysEnableBooksLibrary** @@ -1577,7 +1577,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Always show the Books Library in Microsoft Edge* - GP name: *AlwaysEnableBooksLibrary* - GP path: *Windows Components/Microsoft Edge* @@ -1598,7 +1598,7 @@ Most restricted value: 0
            -**Browser/ClearBrowsingDataOnExit** +**Browser/ClearBrowsingDataOnExit** @@ -1626,13 +1626,13 @@ Most restricted value: 0 ->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* [!INCLUDE [allow-clearing-browsing-data-on-exit-shortdesc](../includes/allow-clearing-browsing-data-on-exit-shortdesc.md)] -ADMX Info: +ADMX Info: - GP Friendly name: *Allow clearing browsing data on exit* - GP name: *AllowClearingBrowsingDataOnExit* - GP path: *Windows Components/Microsoft Edge* @@ -1649,11 +1649,11 @@ Most restricted value: 1 -To verify whether browsing data is cleared on exit (ClearBrowsingDataOnExit is set to 1): +To verify whether browsing data is cleared on exit (ClearBrowsingDataOnExit is set to 1): 1. Open Microsoft Edge and browse to websites. 2. Close the Microsoft Edge window. -3. Open Microsoft Edge and start typing the same URL in address bar. +3. Open Microsoft Edge and start typing the same URL in address bar. 4. Verify that it doesn't auto-complete from history. @@ -1662,7 +1662,7 @@ To verify whether browsing data is cleared on exit (ClearBrowsingDataOnExit is s
            -**Browser/ConfigureAdditionalSearchEngines** +**Browser/ConfigureAdditionalSearchEngines** @@ -1690,7 +1690,7 @@ To verify whether browsing data is cleared on exit (ClearBrowsingDataOnExit is s ->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* [!INCLUDE [configure-additional-search-engines-shortdesc](../includes/configure-additional-search-engines-shortdesc.md)] @@ -1700,7 +1700,7 @@ To verify whether browsing data is cleared on exit (ClearBrowsingDataOnExit is s -ADMX Info: +ADMX Info: - GP Friendly name: *Configure additional search engines* - GP name: *ConfigureAdditionalSearchEngines* - GP element: *ConfigureAdditionalSearchEngines_Prompt* @@ -1721,7 +1721,7 @@ Most restricted value: 0
            -**Browser/ConfigureFavoritesBar** +**Browser/ConfigureFavoritesBar** @@ -1755,7 +1755,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Favorites Bar* - GP name: *ConfigureFavoritesBar* - GP path: *Windows Components/Microsoft Edge* @@ -1782,7 +1782,7 @@ Supported values:
            -**Browser/ConfigureHomeButton** +**Browser/ConfigureHomeButton** @@ -1815,7 +1815,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Home Button* - GP name: *ConfigureHomeButton* - GP element: *ConfigureHomeButtonDropdown* @@ -1847,7 +1847,7 @@ Supported values:
            -**Browser/ConfigureKioskMode** +**Browser/ConfigureKioskMode** @@ -1884,7 +1884,7 @@ For this policy to work, you must configure Microsoft Edge in assigned access; o -ADMX Info: +ADMX Info: - GP Friendly name: *Configure kiosk mode* - GP name: *ConfigureKioskMode* - GP element: *ConfigureKioskMode_TextBox* @@ -1895,11 +1895,11 @@ ADMX Info: Supported values: -**0 (Default or not configured)**: +**0 (Default or not configured)**: - If it’s a single app, it runs InPrivate full screen for digital signage or interactive displays. - If it’s one of many apps, Microsoft Edge runs as normal. -**1**: +**1**: - If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy. _**For single-app public browsing:**_ If you don't configure the Configure kiosk reset after idle timeout policy and you enable this policy, Microsoft Edge kiosk resets after 5 minutes of idle time. - If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge. @@ -1915,7 +1915,7 @@ Supported values:
            -**Browser/ConfigureKioskResetAfterIdleTimeout** +**Browser/ConfigureKioskResetAfterIdleTimeout** @@ -1951,7 +1951,7 @@ You must set ConfigureKioskMode to enabled (1 - InPrivate public browsing) and c -ADMX Info: +ADMX Info: - GP Friendly name: *Configure kiosk reset after idle timeout* - GP name: *ConfigureKioskResetAfterIdleTimeout* - GP element: *ConfigureKioskResetAfterIdleTimeout_TextBox* @@ -1978,7 +1978,7 @@ Supported values:
            -**Browser/ConfigureOpenMicrosoftEdgeWith** +**Browser/ConfigureOpenMicrosoftEdgeWith** @@ -2018,7 +2018,7 @@ When you enable this policy and select an option, and also enter the URLs of the -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Open Microsoft Edge With* - GP name: *ConfigureOpenEdgeWith* - GP element: *ConfigureOpenEdgeWithListBox* @@ -2051,7 +2051,7 @@ Supported values:
            -**Browser/ConfigureTelemetryForMicrosoft365Analytics** +**Browser/ConfigureTelemetryForMicrosoft365Analytics** @@ -2084,7 +2084,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure collection of browsing data for Microsoft 365 Analytics* - GP name: *ConfigureTelemetryForMicrosoft365Analytics* - GP element: *ZonesListBox* @@ -2113,7 +2113,7 @@ Most restricted value: 0
            -**Browser/DisableLockdownOfStartPages** +**Browser/DisableLockdownOfStartPages** @@ -2141,19 +2141,19 @@ Most restricted value: 0 ->*Supported versions: Microsoft Edge on Windows 10* +>*Supported versions: Microsoft Edge on Windows 10* [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../includes/disable-lockdown-of-start-pages-shortdesc.md)]    > [!NOTE] > This policy has no effect when the Browser/HomePages policy isn't configured.  - + > [!IMPORTANT] > This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the [Microsoft browser extension policy](/legal/microsoft-edge/microsoft-browser-extension-policy). -ADMX Info: +ADMX Info: - GP Friendly name: *Disable lockdown of Start pages* - GP name: *DisableLockdownOfStartPages* - GP path: *Windows Components/Microsoft Edge* @@ -2173,7 +2173,7 @@ Most restricted value: 0
            -**Browser/EnableExtendedBooksTelemetry** +**Browser/EnableExtendedBooksTelemetry** @@ -2206,7 +2206,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Allow extended telemetry for the Books tab* - GP name: *EnableExtendedBooksTelemetry* - GP path: *Windows Components/Microsoft Edge* @@ -2226,7 +2226,7 @@ Most restricted value: 0
            -**Browser/EnterpriseModeSiteList** +**Browser/EnterpriseModeSiteList** @@ -2259,7 +2259,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Configure the Enterprise Mode Site List* - GP name: *EnterpriseModeSiteList* - GP element: *EnterSiteListPrompt* @@ -2280,7 +2280,7 @@ Supported values:
            -**Browser/EnterpriseSiteListServiceUrl** +**Browser/EnterpriseSiteListServiceUrl** @@ -2317,7 +2317,7 @@ Supported values:
            -**Browser/HomePages** +**Browser/HomePages** @@ -2352,10 +2352,10 @@ Supported values: From this version, the HomePages policy enforces that users can't change the Start pages settings. **Version 1703**
            -If you don't want to send traffic to Microsoft, use the \ value, which honors both domain and non-domain-joined devices when it's the only configured URL. +If you don't want to send traffic to Microsoft, use the \ value, which honors both domain and non-domain-joined devices when it's the only configured URL. **Version 1809**
            -When you enable the Configure Open Microsoft Edge With policy and select an option, and you enter the URLs of the pages you want to load as the Start pages in this policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the HomePages policy. +When you enable the Configure Open Microsoft Edge With policy and select an option, and you enter the URLs of the pages you want to load as the Start pages in this policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the HomePages policy. > [!NOTE] @@ -2363,7 +2363,7 @@ When you enable the Configure Open Microsoft Edge With policy and select an opti -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Start pages* - GP name: *HomePages* - GP element: *HomePagesPrompt* @@ -2383,7 +2383,7 @@ Supported values:
            -**Browser/LockdownFavorites** +**Browser/LockdownFavorites** @@ -2411,14 +2411,14 @@ Supported values: ->*Supported versions: Microsoft Edge on Windows 10, version 1709* +>*Supported versions: Microsoft Edge on Windows 10, version 1709* [!INCLUDE [prevent-changes-to-favorites-shortdesc](../includes/prevent-changes-to-favorites-shortdesc.md)] -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changes to Favorites on Microsoft Edge* - GP name: *LockdownFavorites* - GP path: *Windows Components/Microsoft Edge* @@ -2438,7 +2438,7 @@ Most restricted value: 1
            -**Browser/PreventAccessToAboutFlagsInMicrosoftEdge** +**Browser/PreventAccessToAboutFlagsInMicrosoftEdge** @@ -2471,7 +2471,7 @@ Most restricted value: 1 -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent access to the about:flags page in Microsoft Edge* - GP name: *PreventAccessToAboutFlagsInMicrosoftEdge* - GP path: *Windows Components/Microsoft Edge* @@ -2491,7 +2491,7 @@ Most restricted value: 1
            -**Browser/PreventCertErrorOverrides** +**Browser/PreventCertErrorOverrides** @@ -2524,7 +2524,7 @@ Most restricted value: 1 -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent certificate error overrides* - GP name: *PreventCertErrorOverrides* - GP path: *Windows Components/Microsoft Edge* @@ -2550,7 +2550,7 @@ Most restricted value: 1
            -**Browser/PreventFirstRunPage** +**Browser/PreventFirstRunPage** @@ -2578,13 +2578,13 @@ Most restricted value: 1 ->*Supported versions: Microsoft Edge on Windows 10, version 1703* +>*Supported versions: Microsoft Edge on Windows 10, version 1703* [!INCLUDE [prevent-first-run-webpage-from-opening-shortdesc](../includes/prevent-first-run-webpage-from-opening-shortdesc.md)] -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent the First Run webpage from opening on Microsoft Edge* - GP name: *PreventFirstRunPage* - GP path: *Windows Components/Microsoft Edge* @@ -2594,7 +2594,7 @@ ADMX Info: Supported values: -- 0 (default) – Allowed. Load the First Run webpage. +- 0 (default) – Allowed. Load the First Run webpage. - 1 – Prevented/not allowed. Most restricted value: 1 @@ -2604,7 +2604,7 @@ Most restricted value: 1
            -**Browser/PreventLiveTileDataCollection** +**Browser/PreventLiveTileDataCollection** @@ -2632,13 +2632,13 @@ Most restricted value: 1 ->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* [!INCLUDE [prevent-edge-from-gathering-live-tile-info-shortdesc](../includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md)] -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start* - GP name: *PreventLiveTileDataCollection* - GP path: *Windows Components/Microsoft Edge* @@ -2658,7 +2658,7 @@ Most restricted value: 1
            -**Browser/PreventSmartScreenPromptOverride** +**Browser/PreventSmartScreenPromptOverride** @@ -2690,7 +2690,7 @@ Most restricted value: 1 -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent bypassing Windows Defender SmartScreen prompts for sites* - GP name: *PreventSmartScreenPromptOverride* - GP path: *Windows Components/Microsoft Edge* @@ -2710,7 +2710,7 @@ Most restricted value: 1
            -**Browser/PreventSmartScreenPromptOverrideForFiles** +**Browser/PreventSmartScreenPromptOverrideForFiles** @@ -2743,7 +2743,7 @@ Most restricted value: 1 -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent bypassing Windows Defender SmartScreen prompts for files* - GP name: *PreventSmartScreenPromptOverrideForFiles* - GP path: *Windows Components/Microsoft Edge* @@ -2763,7 +2763,7 @@ Most restricted value: 1
            -**Browser/PreventTurningOffRequiredExtensions** +**Browser/PreventTurningOffRequiredExtensions** @@ -2795,7 +2795,7 @@ Most restricted value: 1 -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent turning off required extensions* - GP name: *PreventTurningOffRequiredExtensions* - GP element: *PreventTurningOffRequiredExtensions_Prompt* @@ -2804,7 +2804,7 @@ ADMX Info: -Supported values: +Supported values: - Blank (default) - Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. @@ -2822,7 +2822,7 @@ Supported values:
            -**Browser/PreventUsingLocalHostIPAddressForWebRTC** +**Browser/PreventUsingLocalHostIPAddressForWebRTC** @@ -2855,7 +2855,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent using Localhost IP address for WebRTC* - GP name: *HideLocalHostIPAddress* - GP path: *Windows Components/Microsoft Edge* @@ -2875,7 +2875,7 @@ Most restricted value: 1
            -**Browser/ProvisionFavorites** +**Browser/ProvisionFavorites** @@ -2903,10 +2903,10 @@ Most restricted value: 1 ->*Supported versions: Microsoft Edge on Windows 10, version 1709 or later* +>*Supported versions: Microsoft Edge on Windows 10, version 1709 or later* [!INCLUDE [provision-favorites-shortdesc](../includes/provision-favorites-shortdesc.md)] - + Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off. @@ -2924,7 +2924,7 @@ To define a default list of favorites: -ADMX Info: +ADMX Info: - GP Friendly name: *Provision Favorites* - GP name: *ConfiguredFavorites* - GP element: *ConfiguredFavoritesPrompt* @@ -2937,7 +2937,7 @@ ADMX Info:
            -**Browser/SendIntranetTraffictoInternetExplorer** +**Browser/SendIntranetTraffictoInternetExplorer** @@ -2970,7 +2970,7 @@ ADMX Info: -ADMX Info: +ADMX Info: - GP Friendly name: *Send all intranet sites to Internet Explorer 11* - GP name: *SendIntranetTraffictoInternetExplorer* - GP path: *Windows Components/Microsoft Edge* @@ -2991,7 +2991,7 @@ Most restricted value: 0
            -**Browser/SetDefaultSearchEngine** +**Browser/SetDefaultSearchEngine** @@ -3019,7 +3019,7 @@ Most restricted value: 0 ->*Supported versions: Microsoft Edge on Windows 10, version 1703* +>*Supported versions: Microsoft Edge on Windows 10, version 1703* [!INCLUDE [set-default-search-engine-shortdesc](../includes/set-default-search-engine-shortdesc.md)] @@ -3031,7 +3031,7 @@ Most restricted value: 0 -ADMX Info: +ADMX Info: - GP Friendly name: *Set default search engine* - GP name: *SetDefaultSearchEngine* - GP element: *SetDefaultSearchEngine_Prompt* @@ -3053,7 +3053,7 @@ Most restricted value: 1
            -**Browser/SetHomeButtonURL** +**Browser/SetHomeButtonURL** @@ -3086,7 +3086,7 @@ Most restricted value: 1 -ADMX Info: +ADMX Info: - GP Friendly name: *Set Home Button URL* - GP name: *SetHomeButtonURL* - GP element: *SetHomeButtonURLPrompt* @@ -3112,7 +3112,7 @@ Supported values:
            -**Browser/SetNewTabPageURL** +**Browser/SetNewTabPageURL** @@ -3145,7 +3145,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Set New Tab page URL* - GP name: *SetNewTabPageURL* - GP element: *SetNewTabPageURLPrompt* @@ -3170,7 +3170,7 @@ Supported values:
            -**Browser/ShowMessageWhenOpeningSitesInInternetExplorer** +**Browser/ShowMessageWhenOpeningSitesInInternetExplorer** @@ -3202,7 +3202,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Show message when opening sites in Internet Explorer* - GP name: *ShowMessageWhenOpeningSitesInInternetExplorer* - GP path: *Windows Components/Microsoft Edge* @@ -3223,7 +3223,7 @@ Most restricted value: 0
            -**Browser/SuppressEdgeDeprecationNotification** +**Browser/SuppressEdgeDeprecationNotification** @@ -3251,13 +3251,13 @@ Most restricted value: 0 -This policy allows Enterprise Admins to turn off the notification for company devices that the Edge Legacy browser is no longer supported after March 9, 2021, to avoid confusion for their enterprise users and reduce help desk calls. +This policy allows Enterprise Admins to turn off the notification for company devices that the Edge Legacy browser is no longer supported after March 9, 2021, to avoid confusion for their enterprise users and reduce help desk calls. By default, a notification will be presented to the user informing them of this update upon application startup. With this policy, you can either allow (default) or suppress this notification. -ADMX Info: +ADMX Info: - GP Friendly name: *Suppress Edge Deprecation Notification* - GP name: *SuppressEdgeDeprecationNotification* - GP path: *Windows Components/Microsoft Edge* @@ -3300,14 +3300,14 @@ Supported values: ->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* - +>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* + [!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)] -ADMX Info: +ADMX Info: - GP Friendly name: *Keep favorites in sync between Internet Explorer and Microsoft Edge* - GP name: *SyncFavoritesBetweenIEAndMicrosoftEdge* - GP path: *Windows Components/Microsoft Edge* @@ -3336,7 +3336,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
            -**Browser/UnlockHomeButton** +**Browser/UnlockHomeButton** @@ -3370,7 +3370,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro -ADMX Info: +ADMX Info: - GP Friendly name: *Unlock Home Button* - GP name: *UnlockHomeButton* - GP path: *Windows Components/Microsoft Edge* @@ -3395,7 +3395,7 @@ Supported values:
            -**Browser/UseSharedFolderForBooks** +**Browser/UseSharedFolderForBooks** @@ -3428,7 +3428,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Allow a shared Books folder* - GP name: *UseSharedFolderForBooks* - GP path: *Windows Components/Microsoft Edge* @@ -3438,7 +3438,7 @@ ADMX Info: Supported values: -- 0 - Prevented/not allowed, but Microsoft Edge downloads book files to a per-user folder for each user. +- 0 - Prevented/not allowed, but Microsoft Edge downloads book files to a per-user folder for each user. - 1 - Allowed. Microsoft Edge downloads book files to a shared folder. For this policy to work correctly, you must also enable the Allow a Windows app to share application data between users group policy. Also, the users must be signed in with a school or work account. Most restricted value: 0 diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index ed98c5d85b..50b9bb3e51 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -19,7 +19,7 @@ manager: aaroncz
            -## Camera policies +## Camera policies
            @@ -31,7 +31,7 @@ manager: aaroncz
            -**Camera/AllowCamera** +**Camera/AllowCamera** @@ -63,7 +63,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Use of Camera* - GP name: *L_AllowCamera* - GP path: *Windows Components/Camera* diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index eb2180cddd..3167bdccb8 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -8,24 +8,24 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - Cellular > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## Cellular policies +## Cellular policies
            @@ -49,7 +49,7 @@ manager: aaroncz
            -**Cellular/LetAppsAccessCellularData** +**Cellular/LetAppsAccessCellularData** @@ -93,7 +93,7 @@ If an app is open when this Group Policy object is applied on a device, employee -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_Enum* @@ -114,7 +114,7 @@ The following list shows the supported values:
            -**Cellular/LetAppsAccessCellularData_ForceAllowTheseApps** +**Cellular/LetAppsAccessCellularData_ForceAllowTheseApps** @@ -145,7 +145,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_ForceAllowTheseApps_List* @@ -158,7 +158,7 @@ ADMX Info:
            -**Cellular/LetAppsAccessCellularData_ForceDenyTheseApps** +**Cellular/LetAppsAccessCellularData_ForceDenyTheseApps** @@ -189,7 +189,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_ForceDenyTheseApps_List* @@ -202,7 +202,7 @@ ADMX Info:
            -**Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps** +**Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps** @@ -233,7 +233,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_UserInControlOfTheseApps_List* @@ -246,7 +246,7 @@ ADMX Info:
            -**Cellular/ShowAppCellularAccessUI** +**Cellular/ShowAppCellularAccessUI** @@ -282,7 +282,7 @@ If this policy setting is disabled or isn't configured, the link to the per-appl -ADMX Info: +ADMX Info: - GP Friendly name: *Set Per-App Cellular Access UI Visibility* - GP name: *ShowAppCellularAccessUI* - GP path: *Network/WWAN Service/WWAN UI Settings* diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index f4dc267b7a..14cdad4c57 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -8,17 +8,17 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - Connectivity >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). @@ -307,7 +307,7 @@ The following list shows the supported values: This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue tasks, such as reading, email, and other tasks that require linking between Phone and PC. -If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'. +If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'. If you disable this policy setting, the Windows device isn't allowed to be linked to phones, will remove itself from the device list of any linked Phones, and can't participate in 'Continue on PC experiences'. diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index da457db759..10eebb715f 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,7 +18,7 @@ manager: aaroncz
            -## ControlPolicyConflict policies +## ControlPolicyConflict policies
            @@ -30,7 +30,7 @@ manager: aaroncz
            -**ControlPolicyConflict/MDMWinsOverGP** +**ControlPolicyConflict/MDMWinsOverGP** > [!NOTE] > This setting doesn't apply to the following types of group policies: @@ -70,7 +70,7 @@ This policy allows the IT admin to control which policy will be used whenever bo > [!NOTE] > MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs. -This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. +This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1. > [!NOTE] @@ -81,19 +81,19 @@ The following list shows the supported values: - 0 (default) - 1 - The MDM policy is used and the GP policy is blocked. -The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. +The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. This ensures that: -- GP settings that correspond to MDM applied settings aren't conflicting -- The current Policy Manager policies are refreshed from what MDM has set +- GP settings that correspond to MDM applied settings aren't conflicting +- The current Policy Manager policies are refreshed from what MDM has set - Any values set by scripts/user outside of GP that conflict with MDM are removed -The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the policies with equivalent GP: +The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the policies with equivalent GP: -- \ +- \ - \ -- \ -- \ +- \ +- \ For the list MDM-GP mapping list, see [Policies in Policy CSP supported by Group Policy ](./policies-in-policy-csp-supported-by-group-policy.md). diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 28f4edb5ec..2bb4580abc 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -8,24 +8,24 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - CredentialProviders > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## CredentialProviders policies +## CredentialProviders policies
            @@ -43,7 +43,7 @@ manager: aaroncz
            -**CredentialProviders/AllowPINLogon** +**CredentialProviders/AllowPINLogon** @@ -85,7 +85,7 @@ To configure Windows Hello for Business, use the Administrative Template policie -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on convenience PIN sign-in* - GP name: *AllowDomainPINLogon* - GP path: *System/Logon* @@ -97,7 +97,7 @@ ADMX Info:
            -**CredentialProviders/BlockPicturePassword** +**CredentialProviders/BlockPicturePassword** @@ -126,7 +126,7 @@ ADMX Info: This policy setting allows you to control whether a domain user can sign in using a picture password. -If you enable this policy setting, a domain user can't set up or sign in with a picture password. +If you enable this policy setting, a domain user can't set up or sign in with a picture password. If you disable or don't configure this policy setting, a domain user can set up and use a picture password. @@ -137,7 +137,7 @@ If you disable or don't configure this policy setting, a domain user can set up -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off picture password sign-in* - GP name: *BlockDomainPicturePassword* - GP path: *System/Logon* @@ -149,7 +149,7 @@ ADMX Info:
            -**CredentialProviders/DisableAutomaticReDeploymentCredentials** +**CredentialProviders/DisableAutomaticReDeploymentCredentials** diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md index 4236a94376..0a892288b0 100644 --- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md +++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md @@ -8,24 +8,24 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - CredentialsDelegation > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## CredentialsDelegation policies +## CredentialsDelegation policies
            @@ -37,7 +37,7 @@ manager: aaroncz
            -**CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials** +**CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials** @@ -76,7 +76,7 @@ If you disable or don't configure this policy setting, Restricted Administration -ADMX Info: +ADMX Info: - GP Friendly name: *Remote host allows delegation of non-exportable credentials* - GP name: *AllowProtectedCreds* - GP path: *System/Credentials Delegation* diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index fd869a6c75..b25c7b462a 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -8,23 +8,23 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - CredentialsUI > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## CredentialsUI policies +## CredentialsUI policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**CredentialsUI/DisablePasswordReveal** +**CredentialsUI/DisablePasswordReveal** @@ -81,7 +81,7 @@ This policy applies to all Windows components and applications that use the Wind -ADMX Info: +ADMX Info: - GP Friendly name: *Do not display the password reveal button* - GP name: *DisablePasswordReveal* - GP path: *Windows Components/Credential User Interface* @@ -93,7 +93,7 @@ ADMX Info:
            -**CredentialsUI/EnumerateAdministrators** +**CredentialsUI/EnumerateAdministrators** @@ -130,7 +130,7 @@ If you disable this policy setting, users will always be required to type a user -ADMX Info: +ADMX Info: - GP Friendly name: *Enumerate administrator accounts on elevation* - GP name: *EnumerateAdministrators* - GP path: *Windows Components/Credential User Interface* diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 1eb727623a..7df10140df 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -19,7 +19,7 @@ manager: aaroncz
            -## Cryptography policies +## Cryptography policies
            @@ -34,7 +34,7 @@ manager: aaroncz
            -**Cryptography/AllowFipsAlgorithmPolicy** +**Cryptography/AllowFipsAlgorithmPolicy** @@ -65,7 +65,7 @@ This policy setting allows or disallows the Federal Information Processing Stand -ADMX Info: +ADMX Info: - GP Friendly name: *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -87,7 +87,7 @@ The following list shows the supported values:
            -**Cryptography/TLSCipherSuites** +**Cryptography/TLSCipherSuites** diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index 9bb4559320..557d7e1a16 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -19,7 +19,7 @@ manager: aaroncz
            -## DataProtection policies +## DataProtection policies
            @@ -34,7 +34,7 @@ manager: aaroncz
            -**DataProtection/AllowDirectMemoryAccess** +**DataProtection/AllowDirectMemoryAccess** @@ -61,7 +61,7 @@ manager: aaroncz -This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. +This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when [BitLocker Device Encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) is enabled. @@ -80,7 +80,7 @@ The following list shows the supported values:
            -**DataProtection/LegacySelectiveWipeID** +**DataProtection/LegacySelectiveWipeID** @@ -110,7 +110,7 @@ The following list shows the supported values: > [!IMPORTANT] > This policy may change in a future release. It may be used for testing purposes, but should not be used in a production environment at this time. - + Setting used by Windows 8.1 Selective Wipe. > [!NOTE] diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index 0950d10f87..eb466e58e4 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -8,23 +8,23 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - DataUsage > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## DataUsage policies +## DataUsage policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**DataUsage/SetCost3G** +**DataUsage/SetCost3G**
            @@ -52,7 +52,7 @@ This policy is deprecated in Windows 10, version 1809.
            -**DataUsage/SetCost4G** +**DataUsage/SetCost4G** @@ -79,12 +79,12 @@ This policy is deprecated in Windows 10, version 1809. -This policy setting configures the cost of 4G connections on the local machine. +This policy setting configures the cost of 4G connections on the local machine. If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 4G connections on the local machine: -- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. -- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. +- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. +- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. - Variable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default. @@ -93,7 +93,7 @@ If this policy setting is disabled or is not configured, the cost of 4G connecti -ADMX Info: +ADMX Info: - GP Friendly name: *Set 4G Cost* - GP name: *SetCost4G* - GP path: *Network/WWAN Service/WWAN Media Cost* diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 172eeb0f4f..b3684deace 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 05/12/2022 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.collection: highpri --- @@ -20,7 +20,7 @@ ms.collection: highpri
            -## Defender policies +## Defender policies
            @@ -152,7 +152,7 @@ ms.collection: highpri
            -**Defender/AllowArchiveScanning** +**Defender/AllowArchiveScanning** @@ -187,7 +187,7 @@ Allows or disallows scanning of archives. -ADMX Info: +ADMX Info: - GP Friendly name: *Scan archive files* - GP name: *Scan_DisableArchiveScanning* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -206,7 +206,7 @@ The following list shows the supported values:
            -**Defender/AllowBehaviorMonitoring** +**Defender/AllowBehaviorMonitoring** @@ -236,12 +236,12 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - + Allows or disallows Windows Defender Behavior Monitoring functionality. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on behavior monitoring* - GP name: *RealtimeProtection_DisableBehaviorMonitoring* - GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* @@ -260,7 +260,7 @@ The following list shows the supported values:
            -**Defender/AllowCloudProtection** +**Defender/AllowCloudProtection** @@ -294,7 +294,7 @@ To best protect your PC, Windows Defender will send information to Microsoft abo -ADMX Info: +ADMX Info: - GP Friendly name: *Join Microsoft MAPS* - GP name: *SpynetReporting* - GP element: *SpynetReporting* @@ -314,7 +314,7 @@ The following list shows the supported values:
            -**Defender/AllowEmailScanning** +**Defender/AllowEmailScanning** @@ -348,7 +348,7 @@ Allows or disallows scanning of email. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on e-mail scanning* - GP name: *Scan_DisableEmailScanning* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -367,7 +367,7 @@ The following list shows the supported values:
            -**Defender/AllowFullScanOnMappedNetworkDrives** +**Defender/AllowFullScanOnMappedNetworkDrives** @@ -401,7 +401,7 @@ Allows or disallows a full scan of mapped network drives. -ADMX Info: +ADMX Info: - GP Friendly name: *Run full scan on mapped network drives* - GP name: *Scan_DisableScanningMappedNetworkDrivesForFullScan* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -420,7 +420,7 @@ The following list shows the supported values:
            -**Defender/AllowFullScanRemovableDriveScanning** +**Defender/AllowFullScanRemovableDriveScanning** @@ -454,7 +454,7 @@ Allows or disallows a full scan of removable drives. During a quick scan, remova -ADMX Info: +ADMX Info: - GP Friendly name: *Scan removable drives* - GP name: *Scan_DisableRemovableDriveScanning* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -473,7 +473,7 @@ The following list shows the supported values:
            -**Defender/AllowIOAVProtection** +**Defender/AllowIOAVProtection** @@ -502,12 +502,12 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - + Allows or disallows Windows Defender IOAVP Protection functionality. -ADMX Info: +ADMX Info: - GP Friendly name: *Scan all downloaded files and attachments* - GP name: *RealtimeProtection_DisableIOAVProtection* - GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* @@ -526,7 +526,7 @@ The following list shows the supported values:
            -**Defender/AllowOnAccessProtection** +**Defender/AllowOnAccessProtection** @@ -560,7 +560,7 @@ Allows or disallows Windows Defender On Access Protection functionality. -ADMX Info: +ADMX Info: - GP Friendly name: *Monitor file and program activity on your computer* - GP name: *RealtimeProtection_DisableOnAccessProtection* - GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* @@ -582,7 +582,7 @@ The following list shows the supported values:
            -**Defender/AllowRealtimeMonitoring** +**Defender/AllowRealtimeMonitoring** @@ -616,7 +616,7 @@ Allows or disallows Windows Defender real-time Monitoring functionality. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off real-time protection* - GP name: *DisableRealtimeMonitoring* - GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* @@ -635,7 +635,7 @@ The following list shows the supported values:
            -**Defender/AllowScanningNetworkFiles** +**Defender/AllowScanningNetworkFiles** @@ -669,7 +669,7 @@ Allows or disallows a scanning of network files. -ADMX Info: +ADMX Info: - GP Friendly name: *Scan network files* - GP name: *Scan_DisableScanningNetworkFiles* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -688,7 +688,7 @@ The following list shows the supported values:
            -**Defender/AllowScriptScanning** +**Defender/AllowScriptScanning** @@ -733,7 +733,7 @@ The following list shows the supported values:
            -**Defender/AllowUserUIAccess** +**Defender/AllowUserUIAccess** @@ -767,7 +767,7 @@ Allows or disallows user access to the Windows Defender UI. I disallowed, all Wi -ADMX Info: +ADMX Info: - GP Friendly name: *Enable headless UI mode* - GP name: *UX_Configuration_UILockdown* - GP path: *Windows Components/Microsoft Defender Antivirus/Client Interface* @@ -786,7 +786,7 @@ The following list shows the supported values:
            -**Defender/AttackSurfaceReductionOnlyExclusions** +**Defender/AttackSurfaceReductionOnlyExclusions** @@ -822,7 +822,7 @@ Value type is string. -ADMX Info: +ADMX Info: - GP Friendly name: *Exclude files and paths from Attack Surface Reduction Rules* - GP name: *ExploitGuard_ASR_ASROnlyExclusions* - GP element: *ExploitGuard_ASR_ASROnlyExclusions* @@ -835,7 +835,7 @@ ADMX Info:
            -**Defender/AttackSurfaceReductionRules** +**Defender/AttackSurfaceReductionRules** @@ -873,7 +873,7 @@ Value type is string. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Attack Surface Reduction rules* - GP name: *ExploitGuard_ASR_Rules* - GP element: *ExploitGuard_ASR_Rules* @@ -886,7 +886,7 @@ ADMX Info:
            -**Defender/AvgCPULoadFactor** +**Defender/AvgCPULoadFactor** @@ -915,14 +915,14 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - + Represents the average CPU load factor for the Windows Defender scan (in percent). The default value is 50. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the maximum percentage of CPU utilization during a scan* - GP name: *Scan_AvgCPULoadFactor* - GP element: *Scan_AvgCPULoadFactor* @@ -939,7 +939,7 @@ Valid values: 0–100
            -**Defender/CheckForSignaturesBeforeRunningScan** +**Defender/CheckForSignaturesBeforeRunningScan** @@ -966,7 +966,7 @@ Valid values: 0–100 -This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. +This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. This setting applies to scheduled scans and the command line "mpcmdrun -SigUpdate", but it has no effect on scans initiated manually from the user interface. @@ -976,14 +976,14 @@ If you disable this setting or don't configure this setting, the scan will start Supported values: -- 0 (default) - Disabled +- 0 (default) - Disabled - 1 - Enabled OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/CheckForSignaturesBeforeRunningScan -ADMX Info: +ADMX Info: - GP Friendly name: *Check for the latest virus and spyware definitions before running a scheduled scan* - GP name: *CheckForSignaturesBeforeRunningScan* - GP element: *CheckForSignaturesBeforeRunningScan* @@ -1005,7 +1005,7 @@ ADMX Info:
            -**Defender/CloudBlockLevel** +**Defender/CloudBlockLevel** @@ -1037,16 +1037,16 @@ ADMX Info: This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. -If this setting is on, Microsoft Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. +If this setting is on, Microsoft Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. For more information about specific values that are supported, see the Microsoft Defender Antivirus documentation site. - + > [!NOTE] > This feature requires the "Join Microsoft MAPS" setting enabled in order to function. -ADMX Info: +ADMX Info: - GP Friendly name: *Select cloud protection level* - GP name: *MpEngine_MpCloudBlockLevel* - GP element: *MpCloudBlockLevel* @@ -1058,7 +1058,7 @@ ADMX Info: The following list shows the supported values: - 0x0 - Default windows defender blocking level -- 0x2 - High blocking level - aggressively block unknowns while optimizing client performance (greater chance of false positives)       +- 0x2 - High blocking level - aggressively block unknowns while optimizing client performance (greater chance of false positives)       - 0x4 - High+ blocking level – aggressively block unknowns and apply more protection measures (may impact  client performance) - 0x6 - Zero tolerance blocking level – block all unknown executables @@ -1068,7 +1068,7 @@ The following list shows the supported values:
            -**Defender/CloudExtendedTimeout** +**Defender/CloudExtendedTimeout** @@ -1100,16 +1100,16 @@ The following list shows the supported values: This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. -The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an extra 50 seconds. +The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an extra 50 seconds. -For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds. +For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds. > [!NOTE] > This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required". -ADMX Info: +ADMX Info: - GP Friendly name: *Configure extended cloud check* - GP name: *MpEngine_MpBafsExtendedTimeout* - GP element: *MpBafsExtendedTimeout* @@ -1122,7 +1122,7 @@ ADMX Info:
            -**Defender/ControlledFolderAccessAllowedApplications** +**Defender/ControlledFolderAccessAllowedApplications** @@ -1156,7 +1156,7 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app -ADMX Info: +ADMX Info: - GP Friendly name: *Configure allowed applications* - GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications* - GP element: *ExploitGuard_ControlledFolderAccess_AllowedApplications* @@ -1169,7 +1169,7 @@ ADMX Info:
            -**Defender/ControlledFolderAccessProtectedFolders** +**Defender/ControlledFolderAccessProtectedFolders** @@ -1203,7 +1203,7 @@ This policy setting allows adding user-specified folder locations to the contro -ADMX Info: +ADMX Info: - GP Friendly name: *Configure protected folders* - GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders* - GP element: *ExploitGuard_ControlledFolderAccess_ProtectedFolders* @@ -1216,7 +1216,7 @@ ADMX Info:
            -**Defender/DaysToRetainCleanedMalware** +**Defender/DaysToRetainCleanedMalware** @@ -1245,14 +1245,14 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - + Time period (in days) that quarantine items will be stored on the system. The default value is 0, which keeps items in quarantine, and doesn't automatically remove them. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure removal of items from Quarantine folder* - GP name: *Quarantine_PurgeItemsAfterDelay* - GP element: *Quarantine_PurgeItemsAfterDelay* @@ -1269,7 +1269,7 @@ Valid values: 0–90
            -**Defender/DisableCatchupFullScan** +**Defender/DisableCatchupFullScan** @@ -1296,22 +1296,22 @@ Valid values: 0–90 -This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. +This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. -If you enable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone signs in to the computer. If there's no scheduled scan configured, there will be no catch-up scan run. +If you enable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone signs in to the computer. If there's no scheduled scan configured, there will be no catch-up scan run. If you disable or don't configure this setting, catch-up scans for scheduled full scans will be turned off. Supported values: - 1 - Disabled (default) -- 0 - Enabled +- 0 - Enabled OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/DisableCatchupFullScan -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on catch-up full scan* - GP name: *Scan_DisableCatchupFullScan* - GP element: *Scan_DisableCatchupFullScan* @@ -1333,7 +1333,7 @@ ADMX Info:
            -**Defender/DisableCatchupQuickScan** +**Defender/DisableCatchupQuickScan** @@ -1360,7 +1360,7 @@ ADMX Info: -This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. +This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone signs in to the computer. If there's no scheduled scan configured, there will be no catch-up scan run. @@ -1369,13 +1369,13 @@ If you disable or don't configure this setting, catch-up scans for scheduled qui Supported values: - 1 - Disabled (default) -- 0 - Enabled +- 0 - Enabled OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/DisableCatchupQuickScan -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on catch-up quick scan* - GP name: *Scan_DisableCatchupQuickScan* - GP element: *Scan_DisableCatchupQuickScan* @@ -1397,7 +1397,7 @@ ADMX Info:
            -**Defender/EnableControlledFolderAccess** +**Defender/EnableControlledFolderAccess** @@ -1431,7 +1431,7 @@ This policy enables setting the state (On/Off/Audit) for the controlled folder a -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Controlled folder access* - GP name: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess* - GP element: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess* @@ -1452,7 +1452,7 @@ The following list shows the supported values:
            -**Defender/EnableLowCPUPriority** +**Defender/EnableLowCPUPriority** @@ -1488,11 +1488,11 @@ If you disable or don't configure this setting, no changes will be made to CPU p Supported values: - 0 - Disabled (default) -- 1 - Enabled +- 1 - Enabled -ADMX Info: +ADMX Info: - GP Friendly name: *Configure low CPU priority for scheduled scans* - GP name: *Scan_LowCpuPriority* - GP element: *Scan_LowCpuPriority* @@ -1514,7 +1514,7 @@ ADMX Info:
            -**Defender/EnableNetworkProtection** +**Defender/EnableNetworkProtection** @@ -1554,7 +1554,7 @@ If you don't configure this policy, network blocking will be disabled by default -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent users and apps from accessing dangerous websites* - GP name: *ExploitGuard_EnableNetworkProtection* - GP element: *ExploitGuard_EnableNetworkProtection* @@ -1575,7 +1575,7 @@ The following list shows the supported values:
            -**Defender/ExcludedExtensions** +**Defender/ExcludedExtensions** @@ -1604,12 +1604,12 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - + Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj". -ADMX Info: +ADMX Info: - GP Friendly name: *Path Exclusions* - GP name: *Exclusions_Paths* - GP element: *Exclusions_PathsList* @@ -1622,7 +1622,7 @@ ADMX Info:
            -**Defender/ExcludedPaths** +**Defender/ExcludedPaths** @@ -1656,7 +1656,7 @@ Allows an administrator to specify a list of directory paths to ignore during a -ADMX Info: +ADMX Info: - GP Friendly name: *Extension Exclusions* - GP name: *Exclusions_Extensions* - GP element: *Exclusions_ExtensionsList* @@ -1669,7 +1669,7 @@ ADMX Info:
            -**Defender/ExcludedProcesses** +**Defender/ExcludedProcesses** @@ -1708,7 +1708,7 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E -ADMX Info: +ADMX Info: - GP Friendly name: *Process Exclusions* - GP name: *Exclusions_Processes* - GP element: *Exclusions_ProcessesList* @@ -1721,7 +1721,7 @@ ADMX Info:
            -**Defender/PUAProtection** +**Defender/PUAProtection** @@ -1759,7 +1759,7 @@ Specifies the level of detection for potentially unwanted applications (PUAs). W -ADMX Info: +ADMX Info: - GP Friendly name: *Configure detection for potentially unwanted applications* - GP name: *Root_PUAProtection* - GP element: *Root_PUAProtection* @@ -1780,7 +1780,7 @@ The following list shows the supported values:
            -**Defender/RealTimeScanDirection** +**Defender/RealTimeScanDirection** @@ -1817,7 +1817,7 @@ Controls which sets of files should be monitored. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure monitoring for incoming and outgoing file and program activity* - GP name: *RealtimeProtection_RealtimeScanDirection* - GP element: *RealtimeProtection_RealtimeScanDirection* @@ -1838,7 +1838,7 @@ The following list shows the supported values:
            -**Defender/ScanParameter** +**Defender/ScanParameter** @@ -1872,7 +1872,7 @@ Selects whether to perform a quick scan or full scan. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the scan type to use for a scheduled scan* - GP name: *Scan_ScanParameters* - GP element: *Scan_ScanParameters* @@ -1892,7 +1892,7 @@ The following list shows the supported values:
            -**Defender/ScheduleQuickScanTime** +**Defender/ScheduleQuickScanTime** @@ -1921,10 +1921,10 @@ The following list shows the supported values: > [!NOTE] > This policy is only enforced in Windows 10 for desktop. - + Selects the time of day that the Windows Defender quick scan should run. The Windows Defender quick scan runs daily if a time is specified. - + For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. @@ -1932,7 +1932,7 @@ The default value is 120 -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the time for a daily quick scan* - GP name: *Scan_ScheduleQuickScantime* - GP element: *Scan_ScheduleQuickScantime* @@ -1949,7 +1949,7 @@ Valid values: 0–1380
            -**Defender/ScheduleScanDay** +**Defender/ScheduleScanDay** @@ -1986,7 +1986,7 @@ Selects the day that the Windows Defender scan should run. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the day of the week to run a scheduled scan* - GP name: *Scan_ScheduleDay* - GP element: *Scan_ScheduleDay* @@ -1995,16 +1995,16 @@ ADMX Info: -The following list shows the supported values: +The following list shows the supported values: - 0 (default) – Every day -- 1 – Sunday -- 2 – Monday -- 3 – Tuesday +- 1 – Sunday +- 2 – Monday +- 3 – Tuesday - 4 – Wednesday -- 5 – Thursday -- 6 – Friday -- 7 – Saturday +- 5 – Thursday +- 6 – Friday +- 7 – Saturday - 8 – No scheduled scan @@ -2013,7 +2013,7 @@ The following list shows the supported values:
            -**Defender/ScheduleScanTime** +**Defender/ScheduleScanTime** @@ -2054,7 +2054,7 @@ The default value is 120. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the time of day to run a scheduled scan* - GP name: *Scan_ScheduleTime* - GP element: *Scan_ScheduleTime* @@ -2071,7 +2071,7 @@ Valid values: 0–1380.
            -**Defender/SecurityIntelligenceLocation** +**Defender/SecurityIntelligenceLocation** @@ -2098,13 +2098,13 @@ Valid values: 0–1380. -This policy setting allows you to define the security intelligence location for VDI-configured computers. +This policy setting allows you to define the security intelligence location for VDI-configured computers. If you disable or don't configure this setting, security intelligence will be referred from the default local source. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the signature (Security intelligence) delivery optimization for Defender in Virtual Environments* - GP name: *SecurityIntelligenceLocation* - GP element: *SecurityIntelligenceLocation* @@ -2123,7 +2123,7 @@ ADMX Info:
            -**Defender/SignatureUpdateFallbackOrder** +**Defender/SignatureUpdateFallbackOrder** @@ -2150,16 +2150,16 @@ ADMX Info: -This policy setting allows you to define the order in which different definition update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources in order. +This policy setting allows you to define the order in which different definition update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources in order. -Possible values are: +Possible values are: - InternalDefinitionUpdateServer - MicrosoftUpdateServer - MMPC - FileShares -For example: InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC +For example: InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC If you enable this setting, definition update sources will be contacted in the order specified. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list won't be contacted. @@ -2169,7 +2169,7 @@ OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFallbackOrder -ADMX Info: +ADMX Info: - GP Friendly name: *Define the order of sources for downloading definition updates* - GP name: *SignatureUpdate_FallbackOrder* - GP element: *SignatureUpdate_FallbackOrder* @@ -2191,7 +2191,7 @@ ADMX Info:
            -**Defender/SignatureUpdateFileSharesSources** +**Defender/SignatureUpdateFileSharesSources** @@ -2218,9 +2218,9 @@ ADMX Info: -This policy setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources. +This policy setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources. -For example: \\unc1\Signatures | \\unc2\Signatures +For example: \\unc1\Signatures | \\unc2\Signatures The list is empty by default. @@ -2232,7 +2232,7 @@ OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFileSharesSour -ADMX Info: +ADMX Info: - GP Friendly name: *Define file shares for downloading definition updates* - GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources* - GP element: *SignatureUpdate_DefinitionUpdateFileSharesSources* @@ -2254,7 +2254,7 @@ ADMX Info:
            -**Defender/SignatureUpdateInterval** +**Defender/SignatureUpdateInterval** @@ -2294,7 +2294,7 @@ OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateInterval -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the interval to check for definition updates* - GP name: *SignatureUpdate_SignatureUpdateInterval* - GP element: *SignatureUpdate_SignatureUpdateInterval* @@ -2311,7 +2311,7 @@ Valid values: 0–24.
            -**Defender/SubmitSamplesConsent** +**Defender/SubmitSamplesConsent** @@ -2345,7 +2345,7 @@ Checks for the user consent level in Windows Defender to send data. If the requi -ADMX Info: +ADMX Info: - GP Friendly name: *Send file samples when further analysis is required* - GP name: *SubmitSamplesConsent* - GP element: *SubmitSamplesConsent* @@ -2367,7 +2367,7 @@ The following list shows the supported values:
            -**Defender/ThreatSeverityDefaultAction** +**Defender/ThreatSeverityDefaultAction** @@ -2419,7 +2419,7 @@ The following list shows the supported values for possible actions: -ADMX Info: +ADMX Info: - GP Friendly name: *Specify threat alert levels at which default action should not be taken when detected* - GP name: *Threats_ThreatSeverityDefaultAction* - GP element: *Threats_ThreatSeverityDefaultActionList* diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index f272b05108..598a852163 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -8,23 +8,23 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 06/09/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - DeliveryOptimization >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## DeliveryOptimization policies +## DeliveryOptimization policies
            @@ -123,7 +123,7 @@ manager: aaroncz
            -**DeliveryOptimization/DOAbsoluteMaxCacheSize** +**DeliveryOptimization/DOAbsoluteMaxCacheSize** @@ -160,7 +160,7 @@ The default value is 10. -ADMX Info: +ADMX Info: - GP Friendly name: *Absolute Max Cache Size (in GB)* - GP name: *AbsoluteMaxCacheSize* - GP element: *AbsoluteMaxCacheSize* @@ -173,7 +173,7 @@ ADMX Info:
            -**DeliveryOptimization/DOAllowVPNPeerCaching** +**DeliveryOptimization/DOAllowVPNPeerCaching** @@ -208,7 +208,7 @@ Specifies whether the device is allowed to participate in Peer Caching while con -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Peer Caching while the device connects via VPN* - GP name: *AllowVPNPeerCaching* - GP element: *AllowVPNPeerCaching* @@ -228,7 +228,7 @@ The following list shows the supported values:
            -**DeliveryOptimization/DOCacheHost** +**DeliveryOptimization/DOCacheHost** @@ -262,7 +262,7 @@ One or more values can be added as either fully qualified domain names (FQDN) or -ADMX Info: +ADMX Info: - GP Friendly name: *Cache Server Hostname* - GP name: *CacheHost* - GP element: *CacheHost* @@ -284,7 +284,7 @@ ADMX Info:
            -**DeliveryOptimization/DOCacheHostSource** +**DeliveryOptimization/DOCacheHostSource** @@ -316,7 +316,7 @@ This policy allows you to configure one or more Delivery Optimizations in Networ -ADMX Info: +ADMX Info: - GP Friendly name: *Cache Server Hostname Source* - GP name: *CacheHostSource* - GP element: *CacheHostSource* @@ -325,7 +325,7 @@ ADMX Info: -The following are the supported values: +The following are the supported values: - 1 = DHCP Option ID. - 2 = DHCP Option ID Force. @@ -348,7 +348,7 @@ When DHCP Option ID Force (2) is set, the client will query DHCP Option ID 235 a
            -**DeliveryOptimization/DODelayBackgroundDownloadFromHttp** +**DeliveryOptimization/DODelayBackgroundDownloadFromHttp** @@ -381,7 +381,7 @@ After the max delay is reached, the download will resume using HTTP, either down -ADMX Info: +ADMX Info: - GP Friendly name: *Delay background download from http (in secs)* - GP name: *DelayBackgroundDownloadFromHttp* - GP element: *DelayBackgroundDownloadFromHttp* @@ -394,7 +394,7 @@ ADMX Info:
            -**DeliveryOptimization/DODelayCacheServerFallbackBackground** +**DeliveryOptimization/DODelayCacheServerFallbackBackground** @@ -428,7 +428,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT -ADMX Info: +ADMX Info: - GP Friendly name: *Delay Background download Cache Server fallback (in seconds)* - GP name: *DelayCacheServerFallbackBackground* - GP element: *DelayCacheServerFallbackBackground* @@ -437,7 +437,7 @@ ADMX Info: -This policy is specified in seconds. +This policy is specified in seconds. Supported values: 0 - one month (in seconds) @@ -451,7 +451,7 @@ Supported values: 0 - one month (in seconds)
            -**DeliveryOptimization/DODelayCacheServerFallbackForeground** +**DeliveryOptimization/DODelayCacheServerFallbackForeground** @@ -485,7 +485,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT -ADMX Info: +ADMX Info: - GP Friendly name: *Delay Foreground download Cache Server fallback (in seconds)* - GP name: *DelayCacheServerFallbackForeground* - GP element: *DelayCacheServerFallbackForeground* @@ -494,7 +494,7 @@ ADMX Info: -This policy is specified in seconds. +This policy is specified in seconds. Supported values: 0 - one month (in seconds) @@ -506,7 +506,7 @@ Supported values: 0 - one month (in seconds)
            -**DeliveryOptimization/DODelayForegroundDownloadFromHttp** +**DeliveryOptimization/DODelayForegroundDownloadFromHttp** @@ -543,7 +543,7 @@ The recommended value is 1 minute (60). -ADMX Info: +ADMX Info: - GP Friendly name: *Delay Foreground download from http (in secs)* - GP name: *DelayForegroundDownloadFromHttp* - GP element: *DelayForegroundDownloadFromHttp* @@ -564,7 +564,7 @@ The following list shows the supported values as number of seconds:
            -**DeliveryOptimization/DODownloadMode** +**DeliveryOptimization/DODownloadMode** @@ -599,7 +599,7 @@ Specifies the download method that Delivery Optimization can use in downloads of -ADMX Info: +ADMX Info: - GP Friendly name: *Download Mode* - GP name: *DownloadMode* - GP element: *DownloadMode* @@ -622,7 +622,7 @@ The following list shows the supported values:
            -**DeliveryOptimization/DOGroupId** +**DeliveryOptimization/DOGroupId** @@ -660,7 +660,7 @@ This policy specifies an arbitrary group ID that the device belongs to. Use this -ADMX Info: +ADMX Info: - GP Friendly name: *Group ID* - GP name: *GroupId* - GP element: *GroupId* @@ -673,7 +673,7 @@ ADMX Info:
            -**DeliveryOptimization/DOGroupIdSource** +**DeliveryOptimization/DOGroupIdSource** @@ -706,7 +706,7 @@ When set, the Group ID will be assigned automatically from the selected source. If you set this policy, the GroupID policy will be ignored. -The options set in this policy only apply to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. +The options set in this policy only apply to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID. @@ -714,7 +714,7 @@ Starting with Windows 10, version 1903, you can use the Azure Active Directory ( -ADMX Info: +ADMX Info: - GP Friendly name: *Select the source of Group IDs* - GP name: *GroupIdSource* - GP element: *GroupIdSource* @@ -737,7 +737,7 @@ The following list shows the supported values:
            -**DeliveryOptimization/DOMaxBackgroundDownloadBandwidth** +**DeliveryOptimization/DOMaxBackgroundDownloadBandwidth** @@ -770,7 +770,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts -ADMX Info: +ADMX Info: - GP Friendly name: *Maximum Background Download Bandwidth (in KB/s)* - GP name: *MaxBackgroundDownloadBandwidth* - GP element: *MaxBackgroundDownloadBandwidth* @@ -783,7 +783,7 @@ ADMX Info:
            -**DeliveryOptimization/DOMaxCacheAge** +**DeliveryOptimization/DOMaxCacheAge** @@ -819,7 +819,7 @@ The default value is 259200 seconds (three days). -ADMX Info: +ADMX Info: - GP Friendly name: *Max Cache Age (in seconds)* - GP name: *MaxCacheAge* - GP element: *MaxCacheAge* @@ -832,7 +832,7 @@ ADMX Info:
            -**DeliveryOptimization/DOMaxCacheSize** +**DeliveryOptimization/DOMaxCacheSize** @@ -862,14 +862,14 @@ ADMX Info: > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions. - + Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). The default value is 20. -ADMX Info: +ADMX Info: - GP Friendly name: *Max Cache Size (percentage)* - GP name: *MaxCacheSize* - GP element: *MaxCacheSize* @@ -882,7 +882,7 @@ ADMX Info:
            -**DeliveryOptimization/DOMaxDownloadBandwidth** +**DeliveryOptimization/DOMaxDownloadBandwidth** @@ -905,7 +905,7 @@ This policy is deprecated. Use [DOMaxForegroundDownloadBandwidth](#deliveryoptim
            -**DeliveryOptimization/DOMaxForegroundDownloadBandwidth** +**DeliveryOptimization/DOMaxForegroundDownloadBandwidth** @@ -938,7 +938,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts -ADMX Info: +ADMX Info: - GP Friendly name: *Maximum Foreground Download Bandwidth (in KB/s)* - GP name: *MaxForegroundDownloadBandwidth* - GP element: *MaxForegroundDownloadBandwidth* @@ -951,7 +951,7 @@ ADMX Info:
            -**DeliveryOptimization/DOMaxUploadBandwidth** +**DeliveryOptimization/DOMaxUploadBandwidth** @@ -970,7 +970,7 @@ This policy is deprecated because it only applies to uploads to Internet peers (
            -**DeliveryOptimization/DOMinBackgroundQos** +**DeliveryOptimization/DOMinBackgroundQos** @@ -1007,7 +1007,7 @@ The default value is 500. -ADMX Info: +ADMX Info: - GP Friendly name: *Minimum Background QoS (in KB/s)* - GP name: *MinBackgroundQos* - GP element: *MinBackgroundQos* @@ -1020,7 +1020,7 @@ ADMX Info:
            -**DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload** +**DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload** @@ -1056,7 +1056,7 @@ The default value is 0. The value 0 (zero) means "not limited" and the cloud ser -ADMX Info: +ADMX Info: - GP Friendly name: *Allow uploads while the device is on battery while under set Battery level (percentage)* - GP name: *MinBatteryPercentageAllowedToUpload* - GP element: *MinBatteryPercentageAllowedToUpload* @@ -1069,7 +1069,7 @@ ADMX Info:
            -**DeliveryOptimization/DOMinDiskSizeAllowedToPeer** +**DeliveryOptimization/DOMinDiskSizeAllowedToPeer** @@ -1109,7 +1109,7 @@ The default value is 32 GB. -ADMX Info: +ADMX Info: - GP Friendly name: *Minimum disk size allowed to use Peer Caching (in GB)* - GP name: *MinDiskSizeAllowedToPeer* - GP element: *MinDiskSizeAllowedToPeer* @@ -1122,7 +1122,7 @@ ADMX Info:
            -**DeliveryOptimization/DOMinFileSizeToCache** +**DeliveryOptimization/DOMinFileSizeToCache** @@ -1159,7 +1159,7 @@ The default value is 100 MB. -ADMX Info: +ADMX Info: - GP Friendly name: *Minimum Peer Caching Content File Size (in MB)* - GP name: *MinFileSizeToCache* - GP element: *MinFileSizeToCache* @@ -1172,7 +1172,7 @@ ADMX Info:
            -**DeliveryOptimization/DOMinRAMAllowedToPeer** +**DeliveryOptimization/DOMinRAMAllowedToPeer** @@ -1209,7 +1209,7 @@ The default value is 4 GB. -ADMX Info: +ADMX Info: - GP Friendly name: *Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB)* - GP name: *MinRAMAllowedToPeer* - GP element: *MinRAMAllowedToPeer* @@ -1222,7 +1222,7 @@ ADMX Info:
            -**DeliveryOptimization/DOModifyCacheDrive** +**DeliveryOptimization/DOModifyCacheDrive** @@ -1259,7 +1259,7 @@ By default, %SystemDrive% is used to store the cache. -ADMX Info: +ADMX Info: - GP Friendly name: *Modify Cache Drive* - GP name: *ModifyCacheDrive* - GP element: *ModifyCacheDrive* @@ -1272,7 +1272,7 @@ ADMX Info:
            -**DeliveryOptimization/DOMonthlyUploadDataCap** +**DeliveryOptimization/DOMonthlyUploadDataCap** @@ -1311,7 +1311,7 @@ The default value is 20. -ADMX Info: +ADMX Info: - GP Friendly name: *Monthly Upload Data Cap (in GB)* - GP name: *MonthlyUploadDataCap* - GP element: *MonthlyUploadDataCap* @@ -1324,7 +1324,7 @@ ADMX Info:
            -**DeliveryOptimization/DOPercentageMaxBackgroundBandwidth** +**DeliveryOptimization/DOPercentageMaxBackgroundBandwidth** @@ -1357,7 +1357,7 @@ Downloads from LAN peers won't be throttled even when this policy is set. -ADMX Info: +ADMX Info: - GP Friendly name: *Maximum Background Download Bandwidth (percentage)* - GP name: *PercentageMaxBackgroundBandwidth* - GP element: *PercentageMaxBackgroundBandwidth* @@ -1370,7 +1370,7 @@ ADMX Info:
            -**DeliveryOptimization/DOPercentageMaxDownloadBandwidth** +**DeliveryOptimization/DOPercentageMaxDownloadBandwidth**
            @@ -1383,7 +1383,7 @@ This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryopt
            -**DeliveryOptimization/DOPercentageMaxForegroundBandwidth** +**DeliveryOptimization/DOPercentageMaxForegroundBandwidth** @@ -1416,7 +1416,7 @@ Downloads from LAN peers won't be throttled even when this policy is set. -ADMX Info: +ADMX Info: - GP Friendly name: *Maximum Foreground Download Bandwidth (percentage)* - GP name: *PercentageMaxForegroundBandwidth* - GP element: *PercentageMaxForegroundBandwidth* @@ -1429,7 +1429,7 @@ ADMX Info:
            -**DeliveryOptimization/DORestrictPeerSelectionBy** +**DeliveryOptimization/DORestrictPeerSelectionBy** @@ -1456,14 +1456,14 @@ ADMX Info: -Set this policy to restrict peer selection via selected option. +Set this policy to restrict peer selection via selected option. Options available are: 1=Subnet mask (more options will be added in a future release). Option 1 (Subnet mask) applies to both Download Mode LAN (1) and Group (2). -ADMX Info: +ADMX Info: - GP Friendly name: *Select a method to restrict Peer Selection* - GP name: *RestrictPeerSelectionBy* - GP element: *RestrictPeerSelectionBy* @@ -1482,7 +1482,7 @@ The following list shows the supported values:
            -**DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth** +**DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth** @@ -1515,7 +1515,7 @@ Specifies the maximum background download bandwidth that Delivery Optimization u -ADMX Info: +ADMX Info: - GP Friendly name: *Set Business Hours to Limit Background Download Bandwidth* - GP name: *SetHoursToLimitBackgroundDownloadBandwidth* - GP path: *Windows Components/Delivery Optimization* @@ -1535,7 +1535,7 @@ This policy allows an IT Admin to define the following details:
            -**DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth** +**DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth** @@ -1568,7 +1568,7 @@ Specifies the maximum foreground download bandwidth that Delivery Optimization u -ADMX Info: +ADMX Info: - GP Friendly name: *Set Business Hours to Limit Foreground Download Bandwidth* - GP name: *SetHoursToLimitForegroundDownloadBandwidth* - GP path: *Windows Components/Delivery Optimization* diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 6e4f8b2502..fd509329c0 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -8,23 +8,23 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - Desktop > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## Desktop policies +## Desktop policies
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**Desktop/PreventUserRedirectionOfProfileFolders** +**Desktop/PreventUserRedirectionOfProfileFolders** @@ -73,7 +73,7 @@ If you enable this setting, users are unable to type a new location in the Targe -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit User from manually redirecting Profile Folders* - GP name: *DisablePersonalDirChange* - GP path: *Desktop* diff --git a/windows/client-management/mdm/policy-csp-desktopappinstaller.md b/windows/client-management/mdm/policy-csp-desktopappinstaller.md index f6ec4db880..ec1ffd2363 100644 --- a/windows/client-management/mdm/policy-csp-desktopappinstaller.md +++ b/windows/client-management/mdm/policy-csp-desktopappinstaller.md @@ -8,24 +8,24 @@ ms.prod: w10 ms.technology: windows author: alekyaj ms.date: 08/24/2022 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - DesktopAppInstaller >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## DesktopAppInstaller policies +## DesktopAppInstaller policies
            @@ -67,7 +67,7 @@ manager: aaroncz
            -**DesktopAppInstaller/EnableAdditionalSources** +**DesktopAppInstaller/EnableAdditionalSources** @@ -104,7 +104,7 @@ If you disable this setting, no additional sources can be configured by the user -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Additional Windows Package Manager Sources* - GP name: *EnableAdditionalSources* - GP path: *Administrative Templates\Windows Components\App Package Deployment* @@ -117,7 +117,7 @@ ADMX Info: -**DesktopAppInstaller/EnableAppInstaller** +**DesktopAppInstaller/EnableAppInstaller** @@ -151,7 +151,7 @@ This policy controls whether Windows Package Manager can be used by users. Users -ADMX Info: +ADMX Info: - GP Friendly name: *Controls whether the Windows Package Manager can be used by the users* - GP name: *EnableAppInstaller* - GP path: *Administrative Templates\Windows Components\App Package Deployment* @@ -163,7 +163,7 @@ ADMX Info:
            -**DesktopAppInstaller/EnableDefaultSource** +**DesktopAppInstaller/EnableDefaultSource** @@ -198,7 +198,7 @@ If you do not configure this setting, the default source for the Windows Package -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Windows Package Manager Default Source* - GP name: *EnableDefaultSource* - GP path: *Administrative Templates\Windows Components\App Package Deployment* @@ -210,7 +210,7 @@ ADMX Info:
            -**DesktopAppInstaller/EnableLocalManifestFiles** +**DesktopAppInstaller/EnableLocalManifestFiles** @@ -245,7 +245,7 @@ This policy controls whether users can install packages with local manifest file -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Windows Package Manager Local Manifest Files* - GP name: *EnableLocalManifestFiles* - GP path: *Administrative Templates\Windows Components\App Package Deployment* @@ -256,7 +256,7 @@ ADMX Info: -**DesktopAppInstaller/EnableHashOverride** +**DesktopAppInstaller/EnableHashOverride** @@ -292,7 +292,7 @@ This policy controls whether Windows Package Manager can be configured to enable -ADMX Info: +ADMX Info: - GP Friendly name: *Enable App Installer Hash Override* - GP name: *EnableHashOverride* - GP path: *Administrative Templates\Windows Components\App Package Deployment* @@ -304,7 +304,7 @@ ADMX Info:
            -**DesktopAppInstaller/EnableMicrosoftStoreSource** +**DesktopAppInstaller/EnableMicrosoftStoreSource** @@ -339,7 +339,7 @@ If you don't configure this setting, the Microsoft Store source for the Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Windows Package Manager Microsoft Store Source* - GP name: *EnableMicrosoftStoreSource* - GP path: *Administrative Templates\Windows Components\App Package Deployment* @@ -351,7 +351,7 @@ ADMX Info:
            -**DesktopAppInstaller/EnableMSAppInstallerProtocol** +**DesktopAppInstaller/EnableMSAppInstallerProtocol** @@ -378,16 +378,16 @@ ADMX Info: -This policy controls whether users can install packages from a website that is using the `ms-appinstaller` protocol. +This policy controls whether users can install packages from a website that is using the `ms-appinstaller` protocol. -- If you enable or do not configure this setting, users will be able to install packages from websites that use this protocol. +- If you enable or do not configure this setting, users will be able to install packages from websites that use this protocol. - If you disable this setting, users will not be able to install packages from websites that use this protocol. -ADMX Info: +ADMX Info: - GP Friendly name: *Enable MS App Installer Protocol* - GP name: *EnableMSAppInstallerProtocol* - GP path: *Administrative Templates\Windows Components\App Package Deployment* @@ -399,7 +399,7 @@ ADMX Info:
            -**DesktopAppInstaller/EnableSettings** +**DesktopAppInstaller/EnableSettings** @@ -434,7 +434,7 @@ This policy controls whether users can change their settings. The settings are s -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Windows Package Manager Settings Command* - GP name: *EnableSettings* - GP path: *Administrative Templates\Windows Components\App Package Deployment* @@ -446,7 +446,7 @@ ADMX Info:
            -**DesktopAppInstaller/EnableAllowedSources** +**DesktopAppInstaller/EnableAllowedSources** @@ -481,7 +481,7 @@ This policy controls additional sources approved for users to configure using Wi -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Windows Package Manager Settings Command* - GP name: *EnableAllowedSources* - GP path: *Administrative Templates\Windows Components\App Package Deployment* @@ -493,7 +493,7 @@ ADMX Info:
            -**DesktopAppInstaller/EnableExperimentalFeatures** +**DesktopAppInstaller/EnableExperimentalFeatures** @@ -529,7 +529,7 @@ This policy controls whether users can enable experimental features in Windows P -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Windows Package Manager Experimental Features* - GP name: *EnableExperimentalFeatures* - GP path: *Administrative Templates\Windows Components\App Package Deployment* @@ -541,7 +541,7 @@ ADMX Info:
            -**DesktopAppInstaller/SourceAutoUpdateInterval** +**DesktopAppInstaller/SourceAutoUpdateInterval** @@ -577,7 +577,7 @@ This policy controls the auto-update interval for package-based sources. The def -ADMX Info: +ADMX Info: - GP Friendly name: *Set Windows Package Manager Source Auto Update Interval In Minutes* - GP name: *SourceAutoUpdateInterval* - GP path: *Administrative Templates\Windows Components\App Package Deployment* diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index d34fce4b14..af7a4fe34d 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,7 +18,7 @@ manager: aaroncz
            -## DeviceGuard policies +## DeviceGuard policies
            @@ -39,7 +39,7 @@ manager: aaroncz
            -**DeviceGuard/ConfigureSystemGuardLaunch** +**DeviceGuard/ConfigureSystemGuardLaunch** @@ -78,7 +78,7 @@ For more information about System Guard, see [Introducing Windows Defender Syste -ADMX Info: +ADMX Info: - GP Friendly name: *Turn On Virtualization Based Security* - GP name: *VirtualizationBasedSecurity* - GP element: *SystemGuardDrop* @@ -100,7 +100,7 @@ ADMX Info:
            -**DeviceGuard/EnableVirtualizationBasedSecurity** +**DeviceGuard/EnableVirtualizationBasedSecurity** @@ -131,7 +131,7 @@ Turns on virtualization based security(VBS) at the next reboot. Virtualization b -ADMX Info: +ADMX Info: - GP Friendly name: *Turn On Virtualization Based Security* - GP name: *VirtualizationBasedSecurity* - GP path: *System/Device Guard* @@ -150,7 +150,7 @@ The following list shows the supported values:
            -**DeviceGuard/LsaCfgFlags** +**DeviceGuard/LsaCfgFlags** @@ -181,7 +181,7 @@ This setting lets users turn on Credential Guard with virtualization-based secur -ADMX Info: +ADMX Info: - GP Friendly name: *Turn On Virtualization Based Security* - GP name: *VirtualizationBasedSecurity* - GP element: *CredentialIsolationDrop* @@ -202,7 +202,7 @@ The following list shows the supported values:
            -**DeviceGuard/RequirePlatformSecurityFeatures** +**DeviceGuard/RequirePlatformSecurityFeatures** @@ -232,7 +232,7 @@ This setting specifies the platform security level at the next reboot. Value typ -ADMX Info: +ADMX Info: - GP Friendly name: *Turn On Virtualization Based Security* - GP name: *VirtualizationBasedSecurity* - GP element: *RequirePlatformSecurityFeaturesDrop* diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md index b412a147d6..5b5ba2a9dd 100644 --- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md +++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -19,7 +19,7 @@ manager: aaroncz
            -## DeviceHealthMonitoring policies +## DeviceHealthMonitoring policies
            @@ -37,7 +37,7 @@ manager: aaroncz
            -**DeviceHealthMonitoring/AllowDeviceHealthMonitoring** +**DeviceHealthMonitoring/AllowDeviceHealthMonitoring** @@ -68,7 +68,7 @@ DeviceHealthMonitoring is an opt-in health monitoring connection between the dev -The following list shows the supported values: +The following list shows the supported values: - 1 -The DeviceHealthMonitoring connection is enabled. - 0 - (default)—The DeviceHealthMonitoring connection is disabled. @@ -85,7 +85,7 @@ The following list shows the supported values:
            -**DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope** +**DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope** @@ -112,7 +112,7 @@ The following list shows the supported values: -This policy is applicable only if the [AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) policy has been set to 1 (Enabled) on the device. +This policy is applicable only if the [AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) policy has been set to 1 (Enabled) on the device. This policy modifies which health events are sent to Microsoft on the DeviceHealthMonitoring connection. IT Pros don't need to set this policy. Instead, Microsoft Intune is expected to dynamically manage this value in coordination with the Microsoft device health monitoring service. @@ -132,7 +132,7 @@ IT Pros don't need to set this policy. Instead, Microsoft Intune is expected to
            -**DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination** +**DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination** @@ -162,7 +162,7 @@ IT Pros don't need to set this policy. Instead, Microsoft Intune is expected to This policy is applicable only if the [AllowDeviceHealthMonitoring](#devicehealthmonitoring-allowdevicehealthmonitoring) policy has been set to 1 (Enabled) on the device. The value of this policy constrains the DeviceHealthMonitoring connection to certain destinations in order to support regional and sovereign cloud scenarios. -In most cases, an IT Pro doesn't need to define this policy. Instead, it's expected that this value is dynamically managed by Microsoft Intune to align with the region or cloud to which the device's tenant is already linked. +In most cases, an IT Pro doesn't need to define this policy. Instead, it's expected that this value is dynamically managed by Microsoft Intune to align with the region or cloud to which the device's tenant is already linked. Configure this policy manually only when explicitly instructed to do so by a Microsoft device monitoring service. diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 9ba8e12f78..7f9b3b951f 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -1,6 +1,6 @@ --- title: Policy CSP - DeviceInstallation -ms.reviewer: +ms.reviewer: manager: aaroncz description: Use the Policy CSP - DeviceInstallation setting to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install. ms.author: vinpa @@ -15,17 +15,17 @@ ms.localizationpriority: medium # Policy CSP - DeviceInstallation >[!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## DeviceInstallation policies +## DeviceInstallation policies
            @@ -88,7 +88,7 @@ ms.localizationpriority: medium -This policy setting allows you to specify a list of plug-and-play hardware IDs and compatible IDs for devices that Windows is allowed to install. +This policy setting allows you to specify a list of plug-and-play hardware IDs and compatible IDs for devices that Windows is allowed to install. > [!TIP] > This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions. @@ -116,7 +116,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv -ADMX Info: +ADMX Info: - GP Friendly name: *Allow installation of devices that match any of these device IDs* - GP name: *DeviceInstall_IDs_Allow* - GP path: *System/Device Installation/Device Installation Restrictions* @@ -127,7 +127,7 @@ ADMX Info: -To enable this policy, use the following SyncML. This example allows Windows to install compatible devices with a device ID of USB\Composite or USB\Class_FF. To configure multiple classes, use `` as a delimiter. +To enable this policy, use the following SyncML. This example allows Windows to install compatible devices with a device ID of USB\Composite or USB\Class_FF. To configure multiple classes, use `` as a delimiter. ```xml @@ -201,7 +201,7 @@ This policy setting allows you to specify a list of Plug and Play device instanc When this policy setting is enabled together with the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings: - Prevent installation of devices that match any of these device instance IDs. - + If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting isn't enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence. > [!NOTE] @@ -219,7 +219,7 @@ Peripherals can be specified by their [device instance ID](/windows-hardware/dri -ADMX Info: +ADMX Info: - GP Friendly name: *Allow installation of devices that match any of these device instance IDs* - GP name: *DeviceInstall_Instance_IDs_Allow* - GP path: *System/Device Installation/Device Installation Restrictions* @@ -230,7 +230,7 @@ ADMX Info: -To enable this policy, use the following SyncML. +To enable this policy, use the following SyncML. ``` xml @@ -293,7 +293,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i -This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for driver packages that Windows is allowed to install. +This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for driver packages that Windows is allowed to install. > [!TIP] > This policy setting is intended to be used only when the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is enabled, however it may also be used with the "Prevent installation of devices not described by other policy settings" policy setting for legacy policy definitions. @@ -321,7 +321,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv -ADMX Info: +ADMX Info: - GP Friendly name: *Allow installation of devices using drivers that match these device setup classes* - GP name: *DeviceInstall_Classes_Allow* - GP path: *System/Device Installation/Device Installation Restrictions* @@ -338,7 +338,7 @@ To enable this policy, use the following SyncML. This example allows Windows to - CD ROMs, ClassGUID = {4d36e965-e325-11ce-bfc1-08002be10318} - Modems, ClassGUID = {4d36e96d-e325-11ce-bfc1-08002be10318} -Enclose the class GUID within curly brackets {}. To configure multiple classes, use `` as a delimiter. +Enclose the class GUID within curly brackets {}. To configure multiple classes, use `` as a delimiter. ```xml @@ -407,7 +407,7 @@ Added in Windows 10, Version 2106 This policy setting will change the evaluation order in which Allow and Prevent policy settings are applied when more than one install policy setting is applicable for a given device. Enable this policy setting to ensure that overlapping device match criteria is applied based on an established hierarchy where more specific match criteria supersedes less specific match criteria. The hierarchical order of evaluation for policy settings that specify device match criteria is as follows: -Device instance IDs > Device IDs > Device setup class > Removable devices +Device instance IDs > Device IDs > Device setup class > Removable devices **Device instance IDs** @@ -434,7 +434,7 @@ If you disable or don't configure this policy setting, the default evaluation is -ADMX Info: +ADMX Info: - GP Friendly name: *Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria* - GP name: *DeviceInstall_Allow_Deny_Layered* - GP path: *System/Device Installation/Device Installation Restrictions* @@ -522,7 +522,7 @@ If you disable or don't configure this policy setting, the setting in the Device -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent device metadata retrieval from the Internet* - GP name: *DeviceMetadata_PreventDeviceMetadataFromNetwork* - GP path: *System/Device Installation* @@ -583,7 +583,7 @@ If you disable or don't configure this policy setting, Windows is allowed to ins -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent installation of devices not described by other policy settings* - GP name: *DeviceInstall_Unspecified_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* @@ -594,7 +594,7 @@ ADMX Info: -To enable this policy, use the following SyncML. This example prevents Windows from installing devices that aren't described by any other policy setting. +To enable this policy, use the following SyncML. This example prevents Windows from installing devices that aren't described by any other policy setting. ```xml @@ -625,7 +625,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i <<< [Exit status: SUCCESS] ``` -You can also block installation by using a custom profile in Intune. +You can also block installation by using a custom profile in Intune. ![Custom profile prevent devices.](images/custom-profile-prevent-other-devices.png) @@ -679,7 +679,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent installation of devices that match any of these device IDs* - GP name: *DeviceInstall_IDs_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* @@ -691,7 +691,7 @@ ADMX Info:
            -To enable this policy, use the following SyncML. This example prevents Windows from installing compatible devices with a device ID of USB\Composite or USB\Class_FF. To configure multiple classes, use &#xF000; as a delimiter. To apply the policy to matching device classes that are already installed, set DeviceInstall_IDs_Deny_Retroactive to true. +To enable this policy, use the following SyncML. This example prevents Windows from installing compatible devices with a device ID of USB\Composite or USB\Class_FF. To configure multiple classes, use &#xF000; as a delimiter. To apply the policy to matching device classes that are already installed, set DeviceInstall_IDs_Deny_Retroactive to true. ```xml @@ -722,7 +722,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i <<< [Exit status: SUCCESS] ``` -You can also block installation and usage of prohibited peripherals by using a custom profile in Intune. +You can also block installation and usage of prohibited peripherals by using a custom profile in Intune. For example, this custom profile blocks installation and usage of USB devices with hardware IDs "USB\Composite" and "USB\Class_FF", and applies to USB devices with matching hardware IDs that are already installed. @@ -775,7 +775,7 @@ Peripherals can be specified by their [device instance ID](/windows-hardware/dri -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent installation of devices that match any of these device instance IDs* - GP name: *DeviceInstall_Instance_IDs_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* @@ -806,7 +806,7 @@ To enable this policy, use the following SyncML. This example prevents Windows f             ``` -To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following details are listed near the end of the log: +To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following details are listed near the end of the log: ``` txt >>> [Device Installation Restrictions Policy Check] @@ -815,7 +815,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i <<< [Exit status: SUCCESS] ``` -You can also block installation and usage of prohibited peripherals by using a custom profile in Intune. +You can also block installation and usage of prohibited peripherals by using a custom profile in Intune. For example, this custom profile prevents installation of devices with matching device instance IDs. @@ -824,11 +824,11 @@ For example, this custom profile prevents installation of devices with matching To prevent installation of devices with matching device instance IDs by using custom profile in Intune: 1. Locate the device instance ID. -2. Replace `&` in the device instance IDs with `&`. -For example: -Replace -```USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE&REV_1100\0376319020002347&0``` -with +2. Replace `&` in the device instance IDs with `&`. +For example: +Replace +```USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE&REV_1100\0376319020002347&0``` +with ```USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE&REV_1100\0376319020002347&0``` > [!Note] > don't use spaces in the value. @@ -885,7 +885,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent installation of devices using drivers that match these device setup classes* - GP name: *DeviceInstall_Classes_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* @@ -902,7 +902,7 @@ To enable this policy, use the following SyncML. This example prevents Windows f - CD ROMs, ClassGUID = {4d36e965-e325-11ce-bfc1-08002be10318} - Modems, ClassGUID = {4d36e96d-e325-11ce-bfc1-08002be10318} -Enclose the class GUID within curly brackets {}. To configure multiple classes, use `` as a delimiter. To apply the policy to matching device classes that are already installed, set DeviceInstall_Classes_Deny_Retroactive to true. +Enclose the class GUID within curly brackets {}. To configure multiple classes, use `` as a delimiter. To apply the policy to matching device classes that are already installed, set DeviceInstall_Classes_Deny_Retroactive to true. ```xml diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 96b7ecf2c1..f5162cc9b6 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 05/16/2022 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## DeviceLock policies +## DeviceLock policies
            @@ -74,7 +74,7 @@ manager: aaroncz > The DeviceLock CSP utilizes the [Exchange ActiveSync Policy Engine](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)). When password length and complexity rules are applied, all the local user and administrator accounts are marked to change their password at the next sign in to ensure complexity requirements are met. For more information, see [Password length and complexity supported by account types](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)#password-length-and-complexity-supported-by-account-types). -**DeviceLock/AllowIdleReturnWithoutPassword** +**DeviceLock/AllowIdleReturnWithoutPassword** @@ -122,7 +122,7 @@ The following list shows the supported values:
            -**DeviceLock/AllowSimpleDevicePassword** +**DeviceLock/AllowSimpleDevicePassword** @@ -169,7 +169,7 @@ The following list shows the supported values:
            -**DeviceLock/AllowScreenTimeoutWhileLockedUserConfig** +**DeviceLock/AllowScreenTimeoutWhileLockedUserConfig** @@ -211,7 +211,7 @@ The following list shows the supported values:
            -**DeviceLock/AlphanumericDevicePasswordRequired** +**DeviceLock/AlphanumericDevicePasswordRequired** @@ -266,7 +266,7 @@ The following list shows the supported values:
            -**DeviceLock/DevicePasswordEnabled** +**DeviceLock/DevicePasswordEnabled** @@ -299,7 +299,7 @@ Specifies whether device lock is enabled. > This policy must be wrapped in an Atomic command. > > Always use the Replace command instead of Add for this policy in Windows for desktop editions. - + > [!IMPORTANT] @@ -330,7 +330,7 @@ Specifies whether device lock is enabled. > - AllowSimpleDevicePassword > - MinDevicePasswordLength > - AlphanumericDevicePasswordRequired -> - MinDevicePasswordComplexCharacters +> - MinDevicePasswordComplexCharacters > - DevicePasswordExpiration > - DevicePasswordHistory > - MaxDevicePasswordFailedAttempts @@ -349,7 +349,7 @@ The following list shows the supported values:
            -**DeviceLock/DevicePasswordExpiration** +**DeviceLock/DevicePasswordExpiration** @@ -400,7 +400,7 @@ The following list shows the supported values:
            -**DeviceLock/DevicePasswordHistory** +**DeviceLock/DevicePasswordHistory** @@ -451,7 +451,7 @@ The following list shows the supported values:
            -**DeviceLock/EnforceLockScreenAndLogonImage** +**DeviceLock/EnforceLockScreenAndLogonImage** @@ -492,7 +492,7 @@ Value type is a string, which is the full image filepath and filename.
            -**DeviceLock/MaxDevicePasswordFailedAttempts** +**DeviceLock/MaxDevicePasswordFailedAttempts** @@ -547,7 +547,7 @@ The following list shows the supported values:
            -**DeviceLock/MaxInactivityTimeDeviceLock** +**DeviceLock/MaxInactivityTimeDeviceLock** @@ -598,7 +598,7 @@ The following list shows the supported values:
            -**DeviceLock/MinDevicePasswordComplexCharacters** +**DeviceLock/MinDevicePasswordComplexCharacters** @@ -636,7 +636,7 @@ PIN enforces the following behavior for client devices: - 1 - Digits only - 2 - Digits and lowercase letters are required -- 3 - Digits, lowercase letters, and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts. +- 3 - Digits, lowercase letters, and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts. - 4 - Digits, lowercase letters, uppercase letters, and special characters are required. Not supported in desktop or HoloLens. The default value is 1. The following list shows the supported values and actual enforced values: @@ -672,7 +672,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O
            -**DeviceLock/MinDevicePasswordLength** +**DeviceLock/MinDevicePasswordLength** @@ -749,7 +749,7 @@ The following example shows how to set the minimum password length to 4 characte
            -**DeviceLock/MinimumPasswordAge** +**DeviceLock/MinimumPasswordAge** @@ -784,7 +784,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor -GP Info: +GP Info: - GP Friendly name: *Minimum password age* - GP path: *Windows Settings/Security Settings/Account Policies/Password Policy* @@ -794,7 +794,7 @@ GP Info:
            -**DeviceLock/PreventEnablingLockScreenCamera** +**DeviceLock/PreventEnablingLockScreenCamera** @@ -829,14 +829,14 @@ If you enable this setting, users will no longer be able to enable or disable lo > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent enabling lock screen camera* - GP name: *CPL_Personalization_NoLockScreenCamera* - GP path: *Control Panel/Personalization* @@ -848,7 +848,7 @@ ADMX Info:
            -**DeviceLock/PreventLockScreenSlideShow** +**DeviceLock/PreventLockScreenSlideShow** @@ -883,14 +883,14 @@ If you enable this setting, users will no longer be able to modify slide show se > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent enabling lock screen slide show* - GP name: *CPL_Personalization_NoLockScreenSlideshow* - GP path: *Control Panel/Personalization* diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 601c24c077..e8d522f6ec 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Display policies +## Display policies
            @@ -41,7 +41,7 @@ manager: aaroncz
            -**Display/DisablePerProcessDpiForApps** +**Display/DisablePerProcessDpiForApps** @@ -72,7 +72,7 @@ This policy allows you to disable Per-Process System DPI for a semicolon-separat -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Per-Process System DPI settings* - GP name: *DisplayPerProcessSystemDpiSettings* - GP element: *DisplayDisablePerProcessSystemDpiSettings* @@ -85,7 +85,7 @@ ADMX Info:
            -**Display/EnablePerProcessDpi** +**Display/EnablePerProcessDpi** @@ -113,15 +113,15 @@ ADMX Info: -Per Process System DPI is an application compatibility feature for desktop applications that don't render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that haven't been updated to display properly in this scenario will be blurry until you sign out and back in to Windows. +Per Process System DPI is an application compatibility feature for desktop applications that don't render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that haven't been updated to display properly in this scenario will be blurry until you sign out and back in to Windows. -When you enable this policy some blurry applications will be crisp after they're restarted, without requiring the user to sign out and back in to Windows. +When you enable this policy some blurry applications will be crisp after they're restarted, without requiring the user to sign out and back in to Windows. Be aware of the following points: -Per Process System DPI will only improve the rendering of desktop applications that are positioned on the primary display (or any other display having the same scale factor as that of the primary display). Some desktop applications can still be blurry on secondary displays that have different display scale factors. +Per Process System DPI will only improve the rendering of desktop applications that are positioned on the primary display (or any other display having the same scale factor as that of the primary display). Some desktop applications can still be blurry on secondary displays that have different display scale factors. -Per Process System DPI won't work for all applications as some older desktop applications will always be blurry on high DPI displays. +Per Process System DPI won't work for all applications as some older desktop applications will always be blurry on high DPI displays. In some cases, you may see some unexpected behavior in some desktop applications that have Per-Process System DPI applied. If that happens, Per Process System DPI should be disabled. @@ -129,7 +129,7 @@ Enabling this setting lets you specify the system-wide default for desktop appli -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Per-Process System DPI settings* - GP name: *DisplayPerProcessSystemDpiSettings* - GP element: *DisplayGlobalPerProcessSystemDpiSettings* @@ -149,7 +149,7 @@ The following list shows the supported values:
            -**Display/EnablePerProcessDpiForApps** +**Display/EnablePerProcessDpiForApps** @@ -180,7 +180,7 @@ This policy allows you to enable Per-Process System DPI for a semicolon-separate -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Per-Process System DPI settings* - GP name: *DisplayPerProcessSystemDpiSettings* - GP element: *DisplayEnablePerProcessSystemDpiSettings* @@ -193,7 +193,7 @@ ADMX Info:
            -**Display/TurnOffGdiDPIScalingForApps** +**Display/TurnOffGdiDPIScalingForApps** @@ -232,7 +232,7 @@ If GDI DPI Scaling is configured to both turn-off and turn-on an application, th -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off GdiDPIScaling for applications* - GP name: *DisplayTurnOffGdiDPIScaling* - GP element: *DisplayTurnOffGdiDPIScalingPrompt* @@ -252,7 +252,7 @@ To validate on Desktop, do the following tasks:
            -**Display/TurnOnGdiDPIScalingForApps** +**Display/TurnOnGdiDPIScalingForApps** @@ -291,7 +291,7 @@ If GDI DPI Scaling is configured to both turn-off and turn-on an application, th -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on GdiDPIScaling for applications* - GP name: *DisplayTurnOnGdiDPIScaling* - GP element: *DisplayTurnOnGdiDPIScalingPrompt* diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md index 1188039966..e9343f71e2 100644 --- a/windows/client-management/mdm/policy-csp-dmaguard.md +++ b/windows/client-management/mdm/policy-csp-dmaguard.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## DmaGuard policies +## DmaGuard policies
            @@ -29,7 +29,7 @@ manager: aaroncz
            -**DmaGuard/DeviceEnumerationPolicy** +**DmaGuard/DeviceEnumerationPolicy** @@ -56,7 +56,7 @@ manager: aaroncz -This policy is intended to provide more security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices that are incompatible with [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers), device memory isolation and sandboxing. +This policy is intended to provide more security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices that are incompatible with [DMA Remapping](/windows-hardware/drivers/pci/enabling-dma-remapping-for-device-drivers), device memory isolation and sandboxing. Device memory sandboxing allows the OS to use the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access by the peripheral. In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it. @@ -75,7 +75,7 @@ The following are the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Enumeration policy for external devices incompatible with Kernel DMA Protection* - GP name: *DmaGuardEnumerationPolicy* - GP path: *System/Kernel DMA Protection* diff --git a/windows/client-management/mdm/policy-csp-eap.md b/windows/client-management/mdm/policy-csp-eap.md index 9b16db9fd4..e90f5b26f7 100644 --- a/windows/client-management/mdm/policy-csp-eap.md +++ b/windows/client-management/mdm/policy-csp-eap.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## EAP policies +## EAP policies
            @@ -29,7 +29,7 @@ manager: aaroncz
            -**EAP/AllowTLS1_3** +**EAP/AllowTLS1_3** @@ -60,7 +60,7 @@ Added in Windows 10, version 21H1. This policy setting allows or disallows use o -ADMX Info: +ADMX Info: - GP Friendly name: *AllowTLS1_3* - GP name: *AllowTLS1_3* - GP path: *Windows Components/EAP* @@ -68,7 +68,7 @@ ADMX Info: -The following list shows the supported values: +The following list shows the supported values: - 0 – Use of TLS version 1.3 is not allowed for authentication. - 1 (default) – Use of TLS version 1.3 is allowed for authentication. diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 1fd25bb275..f24efbe205 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Education policies +## Education policies
            @@ -37,7 +37,7 @@ manager: aaroncz
            -**Education/AllowGraphingCalculator** +**Education/AllowGraphingCalculator** @@ -66,7 +66,7 @@ manager: aaroncz This policy setting allows you to control, whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality won't be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you'll be able to access graphing functionality. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Graphing Calculator* - GP name: *AllowGraphingCalculator* - GP path: *Windows Components/Calculator* @@ -74,7 +74,7 @@ ADMX Info: -The following list shows the supported values: +The following list shows the supported values: - 0 - Disabled - 1 (default) - Enabled @@ -83,7 +83,7 @@ The following list shows the supported values:
            -**Education/DefaultPrinterName** +**Education/DefaultPrinterName** @@ -109,7 +109,7 @@ The following list shows the supported values: -This policy allows IT Admins to set the user's default printer. +This policy allows IT Admins to set the user's default printer. The policy value is expected to be the name (network host name) of an installed printer. @@ -119,7 +119,7 @@ The policy value is expected to be the name (network host name) of an installed
            -**Education/PreventAddingNewPrinters** +**Education/PreventAddingNewPrinters** @@ -150,7 +150,7 @@ Allows IT Admins to prevent user installation of more printers from the printers -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent addition of printers* - GP name: *NoAddPrinter* - GP path: *Control Panel/Printers* @@ -169,7 +169,7 @@ The following list shows the supported values:
            -**Education/PrinterNames** +**Education/PrinterNames** diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 2c125b1d1f..53254a0dbb 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## EnterpriseCloudPrint policies +## EnterpriseCloudPrint policies
            @@ -43,7 +43,7 @@ manager: aaroncz
            -**EnterpriseCloudPrint/CloudPrintOAuthAuthority** +**EnterpriseCloudPrint/CloudPrintOAuthAuthority** @@ -81,7 +81,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
            -**EnterpriseCloudPrint/CloudPrintOAuthClientId** +**EnterpriseCloudPrint/CloudPrintOAuthClientId** @@ -119,7 +119,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID
            -**EnterpriseCloudPrint/CloudPrintResourceId** +**EnterpriseCloudPrint/CloudPrintResourceId** @@ -147,7 +147,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails. -Supported datatype is string. +Supported datatype is string. The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MicrosoftEnterpriseCloudPrint/CloudPrint". @@ -157,7 +157,7 @@ The default value is an empty string. Otherwise, the value should contain a URL.
            -**EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint** +**EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint** @@ -195,7 +195,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
            -**EnterpriseCloudPrint/DiscoveryMaxPrinterLimit** +**EnterpriseCloudPrint/DiscoveryMaxPrinterLimit** @@ -223,7 +223,7 @@ The default value is an empty string. Otherwise, the value should contain the UR Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails. -Supported datatype is integer. +Supported datatype is integer. @@ -231,7 +231,7 @@ Supported datatype is integer.
            -**EnterpriseCloudPrint/MopriaDiscoveryResourceId** +**EnterpriseCloudPrint/MopriaDiscoveryResourceId** diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index f387a56a6e..57fcbe6b64 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -8,23 +8,23 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - ErrorReporting > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## ErrorReporting policies +## ErrorReporting policies
            @@ -47,7 +47,7 @@ manager: aaroncz
            -**ErrorReporting/CustomizeConsentSettings** +**ErrorReporting/CustomizeConsentSettings** @@ -92,7 +92,7 @@ If you disable or don't configure this policy setting, then the default consent -ADMX Info: +ADMX Info: - GP Friendly name: *Customize consent settings* - GP name: *WerConsentCustomize_2* - GP path: *Windows Components/Windows Error Reporting/Consent* @@ -104,7 +104,7 @@ ADMX Info:
            -**ErrorReporting/DisableWindowsErrorReporting** +**ErrorReporting/DisableWindowsErrorReporting** @@ -139,7 +139,7 @@ If you disable or don't configure this policy setting, the Turn off Windows Erro -ADMX Info: +ADMX Info: - GP Friendly name: *Disable Windows Error Reporting* - GP name: *WerDisable_2* - GP path: *Windows Components/Windows Error Reporting* @@ -151,7 +151,7 @@ ADMX Info:
            -**ErrorReporting/DisplayErrorNotification** +**ErrorReporting/DisplayErrorNotification** @@ -190,7 +190,7 @@ See also the Configure Error Reporting policy setting. -ADMX Info: +ADMX Info: - GP Friendly name: *Display Error Notification* - GP name: *PCH_ShowUI* - GP path: *Windows Components/Windows Error Reporting* @@ -202,7 +202,7 @@ ADMX Info:
            -**ErrorReporting/DoNotSendAdditionalData** +**ErrorReporting/DoNotSendAdditionalData** @@ -237,7 +237,7 @@ If you disable or don't configure this policy setting, then consent policy setti -ADMX Info: +ADMX Info: - GP Friendly name: *Do not send additional data* - GP name: *WerNoSecondLevelData_2* - GP path: *Windows Components/Windows Error Reporting* @@ -249,7 +249,7 @@ ADMX Info:
            -**ErrorReporting/PreventCriticalErrorDisplay** +**ErrorReporting/PreventCriticalErrorDisplay** @@ -284,7 +284,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting d -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent display of the user interface for critical errors* - GP name: *WerDoNotShowUI* - GP path: *Windows Components/Windows Error Reporting* diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index 3212b6504e..44732f7313 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## EventLogService policies +## EventLogService policies
            @@ -37,7 +37,7 @@ manager: aaroncz
            -**EventLogService/ControlEventLogBehavior** +**EventLogService/ControlEventLogBehavior** @@ -75,7 +75,7 @@ If you disable or don't configure this policy setting and a log file reaches its -ADMX Info: +ADMX Info: - GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size* - GP name: *Channel_Log_Retention_1* - GP path: *Windows Components/Event Log Service/Application* @@ -87,7 +87,7 @@ ADMX Info:
            -**EventLogService/SpecifyMaximumFileSizeApplicationLog** +**EventLogService/SpecifyMaximumFileSizeApplicationLog** @@ -122,7 +122,7 @@ If you disable or don't configure this policy setting, the maximum size of the l -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_1* - GP path: *Windows Components/Event Log Service/Application* @@ -134,7 +134,7 @@ ADMX Info:
            -**EventLogService/SpecifyMaximumFileSizeSecurityLog** +**EventLogService/SpecifyMaximumFileSizeSecurityLog** @@ -169,7 +169,7 @@ If you disable or don't configure this policy setting, the maximum size of the l -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_2* - GP path: *Windows Components/Event Log Service/Security* @@ -181,7 +181,7 @@ ADMX Info:
            -**EventLogService/SpecifyMaximumFileSizeSystemLog** +**EventLogService/SpecifyMaximumFileSizeSystemLog** @@ -216,7 +216,7 @@ If you disable or don't configure this policy setting, the maximum size of the l -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_4* - GP path: *Windows Components/Event Log Service/System* diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index baeea5bf25..b49e98aa9f 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 11/02/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Experience policies +## Experience policies
            @@ -103,7 +103,7 @@ manager: aaroncz
            -**Experience/AllowClipboardHistory** +**Experience/AllowClipboardHistory** @@ -137,7 +137,7 @@ Supported value type is integer. Supported values are: -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Clipboard History* - GP name: *AllowClipboardHistory* - GP path: *System/OS Policies* @@ -165,7 +165,7 @@ ADMX Info:
            -**Experience/AllowCortana** +**Experience/AllowCortana** @@ -197,7 +197,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Cortana* - GP name: *AllowCortana* - GP path: *Windows Components/Search* @@ -216,7 +216,7 @@ The following list shows the supported values:
            -**Experience/AllowDeviceDiscovery** +**Experience/AllowDeviceDiscovery** @@ -261,7 +261,7 @@ The following list shows the supported values:
            -**Experience/AllowFindMyDevice** +**Experience/AllowFindMyDevice** @@ -295,7 +295,7 @@ When Find My Device is off, the device and its location aren't registered, and t -ADMX Info: +ADMX Info: - GP Friendly name: *Turn On/Off Find My Device* - GP name: *FindMy_AllowFindMyDeviceConfig* - GP path: *Windows Components/Find My Device* @@ -314,7 +314,7 @@ The following list shows the supported values:
            -**Experience/AllowManualMDMUnenrollment** +**Experience/AllowManualMDMUnenrollment** @@ -373,7 +373,7 @@ This policy is deprecated.
            -**Experience/AllowScreenCapture** +**Experience/AllowScreenCapture** @@ -411,7 +411,7 @@ Describe what values are supported in by this policy and meaning of each value i
            -**Experience/AllowSharingOfOfficeFiles** +**Experience/AllowSharingOfOfficeFiles** This policy is deprecated. @@ -420,7 +420,7 @@ This policy is deprecated. -**Experience/AllowSIMErrorDialogPromptWhenNoSIM** +**Experience/AllowSIMErrorDialogPromptWhenNoSIM** @@ -457,7 +457,7 @@ Describes what values are supported in by this policy and meaning of each value
            -**Experience/AllowSyncMySettings** +**Experience/AllowSyncMySettings** @@ -498,7 +498,7 @@ The following list shows the supported values:
            -**Experience/AllowSpotlightCollection** +**Experience/AllowSpotlightCollection** @@ -542,7 +542,7 @@ The following list shows the supported values:
            -**Experience/AllowTailoredExperiencesWithDiagnosticData** +**Experience/AllowTailoredExperiencesWithDiagnosticData** @@ -580,7 +580,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not use diagnostic data for tailored experiences* - GP name: *DisableTailoredExperiencesWithDiagnosticData* - GP path: *Windows Components/Cloud Content* @@ -599,7 +599,7 @@ The following list shows the supported values:
            -**Experience/AllowThirdPartySuggestionsInWindowsSpotlight** +**Experience/AllowThirdPartySuggestionsInWindowsSpotlight** @@ -632,7 +632,7 @@ Specifies whether to allow app and content suggestions from third-party software -ADMX Info: +ADMX Info: - GP Friendly name: *Do not suggest third-party content in Windows spotlight* - GP name: *DisableThirdPartySuggestions* - GP path: *Windows Components/Cloud Content* @@ -651,7 +651,7 @@ The following list shows the supported values:
            -**Experience/AllowWindowsConsumerFeatures** +**Experience/AllowWindowsConsumerFeatures** @@ -686,7 +686,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Microsoft consumer experiences* - GP name: *DisableWindowsConsumerFeatures* - GP path: *Windows Components/Cloud Content* @@ -705,7 +705,7 @@ The following list shows the supported values:
            -**Experience/AllowWindowsSpotlight** +**Experience/AllowWindowsSpotlight** @@ -740,7 +740,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off all Windows spotlight features* - GP name: *DisableWindowsSpotlightFeatures* - GP path: *Windows Components/Cloud Content* @@ -759,7 +759,7 @@ The following list shows the supported values:
            -**Experience/AllowWindowsSpotlightOnActionCenter** +**Experience/AllowWindowsSpotlightOnActionCenter** @@ -792,7 +792,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Spotlight on Action Center* - GP name: *DisableWindowsSpotlightOnActionCenter* - GP path: *Windows Components/Cloud Content* @@ -811,7 +811,7 @@ The following list shows the supported values:
            -**Experience/AllowWindowsSpotlightOnSettings** +**Experience/AllowWindowsSpotlightOnSettings** @@ -845,7 +845,7 @@ This policy allows IT admins to turn off Suggestions in Settings app. These sugg -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Windows Spotlight on Settings* - GP name: *DisableWindowsSpotlightOnSettings* - GP path: *Windows Components/Cloud Content* @@ -864,7 +864,7 @@ The following list shows the supported values:
            -**Experience/AllowWindowsSpotlightWindowsWelcomeExperience** +**Experience/AllowWindowsSpotlightWindowsWelcomeExperience** @@ -898,7 +898,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the Windows Welcome Experience* - GP name: *DisableWindowsSpotlightWindowsWelcomeExperience* - GP path: *Windows Components/Cloud Content* @@ -917,7 +917,7 @@ The following list shows the supported values:
            -**Experience/AllowWindowsTips** +**Experience/AllowWindowsTips** @@ -947,7 +947,7 @@ Enables or disables Windows Tips / soft landing. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not show Windows tips* - GP name: *DisableSoftLanding* - GP path: *Windows Components/Cloud Content* @@ -966,7 +966,7 @@ The following list shows the supported values:
            -**Experience/ConfigureChatIcon** +**Experience/ConfigureChatIcon** @@ -1010,7 +1010,7 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0, if not
            -**Experience/ConfigureWindowsSpotlightOnLockScreen** +**Experience/ConfigureWindowsSpotlightOnLockScreen** @@ -1043,7 +1043,7 @@ Allows IT admins to specify, whether spotlight should be used on the user's lock -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Windows spotlight on lock screen* - GP name: *ConfigureWindowsSpotlight* - GP path: *Windows Components/Cloud Content* @@ -1061,7 +1061,7 @@ The following list shows the supported values: -**Experience/DisableCloudOptimizedContent** +**Experience/DisableCloudOptimizedContent** @@ -1095,7 +1095,7 @@ If you disable or don't configure this policy setting, Windows experiences will -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off cloud optimized content* - GP name: *DisableCloudOptimizedContent* - GP path: *Windows Components/Cloud Content* @@ -1114,7 +1114,7 @@ The following list shows the supported values:
            -**Experience/DoNotShowFeedbackNotifications** +**Experience/DoNotShowFeedbackNotifications** @@ -1148,7 +1148,7 @@ If you disable or don't configure this policy setting, users can control how oft -ADMX Info: +ADMX Info: - GP Friendly name: *Do not show feedback notifications* - GP name: *DoNotShowFeedbackNotifications* - GP path: *Data Collection and Preview Builds* @@ -1167,7 +1167,7 @@ The following list shows the supported values:
            -**Experience/DoNotSyncBrowserSettings** +**Experience/DoNotSyncBrowserSettings** @@ -1200,7 +1200,7 @@ Related policy: -ADMX Info: +ADMX Info: - GP Friendly name: *Do not sync browser settings* - GP name: *DisableWebBrowserSettingSync* - GP path: *Windows Components/Sync your settings* @@ -1241,7 +1241,7 @@ _**Turn syncing off by default but don’t disable**_ -**Experience/PreventUsersFromTurningOnBrowserSyncing** +**Experience/PreventUsersFromTurningOnBrowserSyncing** @@ -1275,7 +1275,7 @@ Related policy: -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent users from turning on browser syncing* - GP name: *PreventUsersFromTurningOnBrowserSyncing* - GP path: *Windows Components/Sync your settings* @@ -1319,7 +1319,7 @@ Validation procedure:
            -**Experience/ShowLockOnUserTile** +**Experience/ShowLockOnUserTile** @@ -1356,7 +1356,7 @@ If you don't configure this policy setting, the lock option is shown in the User -ADMX Info: +ADMX Info: - GP Friendly name: *Show lock in the user tile menu* - GP name: *ShowLockOption* - GP path: *File Explorer* @@ -1364,7 +1364,7 @@ ADMX Info: -Supported values: +Supported values: - false - The lock option isn't displayed in the User Tile menu. - true (default) - The lock option is displayed in the User Tile menu. diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index c187c4bbef..6153aac0a4 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## ExploitGuard policies +## ExploitGuard policies
            @@ -28,7 +28,7 @@ manager: aaroncz
            -**ExploitGuard/ExploitProtectionSettings** +**ExploitGuard/ExploitProtectionSettings** @@ -60,7 +60,7 @@ The system settings require a reboot; the application settings do not require a -ADMX Info: +ADMX Info: - GP Friendly name: *Use a common set of exploit protection settings* - GP name: *ExploitProtection_Name* - GP element: *ExploitProtection_Name* diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md index 281f12f579..202470f2e2 100644 --- a/windows/client-management/mdm/policy-csp-feeds.md +++ b/windows/client-management/mdm/policy-csp-feeds.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/17/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Feeds policies +## Feeds policies
            @@ -28,7 +28,7 @@ manager: aaroncz
            -**Feeds/FeedsEnabled** +**Feeds/FeedsEnabled** @@ -65,7 +65,7 @@ The values for this policy are 1 and 0. This policy defaults to 1. -ADMX Info: +ADMX Info: - GP Friendly name: *Enable news and interests on the taskbar* - GP name: *FeedsEnabled* - GP path: *Windows Components\News and interests* diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index be7a776997..a29f7ef42e 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -8,24 +8,24 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - FileExplorer > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -## FileExplorer policies +## FileExplorer policies
            @@ -56,7 +56,7 @@ manager: aaroncz
            -**FileExplorer/AllowOptionToShowNetwork** +**FileExplorer/AllowOptionToShowNetwork** @@ -96,7 +96,7 @@ The following list shows the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Allow the user the option to show Network folder when restricted* - GP name: *AllowOptionToShowNetwork* - GP path: *File Explorer* @@ -108,7 +108,7 @@ ADMX Info:
            -**FileExplorer/AllowOptionToShowThisPC** +**FileExplorer/AllowOptionToShowThisPC** @@ -148,7 +148,7 @@ The following list shows the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Allow the user the option to show Network folder when restricted* - GP name: *AllowOptionToShowThisPC* - GP path: *File Explorer* @@ -160,7 +160,7 @@ ADMX Info:
            -**FileExplorer/TurnOffDataExecutionPreventionForExplorer** +**FileExplorer/TurnOffDataExecutionPreventionForExplorer** @@ -191,7 +191,7 @@ Disabling data execution prevention can allow certain legacy plug-in application -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Data Execution Prevention for Explorer* - GP name: *NoDataExecutionPrevention* - GP path: *File Explorer* @@ -203,7 +203,7 @@ ADMX Info:
            -**FileExplorer/TurnOffHeapTerminationOnCorruption** +**FileExplorer/TurnOffHeapTerminationOnCorruption** @@ -234,7 +234,7 @@ Disabling heap termination on corruption can allow certain legacy plug-in applic -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off heap termination on corruption* - GP name: *NoHeapTerminationOnCorruption* - GP path: *File Explorer* @@ -245,7 +245,7 @@ ADMX Info:
            -**FileExplorer/SetAllowedFolderLocations** +**FileExplorer/SetAllowedFolderLocations** @@ -289,7 +289,7 @@ The following list shows the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure which folders the user can enumerate and access to in File Explorer* - GP name: *SetAllowedFolderLocations* - GP path: *File Explorer* @@ -301,7 +301,7 @@ ADMX Info:
            -**FileExplorer/SetAllowedStorageLocations** +**FileExplorer/SetAllowedStorageLocations** @@ -344,7 +344,7 @@ The following list shows the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure which folders the user can enumerate and access to in File Explorer* - GP name: *SetAllowedStorageLocations* - GP path: *File Explorer* @@ -356,7 +356,7 @@ ADMX Info:
            -**FileExplorer/DisableGraphRecentItems** +**FileExplorer/DisableGraphRecentItems** @@ -397,7 +397,7 @@ The following list shows the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off files from Office.com in Quick access view* - GP name: *DisableGraphRecentItems* - GP path: *File Explorer* diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 16a07d2e71..05806d474a 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Games policies +## Games policies
            @@ -28,7 +28,7 @@ manager: aaroncz
            -**Games/AllowAdvancedGamingServices** +**Games/AllowAdvancedGamingServices** @@ -54,7 +54,7 @@ manager: aaroncz -Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. +Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Supported value type is integer. diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index 3146be4db8..c696d4a83f 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Handwriting policies +## Handwriting policies
            @@ -28,7 +28,7 @@ manager: aaroncz
            -**Handwriting/PanelDefaultModeDocked** +**Handwriting/PanelDefaultModeDocked** @@ -64,7 +64,7 @@ The docked mode is especially useful in Kiosk mode, where you don't expect the e -ADMX Info: +ADMX Info: - GP Friendly name: *Handwriting Panel Default Mode Docked* - GP name: *PanelDefaultModeDocked* - GP path: *Windows Components/Handwriting* diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md index d1a49971c5..3edb7515e1 100644 --- a/windows/client-management/mdm/policy-csp-humanpresence.md +++ b/windows/client-management/mdm/policy-csp-humanpresence.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## HumanPresence policies +## HumanPresence policies
            @@ -37,7 +37,7 @@ manager: aaroncz
            -**HumanPresence/ForceInstantDim** +**HumanPresence/ForceInstantDim** @@ -66,7 +66,7 @@ This feature dims the screen based on user attention. This is a power saving fea -ADMX Info: +ADMX Info: - GP Friendly name: *Force Instant Dim* - GP name: *ForceInstantDim* - GP path: *Windows Components/Human Presence* @@ -87,7 +87,7 @@ The following list shows the supported values:
            -**HumanPresence/ForceInstantLock** +**HumanPresence/ForceInstantLock** @@ -117,7 +117,7 @@ This policy specifies, whether the device can lock when a human presence sensor -ADMX Info: +ADMX Info: - GP Friendly name: *Implements wake on approach and lock on leave that can be managed from MDM* - GP name: *ForceInstantLock* - GP path: *Windows Components/HumanPresence* @@ -137,7 +137,7 @@ The following list shows the supported values:
            -**HumanPresence/ForceInstantWake** +**HumanPresence/ForceInstantWake** @@ -167,7 +167,7 @@ This policy specifies, whether the device can lock when a human presence sensor -ADMX Info: +ADMX Info: - GP Friendly name: *Implements wake on approach and lock on leave that can be managed from MDM* - GP name: *ForceInstantWake* - GP path: *Windows Components/HumanPresence* @@ -187,7 +187,7 @@ The following list shows the supported values:
            -**HumanPresence/ForceLockTimeout** +**HumanPresence/ForceLockTimeout** @@ -217,7 +217,7 @@ This policy specifies, at what distance the sensor wakes up when it sees a human -ADMX Info: +ADMX Info: - GP Friendly name: *Implements wake on approach and lock on leave that can be managed from MDM* - GP name: *ForceLockTimeout* - GP path: *Windows Components/HumanPresence* diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index c92b313661..aa01d3410e 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -16,7 +16,7 @@ manager: aaroncz
            -## InternetExplorer policies +## InternetExplorer policies
            @@ -114,8 +114,8 @@ manager: aaroncz
            - InternetExplorer/ConfigureEdgeRedirectChannel + InternetExplorer/ConfigureEdgeRedirectChannel
            InternetExplorer/DisableActiveXVersionListAutoDownload @@ -373,7 +373,7 @@ manager: aaroncz InternetExplorer/IntranetZoneNavigateWindowsAndFrames
            - InternetExplorer/KeepIntranetSitesInInternetExplorer + InternetExplorer/KeepIntranetSitesInInternetExplorer
            InternetExplorer/LocalMachineZoneAllowAccessToDataSources @@ -810,16 +810,16 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -**InternetExplorer/AddSearchProvider** +**InternetExplorer/AddSearchProvider** @@ -848,7 +848,7 @@ manager: aaroncz This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, search providers can be added from third-party toolbars or in Setup. The user can also add a search provider from the provider's website. -If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). +If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). > [!NOTE] > This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers. @@ -858,7 +858,7 @@ If you disable or do not configure this policy setting, the user can configure t -ADMX Info: +ADMX Info: - GP Friendly name: *Add a specific list of search providers to the user's list of search providers* - GP name: *AddSearchProvider* - GP path: *Windows Components/Internet Explorer* @@ -870,7 +870,7 @@ ADMX Info:
            -**InternetExplorer/AllowActiveXFiltering** +**InternetExplorer/AllowActiveXFiltering** @@ -906,7 +906,7 @@ If you disable or do not configure this policy setting, ActiveX Filtering is not -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on ActiveX Filtering* - GP name: *TurnOnActiveXFiltering* - GP path: *Windows Components/Internet Explorer* @@ -918,7 +918,7 @@ ADMX Info:
            -**InternetExplorer/AllowAddOnList** +**InternetExplorer/AllowAddOnList** @@ -960,7 +960,7 @@ If you disable this policy setting, the list is deleted. The 'Deny all add-ons u -ADMX Info: +ADMX Info: - GP Friendly name: *Add-on List* - GP name: *AddonManagement_AddOnList* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* @@ -972,7 +972,7 @@ ADMX Info:
            -**InternetExplorer/AllowAutoComplete** +**InternetExplorer/AllowAutoComplete** @@ -1009,7 +1009,7 @@ If you do not configure this setting, the user has the freedom of turning on Aut -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on the auto-complete feature for user names and passwords on forms* - GP name: *RestrictFormSuggestPW* - GP path: *Windows Components/Internet Explorer* @@ -1021,7 +1021,7 @@ ADMX Info:
            -**InternetExplorer/AllowCertificateAddressMismatchWarning** +**InternetExplorer/AllowCertificateAddressMismatchWarning** @@ -1057,7 +1057,7 @@ If you disable or do not configure this policy setting, the user can choose whet -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on certificate address mismatch warning* - GP name: *IZ_PolicyWarnCertMismatch* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -1069,7 +1069,7 @@ ADMX Info:
            -**InternetExplorer/AllowDeletingBrowsingHistoryOnExit** +**InternetExplorer/AllowDeletingBrowsingHistoryOnExit** @@ -1109,7 +1109,7 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th -ADMX Info: +ADMX Info: - GP Friendly name: *Allow deleting browsing history on exit* - GP name: *DBHDisableDeleteOnExit* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* @@ -1121,7 +1121,7 @@ ADMX Info:
            -**InternetExplorer/AllowEnhancedProtectedMode** +**InternetExplorer/AllowEnhancedProtectedMode** @@ -1159,7 +1159,7 @@ If you do not configure this policy, users will be able to turn on or turn off E -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Enhanced Protected Mode* - GP name: *Advanced_EnableEnhancedProtectedMode* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* @@ -1171,7 +1171,7 @@ ADMX Info:
            -**InternetExplorer/AllowEnhancedSuggestionsInAddressBar** +**InternetExplorer/AllowEnhancedSuggestionsInAddressBar** @@ -1209,7 +1209,7 @@ If you do not configure this policy setting, users can change the Suggestions se -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar* - GP name: *AllowServicePoweredQSA* - GP path: *Windows Components/Internet Explorer* @@ -1232,7 +1232,7 @@ Supported values:
            -**InternetExplorer/AllowEnterpriseModeFromToolsMenu** +**InternetExplorer/AllowEnterpriseModeFromToolsMenu** @@ -1268,7 +1268,7 @@ If you disable or don't configure this policy setting, the menu option won't app -ADMX Info: +ADMX Info: - GP Friendly name: *Let users turn on and use Enterprise Mode from the Tools menu* - GP name: *EnterpriseModeEnable* - GP path: *Windows Components/Internet Explorer* @@ -1280,7 +1280,7 @@ ADMX Info:
            -**InternetExplorer/AllowEnterpriseModeSiteList** +**InternetExplorer/AllowEnterpriseModeSiteList** @@ -1316,7 +1316,7 @@ If you disable or don't configure this policy setting, Internet Explorer opens a -ADMX Info: +ADMX Info: - GP Friendly name: *Use the Enterprise Mode IE website list* - GP name: *EnterpriseModeSiteList* - GP path: *Windows Components/Internet Explorer* @@ -1328,7 +1328,7 @@ ADMX Info:
            -**InternetExplorer/AllowFallbackToSSL3** +**InternetExplorer/AllowFallbackToSSL3** @@ -1365,7 +1365,7 @@ If you disable this policy, system defaults will be used. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow fallback to SSL 3.0 (Internet Explorer)* - GP name: *Advanced_EnableSSL3Fallback* - GP path: *Windows Components/Internet Explorer/Security Features* @@ -1377,7 +1377,7 @@ ADMX Info:
            -**InternetExplorer/AllowInternetExplorer7PolicyList** +**InternetExplorer/AllowInternetExplorer7PolicyList** @@ -1413,7 +1413,7 @@ If you disable or do not configure this policy setting, the user can add and rem -ADMX Info: +ADMX Info: - GP Friendly name: *Use Policy List of Internet Explorer 7 sites* - GP name: *CompatView_UsePolicyList* - GP path: *Windows Components/Internet Explorer/Compatibility View* @@ -1425,7 +1425,7 @@ ADMX Info:
            -**InternetExplorer/AllowInternetExplorerStandardsMode** +**InternetExplorer/AllowInternetExplorerStandardsMode** @@ -1463,7 +1463,7 @@ If you do not configure this policy setting, Internet Explorer uses an Internet -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Internet Explorer Standards Mode for local intranet* - GP name: *CompatView_IntranetSites* - GP path: *Windows Components/Internet Explorer/Compatibility View* @@ -1475,7 +1475,7 @@ ADMX Info:
            -**InternetExplorer/AllowInternetZoneTemplate** +**InternetExplorer/AllowInternetZoneTemplate** @@ -1519,7 +1519,7 @@ If you do not configure this template policy setting, no security level is confi -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Zone Template* - GP name: *IZ_PolicyInternetZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -1531,7 +1531,7 @@ ADMX Info:
            -**InternetExplorer/AllowIntranetZoneTemplate** +**InternetExplorer/AllowIntranetZoneTemplate** @@ -1575,7 +1575,7 @@ If you do not configure this template policy setting, no security level is confi -ADMX Info: +ADMX Info: - GP Friendly name: *Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -1587,7 +1587,7 @@ ADMX Info:
            -**InternetExplorer/AllowLocalMachineZoneTemplate** +**InternetExplorer/AllowLocalMachineZoneTemplate** @@ -1631,7 +1631,7 @@ If you do not configure this template policy setting, no security level is confi -ADMX Info: +ADMX Info: - GP Friendly name: *Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -1643,7 +1643,7 @@ ADMX Info:
            -**InternetExplorer/AllowLockedDownInternetZoneTemplate** +**InternetExplorer/AllowLockedDownInternetZoneTemplate** @@ -1687,7 +1687,7 @@ If you do not configure this template policy setting, no security level is confi -ADMX Info: +ADMX Info: - GP Friendly name: *Locked-Down Internet Zone Template* - GP name: *IZ_PolicyInternetZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -1699,7 +1699,7 @@ ADMX Info:
            -**InternetExplorer/AllowLockedDownIntranetZoneTemplate** +**InternetExplorer/AllowLockedDownIntranetZoneTemplate** @@ -1743,7 +1743,7 @@ If you do not configure this template policy setting, no security level is confi -ADMX Info: +ADMX Info: - GP Friendly name: *Locked-Down Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -1755,7 +1755,7 @@ ADMX Info:
            -**InternetExplorer/AllowLockedDownLocalMachineZoneTemplate** +**InternetExplorer/AllowLockedDownLocalMachineZoneTemplate** @@ -1799,7 +1799,7 @@ If you do not configure this template policy setting, no security level is confi -ADMX Info: +ADMX Info: - GP Friendly name: *Locked-Down Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -1811,7 +1811,7 @@ ADMX Info:
            -**InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate** +**InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate** @@ -1855,7 +1855,7 @@ If you do not configure this template policy setting, no security level is confi -ADMX Info: +ADMX Info: - GP Friendly name: *Locked-Down Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -1867,7 +1867,7 @@ ADMX Info:
            -**InternetExplorer/AllowOneWordEntry** +**InternetExplorer/AllowOneWordEntry** @@ -1903,7 +1903,7 @@ If you disable or do not configure this policy setting, Internet Explorer does n -ADMX Info: +ADMX Info: - GP Friendly name: *Go to an intranet site for a one-word entry in the Address bar* - GP name: *UseIntranetSiteForOneWordEntry* - GP path: *Windows Components/Internet Explorer/Internet Settings/Advanced settings/Browsing* @@ -1915,7 +1915,7 @@ ADMX Info:
            -**InternetExplorer/AllowSaveTargetAsInIEMode** +**InternetExplorer/AllowSaveTargetAsInIEMode** @@ -1952,7 +1952,7 @@ For more information, see [https://go.microsoft.com/fwlink/?linkid=2102115](/dep -ADMX Info: +ADMX Info: - GP Friendly name: *Allow "Save Target As" in Internet Explorer mode* - GP name: *AllowSaveTargetAsInIEMode* - GP path: *Windows Components/Internet Explorer* @@ -1974,7 +1974,7 @@ ADMX Info: ``` -**InternetExplorer/AllowSiteToZoneAssignmentList** +**InternetExplorer/AllowSiteToZoneAssignmentList** @@ -2003,9 +2003,9 @@ ADMX Info: This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone. -Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: +Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: 1. Intranet zone -1. Trusted Sites zone +1. Trusted Sites zone 1. Internet zone 1. Restricted Sites zone @@ -2027,7 +2027,7 @@ The list is a set of pairs of strings. Each string is separated by F000. Each pa -ADMX Info: +ADMX Info: - GP Friendly name: *Site to Zone Assignment List* - GP name: *IZ_Zonemaps* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -2054,7 +2054,7 @@ ADMX Info: ``` -Value and index pairs in the SyncML example: +Value and index pairs in the SyncML example: - `https://adfs.contoso.org 1` - `https://microsoft.com 2` @@ -2064,7 +2064,7 @@ Value and index pairs in the SyncML example:
            -**InternetExplorer/AllowSoftwareWhenSignatureIsInvalid** +**InternetExplorer/AllowSoftwareWhenSignatureIsInvalid** @@ -2102,7 +2102,7 @@ If you do not configure this policy, users can choose to run or install files wi -ADMX Info: +ADMX Info: - GP Friendly name: *Allow software to run or install even if the signature is invalid* - GP name: *Advanced_InvalidSignatureBlock* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* @@ -2114,7 +2114,7 @@ ADMX Info:
            -**InternetExplorer/AllowSuggestedSites** +**InternetExplorer/AllowSuggestedSites** @@ -2152,7 +2152,7 @@ If you do not configure this policy setting, the user can turn on and turn off t -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Suggested Sites* - GP name: *EnableSuggestedSites* - GP path: *Windows Components/Internet Explorer* @@ -2164,7 +2164,7 @@ ADMX Info:
            -**InternetExplorer/AllowTrustedSitesZoneTemplate** +**InternetExplorer/AllowTrustedSitesZoneTemplate** @@ -2208,7 +2208,7 @@ If you do not configure this template policy setting, no security level is confi -ADMX Info: +ADMX Info: - GP Friendly name: *Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -2220,7 +2220,7 @@ ADMX Info:
            -**InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate** +**InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate** @@ -2264,7 +2264,7 @@ If you do not configure this template policy setting, no security level is confi -ADMX Info: +ADMX Info: - GP Friendly name: *Locked-Down Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -2276,7 +2276,7 @@ ADMX Info:
            -**InternetExplorer/AllowsRestrictedSitesZoneTemplate** +**InternetExplorer/AllowsRestrictedSitesZoneTemplate** @@ -2320,7 +2320,7 @@ If you do not configure this template policy setting, no security level is confi -ADMX Info: +ADMX Info: - GP Friendly name: *Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -2332,7 +2332,7 @@ ADMX Info:
            -**InternetExplorer/CheckServerCertificateRevocation** +**InternetExplorer/CheckServerCertificateRevocation** @@ -2370,7 +2370,7 @@ If you do not configure this policy setting, Internet Explorer will not check se -ADMX Info: +ADMX Info: - GP Friendly name: *Check for server certificate revocation* - GP name: *Advanced_CertificateRevocation* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* @@ -2382,7 +2382,7 @@ ADMX Info:
            -**InternetExplorer/CheckSignaturesOnDownloadedPrograms** +**InternetExplorer/CheckSignaturesOnDownloadedPrograms** @@ -2420,7 +2420,7 @@ If you do not configure this policy, Internet Explorer will not check the digita -ADMX Info: +ADMX Info: - GP Friendly name: *Check for signatures on downloaded programs* - GP name: *Advanced_DownloadSignatures* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* @@ -2431,7 +2431,7 @@ ADMX Info:
            -**InternetExplorer/ConfigureEdgeRedirectChannel** +**InternetExplorer/ConfigureEdgeRedirectChannel** @@ -2487,7 +2487,7 @@ If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge -ADMX Info: +ADMX Info: - GP Friendly name: *Configure which channel of Microsoft Edge to use for opening redirected sites* - GP name: *NeedEdgeBrowser* - GP path: *Windows Components/Internet Explorer* @@ -2701,7 +2701,7 @@ ADMX Info: ``` -**InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses** +**InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses** @@ -2741,7 +2741,7 @@ If you do not configure this policy setting, Internet Explorer requires consiste -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_5* - GP path: *Windows Components/Internet Explorer/Security Features/Consistent Mime Handling* @@ -2753,7 +2753,7 @@ ADMX Info:
            -**InternetExplorer/DisableActiveXVersionListAutoDownload** +**InternetExplorer/DisableActiveXVersionListAutoDownload** @@ -2789,7 +2789,7 @@ If you disable or do not configure this setting, IE continues to download update -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off automatic download of the ActiveX VersionList* - GP name: *VersionListAutomaticDownloadDisable* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* @@ -2797,7 +2797,7 @@ ADMX Info: -Supported values: +Supported values: - 0 - Enabled - 1 - Disabled (Default) @@ -2812,7 +2812,7 @@ Supported values:
            -**InternetExplorer/DisableAdobeFlash** +**InternetExplorer/DisableAdobeFlash** @@ -2850,7 +2850,7 @@ Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects* - GP name: *DisableFlashInIE* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* @@ -2862,7 +2862,7 @@ ADMX Info:
            -**InternetExplorer/DisableBypassOfSmartScreenWarnings** +**InternetExplorer/DisableBypassOfSmartScreenWarnings** @@ -2898,7 +2898,7 @@ If you disable or do not configure this policy setting, the user can bypass Wind -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent bypassing SmartScreen Filter warnings* - GP name: *DisableSafetyFilterOverride* - GP path: *Windows Components/Internet Explorer* @@ -2910,7 +2910,7 @@ ADMX Info:
            -**InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles** +**InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles** @@ -2946,7 +2946,7 @@ If you disable or do not configure this policy setting, the user can bypass Wind -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet* - GP name: *DisableSafetyFilterOverrideForAppRepUnknown* - GP path: *Windows Components/Internet Explorer* @@ -2958,7 +2958,7 @@ ADMX Info:
            -**InternetExplorer/DisableCompatView** +**InternetExplorer/DisableCompatView** @@ -2994,7 +2994,7 @@ If you disable or do not configure this policy setting, the user can use the Com -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Compatibility View* - GP name: *CompatView_DisableList* - GP path: *Windows Components/Internet Explorer/Compatibility View* @@ -3002,7 +3002,7 @@ ADMX Info: -Supported values: +Supported values: - 0 - Disabled (Default) - 1 - Enabled @@ -3017,7 +3017,7 @@ Supported values:
            -**InternetExplorer/DisableConfiguringHistory** +**InternetExplorer/DisableConfiguringHistory** @@ -3056,7 +3056,7 @@ If you disable or do not configure this policy setting, a user can set the numbe -ADMX Info: +ADMX Info: - GP Friendly name: *Disable "Configuring History"* - GP name: *RestrictHistory* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* @@ -3068,7 +3068,7 @@ ADMX Info:
            -**InternetExplorer/DisableCrashDetection** +**InternetExplorer/DisableCrashDetection** @@ -3104,7 +3104,7 @@ If you disable or do not configure this policy setting, the crash detection feat -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Crash Detection* - GP name: *AddonManagement_RestrictCrashDetection* - GP path: *Windows Components/Internet Explorer* @@ -3116,7 +3116,7 @@ ADMX Info:
            -**InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation** +**InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation** @@ -3154,7 +3154,7 @@ If you do not configure this policy setting, the user can choose to participate -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent participation in the Customer Experience Improvement Program* - GP name: *SQM_DisableCEIP* - GP path: *Windows Components/Internet Explorer* @@ -3166,7 +3166,7 @@ ADMX Info:
            -**InternetExplorer/DisableDeletingUserVisitedWebsites** +**InternetExplorer/DisableDeletingUserVisitedWebsites** @@ -3206,7 +3206,7 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent deleting websites that the user has visited* - GP name: *DBHDisableDeleteHistory* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* @@ -3218,7 +3218,7 @@ ADMX Info:
            -**InternetExplorer/DisableEnclosureDownloading** +**InternetExplorer/DisableEnclosureDownloading** @@ -3254,7 +3254,7 @@ If you disable or do not configure this policy setting, the user can set the Fee -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent downloading of enclosures* - GP name: *Disable_Downloading_of_Enclosures* - GP path: *Windows Components/RSS Feeds* @@ -3266,7 +3266,7 @@ ADMX Info:
            -**InternetExplorer/DisableEncryptionSupport** +**InternetExplorer/DisableEncryptionSupport** @@ -3305,7 +3305,7 @@ If you disable or do not configure this policy setting, the user can select whic -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off encryption support* - GP name: *Advanced_SetWinInetProtocols* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* @@ -3317,7 +3317,7 @@ ADMX Info:
            -**InternetExplorer/DisableFeedsBackgroundSync** +**InternetExplorer/DisableFeedsBackgroundSync** @@ -3353,7 +3353,7 @@ If you disable or do not configure this policy setting, the user can synchronize -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off background synchronization for feeds and Web Slices* - GP name: *Disable_Background_Syncing* - GP path: *Windows Components/RSS Feeds* @@ -3361,7 +3361,7 @@ ADMX Info: -Supported values: +Supported values: - 0 - Enabled (Default) - 1 - Disabled @@ -3376,7 +3376,7 @@ Supported values:
            -**InternetExplorer/DisableFirstRunWizard** +**InternetExplorer/DisableFirstRunWizard** @@ -3416,7 +3416,7 @@ If you disable or do not configure this policy setting, Internet Explorer may ru -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent running First Run wizard* - GP name: *NoFirstRunCustomise* - GP path: *Windows Components/Internet Explorer* @@ -3428,7 +3428,7 @@ ADMX Info:
            -**InternetExplorer/DisableFlipAheadFeature** +**InternetExplorer/DisableFlipAheadFeature** @@ -3468,7 +3468,7 @@ If you don't configure this setting, users can turn this behavior on or off, usi -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the flip ahead with page prediction feature* - GP name: *Advanced_DisableFlipAhead* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* @@ -3480,7 +3480,7 @@ ADMX Info:
            -**InternetExplorer/DisableGeolocation** +**InternetExplorer/DisableGeolocation** @@ -3518,7 +3518,7 @@ If you do not configure this policy setting, browser geolocation support can be -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off browser geolocation* - GP name: *GeolocationDisable* - GP path: *Windows Components/Internet Explorer* @@ -3526,7 +3526,7 @@ ADMX Info: -Supported values: +Supported values: - 0 - Disabled (Default) - 1 - Enabled @@ -3541,7 +3541,7 @@ Supported values:
            -**InternetExplorer/DisableHomePageChange** +**InternetExplorer/DisableHomePageChange** @@ -3576,7 +3576,7 @@ If you disable or do not configure this policy setting, the Home page box is ena -ADMX Info: +ADMX Info: - GP Friendly name: *Disable changing home page settings* - GP name: *RestrictHomePage* - GP path: *Windows Components/Internet Explorer* @@ -3586,7 +3586,7 @@ ADMX Info: -**InternetExplorer/DisableInternetExplorerApp** +**InternetExplorer/DisableInternetExplorerApp** @@ -3629,7 +3629,7 @@ If you disable, or do not configure this policy, all sites are opened using the -ADMX Info: +ADMX Info: - GP Friendly name: *Disable Internet Explorer 11 as a standalone browser* - GP name: *DisableInternetExplorerApp* - GP path: *Windows Components/Internet Explorer* @@ -3659,7 +3659,7 @@ ADMX Info: ``` -**InternetExplorer/DisableIgnoringCertificateErrors** +**InternetExplorer/DisableIgnoringCertificateErrors** @@ -3695,7 +3695,7 @@ If you disable or do not configure this policy setting, the user can choose to i -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent ignoring certificate errors* - GP name: *NoCertError* - GP path: *Windows Components/Internet Explorer/Internet Control Panel* @@ -3707,7 +3707,7 @@ ADMX Info:
            -**InternetExplorer/DisableInPrivateBrowsing** +**InternetExplorer/DisableInPrivateBrowsing** @@ -3747,7 +3747,7 @@ If you do not configure this policy setting, InPrivate Browsing can be turned on -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off InPrivate Browsing* - GP name: *DisableInPrivateBrowsing* - GP path: *Windows Components/Internet Explorer/Privacy* @@ -3759,7 +3759,7 @@ ADMX Info:
            -**InternetExplorer/DisableProcessesInEnhancedProtectedMode** +**InternetExplorer/DisableProcessesInEnhancedProtectedMode** @@ -3800,7 +3800,7 @@ If you don't configure this policy setting, users can turn this feature on or of -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows* - GP name: *Advanced_EnableEnhancedProtectedMode64Bit* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* @@ -3812,7 +3812,7 @@ ADMX Info:
            -**InternetExplorer/DisableProxyChange** +**InternetExplorer/DisableProxyChange** @@ -3848,7 +3848,7 @@ If you disable or do not configure this policy setting, the user can configure p -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changing proxy settings* - GP name: *RestrictProxy* - GP path: *Windows Components/Internet Explorer* @@ -3860,7 +3860,7 @@ ADMX Info:
            -**InternetExplorer/DisableSearchProviderChange** +**InternetExplorer/DisableSearchProviderChange** @@ -3896,7 +3896,7 @@ If you disable or do not configure this policy setting, the user can change the -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent changing the default search provider* - GP name: *NoSearchProvider* - GP path: *Windows Components/Internet Explorer* @@ -3908,7 +3908,7 @@ ADMX Info:
            -**InternetExplorer/DisableSecondaryHomePageChange** +**InternetExplorer/DisableSecondaryHomePageChange** @@ -3947,7 +3947,7 @@ If you disable or do not configure this policy setting, the user can add seconda -ADMX Info: +ADMX Info: - GP Friendly name: *Disable changing secondary home page settings* - GP name: *SecondaryHomePages* - GP path: *Windows Components/Internet Explorer* @@ -3959,7 +3959,7 @@ ADMX Info:
            -**InternetExplorer/DisableSecuritySettingsCheck** +**InternetExplorer/DisableSecuritySettingsCheck** @@ -3995,7 +3995,7 @@ If you disable or do not configure this policy setting, the feature is turned on -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the Security Settings Check feature* - GP name: *Disable_Security_Settings_Check* - GP path: *Windows Components/Internet Explorer* @@ -4007,7 +4007,7 @@ ADMX Info:
            -**InternetExplorer/DisableUpdateCheck** +**InternetExplorer/DisableUpdateCheck** @@ -4044,7 +4044,7 @@ This policy is intended to help the administrator maintain version control for I -ADMX Info: +ADMX Info: - GP Friendly name: *Disable Periodic Check for Internet Explorer software updates* - GP name: *NoUpdateCheck* - GP path: *Windows Components/Internet Explorer* @@ -4056,7 +4056,7 @@ ADMX Info:
            -**InternetExplorer/DisableWebAddressAutoComplete** +**InternetExplorer/DisableWebAddressAutoComplete** @@ -4094,7 +4094,7 @@ If you do not configure this policy setting, users can choose to turn the auto-c -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the auto-complete feature for web addresses* - GP name: *RestrictWebAddressSuggest* - GP path: *Windows Components/Internet Explorer* @@ -4102,7 +4102,7 @@ ADMX Info: -Supported values: +Supported values: - yes - Disabled (Default) - no - Enabled @@ -4117,7 +4117,7 @@ Supported values:
            -**InternetExplorer/DoNotAllowActiveXControlsInProtectedMode** +**InternetExplorer/DoNotAllowActiveXControlsInProtectedMode** @@ -4157,7 +4157,7 @@ If you disable or do not configure this policy setting, Internet Explorer notifi -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled* - GP name: *Advanced_DisableEPMCompat* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* @@ -4169,7 +4169,7 @@ ADMX Info:
            -**InternetExplorer/DoNotAllowUsersToAddSites** +**InternetExplorer/DoNotAllowUsersToAddSites** @@ -4211,7 +4211,7 @@ Also, see the "Security zones: Use only machine settings" policy. -ADMX Info: +ADMX Info: - GP Friendly name: *Security Zones: Do not allow users to add/delete sites* - GP name: *Security_zones_map_edit* - GP path: *Windows Components/Internet Explorer* @@ -4223,7 +4223,7 @@ ADMX Info:
            -**InternetExplorer/DoNotAllowUsersToChangePolicies** +**InternetExplorer/DoNotAllowUsersToChangePolicies** @@ -4265,7 +4265,7 @@ Also, see the "Security zones: Use only machine settings" policy. -ADMX Info: +ADMX Info: - GP Friendly name: *Security Zones: Do not allow users to change policies* - GP name: *Security_options_edit* - GP path: *Windows Components/Internet Explorer* @@ -4277,7 +4277,7 @@ ADMX Info:
            -**InternetExplorer/DoNotBlockOutdatedActiveXControls** +**InternetExplorer/DoNotBlockOutdatedActiveXControls** @@ -4315,7 +4315,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* - GP name: *VerMgmtDisable* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* @@ -4327,7 +4327,7 @@ ADMX Info:
            -**InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains** +**InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains** @@ -4369,7 +4369,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains* - GP name: *VerMgmtDomainAllowlist* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* @@ -4381,7 +4381,7 @@ ADMX Info:
            -**InternetExplorer/EnableExtendedIEModeHotkeys** +**InternetExplorer/EnableExtendedIEModeHotkeys** @@ -4423,7 +4423,7 @@ The following list shows the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Enable extended hot keys in Internet Explorer mode* - GP name: *EnableExtendedIEModeHotkeys* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* @@ -4435,7 +4435,7 @@ ADMX Info:
            -**InternetExplorer/EnableGlobalWindowListInIEMode** +**InternetExplorer/EnableGlobalWindowListInIEMode** @@ -4478,7 +4478,7 @@ The following list shows the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Enable global window list in Internet Explorer mode* - GP name: *EnableGlobalWindowListInIEMode* - GP path: *Windows Components/Internet Explorer/Main* @@ -4490,7 +4490,7 @@ ADMX Info:
            -**InternetExplorer/HideInternetExplorer11RetirementNotification** +**InternetExplorer/HideInternetExplorer11RetirementNotification** @@ -4532,7 +4532,7 @@ The following list shows the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Hide Internet Explorer 11 retirement notification* - GP name: *DisableIEAppDeprecationNotification* - GP path: *Windows Components/Internet Explorer/Main* @@ -4543,7 +4543,7 @@ ADMX Info:
            -**InternetExplorer/IncludeAllLocalSites** +**InternetExplorer/IncludeAllLocalSites** @@ -4581,7 +4581,7 @@ If you do not configure this policy setting, users choose whether to force local -ADMX Info: +ADMX Info: - GP Friendly name: *Intranet Sites: Include all local (intranet) sites not listed in other zones* - GP name: *IZ_IncludeUnspecifiedLocalSites* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -4593,7 +4593,7 @@ ADMX Info:
            -**InternetExplorer/IncludeAllNetworkPaths** +**InternetExplorer/IncludeAllNetworkPaths** @@ -4631,7 +4631,7 @@ If you do not configure this policy setting, users choose whether network paths -ADMX Info: +ADMX Info: - GP Friendly name: *Intranet Sites: Include all network paths (UNCs)* - GP name: *IZ_UNCAsIntranet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* @@ -4643,7 +4643,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowAccessToDataSources** +**InternetExplorer/InternetZoneAllowAccessToDataSources** @@ -4681,7 +4681,7 @@ If you do not configure this policy setting, users cannot load a page in the zon -ADMX Info: +ADMX Info: - GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -4693,7 +4693,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls** +**InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls** @@ -4731,7 +4731,7 @@ If you do not configure this policy setting, ActiveX control installations will -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -4743,7 +4743,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads** +**InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads** @@ -4779,7 +4779,7 @@ If you disable or do not configure this setting, file downloads that are not use -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -4791,7 +4791,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowCopyPasteViaScript** +**InternetExplorer/InternetZoneAllowCopyPasteViaScript** @@ -4831,7 +4831,7 @@ If you do not configure this policy setting, a script can perform a clipboard op -ADMX Info: +ADMX Info: - GP Friendly name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -4843,7 +4843,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles** +**InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles** @@ -4881,7 +4881,7 @@ If you do not configure this policy setting, users can drag files or copy and pa -ADMX Info: +ADMX Info: - GP Friendly name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -4893,7 +4893,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowFontDownloads** +**InternetExplorer/InternetZoneAllowFontDownloads** @@ -4931,7 +4931,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa -ADMX Info: +ADMX Info: - GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -4943,7 +4943,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowLessPrivilegedSites** +**InternetExplorer/InternetZoneAllowLessPrivilegedSites** @@ -4981,7 +4981,7 @@ If you do not configure this policy setting, Web sites from less privileged zone -ADMX Info: +ADMX Info: - GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -4993,7 +4993,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles** +**InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles** @@ -5031,7 +5031,7 @@ If you do not configure this policy setting, the user can decide whether to load -ADMX Info: +ADMX Info: - GP Friendly name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5043,7 +5043,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents** +**InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents** @@ -5081,7 +5081,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi -ADMX Info: +ADMX Info: - GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5093,7 +5093,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls** +**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls** @@ -5129,7 +5129,7 @@ If you disable this policy setting, the user does not see the per-site ActiveX p -ADMX Info: +ADMX Info: - GP Friendly name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5141,7 +5141,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** +**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** @@ -5177,7 +5177,7 @@ If you disable this policy setting, the TDC Active X control will run from all s -ADMX Info: +ADMX Info: - GP Friendly name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5189,7 +5189,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowScriptInitiatedWindows** +**InternetExplorer/InternetZoneAllowScriptInitiatedWindows** @@ -5227,7 +5227,7 @@ If you do not configure this policy setting, the possible harmful actions contai -ADMX Info: +ADMX Info: - GP Friendly name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5239,7 +5239,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls** +**InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls** @@ -5277,7 +5277,7 @@ If you do not configure this policy setting, the user can enable or disable scri -ADMX Info: +ADMX Info: - GP Friendly name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5289,7 +5289,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowScriptlets** +**InternetExplorer/InternetZoneAllowScriptlets** @@ -5327,7 +5327,7 @@ If you do not configure this policy setting, the user can enable or disable scri -ADMX Info: +ADMX Info: - GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5339,7 +5339,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowSmartScreenIE** +**InternetExplorer/InternetZoneAllowSmartScreenIE** @@ -5380,7 +5380,7 @@ If you do not configure this policy setting, the user can choose whether Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5392,7 +5392,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript** +**InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript** @@ -5428,7 +5428,7 @@ If you disable or do not configure this policy setting, script is not allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5440,7 +5440,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowUserDataPersistence** +**InternetExplorer/InternetZoneAllowUserDataPersistence** @@ -5478,7 +5478,7 @@ If you do not configure this policy setting, users can preserve information in t -ADMX Info: +ADMX Info: - GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5490,7 +5490,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer** +**InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer** @@ -5530,7 +5530,7 @@ If you do not configure or disable this policy setting, VBScript is prevented fr -ADMX Info: +ADMX Info: - GP Friendly name: *Allow VBScript to run in Internet Explorer* - GP name: *IZ_PolicyAllowVBScript_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5542,7 +5542,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls** +**InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -5580,7 +5580,7 @@ If you don't configure this policy setting, Internet Explorer always checks with -ADMX Info: +ADMX Info: - GP Friendly name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5592,7 +5592,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneDownloadSignedActiveXControls** +**InternetExplorer/InternetZoneDownloadSignedActiveXControls** @@ -5630,7 +5630,7 @@ If you do not configure this policy setting, users are queried whether to downlo -ADMX Info: +ADMX Info: - GP Friendly name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5642,7 +5642,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneDownloadUnsignedActiveXControls** +**InternetExplorer/InternetZoneDownloadUnsignedActiveXControls** @@ -5680,7 +5680,7 @@ If you do not configure this policy setting, users cannot run unsigned controls. -ADMX Info: +ADMX Info: - GP Friendly name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5692,7 +5692,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter** +**InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter** @@ -5728,7 +5728,7 @@ If you disable this policy setting, the XSS Filter is turned off for sites in th -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5740,7 +5740,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** +**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** @@ -5780,7 +5780,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no -ADMX Info: +ADMX Info: - GP Friendly name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5792,7 +5792,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** +**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** @@ -5832,7 +5832,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting -ADMX Info: +ADMX Info: - GP Friendly name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5844,7 +5844,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneEnableMIMESniffing** +**InternetExplorer/InternetZoneEnableMIMESniffing** @@ -5882,7 +5882,7 @@ If you do not configure this policy setting, the MIME Sniffing Safety Feature wi -ADMX Info: +ADMX Info: - GP Friendly name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5894,7 +5894,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneEnableProtectedMode** +**InternetExplorer/InternetZoneEnableProtectedMode** @@ -5932,7 +5932,7 @@ If you do not configure this policy setting, the user can turn on or turn off Pr -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5944,7 +5944,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer** +**InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer** @@ -5982,7 +5982,7 @@ If you do not configure this policy setting, the user can choose whether path in -ADMX Info: +ADMX Info: - GP Friendly name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -5994,7 +5994,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneInitializeAndScriptActiveXControls** +**InternetExplorer/InternetZoneInitializeAndScriptActiveXControls** @@ -6034,7 +6034,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad -ADMX Info: +ADMX Info: - GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -6046,7 +6046,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** +**InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** |Edition|Windows 10|Windows 11| @@ -6069,7 +6069,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneJavaPermissions** +**InternetExplorer/InternetZoneJavaPermissions** @@ -6113,7 +6113,7 @@ If you do not configure this policy setting, the permission is set to High Safet -ADMX Info: +ADMX Info: - GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -6125,7 +6125,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME** +**InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME** @@ -6163,7 +6163,7 @@ If you do not configure this policy setting, users are queried to choose whether -ADMX Info: +ADMX Info: - GP Friendly name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -6175,7 +6175,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneLogonOptions** +**InternetExplorer/InternetZoneLogonOptions** @@ -6221,7 +6221,7 @@ If you do not configure this policy setting, logon is set to Automatic logon onl -ADMX Info: +ADMX Info: - GP Friendly name: *Logon options* - GP name: *IZ_PolicyLogon_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -6233,7 +6233,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneNavigateWindowsAndFrames** +**InternetExplorer/InternetZoneNavigateWindowsAndFrames** @@ -6271,7 +6271,7 @@ If you do not configure this policy setting, users can open windows and frames f -ADMX Info: +ADMX Info: - GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -6283,7 +6283,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** +**InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** @@ -6321,7 +6321,7 @@ If you do not configure this policy setting, Internet Explorer will execute sign -ADMX Info: +ADMX Info: - GP Friendly name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -6333,7 +6333,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles** +**InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles** @@ -6371,7 +6371,7 @@ If you do not configure this policy setting, the user can configure how the comp -ADMX Info: +ADMX Info: - GP Friendly name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -6383,7 +6383,7 @@ ADMX Info:
            -**InternetExplorer/InternetZoneUsePopupBlocker** +**InternetExplorer/InternetZoneUsePopupBlocker** @@ -6421,7 +6421,7 @@ If you do not configure this policy setting, most unwanted pop-up windows are pr -ADMX Info: +ADMX Info: - GP Friendly name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* @@ -6433,7 +6433,7 @@ ADMX Info:
            -**InternetExplorer/IntranetZoneAllowAccessToDataSources** +**InternetExplorer/IntranetZoneAllowAccessToDataSources** @@ -6471,7 +6471,7 @@ If you do not configure this policy setting, users are queried to choose, whethe -ADMX Info: +ADMX Info: - GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* @@ -6483,7 +6483,7 @@ ADMX Info:
            -**InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls** +**InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls** @@ -6521,7 +6521,7 @@ If you do not configure this policy setting, users will receive a prompt when a -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* @@ -6533,7 +6533,7 @@ ADMX Info:
            -**InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads** +**InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads** @@ -6569,7 +6569,7 @@ If you disable or do not configure this setting, users will receive a file downl -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* @@ -6581,7 +6581,7 @@ ADMX Info:
            -**InternetExplorer/IntranetZoneAllowFontDownloads** +**InternetExplorer/IntranetZoneAllowFontDownloads** @@ -6619,7 +6619,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa -ADMX Info: +ADMX Info: - GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* @@ -6631,7 +6631,7 @@ ADMX Info:
            -**InternetExplorer/IntranetZoneAllowLessPrivilegedSites** +**InternetExplorer/IntranetZoneAllowLessPrivilegedSites** @@ -6669,7 +6669,7 @@ If you do not configure this policy setting, Web sites from less privileged zone -ADMX Info: +ADMX Info: - GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* @@ -6681,7 +6681,7 @@ ADMX Info:
            -**InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents** +**InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents** @@ -6719,7 +6719,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi -ADMX Info: +ADMX Info: - GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* @@ -6731,7 +6731,7 @@ ADMX Info:
            -**InternetExplorer/IntranetZoneAllowScriptlets** +**InternetExplorer/IntranetZoneAllowScriptlets** @@ -6769,7 +6769,7 @@ If you do not configure this policy setting, the user can enable or disable scri -ADMX Info: +ADMX Info: - GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* @@ -6781,7 +6781,7 @@ ADMX Info:
            -**InternetExplorer/IntranetZoneAllowSmartScreenIE** +**InternetExplorer/IntranetZoneAllowSmartScreenIE** @@ -6822,7 +6822,7 @@ If you do not configure this policy setting, the user can choose whether Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* @@ -6834,7 +6834,7 @@ ADMX Info:
            -**InternetExplorer/IntranetZoneAllowUserDataPersistence** +**InternetExplorer/IntranetZoneAllowUserDataPersistence** @@ -6872,7 +6872,7 @@ If you do not configure this policy setting, users can preserve information in t -ADMX Info: +ADMX Info: - GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* @@ -6884,7 +6884,7 @@ ADMX Info:
            -**InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls** +**InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -6922,7 +6922,7 @@ If you don't configure this policy setting, Internet Explorer won't check with y -ADMX Info: +ADMX Info: - GP Friendly name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* @@ -6934,7 +6934,7 @@ ADMX Info:
            -**InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls** +**InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls** @@ -6974,7 +6974,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad -ADMX Info: +ADMX Info: - GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* @@ -6986,7 +6986,7 @@ ADMX Info:
            -**InternetExplorer/IntranetZoneJavaPermissions** +**InternetExplorer/IntranetZoneJavaPermissions** @@ -7030,7 +7030,7 @@ If you do not configure this policy setting, the permission is set to Medium Saf -ADMX Info: +ADMX Info: - GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* @@ -7042,7 +7042,7 @@ ADMX Info:
            -**InternetExplorer/IntranetZoneNavigateWindowsAndFrames** +**InternetExplorer/IntranetZoneNavigateWindowsAndFrames** @@ -7080,7 +7080,7 @@ If you do not configure this policy setting, users can open windows and frames f -ADMX Info: +ADMX Info: - GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* @@ -7092,7 +7092,7 @@ ADMX Info:
            -**InternetExplorer/KeepIntranetSitesInInternetExplorer** +**InternetExplorer/KeepIntranetSitesInInternetExplorer** @@ -7138,7 +7138,7 @@ For more information on how to use this policy together with other related polic -ADMX Info: +ADMX Info: - GP Friendly name: *Keep all Intranet Sites in Internet Explorer* - GP name: *KeepIntranetSitesInInternetExplorer* - GP path: *Windows Components/Internet Explorer* @@ -7168,7 +7168,7 @@ ADMX Info: ``` -**InternetExplorer/LocalMachineZoneAllowAccessToDataSources** +**InternetExplorer/LocalMachineZoneAllowAccessToDataSources** @@ -7206,7 +7206,7 @@ If you do not configure this policy setting, users can load a page in the zone t -ADMX Info: +ADMX Info: - GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* @@ -7218,7 +7218,7 @@ ADMX Info:
            -**InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls** +**InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls** @@ -7256,7 +7256,7 @@ If you do not configure this policy setting, users will receive a prompt when a -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* @@ -7268,7 +7268,7 @@ ADMX Info:
            -**InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads** +**InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads** @@ -7304,7 +7304,7 @@ If you disable or do not configure this setting, users will receive a file downl -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* @@ -7316,7 +7316,7 @@ ADMX Info:
            -**InternetExplorer/LocalMachineZoneAllowFontDownloads** +**InternetExplorer/LocalMachineZoneAllowFontDownloads** @@ -7354,7 +7354,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa -ADMX Info: +ADMX Info: - GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* @@ -7366,7 +7366,7 @@ ADMX Info:
            -**InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites** +**InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites** @@ -7404,7 +7404,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar -ADMX Info: +ADMX Info: - GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* @@ -7416,7 +7416,7 @@ ADMX Info:
            -**InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents** +**InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents** @@ -7454,7 +7454,7 @@ If you do not configure this policy setting, Internet Explorer will not execute -ADMX Info: +ADMX Info: - GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* @@ -7466,7 +7466,7 @@ ADMX Info:
            -**InternetExplorer/LocalMachineZoneAllowScriptlets** +**InternetExplorer/LocalMachineZoneAllowScriptlets** @@ -7504,7 +7504,7 @@ If you do not configure this policy setting, the user can enable or disable scri -ADMX Info: +ADMX Info: - GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* @@ -7516,7 +7516,7 @@ ADMX Info:
            -**InternetExplorer/LocalMachineZoneAllowSmartScreenIE** +**InternetExplorer/LocalMachineZoneAllowSmartScreenIE** @@ -7557,7 +7557,7 @@ If you do not configure this policy setting, the user can choose whether Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* @@ -7569,7 +7569,7 @@ ADMX Info:
            -**InternetExplorer/LocalMachineZoneAllowUserDataPersistence** +**InternetExplorer/LocalMachineZoneAllowUserDataPersistence** @@ -7607,7 +7607,7 @@ If you do not configure this policy setting, users can preserve information in t -ADMX Info: +ADMX Info: - GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* @@ -7619,7 +7619,7 @@ ADMX Info:
            -**InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls** +**InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -7657,7 +7657,7 @@ If you don't configure this policy setting, Internet Explorer won't check with y -ADMX Info: +ADMX Info: - GP Friendly name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* @@ -7669,7 +7669,7 @@ ADMX Info:
            -**InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls** +**InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls** @@ -7709,7 +7709,7 @@ If you do not configure this policy setting, users are queried whether to allow -ADMX Info: +ADMX Info: - GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* @@ -7721,7 +7721,7 @@ ADMX Info:
            -**InternetExplorer/LocalMachineZoneJavaPermissions** +**InternetExplorer/LocalMachineZoneJavaPermissions** @@ -7765,7 +7765,7 @@ If you do not configure this policy setting, the permission is set to Medium Saf -ADMX Info: +ADMX Info: - GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* @@ -7777,7 +7777,7 @@ ADMX Info:
            -**InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames** +**InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames** @@ -7815,7 +7815,7 @@ If you do not configure this policy setting, users can open windows and frames f -ADMX Info: +ADMX Info: - GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* @@ -7827,7 +7827,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources** +**InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources** @@ -7865,7 +7865,7 @@ If you do not configure this policy setting, users cannot load a page in the zon -ADMX Info: +ADMX Info: - GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* @@ -7877,7 +7877,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls** +**InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls** @@ -7915,7 +7915,7 @@ If you do not configure this policy setting, ActiveX control installations will -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* @@ -7927,7 +7927,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads** +**InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads** @@ -7963,7 +7963,7 @@ If you disable or do not configure this setting, file downloads that are not use -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* @@ -7975,7 +7975,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownInternetZoneAllowFontDownloads** +**InternetExplorer/LockedDownInternetZoneAllowFontDownloads** @@ -8013,7 +8013,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa -ADMX Info: +ADMX Info: - GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* @@ -8025,7 +8025,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites** +**InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites** @@ -8063,7 +8063,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar -ADMX Info: +ADMX Info: - GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* @@ -8075,7 +8075,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents** +**InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents** @@ -8113,7 +8113,7 @@ If you do not configure this policy setting, Internet Explorer will not execute -ADMX Info: +ADMX Info: - GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* @@ -8125,7 +8125,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownInternetZoneAllowScriptlets** +**InternetExplorer/LockedDownInternetZoneAllowScriptlets** @@ -8163,7 +8163,7 @@ If you do not configure this policy setting, the user can enable or disable scri -ADMX Info: +ADMX Info: - GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* @@ -8175,7 +8175,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE** +**InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE** @@ -8216,7 +8216,7 @@ If you do not configure this policy setting, the user can choose whether Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* @@ -8228,7 +8228,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence** +**InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence** @@ -8266,7 +8266,7 @@ If you do not configure this policy setting, users can preserve information in t -ADMX Info: +ADMX Info: - GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* @@ -8278,7 +8278,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls** +**InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls** @@ -8318,7 +8318,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad -ADMX Info: +ADMX Info: - GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* @@ -8330,7 +8330,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownInternetZoneJavaPermissions** +**InternetExplorer/LockedDownInternetZoneJavaPermissions** @@ -8374,7 +8374,7 @@ If you do not configure this policy setting, Java applets are disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* @@ -8386,7 +8386,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames** +**InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames** @@ -8424,7 +8424,7 @@ If you do not configure this policy setting, users can open windows and frames f -ADMX Info: +ADMX Info: - GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* @@ -8436,7 +8436,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownIntranetJavaPermissions** +**InternetExplorer/LockedDownIntranetJavaPermissions** @@ -8480,7 +8480,7 @@ If you do not configure this policy setting, Java applets are disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* @@ -8492,7 +8492,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources** +**InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources** @@ -8530,7 +8530,7 @@ If you do not configure this policy setting, users are queried to choose, whethe -ADMX Info: +ADMX Info: - GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* @@ -8542,7 +8542,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls** +**InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls** @@ -8580,7 +8580,7 @@ If you do not configure this policy setting, ActiveX control installations will -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* @@ -8592,7 +8592,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads** +**InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads** @@ -8628,7 +8628,7 @@ If you disable or do not configure this setting, file downloads that are not use -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* @@ -8640,7 +8640,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownIntranetZoneAllowFontDownloads** +**InternetExplorer/LockedDownIntranetZoneAllowFontDownloads** @@ -8678,7 +8678,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa -ADMX Info: +ADMX Info: - GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* @@ -8690,7 +8690,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites** +**InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites** @@ -8728,7 +8728,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar -ADMX Info: +ADMX Info: - GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* @@ -8740,7 +8740,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents** +**InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents** @@ -8778,7 +8778,7 @@ If you do not configure this policy setting, Internet Explorer will not execute -ADMX Info: +ADMX Info: - GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* @@ -8790,7 +8790,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownIntranetZoneAllowScriptlets** +**InternetExplorer/LockedDownIntranetZoneAllowScriptlets** @@ -8828,7 +8828,7 @@ If you do not configure this policy setting, the user can enable or disable scri -ADMX Info: +ADMX Info: - GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* @@ -8840,7 +8840,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE** +**InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE** @@ -8881,7 +8881,7 @@ If you do not configure this policy setting, the user can choose whether Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* @@ -8893,7 +8893,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence** +**InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence** @@ -8931,7 +8931,7 @@ If you do not configure this policy setting, users can preserve information in t -ADMX Info: +ADMX Info: - GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* @@ -8943,7 +8943,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls** +**InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls** @@ -8983,7 +8983,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad -ADMX Info: +ADMX Info: - GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* @@ -8995,7 +8995,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames** +**InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames** @@ -9033,7 +9033,7 @@ If you do not configure this policy setting, users can open windows and frames f -ADMX Info: +ADMX Info: - GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* @@ -9045,7 +9045,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources** +**InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources** @@ -9083,7 +9083,7 @@ If you do not configure this policy setting, users can load a page in the zone t -ADMX Info: +ADMX Info: - GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* @@ -9095,7 +9095,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls** +**InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls** @@ -9133,7 +9133,7 @@ If you do not configure this policy setting, ActiveX control installations will -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* @@ -9145,7 +9145,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads** +**InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads** @@ -9181,7 +9181,7 @@ If you disable or do not configure this setting, file downloads that are not use -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* @@ -9193,7 +9193,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads** +**InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads** @@ -9231,7 +9231,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa -ADMX Info: +ADMX Info: - GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* @@ -9243,7 +9243,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites** +**InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites** @@ -9281,7 +9281,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar -ADMX Info: +ADMX Info: - GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* @@ -9293,7 +9293,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents** +**InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents** @@ -9331,7 +9331,7 @@ If you do not configure this policy setting, Internet Explorer will not execute -ADMX Info: +ADMX Info: - GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* @@ -9343,7 +9343,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets** +**InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets** @@ -9381,7 +9381,7 @@ If you do not configure this policy setting, the user can enable or disable scri -ADMX Info: +ADMX Info: - GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* @@ -9393,7 +9393,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE** +**InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE** @@ -9434,7 +9434,7 @@ If you do not configure this policy setting, the user can choose whether Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* @@ -9446,7 +9446,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence** +**InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence** @@ -9484,7 +9484,7 @@ If you do not configure this policy setting, users can preserve information in t -ADMX Info: +ADMX Info: - GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* @@ -9496,7 +9496,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls** +**InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls** @@ -9536,7 +9536,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad -ADMX Info: +ADMX Info: - GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* @@ -9548,7 +9548,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownLocalMachineZoneJavaPermissions** +**InternetExplorer/LockedDownLocalMachineZoneJavaPermissions** @@ -9592,7 +9592,7 @@ If you do not configure this policy setting, Java applets are disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* @@ -9604,7 +9604,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames** +**InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames** @@ -9642,7 +9642,7 @@ If you do not configure this policy setting, users can open windows and frames f -ADMX Info: +ADMX Info: - GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* @@ -9654,7 +9654,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources** +**InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources** @@ -9692,7 +9692,7 @@ If you do not configure this policy setting, users cannot load a page in the zon -ADMX Info: +ADMX Info: - GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* @@ -9704,7 +9704,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** +**InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -9742,7 +9742,7 @@ If you do not configure this policy setting, ActiveX control installations will -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* @@ -9754,7 +9754,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** +**InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -9790,7 +9790,7 @@ If you disable or do not configure this setting, file downloads that are not use -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* @@ -9802,7 +9802,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads** +**InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads** @@ -9840,7 +9840,7 @@ If you do not configure this policy setting, users are queried whether to allow -ADMX Info: +ADMX Info: - GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* @@ -9852,7 +9852,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites** +**InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites** @@ -9890,7 +9890,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar -ADMX Info: +ADMX Info: - GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* @@ -9902,7 +9902,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents** +**InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents** @@ -9940,7 +9940,7 @@ If you do not configure this policy setting, Internet Explorer will not execute -ADMX Info: +ADMX Info: - GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* @@ -9952,7 +9952,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets** +**InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets** @@ -9990,7 +9990,7 @@ If you do not configure this policy setting, the user can enable or disable scri -ADMX Info: +ADMX Info: - GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* @@ -10002,7 +10002,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE** +**InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE** @@ -10043,7 +10043,7 @@ If you do not configure this policy setting, the user can choose whether Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* @@ -10055,7 +10055,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence** +**InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence** @@ -10093,7 +10093,7 @@ If you do not configure this policy setting, users cannot preserve information i -ADMX Info: +ADMX Info: - GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* @@ -10105,7 +10105,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls** +**InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls** @@ -10145,7 +10145,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad -ADMX Info: +ADMX Info: - GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* @@ -10157,7 +10157,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions** +**InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions** @@ -10201,7 +10201,7 @@ If you do not configure this policy setting, Java applets are disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* @@ -10213,7 +10213,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames** +**InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames** @@ -10251,7 +10251,7 @@ If you do not configure this policy setting, users cannot open other windows and -ADMX Info: +ADMX Info: - GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* @@ -10263,7 +10263,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources** +**InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources** @@ -10301,7 +10301,7 @@ If you do not configure this policy setting, users can load a page in the zone t -ADMX Info: +ADMX Info: - GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* @@ -10313,7 +10313,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls** +**InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -10351,7 +10351,7 @@ If you do not configure this policy setting, ActiveX control installations will -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* @@ -10363,7 +10363,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads** +**InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -10399,7 +10399,7 @@ If you disable or do not configure this setting, file downloads that are not use -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* @@ -10411,7 +10411,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads** +**InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads** @@ -10449,7 +10449,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa -ADMX Info: +ADMX Info: - GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* @@ -10461,7 +10461,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites** +**InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites** @@ -10499,7 +10499,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar -ADMX Info: +ADMX Info: - GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* @@ -10511,7 +10511,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents** +**InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents** @@ -10549,7 +10549,7 @@ If you do not configure this policy setting, Internet Explorer will not execute -ADMX Info: +ADMX Info: - GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* @@ -10561,7 +10561,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets** +**InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets** @@ -10599,7 +10599,7 @@ If you do not configure this policy setting, the user can enable or disable scri -ADMX Info: +ADMX Info: - GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* @@ -10611,7 +10611,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE** +**InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE** @@ -10652,7 +10652,7 @@ If you do not configure this policy setting, the user can choose whether Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* @@ -10664,7 +10664,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence** +**InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence** @@ -10702,7 +10702,7 @@ If you do not configure this policy setting, users can preserve information in t -ADMX Info: +ADMX Info: - GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* @@ -10714,7 +10714,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls** +**InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls** @@ -10754,7 +10754,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad -ADMX Info: +ADMX Info: - GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* @@ -10766,7 +10766,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions** +**InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions** @@ -10810,7 +10810,7 @@ If you do not configure this policy setting, Java applets are disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* @@ -10822,7 +10822,7 @@ ADMX Info:
            -**InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames** +**InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames** @@ -10860,7 +10860,7 @@ If you do not configure this policy setting, users can open windows and frames f -ADMX Info: +ADMX Info: - GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* @@ -10872,7 +10872,7 @@ ADMX Info:
            -**InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses** +**InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses** @@ -10910,7 +10910,7 @@ If you do not configure this policy setting, the MK Protocol is prevented for Fi -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_3* - GP path: *Windows Components/Internet Explorer/Security Features/MK Protocol Security Restriction* @@ -10922,7 +10922,7 @@ ADMX Info:
            -**InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses** +**InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses** @@ -10960,7 +10960,7 @@ If you do not configure this policy setting, MIME sniffing will never promote a -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_6* - GP path: *Windows Components/Internet Explorer/Security Features/Mime Sniffing Safety Feature* @@ -10972,7 +10972,7 @@ ADMX Info:
            -**InternetExplorer/NewTabDefaultPage** +**InternetExplorer/NewTabDefaultPage** @@ -11008,7 +11008,7 @@ If you disable or do not configure this policy setting, users can select their p -ADMX Info: +ADMX Info: - GP Friendly name: *Specify default behavior for a new tab* - GP name: *NewTabAction* - GP path: *Windows Components/Internet Explorer* @@ -11017,7 +11017,7 @@ ADMX Info: -Supported values: +Supported values: - 0 - NewTab_AboutBlank (about:blank) - 1 - NewTab_Homepage (Home page) - 2 - NewTab_AboutTabs (New tab page) @@ -11034,7 +11034,7 @@ Supported values:
            -**InternetExplorer/NotificationBarInternetExplorerProcesses** +**InternetExplorer/NotificationBarInternetExplorerProcesses** @@ -11072,7 +11072,7 @@ If you do not configure this policy setting, the Notification bar will be displa -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_10* - GP path: *Windows Components/Internet Explorer/Security Features/Notification bar* @@ -11084,7 +11084,7 @@ ADMX Info:
            -**InternetExplorer/PreventManagingSmartScreenFilter** +**InternetExplorer/PreventManagingSmartScreenFilter** @@ -11120,7 +11120,7 @@ If you disable or do not configure this policy setting, the user is prompted to -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent managing SmartScreen Filter* - GP name: *Disable_Managing_Safety_Filter_IE9* - GP path: *Windows Components/Internet Explorer* @@ -11132,7 +11132,7 @@ ADMX Info:
            -**InternetExplorer/PreventPerUserInstallationOfActiveXControls** +**InternetExplorer/PreventPerUserInstallationOfActiveXControls** @@ -11168,7 +11168,7 @@ If you disable or do not configure this policy setting, ActiveX controls can be -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent per-user installation of ActiveX controls* - GP name: *DisablePerUserActiveXInstall* - GP path: *Windows Components/Internet Explorer* @@ -11180,7 +11180,7 @@ ADMX Info:
            -**InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses** +**InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses** @@ -11218,7 +11218,7 @@ If you do not configure this policy setting, any zone can be protected from zone -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_9* - GP path: *Windows Components/Internet Explorer/Security Features/Protection From Zone Elevation* @@ -11230,7 +11230,7 @@ ADMX Info:
            -**InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls** +**InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls** @@ -11268,7 +11268,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T -ADMX Info: +ADMX Info: - GP Friendly name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer* - GP name: *VerMgmtDisableRunThisTime* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* @@ -11280,7 +11280,7 @@ ADMX Info:
            -**InternetExplorer/ResetZoomForDialogInIEMode** +**InternetExplorer/ResetZoomForDialogInIEMode** @@ -11322,7 +11322,7 @@ The following list shows the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Reset zoom to default for HTML dialogs in Internet Explorer mode* - GP name: *ResetZoomForDialogInIEMode* - GP path: *Windows Components/Internet Explorer/Main* @@ -11334,7 +11334,7 @@ ADMX Info:
            -**InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses** +**InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses** @@ -11372,7 +11372,7 @@ If you do not configure this policy setting, the user's preference will be used -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_11* - GP path: *Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install* @@ -11384,7 +11384,7 @@ ADMX Info:
            -**InternetExplorer/RestrictFileDownloadInternetExplorerProcesses** +**InternetExplorer/RestrictFileDownloadInternetExplorerProcesses** @@ -11422,7 +11422,7 @@ If you do not configure this policy setting, the user's preference determines wh -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_12* - GP path: *Windows Components/Internet Explorer/Security Features/Restrict File Download* @@ -11434,7 +11434,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources** +**InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources** @@ -11472,7 +11472,7 @@ If you do not configure this policy setting, users cannot load a page in the zon -ADMX Info: +ADMX Info: - GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -11484,7 +11484,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowActiveScripting** +**InternetExplorer/RestrictedSitesZoneAllowActiveScripting** @@ -11522,7 +11522,7 @@ If you do not configure this policy setting, script code on pages in the zone is -ADMX Info: +ADMX Info: - GP Friendly name: *Allow active scripting* - GP name: *IZ_PolicyActiveScripting_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -11534,7 +11534,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** +**InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -11572,7 +11572,7 @@ If you do not configure this policy setting, ActiveX control installations will -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -11584,7 +11584,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** +**InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -11620,7 +11620,7 @@ If you disable or do not configure this setting, file downloads that are not use -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -11632,7 +11632,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors** +**InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors** @@ -11670,7 +11670,7 @@ If you do not configure this policy setting, binary and script behaviors are not -ADMX Info: +ADMX Info: - GP Friendly name: *Allow binary and script behaviors* - GP name: *IZ_PolicyBinaryBehaviors_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -11682,7 +11682,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript** +**InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript** @@ -11722,7 +11722,7 @@ If you do not configure this policy setting, a script cannot perform a clipboard -ADMX Info: +ADMX Info: - GP Friendly name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -11734,7 +11734,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles** +**InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles** @@ -11772,7 +11772,7 @@ If you do not configure this policy setting, users are queried to choose whether -ADMX Info: +ADMX Info: - GP Friendly name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -11784,7 +11784,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowFileDownloads** +**InternetExplorer/RestrictedSitesZoneAllowFileDownloads** @@ -11822,7 +11822,7 @@ If you do not configure this policy setting, files are prevented from being down -ADMX Info: +ADMX Info: - GP Friendly name: *Allow file downloads* - GP name: *IZ_PolicyFileDownload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -11834,7 +11834,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowFontDownloads** +**InternetExplorer/RestrictedSitesZoneAllowFontDownloads** @@ -11872,7 +11872,7 @@ If you do not configure this policy setting, users are queried whether to allow -ADMX Info: +ADMX Info: - GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -11884,7 +11884,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites** +**InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites** @@ -11922,7 +11922,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar -ADMX Info: +ADMX Info: - GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -11934,7 +11934,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles** +**InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles** @@ -11972,7 +11972,7 @@ If you do not configure this policy setting, the user can decide whether to load -ADMX Info: +ADMX Info: - GP Friendly name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -11984,7 +11984,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH** +**InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH** @@ -12022,7 +12022,7 @@ If you do not configure this policy setting, a user's browser that loads a page -ADMX Info: +ADMX Info: - GP Friendly name: *Allow META REFRESH* - GP name: *IZ_PolicyAllowMETAREFRESH_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12034,7 +12034,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents** +**InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents** @@ -12072,7 +12072,7 @@ If you do not configure this policy setting, Internet Explorer will not execute -ADMX Info: +ADMX Info: - GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12084,7 +12084,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls** +**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls** @@ -12120,7 +12120,7 @@ If you disable this policy setting, the user does not see the per-site ActiveX p -ADMX Info: +ADMX Info: - GP Friendly name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12132,7 +12132,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** +**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** @@ -12168,7 +12168,7 @@ If you disable this policy setting, the TDC Active X control will run from all s -ADMX Info: +ADMX Info: - GP Friendly name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12180,7 +12180,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows** +**InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows** @@ -12218,7 +12218,7 @@ If you do not configure this policy setting, the possible harmful actions contai -ADMX Info: +ADMX Info: - GP Friendly name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12230,7 +12230,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls** +**InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls** @@ -12268,7 +12268,7 @@ If you do not configure this policy setting, the user can enable or disable scri -ADMX Info: +ADMX Info: - GP Friendly name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12280,7 +12280,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowScriptlets** +**InternetExplorer/RestrictedSitesZoneAllowScriptlets** @@ -12318,7 +12318,7 @@ If you do not configure this policy setting, the user can enable or disable scri -ADMX Info: +ADMX Info: - GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12330,7 +12330,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE** +**InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE** @@ -12371,7 +12371,7 @@ If you do not configure this policy setting, the user can choose whether Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12383,7 +12383,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript** +**InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript** @@ -12419,7 +12419,7 @@ If you disable or do not configure this policy setting, script is not allowed to -ADMX Info: +ADMX Info: - GP Friendly name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12431,7 +12431,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence** +**InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence** @@ -12469,7 +12469,7 @@ If you do not configure this policy setting, users cannot preserve information i -ADMX Info: +ADMX Info: - GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12481,7 +12481,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer** +**InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer** @@ -12521,7 +12521,7 @@ If you do not configure or disable this policy setting, VBScript is prevented fr -ADMX Info: +ADMX Info: - GP Friendly name: *Allow VBScript to run in Internet Explorer* - GP name: *IZ_PolicyAllowVBScript_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12533,7 +12533,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** +**InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -12571,7 +12571,7 @@ If you don't configure this policy setting, Internet Explorer always checks with -ADMX Info: +ADMX Info: - GP Friendly name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12583,7 +12583,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls** +**InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls** @@ -12621,7 +12621,7 @@ If you do not configure this policy setting, signed controls cannot be downloade -ADMX Info: +ADMX Info: - GP Friendly name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12633,7 +12633,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls** +**InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls** @@ -12671,7 +12671,7 @@ If you do not configure this policy setting, users cannot run unsigned controls. -ADMX Info: +ADMX Info: - GP Friendly name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12683,7 +12683,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter** +**InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter** @@ -12719,7 +12719,7 @@ If you disable this policy setting, the XSS Filter is turned off for sites in th -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12731,7 +12731,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** +**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** @@ -12771,7 +12771,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no -ADMX Info: +ADMX Info: - GP Friendly name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12783,7 +12783,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** +**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** @@ -12823,7 +12823,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting -ADMX Info: +ADMX Info: - GP Friendly name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12835,7 +12835,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneEnableMIMESniffing** +**InternetExplorer/RestrictedSitesZoneEnableMIMESniffing** @@ -12873,7 +12873,7 @@ If you do not configure this policy setting, the actions that may be harmful can -ADMX Info: +ADMX Info: - GP Friendly name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12885,7 +12885,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer** +**InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer** @@ -12923,7 +12923,7 @@ If you do not configure this policy setting, the user can choose whether path in -ADMX Info: +ADMX Info: - GP Friendly name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12935,7 +12935,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls** +**InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls** @@ -12975,7 +12975,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad -ADMX Info: +ADMX Info: - GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -12987,7 +12987,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneJavaPermissions** +**InternetExplorer/RestrictedSitesZoneJavaPermissions** @@ -13031,7 +13031,7 @@ If you do not configure this policy setting, Java applets are disabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -13043,7 +13043,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME** +**InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME** @@ -13081,7 +13081,7 @@ If you do not configure this policy setting, users are prevented from running ap -ADMX Info: +ADMX Info: - GP Friendly name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -13093,7 +13093,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneLogonOptions** +**InternetExplorer/RestrictedSitesZoneLogonOptions** @@ -13139,7 +13139,7 @@ If you do not configure this policy setting, logon is set to Prompt for username -ADMX Info: +ADMX Info: - GP Friendly name: *Logon options* - GP name: *IZ_PolicyLogon_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -13151,7 +13151,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames** +**InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames** @@ -13189,7 +13189,7 @@ If you do not configure this policy setting, users cannot open other windows and -ADMX Info: +ADMX Info: - GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -13201,7 +13201,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins** +**InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins** @@ -13241,7 +13241,7 @@ If you do not configure this policy setting, controls and plug-ins are prevented -ADMX Info: +ADMX Info: - GP Friendly name: *Run ActiveX controls and plugins* - GP name: *IZ_PolicyRunActiveXControls_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -13253,7 +13253,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** +**InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** @@ -13291,7 +13291,7 @@ If you do not configure this policy setting, Internet Explorer will not execute -ADMX Info: +ADMX Info: - GP Friendly name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -13303,7 +13303,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting** +**InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting** @@ -13343,7 +13343,7 @@ If you do not configure this policy setting, script interaction is prevented fro -ADMX Info: +ADMX Info: - GP Friendly name: *Script ActiveX controls marked safe for scripting* - GP name: *IZ_PolicyScriptActiveXMarkedSafe_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -13355,7 +13355,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets** +**InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets** @@ -13395,7 +13395,7 @@ If you do not configure this policy setting, scripts are prevented from accessin -ADMX Info: +ADMX Info: - GP Friendly name: *Scripting of Java applets* - GP name: *IZ_PolicyScriptingOfJavaApplets_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -13407,7 +13407,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles** +**InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles** @@ -13445,7 +13445,7 @@ If you do not configure this policy setting, the user can configure how the comp -ADMX Info: +ADMX Info: - GP Friendly name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -13457,7 +13457,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode** +**InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode** @@ -13495,7 +13495,7 @@ If you do not configure this policy setting, the user can turn on or turn off Pr -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -13507,7 +13507,7 @@ ADMX Info:
            -**InternetExplorer/RestrictedSitesZoneUsePopupBlocker** +**InternetExplorer/RestrictedSitesZoneUsePopupBlocker** @@ -13545,7 +13545,7 @@ If you do not configure this policy setting, most unwanted pop-up windows are pr -ADMX Info: +ADMX Info: - GP Friendly name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* @@ -13557,7 +13557,7 @@ ADMX Info:
            -**InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses** +**InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses** @@ -13595,7 +13595,7 @@ If you do not configure this policy setting, pop-up windows and other restrictio -ADMX Info: +ADMX Info: - GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_8* - GP path: *Windows Components/Internet Explorer/Security Features/Scripted Window Security Restrictions* @@ -13607,7 +13607,7 @@ ADMX Info:
            -**InternetExplorer/SearchProviderList** +**InternetExplorer/SearchProviderList** @@ -13636,7 +13636,7 @@ ADMX Info: This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but the user can also add them from a search provider's website. -If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. +If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. > [!NOTE] > This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers. @@ -13646,7 +13646,7 @@ If you disable or do not configure this policy setting, the user can configure h -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict search providers to a specific list* - GP name: *SpecificSearchProvider* - GP path: *Windows Components/Internet Explorer* @@ -13658,7 +13658,7 @@ ADMX Info:
            -**InternetExplorer/SecurityZonesUseOnlyMachineSettings** +**InternetExplorer/SecurityZonesUseOnlyMachineSettings** @@ -13697,7 +13697,7 @@ Also, see the "Security zones: Do not allow users to change policies" policy. -ADMX Info: +ADMX Info: - GP Friendly name: *Security Zones: Use only machine settings* - GP name: *Security_HKLM_only* - GP path: *Windows Components/Internet Explorer* @@ -13709,7 +13709,7 @@ ADMX Info:
            -**InternetExplorer/SendSitesNotInEnterpriseSiteListToEdge** +**InternetExplorer/SendSitesNotInEnterpriseSiteListToEdge** @@ -13740,7 +13740,7 @@ This setting lets you decide, whether to open all sites not included in the Ente If you enable this setting, it automatically opens all sites not included in the Enterprise Mode Site List in Microsoft Edge. -If you disable, or not configure this setting, then it opens all sites based on the currently active browser. +If you disable, or not configure this setting, then it opens all sites based on the currently active browser. > [!NOTE] > If you have also enabled the [InternetExplorer/SendIntranetTraffictoInternetExplorer](#internetexplorer-policies) policy setting, then all intranet sites will continue to open in Internet Explorer 11. @@ -13748,7 +13748,7 @@ If you disable, or not configure this setting, then it opens all sites based on -ADMX Info: +ADMX Info: - GP Friendly name: *Send all sites not included in the Enterprise Mode Site List to Microsoft Edge* - GP name: *RestrictInternetExplorer* - GP path: *Windows Components/Internet Explorer* @@ -13780,7 +13780,7 @@ ADMX Info: ``` -**InternetExplorer/SpecifyUseOfActiveXInstallerService** +**InternetExplorer/SpecifyUseOfActiveXInstallerService** @@ -13816,7 +13816,7 @@ If you disable or do not configure this policy setting, ActiveX controls, includ -ADMX Info: +ADMX Info: - GP Friendly name: *Specify use of ActiveX Installer Service for installation of ActiveX controls* - GP name: *OnlyUseAXISForActiveXInstall* - GP path: *Windows Components/Internet Explorer* @@ -13828,7 +13828,7 @@ ADMX Info:
            -**InternetExplorer/TrustedSitesZoneAllowAccessToDataSources** +**InternetExplorer/TrustedSitesZoneAllowAccessToDataSources** @@ -13866,7 +13866,7 @@ If you do not configure this policy setting, users can load a page in the zone t -ADMX Info: +ADMX Info: - GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* @@ -13878,7 +13878,7 @@ ADMX Info:
            -**InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls** +**InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -13916,7 +13916,7 @@ If you do not configure this policy setting, users will receive a prompt when a -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* @@ -13928,7 +13928,7 @@ ADMX Info:
            -**InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads** +**InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -13964,7 +13964,7 @@ If you disable or do not configure this setting, users will receive a file downl -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* @@ -13976,7 +13976,7 @@ ADMX Info:
            -**InternetExplorer/TrustedSitesZoneAllowFontDownloads** +**InternetExplorer/TrustedSitesZoneAllowFontDownloads** @@ -14014,7 +14014,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa -ADMX Info: +ADMX Info: - GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* @@ -14026,7 +14026,7 @@ ADMX Info:
            -**InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites** +**InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites** @@ -14064,7 +14064,7 @@ If you do not configure this policy setting, a warning is issued to the user tha -ADMX Info: +ADMX Info: - GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* @@ -14076,7 +14076,7 @@ ADMX Info:
            -**InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents** +**InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents** @@ -14114,7 +14114,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi -ADMX Info: +ADMX Info: - GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* @@ -14126,7 +14126,7 @@ ADMX Info:
            -**InternetExplorer/TrustedSitesZoneAllowScriptlets** +**InternetExplorer/TrustedSitesZoneAllowScriptlets** @@ -14164,7 +14164,7 @@ If you do not configure this policy setting, the user can enable or disable scri -ADMX Info: +ADMX Info: - GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* @@ -14176,7 +14176,7 @@ ADMX Info:
            -**InternetExplorer/TrustedSitesZoneAllowSmartScreenIE** +**InternetExplorer/TrustedSitesZoneAllowSmartScreenIE** @@ -14217,7 +14217,7 @@ If you do not configure this policy setting, the user can choose whether Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* @@ -14229,7 +14229,7 @@ ADMX Info:
            -**InternetExplorer/TrustedSitesZoneAllowUserDataPersistence** +**InternetExplorer/TrustedSitesZoneAllowUserDataPersistence** @@ -14267,7 +14267,7 @@ If you do not configure this policy setting, users can preserve information in t -ADMX Info: +ADMX Info: - GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* @@ -14279,7 +14279,7 @@ ADMX Info:
            -**InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** +**InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -14317,7 +14317,7 @@ If you don't configure this policy setting, Internet Explorer won't check with y -ADMX Info: +ADMX Info: - GP Friendly name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* @@ -14329,7 +14329,7 @@ ADMX Info:
            -**InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls** +**InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls** @@ -14369,7 +14369,7 @@ If you do not configure this policy setting, users are queried whether to allow -ADMX Info: +ADMX Info: - GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* @@ -14381,7 +14381,7 @@ ADMX Info:
            -**InternetExplorer/TrustedSitesZoneJavaPermissions** +**InternetExplorer/TrustedSitesZoneJavaPermissions** @@ -14425,7 +14425,7 @@ If you do not configure this policy setting, the permission is set to Low Safety -ADMX Info: +ADMX Info: - GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* @@ -14437,7 +14437,7 @@ ADMX Info:
            -**InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames** +**InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames** @@ -14475,7 +14475,7 @@ If you do not configure this policy setting, users can open windows and frames f -ADMX Info: +ADMX Info: - GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 3c77cc2e2c..3cd88f2125 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Kerberos policies +## Kerberos policies
            @@ -31,7 +31,7 @@ manager: aaroncz
            Kerberos/PKInitHashAlgorithmConfiguration -
            +
            Kerberos/PKInitHashAlgorithmSHA1
            @@ -59,16 +59,16 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -**Kerberos/AllowForestSearchOrder** +**Kerberos/AllowForestSearchOrder** @@ -103,7 +103,7 @@ If you disable or don't configure this policy setting, the Kerberos client doesn -ADMX Info: +ADMX Info: - GP Friendly name: *Use forest search order* - GP name: *ForestSearch* - GP path: *System/Kerberos* @@ -115,7 +115,7 @@ ADMX Info:
            -**Kerberos/CloudKerberosTicketRetrievalEnabled** +**Kerberos/CloudKerberosTicketRetrievalEnabled** @@ -149,14 +149,14 @@ This policy allows retrieving the cloud Kerberos ticket during the sign in. -Valid values: +Valid values: 0 (default) - Disabled 1 - Enabled -ADMX Info: +ADMX Info: - GP Friendly name: *Allow retrieving the cloud Kerberos ticket during the logon* - GP name: *CloudKerberosTicketRetrievalEnabled* - GP path: *System/Kerberos* @@ -168,7 +168,7 @@ ADMX Info:
            -**Kerberos/KerberosClientSupportsClaimsCompoundArmor** +**Kerberos/KerberosClientSupportsClaimsCompoundArmor** @@ -194,7 +194,7 @@ ADMX Info: -This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring, using Kerberos authentication with domains that support these features. +This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring, using Kerberos authentication with domains that support these features. If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains that support claims and compound authentication for Dynamic Access Control and Kerberos armoring. If you disable or don't configure this policy setting, the client devices won't request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device won't be able to retrieve claims for clients using Kerberos protocol transition. @@ -202,7 +202,7 @@ If you disable or don't configure this policy setting, the client devices won't -ADMX Info: +ADMX Info: - GP Friendly name: *Kerberos client support for claims, compound authentication and Kerberos armoring* - GP name: *EnableCbacAndArmor* - GP path: *System/Kerberos* @@ -214,7 +214,7 @@ ADMX Info:
            -**Kerberos/PKInitHashAlgorithmConfiguration** +**Kerberos/PKInitHashAlgorithmConfiguration** @@ -255,7 +255,7 @@ More information about the hash and checksum algorithms supported by the Windows -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Hash algorithms for certificate logon* - GP name: *PKInitHashAlgorithmConfiguration* - GP path: *System/Kerberos* @@ -267,7 +267,7 @@ ADMX Info:
            -**Kerberos/PKInitHashAlgorithmSHA1** +**Kerberos/PKInitHashAlgorithmSHA1** @@ -306,7 +306,7 @@ If you don't configure this policy, the SHA1 algorithm will assume the **Default -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Hash algorithms for certificate logon* - GP name: *PKInitHashAlgorithmConfiguration* - GP path: *System/Kerberos* @@ -318,7 +318,7 @@ ADMX Info:
            -**Kerberos/PKInitHashAlgorithmSHA256** +**Kerberos/PKInitHashAlgorithmSHA256** @@ -357,7 +357,7 @@ If you don't configure this policy, the SHA256 algorithm will assume the **Defau -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Hash algorithms for certificate logon* - GP name: *PKInitHashAlgorithmConfiguration* - GP path: *System/Kerberos* @@ -369,7 +369,7 @@ ADMX Info:
            -**Kerberos/PKInitHashAlgorithmSHA384** +**Kerberos/PKInitHashAlgorithmSHA384** @@ -408,7 +408,7 @@ If you don't configure this policy, the SHA384 algorithm will assume the **Defau -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Hash algorithms for certificate logon* - GP name: *PKInitHashAlgorithmConfiguration* - GP path: *System/Kerberos* @@ -420,7 +420,7 @@ ADMX Info:
            -**Kerberos/PKInitHashAlgorithmSHA512** +**Kerberos/PKInitHashAlgorithmSHA512** @@ -459,7 +459,7 @@ If you don't configure this policy, the SHA512 algorithm will assume the **Defau -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Hash algorithms for certificate logon* - GP name: *PKInitHashAlgorithmConfiguration* - GP path: *System/Kerberos* @@ -470,7 +470,7 @@ ADMX Info:
            -**Kerberos/RequireKerberosArmoring** +**Kerberos/RequireKerberosArmoring** @@ -501,17 +501,17 @@ This policy setting controls whether a computer requires that Kerberos message e > [!WARNING] > When a domain doesn't support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled. -If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers. +If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers. > [!NOTE] -> The Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerberos armoring. +> The Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerberos armoring. If you disable or don't configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain. -ADMX Info: +ADMX Info: - GP Friendly name: *Fail authentication requests when Kerberos armoring is not available* - GP name: *ClientRequireFast* - GP path: *System/Kerberos* @@ -523,7 +523,7 @@ ADMX Info:
            -**Kerberos/RequireStrictKDCValidation** +**Kerberos/RequireStrictKDCValidation** @@ -549,7 +549,7 @@ ADMX Info: -This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. +This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer isn't joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate. @@ -558,7 +558,7 @@ If you disable or don't configure this policy setting, the Kerberos client requi -ADMX Info: +ADMX Info: - GP Friendly name: *Require strict KDC validation* - GP name: *ValidateKDC* - GP path: *System/Kerberos* @@ -570,7 +570,7 @@ ADMX Info:
            -**Kerberos/SetMaximumContextTokenSize** +**Kerberos/SetMaximumContextTokenSize** @@ -598,11 +598,11 @@ ADMX Info: This policy setting allows you to set the value returned to applications that request the maximum size of the SSPI context token buffer size. -The size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication request processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token. +The size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication request processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token. If you enable this policy setting, the Kerberos client or server uses the configured value, or the locally allowed maximum value, whichever is smaller. -If you disable or don't configure this policy setting, the Kerberos client or server uses the locally configured value or the default value. +If you disable or don't configure this policy setting, the Kerberos client or server uses the locally configured value or the default value. > [!NOTE] > This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8, the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it's not advised to set this value more than 48,000 bytes. @@ -610,7 +610,7 @@ If you disable or don't configure this policy setting, the Kerberos client or se -ADMX Info: +ADMX Info: - GP Friendly name: *Set maximum Kerberos SSPI context token buffer size* - GP name: *MaxTokenSize* - GP path: *System/Kerberos* @@ -622,7 +622,7 @@ ADMX Info:
            -**Kerberos/UPNNameHints** +**Kerberos/UPNNameHints** diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index e1456fa569..e205b4485b 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -8,19 +8,19 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Policy CSP - KioskBrowser -These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Microsoft Store app, added in Windows 10 version 1803, that provides IT a way to customize the end user's browsing experience to fulfill kiosk, signage, and shared device scenarios. Application developers can also create their own kiosk browser and read these policies using [NamedPolicy.GetPolicyFromPath(String, String) Method](/uwp/api/windows.management.policies.namedpolicy.getpolicyfrompath#Windows_Management_Policies_NamedPolicy_GetPolicyFromPath_System_String_System_String_). +These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Microsoft Store app, added in Windows 10 version 1803, that provides IT a way to customize the end user's browsing experience to fulfill kiosk, signage, and shared device scenarios. Application developers can also create their own kiosk browser and read these policies using [NamedPolicy.GetPolicyFromPath(String, String) Method](/uwp/api/windows.management.policies.namedpolicy.getpolicyfrompath#Windows_Management_Policies_NamedPolicy_GetPolicyFromPath_System_String_System_String_).
            -## KioskBrowser policies +## KioskBrowser policies
            @@ -50,7 +50,7 @@ These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Mic
            -**KioskBrowser/BlockedUrlExceptions** +**KioskBrowser/BlockedUrlExceptions** @@ -87,7 +87,7 @@ List of exceptions to the blocked website URLs (with wildcard support). This pol
            -**KioskBrowser/BlockedUrls** +**KioskBrowser/BlockedUrls** @@ -124,7 +124,7 @@ List of blocked website URLs (with wildcard support). This policy is used to con
            -**KioskBrowser/DefaultURL** +**KioskBrowser/DefaultURL** @@ -161,7 +161,7 @@ Configures the default URL kiosk browsers to navigate on launch and restart.
            -**KioskBrowser/EnableEndSessionButton** +**KioskBrowser/EnableEndSessionButton** @@ -195,7 +195,7 @@ Shows the Kiosk Browser's end session button. When the policy is enabled, the Ki
            -**KioskBrowser/EnableHomeButton** +**KioskBrowser/EnableHomeButton** @@ -232,7 +232,7 @@ Enable/disable kiosk browser's home button.
            -**KioskBrowser/EnableNavigationButtons** +**KioskBrowser/EnableNavigationButtons** @@ -269,7 +269,7 @@ Enable/disable kiosk browser's navigation buttons (forward/back).
            -**KioskBrowser/RestartOnIdleTime** +**KioskBrowser/RestartOnIdleTime** @@ -295,7 +295,7 @@ Enable/disable kiosk browser's navigation buttons (forward/back). -Amount of time in minutes, the session is idle until the kiosk browser restarts in a fresh state. +Amount of time in minutes, the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser. diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md index 15b727545c..bbe9307e31 100644 --- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## LanmanWorkstation policies +## LanmanWorkstation policies
            @@ -28,7 +28,7 @@ manager: aaroncz
            -**LanmanWorkstation/EnableInsecureGuestLogons** +**LanmanWorkstation/EnableInsecureGuestLogons** @@ -64,7 +64,7 @@ Insecure guest sign in are used by file servers to allow unauthenticated access -ADMX Info: +ADMX Info: - GP Friendly name: *Enable insecure guest logons* - GP name: *Pol_EnableInsecureGuestLogons* - GP path: *Network/Lanman Workstation* diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index af74d4384d..effa809a71 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Licensing policies +## Licensing policies
            @@ -31,7 +31,7 @@ manager: aaroncz
            -**Licensing/AllowWindowsEntitlementReactivation** +**Licensing/AllowWindowsEntitlementReactivation** @@ -61,7 +61,7 @@ Enables or Disable Windows license reactivation on managed devices. -ADMX Info: +ADMX Info: - GP Friendly name: *Control Device Reactivation for Retail devices* - GP name: *AllowWindowsEntitlementReactivation* - GP path: *Windows Components/Software Protection Platform* @@ -80,7 +80,7 @@ The following list shows the supported values:
            -**Licensing/DisallowKMSClientOnlineAVSValidation** +**Licensing/DisallowKMSClientOnlineAVSValidation** @@ -110,7 +110,7 @@ Enabling this setting prevents this computer from sending data to Microsoft rega -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off KMS Client Online AVS Validation* - GP name: *NoAcquireGT* - GP path: *Windows Components/Software Protection Platform* diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 21dfa77d35..cda8035487 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 12/16/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## LocalPoliciesSecurityOptions policies +## LocalPoliciesSecurityOptions policies
            @@ -174,7 +174,7 @@ manager: aaroncz > To find data formats (and other policy-related details), see [Policy DDF file](./policy-ddf-file.md). -**LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts** +**LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts** @@ -209,12 +209,12 @@ If you select the "Users cannot add or log on with Microsoft accounts" option, e If you disable or don't configure this policy (recommended), users will be able to use Microsoft accounts with Windows. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Accounts: Block Microsoft accounts* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -231,7 +231,7 @@ The following list shows the supported values:
            -**LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus** +**LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus** @@ -260,12 +260,12 @@ The following list shows the supported values: This setting allows the administrator to enable the local Administrator account. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Accounts: Enable Administrator Account Status* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -281,7 +281,7 @@ The following list shows the supported values:
            -**LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus** +**LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus** @@ -310,12 +310,12 @@ The following list shows the supported values: This setting allows the administrator to enable the guest Administrator account. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Accounts: Enable Guest Account Status* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -332,7 +332,7 @@ The following list shows the supported values:
            -**LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly** +**LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly** @@ -373,18 +373,18 @@ This setting doesn't affect sign in that use domain accounts. It's possible for applications that use remote interactive sign in to bypass this setting. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Accounts: Limit local account use of blank passwords to console logon only* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* -Valid values: +Valid values: - 0 - disabled - local accounts that aren't password protected can be used to sign in from locations other than the physical computer console. - 1 - enabled - local accounts that aren't password protected will only be able to sign in at the computer's keyboard. @@ -394,7 +394,7 @@ Valid values:
            -**LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount** +**LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount** @@ -427,12 +427,12 @@ This security setting determines whether a different account name is associated Default: Administrator This policy supports the following: -- Supported value type is string. +- Supported value type is string. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Accounts: Rename administrator account* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -442,7 +442,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount** +**LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount** @@ -475,12 +475,12 @@ This security setting determines whether a different account name is associated Default: Guest This policy supports the following: -- Supported value type is string. +- Supported value type is string. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Accounts: Rename guest account* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -490,7 +490,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon** +**LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon** @@ -527,7 +527,7 @@ Default: Enabled -GP Info: +GP Info: - GP Friendly name: *Devices: Allow undock without having to log on* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -537,7 +537,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia** +**LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia** @@ -574,7 +574,7 @@ Default: This policy isn't defined, and only Administrators have this ability. -GP Info: +GP Info: - GP Friendly name: *Devices: Allowed to format and eject removable media* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -584,7 +584,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters** +**LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters** @@ -622,7 +622,7 @@ Default on workstations: Disabled -GP Info: +GP Info: - GP Friendly name: *Devices: Prevent users from installing printer drivers* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -632,7 +632,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly** +**LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly** @@ -668,7 +668,7 @@ Default: This policy isn't defined and CD-ROM access isn't restricted to the loc -GP Info: +GP Info: - GP Friendly name: *Devices: Restrict CD-ROM access to locally logged-on user only* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -678,7 +678,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked** +**LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked** @@ -707,12 +707,12 @@ GP Info: Interactive Logon: Display user information when the session is locked This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Interactive logon: Display user information when the session is locked* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -729,7 +729,7 @@ Valid values:
            -**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn** +**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn** @@ -766,18 +766,18 @@ If this policy is disabled, the username will be shown. Default: Disabled This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Interactive logon: Don't display last signed-in* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* -Valid values: +Valid values: - 0 - disabled (username will be shown). - 1 - enabled (username won't be shown). @@ -787,7 +787,7 @@ Valid values:
            -**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn** +**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn** @@ -824,18 +824,18 @@ If this policy is disabled, the username will be shown. Default: Disabled This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Interactive logon: Don't display username at sign-in* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* -Valid values: +Valid values: - 0 - disabled (username will be shown). - 1 - enabled (username won't be shown). @@ -845,7 +845,7 @@ Valid values:
            -**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL** +**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL** @@ -883,18 +883,18 @@ Default on domain-computers: Enabled: At least Windows 8 / Disabled: Windows 7 o Default on stand-alone computers: Enabled This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Interactive logon: Do not require CTRL+ALT+DEL* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* -Valid values: +Valid values: - 0 - disabled. - 1 - enabled (a user isn't required to press CTRL+ALT+DEL to sign in). @@ -904,7 +904,7 @@ Valid values:
            -**LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit** +**LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit** @@ -937,12 +937,12 @@ Windows notices inactivity of a sign-in session, and if the amount of inactive t Default: Not enforced This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Interactive logon: Machine inactivity limit* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -956,7 +956,7 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time
            -**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn** +**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn** @@ -991,12 +991,12 @@ This text is often used for legal reasons. For example, to warn users about the Default: No message This policy supports the following: -- Supported value type is string. +- Supported value type is string. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Interactive logon: Message text for users attempting to log on* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1006,7 +1006,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn** +**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn** @@ -1039,12 +1039,12 @@ This security setting allows the specification of a title to appear in the title Default: No message This policy supports the following: -- Supported value type is string. +- Supported value type is string. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Interactive logon: Message title for users attempting to log on* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1054,7 +1054,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior** +**LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior** @@ -1089,7 +1089,7 @@ The options are: - No Action - Lock Workstation - Force Logoff -- Disconnect if a Remote Desktop Services session +- Disconnect if a Remote Desktop Services session If you click Lock Workstation in the Properties dialog box for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session. @@ -1106,7 +1106,7 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol -GP Info: +GP Info: - GP Friendly name: *Interactive logon: Smart card removal behavior* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1115,7 +1115,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways** +**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways** @@ -1143,24 +1143,24 @@ GP Info: Microsoft network client: Digitally sign communications (always) -This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted. +This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file, print sharing, and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted. + +If this setting is enabled, the Microsoft network client won't communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server. -If this setting is enabled, the Microsoft network client won't communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server. - Default: Disabled -> [!Note] +> [!Note] > All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: -> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. +> - Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. > - Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. -> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. -> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. +> - Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. +> - Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. > > SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing). -GP Info: +GP Info: - GP Friendly name: *Microsoft network client: Digitally sign communications (always)* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1170,7 +1170,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees** +**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees** @@ -1219,7 +1219,7 @@ Default: Enabled -GP Info: +GP Info: - GP Friendly name: *Microsoft network client: Digitally sign communications (if server agrees)* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1229,7 +1229,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers** +**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers** @@ -1265,7 +1265,7 @@ Default: Disabled -GP Info: +GP Info: - GP Friendly name: *Microsoft network client: Send unencrypted password to third-party SMB servers* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1275,7 +1275,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession** +**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession** @@ -1317,7 +1317,7 @@ Default: This policy isn't defined, which means that the system treats it as 15 -GP Info: +GP Info: - GP Friendly name: *Microsoft network server: Amount of idle time required before suspending session* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1336,7 +1336,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways** +**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways** @@ -1385,7 +1385,7 @@ Default: Disabled for member servers. Enabled for domain controllers. -GP Info: +GP Info: - GP Friendly name: *Microsoft network server: Digitally sign communications (always)* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1395,7 +1395,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees** +**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees** @@ -1444,7 +1444,7 @@ For more information, reference: [Reduced performance after SMB Encryption or SM -GP Info: +GP Info: - GP Friendly name: *Microsoft network server: Digitally sign communications (if client agrees)* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1454,7 +1454,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts** +**LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts** @@ -1499,7 +1499,7 @@ Default on server: Enabled -GP Info: +GP Info: - GP Friendly name: *Network access: Do not allow anonymous enumeration of SAM accounts* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1509,7 +1509,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares** +**LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares** @@ -1545,7 +1545,7 @@ Default: Disabled -GP Info: +GP Info: - GP Friendly name: *Network access: Do not allow anonymous enumeration of SAM accounts and shares* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1555,7 +1555,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares** +**LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares** @@ -1591,7 +1591,7 @@ When enabled, this security setting restricts anonymous access to shares and pip -GP Info: +GP Info: - GP Friendly name: *Network access: Restrict anonymous access to Named Pipes and Shares* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1601,7 +1601,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM** +**LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM** @@ -1637,7 +1637,7 @@ This policy is supported on at least Windows Server 2016. -GP Info: +GP Info: - GP Friendly name: *Network access: Restrict clients allowed to make remote calls to SAM* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1647,7 +1647,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM** +**LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM** @@ -1681,13 +1681,13 @@ When a service connects with the device identity, signing and encryption are sup -GP Info: +GP Info: - GP Friendly name: *Network security: Allow Local System to use computer identity for NTLM* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* -Valid values: +Valid values: - 0 - Disabled. - 1 - Enabled (Allow Local System to use computer identity for NTLM). @@ -1697,7 +1697,7 @@ Valid values:
            -**LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests** +**LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests** @@ -1728,18 +1728,18 @@ Network security: Allow PKU2U authentication requests to this computer to use on This policy will be turned off by default on domain joined machines. This disablement would prevent online identities from authenticating to the domain joined machine. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Network security: Allow PKU2U authentication requests to this computer to use online identities.* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* -Valid values: +Valid values: - 0 - disabled. - 1 - enabled (allow PKU2U authentication requests to this computer to use online identities). @@ -1749,7 +1749,7 @@ Valid values:
            -**LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange** +**LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange** @@ -1784,7 +1784,7 @@ This security setting determines if, at the next password change, the LAN Manage -GP Info: +GP Info: - GP Friendly name: *Network security: Do not store LAN Manager hash value on next password change* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1794,7 +1794,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel** +**LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel** @@ -1846,7 +1846,7 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send -GP Info: +GP Info: - GP Friendly name: *Network security: LAN Manager authentication level* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1856,7 +1856,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients** +**LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients** @@ -1897,7 +1897,7 @@ This security setting allows a client device to require the negotiation of 128-b -GP Info: +GP Info: - GP Friendly name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) clients* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1907,7 +1907,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers** +**LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers** @@ -1949,7 +1949,7 @@ This security setting allows a server to require the negotiation of 128-bit encr -GP Info: +GP Info: - GP Friendly name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) servers* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1959,7 +1959,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication** +**LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication** @@ -1997,7 +1997,7 @@ The naming format for servers on this exception list is the fully qualified doma -GP Info: +GP Info: - GP Friendly name: *Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2016,7 +2016,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic** +**LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic** @@ -2059,7 +2059,7 @@ This policy is supported on at least Windows 7 or Windows Server 2008 R2. -GP Info: +GP Info: - GP Friendly name: *Network security: Restrict NTLM: Audit Incoming NTLM Traffic* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2078,7 +2078,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic** +**LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic** @@ -2121,7 +2121,7 @@ This policy is supported on at least Windows 7 or Windows Server 2008 R2. -GP Info: +GP Info: - GP Friendly name: *Network security: Restrict NTLM: Incoming NTLM traffic* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2140,7 +2140,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers** +**LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers** @@ -2183,7 +2183,7 @@ This policy is supported on at least Windows 7 or Windows Server 2008 R2. -GP Info: +GP Info: - GP Friendly name: *Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2202,7 +2202,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn** +**LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn** @@ -2240,18 +2240,18 @@ When this policy is disabled, the option to shut down the computer doesn't appea - Default on servers: Disabled. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *Shutdown: Allow system to be shut down without having to log on* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* -Valid values: +Valid values: - 0 - disabled. - 1 - enabled (allow system to be shut down without having to sign in). @@ -2261,7 +2261,7 @@ Valid values:
            -**LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile** +**LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile** @@ -2299,7 +2299,7 @@ Default: Disabled -GP Info: +GP Info: - GP Friendly name: *Shutdown: Clear virtual memory pagefile* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2309,7 +2309,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation** +**LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation** @@ -2341,23 +2341,23 @@ This policy setting controls whether User Interface Accessibility (UIAccess or U Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you don't disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop. -Disabled: (Default) +Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* -Valid values: +Valid values: - 0 - disabled. - 1 - enabled (allow UIAccess applications to prompt for elevation without using the secure desktop). @@ -2367,7 +2367,7 @@ Valid values:
            -**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators** +**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators** @@ -2416,12 +2416,12 @@ The options are: - 5 - Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2431,7 +2431,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers** +**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers** @@ -2462,12 +2462,12 @@ User Account Control: Behavior of the elevation prompt for standard users This policy setting controls the behavior of the elevation prompt for standard users. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *User Account Control: Behavior of the elevation prompt for standard users* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2485,7 +2485,7 @@ The following list shows the supported values:
            -**LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation** +**LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation** @@ -2523,7 +2523,7 @@ The options are: -GP Info: +GP Info: - GP Friendly name: *User Account Control: Detect application installations and prompt for elevation* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2533,7 +2533,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated** +**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated** @@ -2568,12 +2568,12 @@ The options are: - 1 - Enabled: Enforces the PKI certification path validation for a given executable file before it's permitted to run. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *User Account Control: Only elevate executables that are signed and validated* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2583,7 +2583,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations** +**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations** @@ -2620,17 +2620,17 @@ This policy setting controls, whether applications that request to run with a Us > [!NOTE] > Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting. -The options are: +The options are: - 0 - Disabled: An application runs with UIAccess integrity even if it doesn't reside in a secure location in the file system. - 1 - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *User Account Control: Only elevate UIAccess applications that are installed in secure locations* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2640,7 +2640,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode** +**LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode** @@ -2676,15 +2676,15 @@ The options are: > [!NOTE] > If this policy setting is disabled, Windows Security notifies you that the overall security of the operating system has been reduced. -- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately, to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. +- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately, to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *User Account Control: Run all administrators in Admin Approval Mode* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2694,7 +2694,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation** +**LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation** @@ -2729,12 +2729,12 @@ The options are: - 1 - Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *User Account Control: Switch to the secure desktop when prompting for elevation* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2744,7 +2744,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode** +**LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode** @@ -2782,7 +2782,7 @@ The options are: -GP Info: +GP Info: - GP Friendly name: *User Account Control: Admin Approval Mode for the Built-in Administrator account* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2792,7 +2792,7 @@ GP Info:
            -**LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations** +**LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations** @@ -2823,12 +2823,12 @@ User Account Control: Virtualize file and registry write failures to per-user lo This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. This policy supports the following: -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -GP Info: +GP Info: - GP Friendly name: *User Account Control: Virtualize file and registry write failures to per-user locations* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index c2c636a46f..8f9a5ef4cd 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 10/14/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## LocalUsersAndGroups policies +## LocalUsersAndGroups policies
            @@ -28,7 +28,7 @@ manager: aaroncz
            -**LocalUsersAndGroups/Configure** +**LocalUsersAndGroups/Configure** @@ -59,14 +59,14 @@ This policy setting allows IT admins to add, remove, or replace members of local > [!NOTE] > The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or Azure Active Directory groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove. > -> Starting from Windows 10, version 20H2, it is recommended to use the LocalUsersandGroups policy instead of the RestrictedGroups policy. Applying both the policies to the same device is unsupported and may yield unpredictable results. +> Starting from Windows 10, version 20H2, it is recommended to use the LocalUsersandGroups policy instead of the RestrictedGroups policy. Applying both the policies to the same device is unsupported and may yield unpredictable results. Here is an example of the policy definition XML for group configuration: ```xml - + @@ -75,22 +75,22 @@ Here is an example of the policy definition XML for group configuration: where: -- ``: Specifies the name or SID of the local group to configure. If you specify a SID, the [LookupAccountSid](/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API is used to translate the SID to a valid group name. If you specify a name, the [LookupAccountName](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea) API is used to lookup the group and validate the name. If name/SID lookup fails, the group is skipped and the next group in the XML file is processed. If there are multiple errors, the last error is returned at the end of the policy processing. -- ``: Specifies the action to take on the local group, which can be Update and Restrict, represented by U and R: +- ``: Specifies the name or SID of the local group to configure. If you specify a SID, the [LookupAccountSid](/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API is used to translate the SID to a valid group name. If you specify a name, the [LookupAccountName](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea) API is used to lookup the group and validate the name. If name/SID lookup fails, the group is skipped and the next group in the XML file is processed. If there are multiple errors, the last error is returned at the end of the policy processing. +- ``: Specifies the action to take on the local group, which can be Update and Restrict, represented by U and R: - Update. This action must be used to keep the current group membership intact and add or remove members of the specific group. - Restrict. This action must be used to replace current membership with the newly specified groups. This action provides the same functionality as the [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting. - ``: Specifies the SID or name of the member to configure. - ``: Specifies the SID or name of the member to remove from the specified group. > [!NOTE] - > When specifying member names of the user accounts, you must use following format – AzureAD\userUPN. For example, "AzureAD\user1@contoso.com" or "AzureAD\user2@contoso.co.uk". + > When specifying member names of the user accounts, you must use following format – AzureAD\userUPN. For example, "AzureAD\user1@contoso.com" or "AzureAD\user2@contoso.co.uk". For adding Azure AD groups, you need to specify the Azure AD Group SID. Azure AD group names are not supported with this policy. -For more information, see [LookupAccountNameA function](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea). +For more information, see [LookupAccountNameA function](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea). See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configuration/custom-settings-windows-10) for information on how to create custom profiles. > [!IMPORTANT] -> - `` and `` can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using [Graph](/graph/api/resources/group?view=graph-rest-1.0&preserve-view=true#json-representation) API for Groups. The SID is present in the `securityIdentifier` attribute. +> - `` and `` can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using [Graph](/graph/api/resources/group?view=graph-rest-1.0&preserve-view=true#json-representation) API for Groups. The SID is present in the `securityIdentifier` attribute. > - When specifying a SID in the `` or ``, member SIDs are added without attempting to resolve them. Therefore, be very careful when specifying a SID to ensure it is correct. > - `` is not valid for the R (Restrict) action and will be ignored if present. > - The list in the XML is processed in the given order except for the R actions, which get processed last to ensure they win. It also means that, if a group is present multiple times with different add/remove values, all of them will be processed in the order they are present. @@ -104,7 +104,7 @@ See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configura Example 1: Azure Active Directory focused. -The following example updates the built-in administrators group with Azure AD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine. +The following example updates the built-in administrators group with Azure AD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine. ```xml @@ -137,13 +137,13 @@ Example 3: Update action for adding and removing group members on a hybrid joine The following example shows how you can update a local group (**Administrators**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a Azure Active Directory group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists. ```xml - - - + + + - - + + ``` @@ -155,9 +155,9 @@ The following example shows how you can update a local group (**Administrators**
            > [!NOTE] -> +> > When Azure Active Directory group SID’s are added to local groups, Azure AD account logon privileges are evaluated only for the following well-known groups on a Windows 10 device: -> +> > - Administrators > - Users > - Guests @@ -167,12 +167,12 @@ The following example shows how you can update a local group (**Administrators** ## FAQs -This section provides answers to some common questions you might have about the LocalUsersAndGroups policy CSP. +This section provides answers to some common questions you might have about the LocalUsersAndGroups policy CSP. ### What happens if I accidentally remove the built-in Administrator SID from the Administrators group? -Removing the built-in Administrator account from the built-in Administrators group is blocked at SAM/OS level for security reasons. Attempting to do so will result in failure with the following error: - +Removing the built-in Administrator account from the built-in Administrators group is blocked at SAM/OS level for security reasons. Attempting to do so will result in failure with the following error: + | Error Code | Symbolic Name | Error Description | Header | |----------|----------|----------|----------| | 0x55b (Hex)
            1371 (Dec) |ERROR_SPECIAL_ACCOUNT|Cannot perform this operation on built-in accounts.| winerror.h | @@ -189,7 +189,7 @@ Yes, you can remove a member even if it isn't a member of the group. This will r ### How can I add a domain group as a member to a local group? -To add a domain group as a member to a local group, specify the domain group in `` of the local group. Use fully qualified account names (for example, domain_name\group_name) instead of isolated names (for example, group_name) for the best results. See [LookupAccountNameA function](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea#remarks) for more information. +To add a domain group as a member to a local group, specify the domain group in `` of the local group. Use fully qualified account names (for example, domain_name\group_name) instead of isolated names (for example, group_name) for the best results. See [LookupAccountNameA function](/windows/win32/api/winbase/nf-winbase-lookupaccountnamea#remarks) for more information. ### Can I apply more than one LocalUserAndGroups policy/XML to the same device? @@ -197,7 +197,7 @@ No, this is not allowed. Attempting to do so will result in a conflict in Intune ### What happens if I specify a group name that doesn't exist? -Invalid group names or SIDs will be skipped. Valid parts of the policy will apply, and error will be returned at the end of the processing. This behavior aligns with the on-prem AD GPP (Group Policy Preferences) LocalUsersAndGroups policy. Similarly, invalid member names will be skipped, and error will be returned at the end to notify that not all settings were applied successfully. +Invalid group names or SIDs will be skipped. Valid parts of the policy will apply, and error will be returned at the end of the processing. This behavior aligns with the on-prem AD GPP (Group Policy Preferences) LocalUsersAndGroups policy. Similarly, invalid member names will be skipped, and error will be returned at the end to notify that not all settings were applied successfully. ### What happens if I specify R and U in the same XML? @@ -205,7 +205,7 @@ If you specify both R and U in the same XML, the R (Restrict) action takes prece ### How do I check the result of a policy that is applied on the client device? -After a policy is applied on the client device, you can investigate the event log to review the result: +After a policy is applied on the client device, you can investigate the event log to review the result: 1. Open Event Viewer (**eventvwr.exe**). 2. Navigate to **Applications and Services Logs** > **Microsoft** > **Windows** > **DeviceManagement-Enterprise- @@ -230,7 +230,7 @@ To troubleshoot Name/SID lookup APIs: ```powershell Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgInfoLevel -Value 0x0 -Type dword -Force - + Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgTraceOptions -Value 0x0 -Type dword -Force ``` diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index 7b338795e8..e81ef5bdbd 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## LockDown policies +## LockDown policies
            @@ -28,7 +28,7 @@ manager: aaroncz
            -**LockDown/AllowEdgeSwipe** +**LockDown/AllowEdgeSwipe** @@ -60,7 +60,7 @@ The easiest way to verify the policy is to restart the explorer process or to re -ADMX Info: +ADMX Info: - GP Friendly name: *Allow edge swipe* - GP name: *AllowEdgeSwipe* - GP path: *Windows Components/Edge UI* diff --git a/windows/client-management/mdm/policy-csp-lsa.md b/windows/client-management/mdm/policy-csp-lsa.md index a338134343..fc0a4d5cb4 100644 --- a/windows/client-management/mdm/policy-csp-lsa.md +++ b/windows/client-management/mdm/policy-csp-lsa.md @@ -3,7 +3,7 @@ title: Policy CSP - LocalSecurityAuthority description: Use the LocalSecurityAuthority CSP to configure policies for the Windows Local Security Authority Subsystem Service (LSASS). ms.author: vinpa author: vinaypamnani-msft -ms.reviewer: +ms.reviewer: manager: aaroncz ms.topic: reference ms.prod: windows-client @@ -30,17 +30,17 @@ ms.date: 08/26/2022
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -**LocalSecurityAuthority/AllowCustomSSPsAPs** +**LocalSecurityAuthority/AllowCustomSSPsAPs** @@ -74,7 +74,7 @@ If you disable this policy setting, LSASS will block custom SSPs and APs from lo -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Custom SSPs and APs to be loaded into LSASS* - GP name: *AllowCustomSSPsAPs* - GP path: *System/Local Security Authority* @@ -86,7 +86,7 @@ ADMX Info:
            -**Kerberos/ConfigureLsaProtectedProcess** +**Kerberos/ConfigureLsaProtectedProcess** @@ -122,7 +122,7 @@ If you enable this policy without UEFI lock (2), LSASS will run as a protected p -ADMX Info: +ADMX Info: - GP Friendly name: *Configure LSASS to run as a protected process* - GP name: *ConfigureLsaProtectedProcess* - GP path: *System/Local Security Authority* diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index d62a84d748..81e6388586 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Maps policies +## Maps policies
            @@ -31,7 +31,7 @@ manager: aaroncz
            -**Maps/AllowOfflineMapsDownloadOverMeteredConnection** +**Maps/AllowOfflineMapsDownloadOverMeteredConnection** @@ -75,7 +75,7 @@ The following list shows the supported values:
            -**Maps/EnableOfflineMapsAutoUpdate** +**Maps/EnableOfflineMapsAutoUpdate** @@ -107,7 +107,7 @@ After the policy is applied, you can verify the settings in the user interface i -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off Automatic Download and Update of Map Data* - GP name: *TurnOffAutoUpdate* - GP path: *Windows Components/Maps* diff --git a/windows/client-management/mdm/policy-csp-memorydump.md b/windows/client-management/mdm/policy-csp-memorydump.md index 37bcafe0e4..55f2821dc5 100644 --- a/windows/client-management/mdm/policy-csp-memorydump.md +++ b/windows/client-management/mdm/policy-csp-memorydump.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## MemoryDump policies +## MemoryDump policies
            @@ -31,7 +31,7 @@ manager: aaroncz
            -**MemoryDump/AllowCrashDump** +**MemoryDump/AllowCrashDump** @@ -72,7 +72,7 @@ The following list shows the supported values:
            -**MemoryDump/AllowLiveDump** +**MemoryDump/AllowLiveDump** diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index ea92d4a966..af0864c827 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Messaging policies +## Messaging policies
            @@ -28,7 +28,7 @@ manager: aaroncz
            -**Messaging/AllowMessageSync** +**Messaging/AllowMessageSync** @@ -58,7 +58,7 @@ Enables text message backup and restore and Messaging Everywhere. This policy al -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Message Service Cloud Sync* - GP name: *AllowMessageSync* - GP path: *Windows Components/Messaging* diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index e49f9c7be8..7b39f0c1f7 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: vinaypamnani-msft -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -16,14 +16,14 @@ manager: aaroncz
            -## MixedReality policies +## MixedReality policies
            MixedReality/AADGroupMembershipCacheValidityInDays
            - MixedReality/AllowCaptivePortalBeforeSignIn + MixedReality/AllowCaptivePortalBeforeLogon
            MixedReality/AllowLaunchUriInSingleAppKiosk @@ -51,7 +51,7 @@ manager: aaroncz
            MixedReality/ManualDownDirectionDisabled -
            +
            MixedReality/MicrophoneDisabled
            @@ -75,7 +75,7 @@ manager: aaroncz
            -**MixedReality/AADGroupMembershipCacheValidityInDays** +**MixedReality/AADGroupMembershipCacheValidityInDays** @@ -103,7 +103,7 @@ Steps to use this policy correctly:
            -**MixedReality/AllowCaptivePortalBeforeSignIn** +**MixedReality/AllowCaptivePortalBeforeLogon** @@ -127,11 +127,14 @@ Steps to use this policy correctly: This new feature is an opt-in policy that IT Admins can enable to help with the setup of new devices in new areas or new users. When this policy is turned on it allows a captive portal on the sign-in screen, which allows a user to enter credentials to connect to the Wi-Fi access point. If enabled, sign in will implement similar logic as OOBE to display captive portal if necessary. -MixedReality/AllowCaptivePortalBeforeSignIn +MixedReality/AllowCaptivePortalBeforeLogon -The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/AllowCaptivePortalBeforeSignIn` +The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/AllowCaptivePortalBeforeLogon` -Bool value +Int value + +- 0: (Default) Off +- 1: On @@ -229,7 +232,7 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60
            -**MixedReality/BrightnessButtonDisabled** +**MixedReality/BrightnessButtonDisabled** @@ -272,7 +275,7 @@ The following list shows the supported values:
            -**MixedReality/ConfigureMovingPlatform** +**MixedReality/ConfigureMovingPlatform** @@ -314,7 +317,7 @@ Supported value is Integer.
            -**MixedReality/ConfigureNtpClient** +**MixedReality/ConfigureNtpClient** @@ -379,7 +382,7 @@ value="0"/>
            -**MixedReality/DisallowNetworkConnectivityPassivePolling** +**MixedReality/DisallowNetworkConnectivityPassivePolling** @@ -415,7 +418,7 @@ The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/Disa
            -**MixedReality/FallbackDiagnostics** +**MixedReality/FallbackDiagnostics** @@ -459,7 +462,7 @@ The following list shows the supported values:
            -**MixedReality/HeadTrackingMode** +**MixedReality/HeadTrackingMode** @@ -502,7 +505,7 @@ The following list shows the supported values:
            -**MixedReality/ManualDownDirectionDisabled** +**MixedReality/ManualDownDirectionDisabled** @@ -542,7 +545,7 @@ Supported values: -**MixedReality/MicrophoneDisabled** +**MixedReality/MicrophoneDisabled** @@ -583,7 +586,7 @@ The following list shows the supported values: -**MixedReality/NtpClientEnabled** +**MixedReality/NtpClientEnabled** @@ -627,7 +630,7 @@ This policy setting specifies whether the Windows NTP Client is enabled.
            -**MixedReality/SkipCalibrationDuringSetup** +**MixedReality/SkipCalibrationDuringSetup** @@ -663,7 +666,7 @@ The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/Skip
            -**MixedReality/SkipTrainingDuringSetup** +**MixedReality/SkipTrainingDuringSetup** @@ -699,7 +702,7 @@ The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/Skip
            -**MixedReality/VolumeButtonDisabled** +**MixedReality/VolumeButtonDisabled** @@ -742,7 +745,7 @@ The following list shows the supported values:
            -**MixedReality/VisitorAutoLogon** +**MixedReality/VisitorAutoLogon** diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md index d2b17be697..790df8eb85 100644 --- a/windows/client-management/mdm/policy-csp-mssecurityguide.md +++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,7 +18,7 @@ manager: aaroncz
            -## MSSecurityGuide policies +## MSSecurityGuide policies
            @@ -42,16 +42,16 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -**MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon** +**MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon** @@ -81,7 +81,7 @@ manager: aaroncz -ADMX Info: +ADMX Info: - GP name: *Pol_SecGuide_0201_LATFP* - GP ADMX file name: *SecGuide.admx* @@ -91,7 +91,7 @@ ADMX Info:
            -**MSSecurityGuide/ConfigureSMBV1ClientDriver** +**MSSecurityGuide/ConfigureSMBV1ClientDriver** @@ -122,7 +122,7 @@ ADMX Info: -ADMX Info: +ADMX Info: - GP name: *Pol_SecGuide_0002_SMBv1_ClientDriver* - GP ADMX file name: *SecGuide.admx* @@ -132,7 +132,7 @@ ADMX Info:
            -**MSSecurityGuide/ConfigureSMBV1Server** +**MSSecurityGuide/ConfigureSMBV1Server** @@ -163,7 +163,7 @@ ADMX Info: -ADMX Info: +ADMX Info: - GP name: *Pol_SecGuide_0001_SMBv1_Server* - GP ADMX file name: *SecGuide.admx* @@ -173,7 +173,7 @@ ADMX Info:
            -**MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection** +**MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection** @@ -204,7 +204,7 @@ ADMX Info: -ADMX Info: +ADMX Info: - GP name: *Pol_SecGuide_0102_SEHOP* - GP ADMX file name: *SecGuide.admx* @@ -214,7 +214,7 @@ ADMX Info:
            -**MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications** +**MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications** @@ -244,7 +244,7 @@ ADMX Info: -ADMX Info: +ADMX Info: - GP name: *Pol_SecGuide_0101_WDPUA* - GP ADMX file name: *SecGuide.admx* @@ -254,7 +254,7 @@ ADMX Info:
            -**MSSecurityGuide/WDigestAuthentication** +**MSSecurityGuide/WDigestAuthentication** @@ -284,7 +284,7 @@ ADMX Info: -ADMX Info: +ADMX Info: - GP name: *Pol_SecGuide_0202_WDigestAuthn* - GP ADMX file name: *SecGuide.admx* diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md index d6d732e4cf..5be1cd6495 100644 --- a/windows/client-management/mdm/policy-csp-msslegacy.md +++ b/windows/client-management/mdm/policy-csp-msslegacy.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## MSSLegacy policies +## MSSLegacy policies
            @@ -35,16 +35,16 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -**MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes** +**MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes** @@ -74,7 +74,7 @@ manager: aaroncz -ADMX Info: +ADMX Info: - GP name: *Pol_MSS_EnableICMPRedirect* - GP ADMX file name: *mss-legacy.admx* @@ -84,7 +84,7 @@ ADMX Info:
            -**MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers** +**MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers** @@ -115,7 +115,7 @@ ADMX Info: -ADMX Info: +ADMX Info: - GP name: *Pol_MSS_NoNameReleaseOnDemand* - GP ADMX file name: *mss-legacy.admx* @@ -125,7 +125,7 @@ ADMX Info:
            -**MSSLegacy/IPSourceRoutingProtectionLevel** +**MSSLegacy/IPSourceRoutingProtectionLevel** @@ -155,7 +155,7 @@ ADMX Info: -ADMX Info: +ADMX Info: - GP name: *Pol_MSS_DisableIPSourceRouting* - GP ADMX file name: *mss-legacy.admx* @@ -165,7 +165,7 @@ ADMX Info:
            -**MSSLegacy/IPv6SourceRoutingProtectionLevel** +**MSSLegacy/IPv6SourceRoutingProtectionLevel** @@ -195,7 +195,7 @@ ADMX Info: -ADMX Info: +ADMX Info: - GP name: *Pol_MSS_DisableIPSourceRoutingIPv6* - GP ADMX file name: *mss-legacy.admx* diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md index 0329b17188..d309cdb01f 100644 --- a/windows/client-management/mdm/policy-csp-multitasking.md +++ b/windows/client-management/mdm/policy-csp-multitasking.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 10/30/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Multitasking policies +## Multitasking policies
            @@ -28,7 +28,7 @@ manager: aaroncz
            -**Multitasking/BrowserAltTabBlowout** +**Multitasking/BrowserAltTabBlowout** @@ -60,20 +60,20 @@ manager: aaroncz This policy controls the inclusion of Edge tabs into Alt+Tab. -Enabling this policy restricts the number of Edge tabs that are allowed to appear in the Alt+Tab switcher. Alt+Tab can be configured to show all open Edge tabs, only the five most recent tabs, only the three most recent tabs, or no tabs. Setting the policy to no tabs configures the Alt+Tab switcher to show app windows only, which is the classic Alt+Tab behavior. +Enabling this policy restricts the number of Edge tabs that are allowed to appear in the Alt+Tab switcher. Alt+Tab can be configured to show all open Edge tabs, only the five most recent tabs, only the three most recent tabs, or no tabs. Setting the policy to no tabs configures the Alt+Tab switcher to show app windows only, which is the classic Alt+Tab behavior. This policy only applies to the Alt+Tab switcher. When the policy isn't enabled, the feature respects the user's setting in the Settings app. > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP Friendly name: *Configure the inclusion of Edge tabs into Alt-Tab* - GP name: *BrowserAltTabBlowout* - GP path: *Windows Components/Multitasking* diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index d2d4a901b0..53c14116f6 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## NetworkIsolation policies +## NetworkIsolation policies
            @@ -49,7 +49,7 @@ manager: aaroncz
            -**NetworkIsolation/EnterpriseCloudResources** +**NetworkIsolation/EnterpriseCloudResources** @@ -79,7 +79,7 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to -ADMX Info: +ADMX Info: - GP Friendly name: *Enterprise resource domains hosted in the cloud* - GP name: *WF_NetIsolation_EnterpriseCloudResources* - GP element: *WF_NetIsolation_EnterpriseCloudResourcesBox* @@ -92,7 +92,7 @@ ADMX Info:
            -**NetworkIsolation/EnterpriseIPRange** +**NetworkIsolation/EnterpriseIPRange** @@ -122,7 +122,7 @@ Sets the enterprise IP ranges that define the computers in the enterprise networ -ADMX Info: +ADMX Info: - GP Friendly name: *Private network ranges for apps* - GP name: *WF_NetIsolation_PrivateSubnet* - GP element: *WF_NetIsolation_PrivateSubnetBox* @@ -139,7 +139,7 @@ For example: 2001:4898:dc05::-2001:4898:dc05:ffff:ffff:ffff:ffff:ffff, 2a01:110::-2a01:110:7fff:ffff:ffff:ffff:ffff:ffff, fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff - + ``` @@ -148,7 +148,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
            -**NetworkIsolation/EnterpriseIPRangesAreAuthoritative** +**NetworkIsolation/EnterpriseIPRangesAreAuthoritative** @@ -178,7 +178,7 @@ Integer value that tells the client to accept the configured list and not to use -ADMX Info: +ADMX Info: - GP Friendly name: *Subnet definitions are authoritative* - GP name: *WF_NetIsolation_Authoritative_Subnet* - GP path: *Network/Network Isolation* @@ -190,7 +190,7 @@ ADMX Info:
            -**NetworkIsolation/EnterpriseInternalProxyServers** +**NetworkIsolation/EnterpriseInternalProxyServers** @@ -220,7 +220,7 @@ This list is the comma-separated list of internal proxy servers. For example "15 -ADMX Info: +ADMX Info: - GP Friendly name: *Intranet proxy servers for apps* - GP name: *WF_NetIsolation_Intranet_Proxies* - GP element: *WF_NetIsolation_Intranet_ProxiesBox* @@ -233,7 +233,7 @@ ADMX Info:
            -**NetworkIsolation/EnterpriseNetworkDomainNames** +**NetworkIsolation/EnterpriseNetworkDomainNames** @@ -276,7 +276,7 @@ Here are the steps to create canonical domain names:
            -**NetworkIsolation/EnterpriseProxyServers** +**NetworkIsolation/EnterpriseProxyServers** @@ -306,7 +306,7 @@ This list is a comma-separated list of proxy servers. Any server on this list is -ADMX Info: +ADMX Info: - GP Friendly name: *Internet proxy servers for apps* - GP name: *WF_NetIsolation_Domain_Proxies* - GP element: *WF_NetIsolation_Domain_ProxiesBox* @@ -319,7 +319,7 @@ ADMX Info:
            -**NetworkIsolation/EnterpriseProxyServersAreAuthoritative** +**NetworkIsolation/EnterpriseProxyServersAreAuthoritative** @@ -349,7 +349,7 @@ Integer value that tells the client to accept the configured list of proxies and -ADMX Info: +ADMX Info: - GP Friendly name: *Proxy definitions are authoritative* - GP name: *WF_NetIsolation_Authoritative_Proxies* - GP path: *Network/Network Isolation* @@ -361,7 +361,7 @@ ADMX Info:
            -**NetworkIsolation/NeutralResources** +**NetworkIsolation/NeutralResources** @@ -391,7 +391,7 @@ List of domain names that can be used for work or personal resource. -ADMX Info: +ADMX Info: - GP Friendly name: *Domains categorized as both work and personal* - GP name: *WF_NetIsolation_NeutralResources* - GP element: *WF_NetIsolation_NeutralResourcesBox* diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index bd33a1ddfa..60a664f65e 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 12/16/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## NetworkListManager policies +## NetworkListManager policies
            @@ -31,7 +31,7 @@ manager: aaroncz
            -**NetworkListManager/AllowedTlsAuthenticationEndpoints** +**NetworkListManager/AllowedTlsAuthenticationEndpoints** @@ -57,9 +57,9 @@ manager: aaroncz -This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. +This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. -When entering a list of TLS endpoints in Microsoft Endpoint Manager, you must follow this format, even in the UI: +When entering a list of TLS endpoints in Microsoft Endpoint Manager, you must follow this format, even in the UI: `` @@ -75,7 +75,7 @@ When entering a list of TLS endpoints in Microsoft Endpoint Manager, you must fo
            -**NetworkListManager/ConfiguredTLSAuthenticationNetworkName** +**NetworkListManager/ConfiguredTLSAuthenticationNetworkName** diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md index 59566c1026..4f5672eead 100644 --- a/windows/client-management/mdm/policy-csp-newsandinterests.md +++ b/windows/client-management/mdm/policy-csp-newsandinterests.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## NewsAndInterests policies +## NewsAndInterests policies
            @@ -27,7 +27,7 @@ manager: aaroncz
            -**NewsAndInterests/AllowNewsAndInterests** +**NewsAndInterests/AllowNewsAndInterests** @@ -55,7 +55,7 @@ manager: aaroncz This policy specifies whether to allow the entire widgets experience, including the content on taskbar. - + @@ -68,7 +68,7 @@ The following are the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Specifies whether to allow the entire widgets experience, including the content on taskbar*. - GP name: *AllowNewsAndInterests* - GP path: *Network/NewsandInterests* diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 32ddde9d1a..f8ed9bde43 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Notifications policies +## Notifications policies
            @@ -38,7 +38,7 @@ manager: aaroncz
            -**Notifications/DisallowCloudNotification** +**Notifications/DisallowCloudNotification** @@ -79,7 +79,7 @@ No reboots or service restarts are required for this policy setting to take effe -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off notifications network usage* - GP name: *NoCloudNotification* - GP path: *Start Menu and Taskbar/Notifications* @@ -91,7 +91,7 @@ This setting supports a range of values between 0 and 1. -Validation: +Validation: 1. Enable policy. 2. Reboot machine. 3. Ensure that you can't receive a notification from Facebook app while FB app isn't running. @@ -102,7 +102,7 @@ Validation:
            -**Notifications/DisallowNotificationMirroring** +**Notifications/DisallowNotificationMirroring** @@ -136,7 +136,7 @@ No reboot or service restart is required for this policy to take effect. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off notification mirroring* - GP name: *NoNotificationMirroring* - GP path: *Start Menu and Taskbar/Notifications* @@ -155,7 +155,7 @@ The following list shows the supported values:
            -**Notifications/DisallowTileNotification** +**Notifications/DisallowTileNotification** @@ -191,7 +191,7 @@ No reboots or service restarts are required for this policy setting to take effe -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off tile notifications* - GP name: *NoTileNotification* - GP path: *Start Menu and Taskbar/Notifications* @@ -203,7 +203,7 @@ This setting supports a range of values between 0 and 1. -Validation: +Validation: 1. Enable policy. 2. Reboot machine. 3. Ensure that all tiles are default (no live tile content showing, like no weather forecast on the Weather tile). @@ -213,7 +213,7 @@ Validation:
            -**Notifications/WnsEndpoint** +**Notifications/WnsEndpoint** @@ -262,7 +262,7 @@ Validation: -This policy setting determines which Windows Notification Service endpoint will be used to connect for Windows Push Notifications. +This policy setting determines which Windows Notification Service endpoint will be used to connect for Windows Push Notifications. If you disable or don't configure this setting, the push notifications will connect to the default endpoint of client.wns.windows.com. @@ -271,7 +271,7 @@ If you disable or don't configure this setting, the push notifications will conn -ADMX Info: +ADMX Info: - GP Friendly name: *Required for Airgap servers that may have a unique FQDN that is different from the public endpoint* - GP name: *WnsEndpoint* - GP path: *Start Menu and Taskbar/Notifications* diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 117535d8e7..5783522033 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,7 +18,7 @@ manager: aaroncz -## Power policies +## Power policies
            @@ -93,17 +93,17 @@ manager: aaroncz
            > [!TIP] -> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -**Power/AllowHibernate** +**Power/AllowHibernate**
            @@ -156,7 +156,7 @@ manager: aaroncz -ADMX Info: +ADMX Info: - GP Friendly name: *Decides if hibernate on the machine is allowed or not* - GP name: *AllowHibernate* - GP path: *System/Power Management/Sleep Settings* @@ -168,7 +168,7 @@ ADMX Info:
            -**Power/AllowStandbyStatesWhenSleepingOnBattery** +**Power/AllowStandbyStatesWhenSleepingOnBattery** @@ -203,7 +203,7 @@ If you disable this policy setting, standby states (S1-S3) aren't allowed. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow standby states (S1-S3) when sleeping (on battery)* - GP name: *AllowStandbyStatesDC_2* - GP path: *System/Power Management/Sleep Settings* @@ -215,7 +215,7 @@ ADMX Info:
            -**Power/AllowStandbyWhenSleepingPluggedIn** +**Power/AllowStandbyWhenSleepingPluggedIn** @@ -250,7 +250,7 @@ If you disable this policy setting, standby states (S1-S3) aren't allowed. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow standby states (S1-S3) when sleeping (plugged in)* - GP name: *AllowStandbyStatesAC_2* - GP path: *System/Power Management/Sleep Settings* @@ -262,7 +262,7 @@ ADMX Info:
            -**Power/DisplayOffTimeoutOnBattery** +**Power/DisplayOffTimeoutOnBattery** @@ -301,7 +301,7 @@ If the user has configured a slide show to run on the lock screen when the machi -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the display (on battery)* - GP name: *VideoPowerDownTimeOutDC_2* - GP path: *System/Power Management/Video and Display Settings* @@ -313,7 +313,7 @@ ADMX Info:
            -**Power/DisplayOffTimeoutPluggedIn** +**Power/DisplayOffTimeoutPluggedIn** @@ -350,7 +350,7 @@ If the user has configured a slide show to run on the lock screen when the machi -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the display (plugged in)* - GP name: *VideoPowerDownTimeOutAC_2* - GP path: *System/Power Management/Video and Display Settings* @@ -362,7 +362,7 @@ ADMX Info:
            -**Power/EnergySaverBatteryThresholdOnBattery** +**Power/EnergySaverBatteryThresholdOnBattery** @@ -397,7 +397,7 @@ If you disable or don't configure this policy setting, users control this settin -ADMX Info: +ADMX Info: - GP Friendly name: *Energy Saver Battery Threshold (on battery)* - GP name: *EsBattThresholdDC* - GP element: *EnterEsBattThreshold* @@ -419,7 +419,7 @@ Supported values: 0-100. The default is 70.
            -**Power/EnergySaverBatteryThresholdPluggedIn** +**Power/EnergySaverBatteryThresholdPluggedIn** @@ -453,7 +453,7 @@ If you disable or don't configure this policy setting, users control this settin -ADMX Info: +ADMX Info: - GP Friendly name: *Energy Saver Battery Threshold (plugged in)* - GP name: *EsBattThresholdAC* - GP element: *EnterEsBattThreshold* @@ -475,7 +475,7 @@ Supported values: 0-100. The default is 70.
            -**Power/HibernateTimeoutOnBattery** +**Power/HibernateTimeoutOnBattery** @@ -512,7 +512,7 @@ If the user has configured a slide show to run on the lock screen when the machi -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the system hibernate timeout (on battery)* - GP name: *DCHibernateTimeOut_2* - GP path: *System/Power Management/Sleep Settings* @@ -524,7 +524,7 @@ ADMX Info:
            -**Power/HibernateTimeoutPluggedIn** +**Power/HibernateTimeoutPluggedIn** @@ -561,7 +561,7 @@ If the user has configured a slide show to run on the lock screen when the machi -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the system hibernate timeout (plugged in)* - GP name: *ACHibernateTimeOut_2* - GP path: *System/Power Management/Sleep Settings* @@ -573,7 +573,7 @@ ADMX Info:
            -**Power/RequirePasswordWhenComputerWakesOnBattery** +**Power/RequirePasswordWhenComputerWakesOnBattery** @@ -608,7 +608,7 @@ If you disable this policy setting, the user isn't prompted for a password when -ADMX Info: +ADMX Info: - GP Friendly name: *Require a password when a computer wakes (on battery)* - GP name: *DCPromptForPasswordOnResume_2* - GP path: *System/Power Management/Sleep Settings* @@ -620,7 +620,7 @@ ADMX Info:
            -**Power/RequirePasswordWhenComputerWakesPluggedIn** +**Power/RequirePasswordWhenComputerWakesPluggedIn** @@ -655,7 +655,7 @@ If you disable this policy setting, the user isn't prompted for a password when -ADMX Info: +ADMX Info: - GP Friendly name: *Require a password when a computer wakes (plugged in)* - GP name: *ACPromptForPasswordOnResume_2* - GP path: *System/Power Management/Sleep Settings* @@ -667,7 +667,7 @@ ADMX Info:
            -**Power/SelectLidCloseActionOnBattery** +**Power/SelectLidCloseActionOnBattery** @@ -701,7 +701,7 @@ If you disable this policy setting or don't configure it, users can see and chan -ADMX Info: +ADMX Info: - GP Friendly name: *Select the lid switch action (on battery)* - GP name: *DCSystemLidAction_2* - GP element: *SelectDCSystemLidAction* @@ -711,7 +711,7 @@ ADMX Info: -The following are the supported lid close switch actions (on battery): +The following are the supported lid close switch actions (on battery): - 0 - Take no action - 1 - Sleep - 2 - System hibernate sleep state @@ -729,7 +729,7 @@ The following are the supported lid close switch actions (on battery):
            -**Power/SelectLidCloseActionPluggedIn** +**Power/SelectLidCloseActionPluggedIn** @@ -763,7 +763,7 @@ If you disable this policy setting or don't configure it, users can see and chan -ADMX Info: +ADMX Info: - GP Friendly name: *Select the lid switch action (plugged in)* - GP name: *ACSystemLidAction_2* - GP element: *SelectACSystemLidAction* @@ -773,7 +773,7 @@ ADMX Info: -The following are the supported lid close switch actions (plugged in): +The following are the supported lid close switch actions (plugged in): - 0 - Take no action - 1 - Sleep - 2 - System hibernate sleep state @@ -791,7 +791,7 @@ The following are the supported lid close switch actions (plugged in):
            -**Power/SelectPowerButtonActionOnBattery** +**Power/SelectPowerButtonActionOnBattery** @@ -817,7 +817,7 @@ The following are the supported lid close switch actions (plugged in): -This policy setting specifies the action that Windows takes when a user presses the Power button. +This policy setting specifies the action that Windows takes when a user presses the Power button. If you enable this policy setting, you must select the desired action. @@ -825,7 +825,7 @@ If you disable this policy setting or don't configure it, users can see and chan -ADMX Info: +ADMX Info: - GP Friendly name: *Select the Power button action (on battery)* - GP name: *DCPowerButtonAction_2* - GP element: *SelectDCPowerButtonAction* @@ -835,7 +835,7 @@ ADMX Info: -The following are the supported Power button actions (on battery): +The following are the supported Power button actions (on battery): - 0 - Take no action - 1 - Sleep - 2 - System hibernate sleep state @@ -853,7 +853,7 @@ The following are the supported Power button actions (on battery):
            -**Power/SelectPowerButtonActionPluggedIn** +**Power/SelectPowerButtonActionPluggedIn** @@ -879,7 +879,7 @@ The following are the supported Power button actions (on battery): -This policy setting specifies the action that Windows takes when a user presses the Power button. +This policy setting specifies the action that Windows takes when a user presses the Power button. If you enable this policy setting, you must select the desired action. @@ -887,7 +887,7 @@ If you disable this policy setting or don't configure it, users can see and chan -ADMX Info: +ADMX Info: - GP Friendly name: *Select the Power button action (plugged in)* - GP name: *ACPowerButtonAction_2* - GP element: *SelectACPowerButtonAction* @@ -897,7 +897,7 @@ ADMX Info: -The following are the supported Power button actions (plugged in): +The following are the supported Power button actions (plugged in): - 0 - Take no action - 1 - Sleep - 2 - System hibernate sleep state @@ -915,7 +915,7 @@ The following are the supported Power button actions (plugged in):
            -**Power/SelectSleepButtonActionOnBattery** +**Power/SelectSleepButtonActionOnBattery** @@ -949,7 +949,7 @@ If you disable this policy setting or don't configure it, users can see and chan -ADMX Info: +ADMX Info: - GP Friendly name: *Select the Sleep button action (on battery)* - GP name: *DCSleepButtonAction_2* - GP element: *SelectDCSleepButtonAction* @@ -959,7 +959,7 @@ ADMX Info: -The following are the supported Sleep button actions (on battery): +The following are the supported Sleep button actions (on battery): - 0 - Take no action - 1 - Sleep - 2 - System hibernate sleep state @@ -977,7 +977,7 @@ The following are the supported Sleep button actions (on battery):
            -**Power/SelectSleepButtonActionPluggedIn** +**Power/SelectSleepButtonActionPluggedIn** @@ -1011,7 +1011,7 @@ If you disable this policy setting or don't configure it, users can see and chan -ADMX Info: +ADMX Info: - GP Friendly name: *Select the Sleep button action (plugged in)* - GP name: *ACSleepButtonAction_2* - GP element: *SelectACSleepButtonAction* @@ -1021,7 +1021,7 @@ ADMX Info: -The following are the supported Sleep button actions (plugged in): +The following are the supported Sleep button actions (plugged in): - 0 - Take no action - 1 - Sleep - 2 - System hibernate sleep state @@ -1039,7 +1039,7 @@ The following are the supported Sleep button actions (plugged in):
            -**Power/StandbyTimeoutOnBattery** +**Power/StandbyTimeoutOnBattery** @@ -1076,7 +1076,7 @@ If the user has configured a slide show to run on the lock screen when the machi -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the system sleep timeout (on battery)* - GP name: *DCStandbyTimeOut_2* - GP path: *System/Power Management/Sleep Settings* @@ -1088,7 +1088,7 @@ ADMX Info:
            -**Power/StandbyTimeoutPluggedIn** +**Power/StandbyTimeoutPluggedIn** @@ -1125,7 +1125,7 @@ If the user has configured a slide show to run on the lock screen when the machi -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the system sleep timeout (plugged in)* - GP name: *ACStandbyTimeOut_2* - GP path: *System/Power Management/Sleep Settings* @@ -1137,7 +1137,7 @@ ADMX Info:
            -**Power/TurnOffHybridSleepOnBattery** +**Power/TurnOffHybridSleepOnBattery** @@ -1171,7 +1171,7 @@ If you set this policy setting to 1 or don't configure this policy setting, user -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off hybrid sleep (on battery)* - GP name: *DCStandbyWithHiberfileEnable_2* - GP path: *System/Power Management/Sleep Settings* @@ -1196,7 +1196,7 @@ The following are the supported values for Hybrid sleep (on battery):
            -**Power/TurnOffHybridSleepPluggedIn** +**Power/TurnOffHybridSleepPluggedIn** @@ -1230,7 +1230,7 @@ If you set this policy setting to 1 or don't configure this policy setting, user -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off hybrid sleep (plugged in)* - GP name: *ACStandbyWithHiberfileEnable_2* - GP path: *System/Power Management/Sleep Settings* @@ -1255,7 +1255,7 @@ The following are the supported values for Hybrid sleep (plugged in):
            -**Power/UnattendedSleepTimeoutOnBattery** +**Power/UnattendedSleepTimeoutOnBattery** @@ -1291,7 +1291,7 @@ If the user has configured a slide show to run on the lock screen when the machi -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the unattended sleep timeout (on battery)* - GP name: *UnattendedSleepTimeOutDC* - GP element: *EnterUnattendedSleepTimeOut* @@ -1314,7 +1314,7 @@ Default value for unattended sleep timeout (on battery):
            -**Power/UnattendedSleepTimeoutPluggedIn** +**Power/UnattendedSleepTimeoutPluggedIn** @@ -1350,7 +1350,7 @@ If the user has configured a slide show to run on the lock screen when the machi -ADMX Info: +ADMX Info: - GP Friendly name: *Specify the unattended sleep timeout (plugged in)* - GP name: *UnattendedSleepTimeOutAC* - GP element: *EnterUnattendedSleepTimeOut* diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index b62689625c..aaf5b33fb5 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,7 +18,7 @@ manager: aaroncz
            -## Printers policies +## Printers policies
            @@ -72,16 +72,16 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -**Printers/ApprovedUsbPrintDevices** +**Printers/ApprovedUsbPrintDevices** |Edition|Windows 10|Windows 11| @@ -106,8 +106,8 @@ manager: aaroncz -This policy implements the print portion of the Device Control requirements. -These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network. This policy will contain the comma-separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled. The format of this setting is `/[,/]` @@ -115,7 +115,7 @@ The format of this setting is `/[,/]` -ADMX Info: +ADMX Info: - GP Friendly name: *Support for new Device Control Print feature* - GP name: *ApprovedUsbPrintDevices* - GP path: *Printers* @@ -128,7 +128,7 @@ ADMX Info:
            -**Printers/ApprovedUsbPrintDevicesUser** +**Printers/ApprovedUsbPrintDevicesUser** |Edition|Windows 10|Windows 11| @@ -153,8 +153,8 @@ ADMX Info: -This policy implements the print portion of the Device Control requirements. -These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network. This policy will contain the comma separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled. The format of this setting is `/[,/]` @@ -162,7 +162,7 @@ The format of this setting is `/[,/]` -ADMX Info: +ADMX Info: - GP Friendly name: *Support for new Device Control Print feature* - GP name: *ApprovedUsbPrintDevicesUser* - GP path: *Printers* @@ -173,7 +173,7 @@ ADMX Info:
            -**Printers/ConfigureCopyFilesPolicy** +**Printers/ConfigureCopyFilesPolicy** |Edition|Windows 10|Windows 11| @@ -217,7 +217,7 @@ Type: DWORD. Defaults to 1. -ADMX Info: +ADMX Info: - GP Friendly name: *Manage processing of Queue-specific files* - GP name: *ConfigureCopyFilesPolicy* - GP path: *Printers* @@ -228,7 +228,7 @@ ADMX Info:
            -**Printers/ConfigureDriverValidationLevel** +**Printers/ConfigureDriverValidationLevel** |Edition|Windows 10|Windows 11| @@ -274,7 +274,7 @@ Type: DWORD. Defaults to 4. -ADMX Info: +ADMX Info: - GP Friendly name: *Manage Print Driver signature validation* - GP name: *ConfigureDriverValidationLevel* - GP path: *Printers* @@ -285,7 +285,7 @@ ADMX Info:
            -**Printers/ConfigureIppPageCountsPolicy** +**Printers/ConfigureIppPageCountsPolicy** |Edition|Windows 10|Windows 11| @@ -329,7 +329,7 @@ AlwaysSendIppPageCounts: DWORD. Defaults to 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Always send job page count information for IPP printers* - GP name: *ConfigureIppPageCountsPolicy* - GP path: *Printers* @@ -340,7 +340,7 @@ ADMX Info:
            -**Printers/ConfigureRedirectionGuardPolicy** +**Printers/ConfigureRedirectionGuardPolicy** |Edition|Windows 10|Windows 11| @@ -380,12 +380,12 @@ Type: DWORD, defaults to 1. - 0 (Redirection Guard Disabled) - Redirection Guard is not enabled for the spooler process and will not prevent the use of redirection primitives within said process. - 1 (Redirection Guard Enabled) - Redirection Guard is enabled for the spooler process and will prevent the use of redirection primitives from being used. -- 2 (Redirection Guard Audit Mode) - Redirection Guard will be disabled but will log telemetry events as though it were enabled. +- 2 (Redirection Guard Audit Mode) - Redirection Guard will be disabled but will log telemetry events as though it were enabled. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Redirection Guard* - GP name: *ConfigureRedirectionGuardPolicy* - GP path: *Printers* @@ -396,7 +396,7 @@ ADMX Info:
            -**Printers/ConfigureRpcConnectionPolicy** +**Printers/ConfigureRpcConnectionPolicy** |Edition|Windows 10|Windows 11| @@ -448,7 +448,7 @@ The following are the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure RPC connection settings* - GP name: *ConfigureRpcConnectionPolicy* - GP path: *Printers* @@ -459,7 +459,7 @@ ADMX Info:
            -**Printers/ConfigureRpcListenerPolicy** +**Printers/ConfigureRpcListenerPolicy** |Edition|Windows 10|Windows 11| @@ -510,7 +510,7 @@ The following are the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure RPC listener settings* - GP name: *ConfigureRpcListenerPolicy* - GP path: *Printers* @@ -521,7 +521,7 @@ ADMX Info:
            -**Printers/ConfigureRpcTcpPort** +**Printers/ConfigureRpcTcpPort** |Edition|Windows 10|Windows 11| @@ -567,7 +567,7 @@ The following are the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure RPC over TCP port* - GP name: *ConfigureRpcTcpPort* - GP path: *Printers* @@ -578,7 +578,7 @@ ADMX Info:
            -**Printers/EnableDeviceControl** +**Printers/EnableDeviceControl** |Edition|Windows 10|Windows 11| @@ -603,21 +603,21 @@ ADMX Info: -This policy implements the print portion of the Device Control requirements. -These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network. - +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network. + This policy will control whether the print spooler will attempt to restrict printing as part of Device Control. The default value of the policy will be Unconfigured. If the policy value is either Unconfigured or Disabled, the print spooler won't restrict printing. -If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list. +If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list. -ADMX Info: +ADMX Info: - GP Friendly name: *Support for new Device Control Print feature* - GP name: *EnableDeviceControl* - GP path: *Printers* @@ -630,7 +630,7 @@ ADMX Info: -**Printers/EnableDeviceControlUser** +**Printers/EnableDeviceControlUser** |Edition|Windows 10|Windows 11| @@ -655,21 +655,21 @@ ADMX Info: -This policy implements the print portion of the Device Control requirements. +This policy implements the print portion of the Device Control requirements. These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network. - + This policy will control whether the print spooler will attempt to restrict printing as part of Device Control. The default value of the policy will be Unconfigured. If the policy value is either Unconfigured or Disabled, the print spooler won't restrict printing. -If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list. +If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list. -ADMX Info: +ADMX Info: - GP Friendly name: *Support for new Device Control Print feature* - GP name: *EnableDeviceControlUser* - GP path: *Printers* @@ -681,7 +681,7 @@ ADMX Info:
            -**Printers/ManageDriverExclusionList** +**Printers/ManageDriverExclusionList** |Edition|Windows 10|Windows 11| @@ -726,7 +726,7 @@ Value Data: Name of excluded file -ADMX Info: +ADMX Info: - GP Friendly name: *Manage Print Driver exclusion list* - GP name: *ManageDriverExclusionList* - GP path: *Printers* @@ -737,7 +737,7 @@ ADMX Info:
            -**Printers/PointAndPrintRestrictions** +**Printers/PointAndPrintRestrictions** @@ -796,7 +796,7 @@ If you disable this policy setting: -ADMX Info: +ADMX Info: - GP Friendly name: *Point and Print Restrictions* - GP name: *PointAndPrint_Restrictions_Win7* - GP path: *Printers* @@ -821,7 +821,7 @@ Data type: String Value:
            -**Printers/PointAndPrintRestrictions_User** +**Printers/PointAndPrintRestrictions_User** @@ -879,7 +879,7 @@ If you disable this policy setting: -ADMX Info: +ADMX Info: - GP Friendly name: *Point and Print Restrictions* - GP name: *PointAndPrint_Restrictions* - GP path: *Control Panel/Printers* @@ -891,7 +891,7 @@ ADMX Info:
            -**Printers/PublishPrinters** +**Printers/PublishPrinters** @@ -929,7 +929,7 @@ If you disable this setting, this computer's shared printers can't be published -ADMX Info: +ADMX Info: - GP Friendly name: *Allow printers to be published* - GP name: *PublishPrinters* - GP path: *Printers* @@ -940,7 +940,7 @@ ADMX Info:
            -**Printers/RestrictDriverInstallationToAdministrators** +**Printers/RestrictDriverInstallationToAdministrators** |Edition|Windows 10|Windows 11| @@ -966,7 +966,7 @@ ADMX Info: -This new Group Policy entry will be used to manage the `Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint\RestrictDriverInstallationToAdministrators` registry entry for restricting print driver installation to Administrator users. +This new Group Policy entry will be used to manage the `Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint\RestrictDriverInstallationToAdministrators` registry entry for restricting print driver installation to Administrator users. This registry key was added to the print system as part of the 7OOB security update and use of this registry key was expanded as part of the 8B security rollup. @@ -984,7 +984,7 @@ The following are the supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict installation of print drivers to Administrators* - GP name: *RestrictDriverInstallationToAdministrators* - GP path: *Printers* diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index eef582a24e..de522351e1 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,7 +18,7 @@ manager: aaroncz
            -## Privacy policies +## Privacy policies
            @@ -297,7 +297,7 @@ manager: aaroncz
            -**Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts** +**Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts** @@ -343,7 +343,7 @@ The following list shows the supported values:
            -**Privacy/AllowCrossDeviceClipboard** +**Privacy/AllowCrossDeviceClipboard** @@ -375,7 +375,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Clipboard synchronization across devices* - GP name: *AllowCrossDeviceClipboard* - GP path: *System/OS Policies* @@ -383,7 +383,7 @@ ADMX Info: -The following list shows the supported values: +The following list shows the supported values: 0 – Not allowed. 1 (default) – Allowed. @@ -394,7 +394,7 @@ The following list shows the supported values:
            -**Privacy/AllowInputPersonalization** +**Privacy/AllowInputPersonalization** @@ -426,7 +426,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow input personalization* - GP name: *AllowInputPersonalization* - GP path: *Control Panel/Regional and Language Options* @@ -445,7 +445,7 @@ The following list shows the supported values:
            -**Privacy/DisableAdvertisingId** +**Privacy/DisableAdvertisingId** @@ -477,7 +477,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off the advertising ID* - GP name: *DisableAdvertisingId* - GP path: *System/User Profiles* @@ -497,7 +497,7 @@ The following list shows the supported values:
            -**Privacy/DisablePrivacyExperience** +**Privacy/DisablePrivacyExperience** @@ -526,16 +526,16 @@ The following list shows the supported values: Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users. -Supported value type is integer. +Supported value type is integer. - 0 (default) - Allow the "choose privacy settings for your device" screen for a new user during their first logon or when an existing user logs in for the first time after an upgrade. - 1 - Do not allow the "choose privacy settings for your device" screen when a new user logs in or an existing user logs in for the first time after an upgrade. -In some enterprise managed environments, the privacy settings may be set by policies. In these cases, you can use this policy if you do not want to show a screen that would prompt your users to change these privacy settings. +In some enterprise managed environments, the privacy settings may be set by policies. In these cases, you can use this policy if you do not want to show a screen that would prompt your users to change these privacy settings. -ADMX Info: +ADMX Info: - GP Friendly name: *Don't launch privacy settings experience on user logon* - GP name: *DisablePrivacyExperience* - GP path: *Windows Components/OOBE* @@ -556,7 +556,7 @@ ADMX Info:
            -**Privacy/EnableActivityFeed** +**Privacy/EnableActivityFeed** @@ -586,7 +586,7 @@ Allows IT Admins to allow Apps/OS to publish to the activity feed. -ADMX Info: +ADMX Info: - GP Friendly name: *Enables Activity Feed* - GP name: *EnableActivityFeed* - GP path: *System/OS Policies* @@ -605,7 +605,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessAccountInfo** +**Privacy/LetAppsAccessAccountInfo** @@ -637,7 +637,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access account information* - GP name: *LetAppsAccessAccountInfo* - GP element: *LetAppsAccessAccountInfo_Enum* @@ -658,7 +658,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps** +**Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps** @@ -688,7 +688,7 @@ List of semi-colon delimited Package Family Names of Windows apps. Listed Window -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access account information* - GP name: *LetAppsAccessAccountInfo* - GP element: *LetAppsAccessAccountInfo_ForceAllowTheseApps_List* @@ -701,7 +701,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps** +**Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps** @@ -731,7 +731,7 @@ List of semi-colon delimited Package Family Names of Windows apps. Listed Window -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access account information* - GP name: *LetAppsAccessAccountInfo* - GP element: *LetAppsAccessAccountInfo_ForceDenyTheseApps_List* @@ -744,7 +744,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps** +**Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps** @@ -774,7 +774,7 @@ List of semi-colon delimited Package Family Names of Windows apps. The user is a -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access account information* - GP name: *LetAppsAccessAccountInfo* - GP element: *LetAppsAccessAccountInfo_UserInControlOfTheseApps_List* @@ -787,7 +787,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessBackgroundSpatialPerception** +**Privacy/LetAppsAccessBackgroundSpatialPerception** @@ -812,7 +812,7 @@ ADMX Info:
            - + > [!NOTE] > Currently, this policy is supported only in HoloLens 2. @@ -822,7 +822,7 @@ Supported value type is integer. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access background spatial perception* - GP name: *LetAppsAccessBackgroundSpatialPerception* - GP element: *LetAppsAccessBackgroundSpatialPerception_Enum* @@ -843,7 +843,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps** +**Privacy/LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps** @@ -878,7 +878,7 @@ Supported value type is chr. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access background spatial perception* - GP name: *LetAppsAccessBackgroundSpatialPerception* - GP element: *LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps_List* @@ -894,7 +894,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps** +**Privacy/LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps** @@ -929,7 +929,7 @@ Supported value type is chr. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access background spatial perception* - GP name: *LetAppsAccessBackgroundSpatialPerception* - GP element: *LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps_List* @@ -945,7 +945,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps** +**Privacy/LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps** @@ -970,18 +970,18 @@ ADMX Info:
            - + > [!NOTE] > Currently, this policy is supported only in HoloLens 2. -List of semi-colon delimited Package Family Names of Windows Store Apps. +List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the user movements privacy setting for the listed apps. This setting overrides the default LetAppsAccessBackgroundSpatialPerception policy setting for the specified apps. Supported value type is chr. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access background spatial perception* - GP name: *LetAppsAccessBackgroundSpatialPerception* - GP element: *LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps_List* @@ -997,7 +997,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessCalendar** +**Privacy/LetAppsAccessCalendar** @@ -1029,7 +1029,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access the calendar* - GP name: *LetAppsAccessCalendar* - GP element: *LetAppsAccessCalendar_Enum* @@ -1050,7 +1050,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessCalendar_ForceAllowTheseApps** +**Privacy/LetAppsAccessCalendar_ForceAllowTheseApps** @@ -1080,7 +1080,7 @@ List of semi-colon delimited Package Family Names of Windows apps. Listed Window -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access the calendar* - GP name: *LetAppsAccessCalendar* - GP element: *LetAppsAccessCalendar_ForceAllowTheseApps_List* @@ -1093,7 +1093,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessCalendar_ForceDenyTheseApps** +**Privacy/LetAppsAccessCalendar_ForceDenyTheseApps** @@ -1123,7 +1123,7 @@ List of semi-colon delimited Package Family Names of Windows apps. Listed Window -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access the calendar* - GP name: *LetAppsAccessCalendar* - GP element: *LetAppsAccessCalendar_ForceDenyTheseApps_List* @@ -1136,7 +1136,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps** +**Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps** @@ -1166,7 +1166,7 @@ List of semi-colon delimited Package Family Names of Windows apps. The user is a -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access the calendar* - GP name: *LetAppsAccessCalendar* - GP element: *LetAppsAccessCalendar_UserInControlOfTheseApps_List* @@ -1179,7 +1179,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessCallHistory** +**Privacy/LetAppsAccessCallHistory** @@ -1211,7 +1211,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access call history* - GP name: *LetAppsAccessCallHistory* - GP element: *LetAppsAccessCallHistory_Enum* @@ -1232,7 +1232,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps** +**Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps** @@ -1262,7 +1262,7 @@ List of semi-colon delimited Package Family Names of Windows apps. Listed Window -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access call history* - GP name: *LetAppsAccessCallHistory* - GP element: *LetAppsAccessCallHistory_ForceAllowTheseApps_List* @@ -1275,7 +1275,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps** +**Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps** @@ -1305,7 +1305,7 @@ List of semi-colon delimited Package Family Names of Windows apps. Listed Window -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access call history* - GP name: *LetAppsAccessCallHistory* - GP element: *LetAppsAccessCallHistory_ForceDenyTheseApps_List* @@ -1318,7 +1318,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps** +**Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps** @@ -1348,7 +1348,7 @@ List of semi-colon delimited Package Family Names of Windows apps. The user is a -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access call history* - GP name: *LetAppsAccessCallHistory* - GP element: *LetAppsAccessCallHistory_UserInControlOfTheseApps_List* @@ -1361,7 +1361,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessCamera** +**Privacy/LetAppsAccessCamera** @@ -1393,7 +1393,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access the camera* - GP name: *LetAppsAccessCamera* - GP element: *LetAppsAccessCamera_Enum* @@ -1414,7 +1414,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessCamera_ForceAllowTheseApps** +**Privacy/LetAppsAccessCamera_ForceAllowTheseApps** @@ -1444,7 +1444,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access the camera* - GP name: *LetAppsAccessCamera* - GP element: *LetAppsAccessCamera_ForceAllowTheseApps_List* @@ -1457,7 +1457,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessCamera_ForceDenyTheseApps** +**Privacy/LetAppsAccessCamera_ForceDenyTheseApps** @@ -1487,7 +1487,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access the camera* - GP name: *LetAppsAccessCamera* - GP element: *LetAppsAccessCamera_ForceDenyTheseApps_List* @@ -1500,7 +1500,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessCamera_UserInControlOfTheseApps** +**Privacy/LetAppsAccessCamera_UserInControlOfTheseApps** @@ -1530,7 +1530,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access the camera* - GP name: *LetAppsAccessCamera* - GP element: *LetAppsAccessCamera_UserInControlOfTheseApps_List* @@ -1543,7 +1543,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessContacts** +**Privacy/LetAppsAccessContacts** @@ -1575,7 +1575,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access contacts* - GP name: *LetAppsAccessContacts* - GP element: *LetAppsAccessContacts_Enum* @@ -1596,7 +1596,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessContacts_ForceAllowTheseApps** +**Privacy/LetAppsAccessContacts_ForceAllowTheseApps** @@ -1626,7 +1626,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access contacts* - GP name: *LetAppsAccessContacts* - GP element: *LetAppsAccessContacts_ForceAllowTheseApps_List* @@ -1639,7 +1639,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessContacts_ForceDenyTheseApps** +**Privacy/LetAppsAccessContacts_ForceDenyTheseApps** @@ -1669,7 +1669,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access contacts* - GP name: *LetAppsAccessContacts* - GP element: *LetAppsAccessContacts_ForceDenyTheseApps_List* @@ -1682,7 +1682,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessContacts_UserInControlOfTheseApps** +**Privacy/LetAppsAccessContacts_UserInControlOfTheseApps** @@ -1712,7 +1712,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access contacts* - GP name: *LetAppsAccessContacts* - GP element: *LetAppsAccessContacts_UserInControlOfTheseApps_List* @@ -1725,7 +1725,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessEmail** +**Privacy/LetAppsAccessEmail** @@ -1757,7 +1757,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access email* - GP name: *LetAppsAccessEmail* - GP element: *LetAppsAccessEmail_Enum* @@ -1778,7 +1778,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessEmail_ForceAllowTheseApps** +**Privacy/LetAppsAccessEmail_ForceAllowTheseApps** @@ -1808,7 +1808,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access email* - GP name: *LetAppsAccessEmail* - GP element: *LetAppsAccessEmail_ForceAllowTheseApps_List* @@ -1821,7 +1821,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessEmail_ForceDenyTheseApps** +**Privacy/LetAppsAccessEmail_ForceDenyTheseApps** @@ -1851,7 +1851,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access email* - GP name: *LetAppsAccessEmail* - GP element: *LetAppsAccessEmail_ForceDenyTheseApps_List* @@ -1864,7 +1864,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessEmail_UserInControlOfTheseApps** +**Privacy/LetAppsAccessEmail_UserInControlOfTheseApps** @@ -1894,7 +1894,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access email* - GP name: *LetAppsAccessEmail* - GP element: *LetAppsAccessEmail_UserInControlOfTheseApps_List* @@ -1907,7 +1907,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessGazeInput** +**Privacy/LetAppsAccessGazeInput** @@ -1941,7 +1941,7 @@ This policy setting specifies whether Windows apps can access the eye tracker.
            -**Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps** +**Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps** @@ -1975,7 +1975,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
            -**Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps** +**Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps** @@ -2009,7 +2009,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
            -**Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps** +**Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps** @@ -2043,7 +2043,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
            -**Privacy/LetAppsAccessLocation** +**Privacy/LetAppsAccessLocation** @@ -2075,7 +2075,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access location* - GP name: *LetAppsAccessLocation* - GP element: *LetAppsAccessLocation_Enum* @@ -2096,7 +2096,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessLocation_ForceAllowTheseApps** +**Privacy/LetAppsAccessLocation_ForceAllowTheseApps** @@ -2126,7 +2126,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access location* - GP name: *LetAppsAccessLocation* - GP element: *LetAppsAccessLocation_ForceAllowTheseApps_List* @@ -2139,7 +2139,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessLocation_ForceDenyTheseApps** +**Privacy/LetAppsAccessLocation_ForceDenyTheseApps** @@ -2169,7 +2169,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access location* - GP name: *LetAppsAccessLocation* - GP element: *LetAppsAccessLocation_ForceDenyTheseApps_List* @@ -2182,7 +2182,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessLocation_UserInControlOfTheseApps** +**Privacy/LetAppsAccessLocation_UserInControlOfTheseApps** @@ -2212,7 +2212,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access location* - GP name: *LetAppsAccessLocation* - GP element: *LetAppsAccessLocation_UserInControlOfTheseApps_List* @@ -2225,7 +2225,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessMessaging** +**Privacy/LetAppsAccessMessaging** @@ -2257,7 +2257,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access messaging* - GP name: *LetAppsAccessMessaging* - GP element: *LetAppsAccessMessaging_Enum* @@ -2278,7 +2278,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessMessaging_ForceAllowTheseApps** +**Privacy/LetAppsAccessMessaging_ForceAllowTheseApps** @@ -2308,7 +2308,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access messaging* - GP name: *LetAppsAccessMessaging* - GP element: *LetAppsAccessMessaging_ForceAllowTheseApps_List* @@ -2321,7 +2321,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessMessaging_ForceDenyTheseApps** +**Privacy/LetAppsAccessMessaging_ForceDenyTheseApps** @@ -2351,7 +2351,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access messaging* - GP name: *LetAppsAccessMessaging* - GP element: *LetAppsAccessMessaging_ForceDenyTheseApps_List* @@ -2364,7 +2364,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps** +**Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps** @@ -2394,7 +2394,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access messaging* - GP name: *LetAppsAccessMessaging* - GP element: *LetAppsAccessMessaging_UserInControlOfTheseApps_List* @@ -2407,7 +2407,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessMicrophone** +**Privacy/LetAppsAccessMicrophone** @@ -2439,7 +2439,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access the microphone* - GP name: *LetAppsAccessMicrophone* - GP element: *LetAppsAccessMicrophone_Enum* @@ -2460,7 +2460,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps** +**Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps** @@ -2490,7 +2490,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access the microphone* - GP name: *LetAppsAccessMicrophone* - GP element: *LetAppsAccessMicrophone_ForceAllowTheseApps_List* @@ -2503,7 +2503,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps** +**Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps** @@ -2533,7 +2533,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access the microphone* - GP name: *LetAppsAccessMicrophone* - GP element: *LetAppsAccessMicrophone_ForceDenyTheseApps_List* @@ -2546,7 +2546,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps** +**Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps** @@ -2576,7 +2576,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access the microphone* - GP name: *LetAppsAccessMicrophone* - GP element: *LetAppsAccessMicrophone_UserInControlOfTheseApps_List* @@ -2589,7 +2589,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessMotion** +**Privacy/LetAppsAccessMotion** @@ -2621,7 +2621,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access motion* - GP name: *LetAppsAccessMotion* - GP element: *LetAppsAccessMotion_Enum* @@ -2642,7 +2642,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessMotion_ForceAllowTheseApps** +**Privacy/LetAppsAccessMotion_ForceAllowTheseApps** @@ -2672,7 +2672,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access motion* - GP name: *LetAppsAccessMotion* - GP element: *LetAppsAccessMotion_ForceAllowTheseApps_List* @@ -2685,7 +2685,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessMotion_ForceDenyTheseApps** +**Privacy/LetAppsAccessMotion_ForceDenyTheseApps** @@ -2715,7 +2715,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access motion* - GP name: *LetAppsAccessMotion* - GP element: *LetAppsAccessMotion_ForceDenyTheseApps_List* @@ -2728,7 +2728,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessMotion_UserInControlOfTheseApps** +**Privacy/LetAppsAccessMotion_UserInControlOfTheseApps** @@ -2758,7 +2758,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access motion* - GP name: *LetAppsAccessMotion* - GP element: *LetAppsAccessMotion_UserInControlOfTheseApps_List* @@ -2771,7 +2771,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessNotifications** +**Privacy/LetAppsAccessNotifications** @@ -2803,7 +2803,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access notifications* - GP name: *LetAppsAccessNotifications* - GP element: *LetAppsAccessNotifications_Enum* @@ -2824,7 +2824,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessNotifications_ForceAllowTheseApps** +**Privacy/LetAppsAccessNotifications_ForceAllowTheseApps** @@ -2854,7 +2854,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access notifications* - GP name: *LetAppsAccessNotifications* - GP element: *LetAppsAccessNotifications_ForceAllowTheseApps_List* @@ -2867,7 +2867,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessNotifications_ForceDenyTheseApps** +**Privacy/LetAppsAccessNotifications_ForceDenyTheseApps** @@ -2897,7 +2897,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access notifications* - GP name: *LetAppsAccessNotifications* - GP element: *LetAppsAccessNotifications_ForceDenyTheseApps_List* @@ -2910,7 +2910,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps** +**Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps** @@ -2940,7 +2940,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access notifications* - GP name: *LetAppsAccessNotifications* - GP element: *LetAppsAccessNotifications_UserInControlOfTheseApps_List* @@ -2953,7 +2953,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessPhone** +**Privacy/LetAppsAccessPhone** @@ -2985,7 +2985,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps make phone calls* - GP name: *LetAppsAccessPhone* - GP element: *LetAppsAccessPhone_Enum* @@ -3006,7 +3006,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessPhone_ForceAllowTheseApps** +**Privacy/LetAppsAccessPhone_ForceAllowTheseApps** @@ -3036,7 +3036,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps make phone calls* - GP name: *LetAppsAccessPhone* - GP element: *LetAppsAccessPhone_ForceAllowTheseApps_List* @@ -3049,7 +3049,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessPhone_ForceDenyTheseApps** +**Privacy/LetAppsAccessPhone_ForceDenyTheseApps** @@ -3079,7 +3079,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps make phone calls* - GP name: *LetAppsAccessPhone* - GP element: *LetAppsAccessPhone_ForceDenyTheseApps_List* @@ -3092,7 +3092,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessPhone_UserInControlOfTheseApps** +**Privacy/LetAppsAccessPhone_UserInControlOfTheseApps** @@ -3122,7 +3122,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps make phone calls* - GP name: *LetAppsAccessPhone* - GP element: *LetAppsAccessPhone_UserInControlOfTheseApps_List* @@ -3135,7 +3135,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessRadios** +**Privacy/LetAppsAccessRadios** @@ -3167,7 +3167,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps control radios* - GP name: *LetAppsAccessRadios* - GP element: *LetAppsAccessRadios_Enum* @@ -3188,7 +3188,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessRadios_ForceAllowTheseApps** +**Privacy/LetAppsAccessRadios_ForceAllowTheseApps** @@ -3218,7 +3218,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps control radios* - GP name: *LetAppsAccessRadios* - GP element: *LetAppsAccessRadios_ForceAllowTheseApps_List* @@ -3231,7 +3231,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessRadios_ForceDenyTheseApps** +**Privacy/LetAppsAccessRadios_ForceDenyTheseApps** @@ -3261,7 +3261,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps control radios* - GP name: *LetAppsAccessRadios* - GP element: *LetAppsAccessRadios_ForceDenyTheseApps_List* @@ -3274,7 +3274,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessRadios_UserInControlOfTheseApps** +**Privacy/LetAppsAccessRadios_UserInControlOfTheseApps** @@ -3304,7 +3304,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps control radios* - GP name: *LetAppsAccessRadios* - GP element: *LetAppsAccessRadios_UserInControlOfTheseApps_List* @@ -3317,7 +3317,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessTasks** +**Privacy/LetAppsAccessTasks** @@ -3347,7 +3347,7 @@ Specifies whether Windows apps can access tasks. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access Tasks* - GP name: *LetAppsAccessTasks* - GP element: *LetAppsAccessTasks_Enum* @@ -3360,7 +3360,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessTasks_ForceAllowTheseApps** +**Privacy/LetAppsAccessTasks_ForceAllowTheseApps** @@ -3390,7 +3390,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access Tasks* - GP name: *LetAppsAccessTasks* - GP element: *LetAppsAccessTasks_ForceAllowTheseApps_List* @@ -3403,7 +3403,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessTasks_ForceDenyTheseApps** +**Privacy/LetAppsAccessTasks_ForceDenyTheseApps** @@ -3433,7 +3433,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access Tasks* - GP name: *LetAppsAccessTasks* - GP element: *LetAppsAccessTasks_ForceDenyTheseApps_List* @@ -3446,7 +3446,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessTasks_UserInControlOfTheseApps** +**Privacy/LetAppsAccessTasks_UserInControlOfTheseApps** @@ -3476,7 +3476,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access Tasks* - GP name: *LetAppsAccessTasks* - GP element: *LetAppsAccessTasks_UserInControlOfTheseApps_List* @@ -3489,7 +3489,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessTrustedDevices** +**Privacy/LetAppsAccessTrustedDevices** @@ -3521,7 +3521,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access trusted devices* - GP name: *LetAppsAccessTrustedDevices* - GP element: *LetAppsAccessTrustedDevices_Enum* @@ -3542,7 +3542,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps** +**Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps** @@ -3572,7 +3572,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access trusted devices* - GP name: *LetAppsAccessTrustedDevices* - GP element: *LetAppsAccessTrustedDevices_ForceAllowTheseApps_List* @@ -3585,7 +3585,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps** +**Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps** @@ -3615,7 +3615,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access trusted devices* - GP name: *LetAppsAccessTrustedDevices* - GP element: *LetAppsAccessTrustedDevices_ForceDenyTheseApps_List* @@ -3628,7 +3628,7 @@ ADMX Info:
            -**Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps** +**Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps** @@ -3658,7 +3658,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access trusted devices* - GP name: *LetAppsAccessTrustedDevices* - GP element: *LetAppsAccessTrustedDevices_UserInControlOfTheseApps_List* @@ -3671,7 +3671,7 @@ ADMX Info:
            -**Privacy/LetAppsActivateWithVoice** +**Privacy/LetAppsActivateWithVoice** @@ -3701,7 +3701,7 @@ Specifies if Windows apps can be activated by voice. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow voice activation* - GP name: *LetAppsActivateWithVoice* - GP element: *LetAppsActivateWithVoice_Enum* @@ -3722,7 +3722,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsActivateWithVoiceAboveLock** +**Privacy/LetAppsActivateWithVoiceAboveLock** @@ -3752,7 +3752,7 @@ Specifies if Windows apps can be activated by voice while the screen is locked. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow voice activation above locked screen* - GP name: *LetAppsActivateWithVoiceAboveLock* - GP element: *LetAppsActivateWithVoiceAboveLock_Enum* @@ -3773,7 +3773,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsGetDiagnosticInfo** +**Privacy/LetAppsGetDiagnosticInfo** @@ -3805,7 +3805,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access diagnostic information about other apps* - GP name: *LetAppsGetDiagnosticInfo* - GP element: *LetAppsGetDiagnosticInfo_Enum* @@ -3826,7 +3826,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps** +**Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps** @@ -3856,7 +3856,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access diagnostic information about other apps* - GP name: *LetAppsGetDiagnosticInfo* - GP element: *LetAppsGetDiagnosticInfo_ForceAllowTheseApps_List* @@ -3869,7 +3869,7 @@ ADMX Info:
            -**Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps** +**Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps** @@ -3899,7 +3899,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access diagnostic information about other apps* - GP name: *LetAppsGetDiagnosticInfo* - GP element: *LetAppsGetDiagnosticInfo_ForceDenyTheseApps_List* @@ -3912,7 +3912,7 @@ ADMX Info:
            -**Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps** +**Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps** @@ -3942,7 +3942,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps access diagnostic information about other apps* - GP name: *LetAppsGetDiagnosticInfo* - GP element: *LetAppsGetDiagnosticInfo_UserInControlOfTheseApps_List* @@ -3955,7 +3955,7 @@ ADMX Info:
            -**Privacy/LetAppsRunInBackground** +**Privacy/LetAppsRunInBackground** @@ -3990,7 +3990,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps run in the background* - GP name: *LetAppsRunInBackground* - GP element: *LetAppsRunInBackground_Enum* @@ -4011,7 +4011,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsRunInBackground_ForceAllowTheseApps** +**Privacy/LetAppsRunInBackground_ForceAllowTheseApps** @@ -4041,7 +4041,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps run in the background* - GP name: *LetAppsRunInBackground* - GP element: *LetAppsRunInBackground_ForceAllowTheseApps_List* @@ -4054,7 +4054,7 @@ ADMX Info:
            -**Privacy/LetAppsRunInBackground_ForceDenyTheseApps** +**Privacy/LetAppsRunInBackground_ForceDenyTheseApps** @@ -4084,7 +4084,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps run in the background* - GP name: *LetAppsRunInBackground* - GP element: *LetAppsRunInBackground_ForceDenyTheseApps_List* @@ -4097,7 +4097,7 @@ ADMX Info:
            -**Privacy/LetAppsRunInBackground_UserInControlOfTheseApps** +**Privacy/LetAppsRunInBackground_UserInControlOfTheseApps** @@ -4127,7 +4127,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps run in the background* - GP name: *LetAppsRunInBackground* - GP element: *LetAppsRunInBackground_UserInControlOfTheseApps_List* @@ -4140,7 +4140,7 @@ ADMX Info:
            -**Privacy/LetAppsSyncWithDevices** +**Privacy/LetAppsSyncWithDevices** @@ -4172,7 +4172,7 @@ Most restricted value is 2. -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps communicate with unpaired devices* - GP name: *LetAppsSyncWithDevices* - GP element: *LetAppsSyncWithDevices_Enum* @@ -4193,7 +4193,7 @@ The following list shows the supported values:
            -**Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps** +**Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps** @@ -4223,7 +4223,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps communicate with unpaired devices* - GP name: *LetAppsSyncWithDevices* - GP element: *LetAppsSyncWithDevices_ForceAllowTheseApps_List* @@ -4236,7 +4236,7 @@ ADMX Info:
            -**Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps** +**Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps** @@ -4266,7 +4266,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps communicate with unpaired devices* - GP name: *LetAppsSyncWithDevices* - GP element: *LetAppsSyncWithDevices_ForceDenyTheseApps_List* @@ -4279,7 +4279,7 @@ ADMX Info:
            -**Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps** +**Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps** @@ -4309,7 +4309,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u -ADMX Info: +ADMX Info: - GP Friendly name: *Let Windows apps communicate with unpaired devices* - GP name: *LetAppsSyncWithDevices* - GP element: *LetAppsSyncWithDevices_UserInControlOfTheseApps_List* @@ -4322,7 +4322,7 @@ ADMX Info:
            -**Privacy/PublishUserActivities** +**Privacy/PublishUserActivities** @@ -4352,7 +4352,7 @@ Allows IT Admins to enable publishing of user activities to the activity feed. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow publishing of User Activities* - GP name: *PublishUserActivities* - GP path: *System/OS Policies* @@ -4371,7 +4371,7 @@ The following list shows the supported values:
            -**Privacy/UploadUserActivities** +**Privacy/UploadUserActivities** @@ -4401,7 +4401,7 @@ Allows ActivityFeed to upload published 'User Activities'. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow upload of User Activities* - GP name: *UploadUserActivities* - GP path: *System/OS Policies* diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index eb47527466..759c8f09bc 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## RemoteAssistance policies +## RemoteAssistance policies
            @@ -35,16 +35,16 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -**RemoteAssistance/CustomizeWarningMessages** +**RemoteAssistance/CustomizeWarningMessages** @@ -85,7 +85,7 @@ If you don't configure this policy setting, the user sees the default warning me -ADMX Info: +ADMX Info: - GP Friendly name: *Customize warning messages* - GP name: *RA_Options* - GP path: *System/Remote Assistance* @@ -97,7 +97,7 @@ ADMX Info:
            -**RemoteAssistance/SessionLogging** +**RemoteAssistance/SessionLogging** @@ -134,7 +134,7 @@ If you don't configure this setting, application-based settings are used. -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on session logging* - GP name: *RA_Logging* - GP path: *System/Remote Assistance* @@ -146,7 +146,7 @@ ADMX Info:
            -**RemoteAssistance/SolicitedRemoteAssistance** +**RemoteAssistance/SolicitedRemoteAssistance** @@ -191,7 +191,7 @@ If you enable this policy setting, you should also enable appropriate firewall e -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Solicited Remote Assistance* - GP name: *RA_Solicit* - GP path: *System/Remote Assistance* @@ -203,7 +203,7 @@ ADMX Info:
            -**RemoteAssistance/UnsolicitedRemoteAssistance** +**RemoteAssistance/UnsolicitedRemoteAssistance** @@ -272,7 +272,7 @@ For computers running Windows Server 2003 with Service Pack 1 (SP1) -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Offer Remote Assistance* - GP name: *RA_Unsolicit* - GP path: *System/Remote Assistance* diff --git a/windows/client-management/mdm/policy-csp-remotedesktop.md b/windows/client-management/mdm/policy-csp-remotedesktop.md index 85588a127d..04d874a3fe 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktop.md +++ b/windows/client-management/mdm/policy-csp-remotedesktop.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## RemoteDesktop policies +## RemoteDesktop policies > [!Warning] > Some information relates to prerelease products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. @@ -33,7 +33,7 @@ manager: aaroncz
            -**RemoteDesktop/AutoSubscription** +**RemoteDesktop/AutoSubscription** @@ -69,7 +69,7 @@ This policy allows administrators to enable automatic subscription for the Micro
            -**RemoteDesktop/LoadAadCredKeyFromProfile** +**RemoteDesktop/LoadAadCredKeyFromProfile** @@ -102,8 +102,8 @@ This policy allows the user to load the DPAPI cred key from their user profile, The following list shows the supported values: -- 0 (default) - Disabled. -- 1 - Enabled. +- 0 (default) - Disabled. +- 1 - Enabled. diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 5d03cb7066..ac94cd4ed8 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## RemoteDesktopServices policies +## RemoteDesktopServices policies
            @@ -44,16 +44,16 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -**RemoteDesktopServices/AllowUsersToConnectRemotely** +**RemoteDesktopServices/AllowUsersToConnectRemotely** @@ -85,17 +85,17 @@ If you enable this policy setting, users who are members of the Remote Desktop U If you disable this policy setting, users can't connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but won't accept any new incoming connections. -If you don't configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections aren't allowed. +If you don't configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections aren't allowed. > [!NOTE] -> You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication. +> You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication. You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow users to connect remotely by using Remote Desktop Services* - GP name: *TS_DISABLE_CONNECTIONS* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections* @@ -107,7 +107,7 @@ ADMX Info:
            -**RemoteDesktopServices/ClientConnectionEncryptionLevel** +**RemoteDesktopServices/ClientConnectionEncryptionLevel** @@ -151,7 +151,7 @@ If you disable or don't configure this setting, the encryption level to be used -ADMX Info: +ADMX Info: - GP Friendly name: *Set client connection encryption level* - GP name: *TS_ENCRYPTION_POLICY* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* @@ -163,7 +163,7 @@ ADMX Info:
            -**RemoteDesktopServices/DoNotAllowDriveRedirection** +**RemoteDesktopServices/DoNotAllowDriveRedirection** @@ -202,7 +202,7 @@ If you don't configure this policy setting, client drive redirection and Clipboa -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow drive redirection* - GP name: *TS_CLIENT_DRIVE_M* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection* @@ -214,7 +214,7 @@ ADMX Info:
            -**RemoteDesktopServices/DoNotAllowPasswordSaving** +**RemoteDesktopServices/DoNotAllowPasswordSaving** @@ -249,7 +249,7 @@ If you disable this setting or leave it not configured, the user will be able to -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow passwords to be saved* - GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Connection Client* @@ -261,7 +261,7 @@ ADMX Info:
            -**RemoteDesktopServices/DoNotAllowWebAuthnRedirection** +**RemoteDesktopServices/DoNotAllowWebAuthnRedirection** @@ -299,7 +299,7 @@ If you don't configure this policy setting, users can use local authenticators i -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow WebAuthn redirection* - GP name: *TS_WEBAUTHN* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection* @@ -311,7 +311,7 @@ ADMX Info:
            -**RemoteDesktopServices/PromptForPasswordUponConnection** +**RemoteDesktopServices/PromptForPasswordUponConnection** @@ -352,7 +352,7 @@ If you don't configure this policy setting, automatic logon isn't specified at t -ADMX Info: +ADMX Info: - GP Friendly name: *Always prompt for password upon connection* - GP name: *TS_PASSWORD* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* @@ -364,7 +364,7 @@ ADMX Info:
            -**RemoteDesktopServices/RequireSecureRPCCommunication** +**RemoteDesktopServices/RequireSecureRPCCommunication** @@ -406,7 +406,7 @@ If the status is set to Not Configured, unsecured communication is allowed. -ADMX Info: +ADMX Info: - GP Friendly name: *Require secure RPC communication* - GP name: *TS_RPC_ENCRYPTION* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index ff88b2a36d..8fb52d169d 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## RemoteManagement policies +## RemoteManagement policies
            @@ -68,16 +68,16 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -**RemoteManagement/AllowBasicAuthentication_Client** +**RemoteManagement/AllowBasicAuthentication_Client** @@ -112,7 +112,7 @@ If you disable or don't configure this policy setting, the WinRM client doesn't -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Basic authentication* - GP name: *AllowBasic_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* @@ -124,7 +124,7 @@ ADMX Info:
            -**RemoteManagement/AllowBasicAuthentication_Service** +**RemoteManagement/AllowBasicAuthentication_Service** @@ -159,7 +159,7 @@ If you disable or don't configure this policy setting, the WinRM service doesn't -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Basic authentication* - GP name: *AllowBasic_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* @@ -171,7 +171,7 @@ ADMX Info:
            -**RemoteManagement/AllowCredSSPAuthenticationClient** +**RemoteManagement/AllowCredSSPAuthenticationClient** @@ -206,7 +206,7 @@ If you disable or don't configure this policy setting, the WinRM client doesn't -ADMX Info: +ADMX Info: - GP Friendly name: *Allow CredSSP authentication* - GP name: *AllowCredSSP_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* @@ -218,7 +218,7 @@ ADMX Info:
            -**RemoteManagement/AllowCredSSPAuthenticationService** +**RemoteManagement/AllowCredSSPAuthenticationService** @@ -253,7 +253,7 @@ If you disable or don't configure this policy setting, the WinRM service doesn't -ADMX Info: +ADMX Info: - GP Friendly name: *Allow CredSSP authentication* - GP name: *AllowCredSSP_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* @@ -265,7 +265,7 @@ ADMX Info:
            -**RemoteManagement/AllowRemoteServerManagement** +**RemoteManagement/AllowRemoteServerManagement** @@ -313,7 +313,7 @@ Example IPv6 filters:\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3FFE:FFFF:7654:FE -ADMX Info: +ADMX Info: - GP Friendly name: *Allow remote server management through WinRM* - GP name: *AllowAutoConfig* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* @@ -325,7 +325,7 @@ ADMX Info:
            -**RemoteManagement/AllowUnencryptedTraffic_Client** +**RemoteManagement/AllowUnencryptedTraffic_Client** @@ -360,7 +360,7 @@ If you disable or don't configure this policy setting, the WinRM client sends or -ADMX Info: +ADMX Info: - GP Friendly name: *Allow unencrypted traffic* - GP name: *AllowUnencrypted_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* @@ -372,7 +372,7 @@ ADMX Info:
            -**RemoteManagement/AllowUnencryptedTraffic_Service** +**RemoteManagement/AllowUnencryptedTraffic_Service** @@ -407,7 +407,7 @@ If you disable or don't configure this policy setting, the WinRM client sends or -ADMX Info: +ADMX Info: - GP Friendly name: *Allow unencrypted traffic* - GP name: *AllowUnencrypted_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* @@ -419,7 +419,7 @@ ADMX Info:
            -**RemoteManagement/DisallowDigestAuthentication** +**RemoteManagement/DisallowDigestAuthentication** @@ -454,7 +454,7 @@ If you disable or don't configure this policy setting, the WinRM client uses Dig -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow Digest authentication* - GP name: *DisallowDigest* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* @@ -466,7 +466,7 @@ ADMX Info:
            -**RemoteManagement/DisallowNegotiateAuthenticationClient** +**RemoteManagement/DisallowNegotiateAuthenticationClient** @@ -501,7 +501,7 @@ If you disable or don't configure this policy setting, the WinRM client uses Neg -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow Negotiate authentication* - GP name: *DisallowNegotiate_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* @@ -513,7 +513,7 @@ ADMX Info:
            -**RemoteManagement/DisallowNegotiateAuthenticationService** +**RemoteManagement/DisallowNegotiateAuthenticationService** @@ -548,7 +548,7 @@ If you disable or don't configure this policy setting, the WinRM service accepts -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow Negotiate authentication* - GP name: *DisallowNegotiate_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* @@ -560,7 +560,7 @@ ADMX Info:
            -**RemoteManagement/DisallowStoringOfRunAsCredentials** +**RemoteManagement/DisallowStoringOfRunAsCredentials** @@ -597,7 +597,7 @@ If you enable and then disable this policy setting, any values that were previou -ADMX Info: +ADMX Info: - GP Friendly name: *Disallow WinRM from storing RunAs credentials* - GP name: *DisableRunAs* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* @@ -609,7 +609,7 @@ ADMX Info:
            -**RemoteManagement/SpecifyChannelBindingTokenHardeningLevel** +**RemoteManagement/SpecifyChannelBindingTokenHardeningLevel** @@ -650,7 +650,7 @@ If HardeningLevel is set to None, all requests are accepted (though they aren't -ADMX Info: +ADMX Info: - GP Friendly name: *Specify channel binding token hardening level* - GP name: *CBTHardeningLevel_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* @@ -662,7 +662,7 @@ ADMX Info:
            -**RemoteManagement/TrustedHosts** +**RemoteManagement/TrustedHosts** @@ -697,7 +697,7 @@ If you disable or don't configure this policy setting and the WinRM client needs -ADMX Info: +ADMX Info: - GP Friendly name: *Trusted Hosts* - GP name: *TrustedHosts* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* @@ -709,7 +709,7 @@ ADMX Info:
            -**RemoteManagement/TurnOnCompatibilityHTTPListener** +**RemoteManagement/TurnOnCompatibilityHTTPListener** @@ -748,7 +748,7 @@ A listener might be automatically created on port 80 to ensure backward compatib -ADMX Info: +ADMX Info: - GP Friendly name: *Turn On Compatibility HTTP Listener* - GP name: *HttpCompatibilityListener* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* @@ -760,7 +760,7 @@ ADMX Info:
            -**RemoteManagement/TurnOnCompatibilityHTTPSListener** +**RemoteManagement/TurnOnCompatibilityHTTPSListener** @@ -799,7 +799,7 @@ A listener might be automatically created on port 443 to ensure backward compati -ADMX Info: +ADMX Info: - GP Friendly name: *Turn On Compatibility HTTPS Listener* - GP name: *HttpsCompatibilityListener* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 8708f25937..8f74fbe899 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## RemoteProcedureCall policies +## RemoteProcedureCall policies
            @@ -29,16 +29,16 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -**RemoteProcedureCall/RPCEndpointMapperClientAuthentication** +**RemoteProcedureCall/RPCEndpointMapperClientAuthentication** @@ -64,7 +64,7 @@ manager: aaroncz -This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service, when the call they're making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner. +This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service, when the call they're making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner. If you disable this policy setting, RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Endpoint Mapper Service on Windows NT4 Server. @@ -78,7 +78,7 @@ If you don't configure this policy setting, it remains disabled. RPC clients won -ADMX Info: +ADMX Info: - GP Friendly name: *Enable RPC Endpoint Mapper Client Authentication* - GP name: *RpcEnableAuthEpResolution* - GP path: *System/Remote Procedure Call* @@ -90,7 +90,7 @@ ADMX Info:
            -**RemoteProcedureCall/RestrictUnauthenticatedRPCClients** +**RemoteProcedureCall/RestrictUnauthenticatedRPCClients** @@ -120,7 +120,7 @@ This policy setting controls, how the RPC server runtime handles unauthenticated This policy setting impacts all RPC applications. In a domain environment, this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller. -If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting. +If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting. If you don't configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client, and the value of "None" used for Server SKUs that support this policy setting. @@ -138,7 +138,7 @@ If you enable this policy setting, it directs the RPC server runtime to restrict -ADMX Info: +ADMX Info: - GP Friendly name: *Restrict Unauthenticated RPC clients* - GP name: *RpcRestrictRemoteClients* - GP path: *System/Remote Procedure Call* diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index 53820c929c..9a058da639 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## RemoteShell policies +## RemoteShell policies
            @@ -44,16 +44,16 @@ manager: aaroncz
            > [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -**RemoteShell/AllowRemoteShellAccess** +**RemoteShell/AllowRemoteShellAccess** @@ -88,7 +88,7 @@ If you set this policy to ‘disabled’, new remote shell connections are rejec -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Remote Shell Access* - GP name: *AllowRemoteShellAccess* - GP path: *Windows Components/Windows Remote Shell* @@ -100,7 +100,7 @@ ADMX Info:
            -**RemoteShell/MaxConcurrentUsers** +**RemoteShell/MaxConcurrentUsers** @@ -137,7 +137,7 @@ If you disable or do not configure this policy setting, the default number is fi -ADMX Info: +ADMX Info: - GP Friendly name: *MaxConcurrentUsers* - GP name: *MaxConcurrentUsers* - GP path: *Windows Components/Windows Remote Shell* @@ -149,7 +149,7 @@ ADMX Info:
            -**RemoteShell/SpecifyIdleTimeout** +**RemoteShell/SpecifyIdleTimeout** @@ -186,7 +186,7 @@ If you do not configure or disable this policy setting, the default value of 900 -ADMX Info: +ADMX Info: - GP Friendly name: *Specify idle Timeout* - GP name: *IdleTimeout* - GP path: *Windows Components/Windows Remote Shell* @@ -198,7 +198,7 @@ ADMX Info:
            -**RemoteShell/SpecifyMaxMemory** +**RemoteShell/SpecifyMaxMemory** @@ -235,7 +235,7 @@ If you disable or do not configure this policy setting, the value 150 is used by -ADMX Info: +ADMX Info: - GP Friendly name: *Specify maximum amount of memory in MB per Shell* - GP name: *MaxMemoryPerShellMB* - GP path: *Windows Components/Windows Remote Shell* @@ -247,7 +247,7 @@ ADMX Info:
            -**RemoteShell/SpecifyMaxProcesses** +**RemoteShell/SpecifyMaxProcesses** @@ -282,7 +282,7 @@ If you disable or do not configure this policy setting, the limit is five proces -ADMX Info: +ADMX Info: - GP Friendly name: *Specify maximum number of processes per Shell* - GP name: *MaxProcessesPerShell* - GP path: *Windows Components/Windows Remote Shell* @@ -294,7 +294,7 @@ ADMX Info:
            -**RemoteShell/SpecifyMaxRemoteShells** +**RemoteShell/SpecifyMaxRemoteShells** @@ -331,7 +331,7 @@ If you disable or do not configure this policy setting, by default the limit is -ADMX Info: +ADMX Info: - GP Friendly name: *Specify maximum number of remote shells per user* - GP name: *MaxShellsPerUser* - GP path: *Windows Components/Windows Remote Shell* @@ -343,7 +343,7 @@ ADMX Info:
            -**RemoteShell/SpecifyShellTimeout** +**RemoteShell/SpecifyShellTimeout** @@ -374,7 +374,7 @@ This policy setting is deprecated and has no effect when set to any state: Enabl -ADMX Info: +ADMX Info: - GP Friendly name: *Specify Shell Timeout* - GP name: *ShellTimeOut* - GP path: *Windows Components/Windows Remote Shell* diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 4e4e6b8876..2e2a8c86b5 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 04/07/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -21,7 +21,7 @@ manager: aaroncz
            -## RestrictedGroups policies +## RestrictedGroups policies
            @@ -33,7 +33,7 @@ manager: aaroncz
            -**RestrictedGroups/ConfigureGroupMembership** +**RestrictedGroups/ConfigureGroupMembership** @@ -61,10 +61,10 @@ manager: aaroncz This security setting allows an administrator to define the members that are part of a security-sensitive (restricted) group. When a Restricted Groups policy is enforced, any current member of a restricted group that is not on the Members list is removed, except for the built-in administrator in the built-in Administrators group. Any user on the Members list who is not currently a member of the restricted group is added. An empty Members list means that the restricted group has no members. The membership configuration is based on SIDS, therefore renaming these built-in groups does not affect retention of this special membership. -For example, you can create a Restricted Groups policy to allow only specified users. Alice and John, to be members of the Backup Operators group. When this policy is refreshed, only Alice and John will remain as members of the Backup Operators group, and all other members will be removed. +For example, you can create a Restricted Groups policy to allow only specified users. Alice and John, to be members of the Backup Operators group. When this policy is refreshed, only Alice and John will remain as members of the Backup Operators group, and all other members will be removed. > [!CAUTION] -> Attempting to remove the built-in administrator from the Administrators group will result in failure with the following error: +> Attempting to remove the built-in administrator from the Administrators group will result in failure with the following error: > > | Error Code | Symbolic Name | Error Description | Header | > |----------|----------|----------|----------| @@ -73,7 +73,7 @@ For example, you can create a Restricted Groups policy to allow only specified u Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of zero members when applying the policy implies clearing the access group, and should be used with caution. ```xml - + @@ -145,7 +145,7 @@ where: ### Policy timeline -The behavior of this policy setting differs in different Windows 10 versions. For Windows 10, version 1809 through version 1909, you can use name in `` and SID in ``. For Windows 10, version 2004, you can use name or SID for both the elements, as described in this topic. +The behavior of this policy setting differs in different Windows 10 versions. For Windows 10, version 1809 through version 1909, you can use name in `` and SID in ``. For Windows 10, version 2004, you can use name or SID for both the elements, as described in this topic. The following table describes how this policy setting behaves in different Windows 10 versions: @@ -153,7 +153,7 @@ The following table describes how this policy setting behaves in different Windo | ------------------ | --------------- | |Windows 10, version 1803 | Added this policy setting.
            XML accepts group and member only by name.
            Supports configuring the administrators group using the group name.
            Expects member name to be in the account name format. | | Windows 10, version 1809
            Windows 10, version 1903
            Windows 10, version 1909 | Supports configuring any local group.
            `` accepts only name.
            `` accepts a name or an SID.
            This is useful when you want to ensure a certain local group always has a well-known SID as member. | -| Windows 10, version 2004 | Behaves as described in this topic.
            Accepts name or SID for group and members and translates as appropriate.| +| Windows 10, version 2004 | Behaves as described in this topic.
            Accepts name or SID for group and members and translates as appropriate.| diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index dced08216c..7dc26a67b2 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Security policies +## Security policies
            @@ -55,7 +55,7 @@ manager: aaroncz
            -**Security/AllowAddProvisioningPackage** +**Security/AllowAddProvisioningPackage** @@ -96,11 +96,11 @@ The following list shows the supported values:
            -**Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices** +**Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices** > [!NOTE] -> +> > - This policy is deprecated in Windows 10, version 1607. Specifies whether to allow automatic [device encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) during OOBE when the device is Azure AD joined. @@ -118,7 +118,7 @@ The following list shows the supported values:
            -**Security/AllowRemoveProvisioningPackage** +**Security/AllowRemoveProvisioningPackage** @@ -159,7 +159,7 @@ The following list shows the supported values:
            -**Security/ClearTPMIfNotReady** +**Security/ClearTPMIfNotReady** @@ -190,7 +190,7 @@ Admin access is required. The prompt will appear on first admin logon after a re -ADMX Info: +ADMX Info: - GP Friendly name: *Configure the system to clear the TPM if it is not in a ready state.* - GP name: *ClearTPMIfNotReady_Name* - GP path: *System/Trusted Platform Module Services* @@ -209,7 +209,7 @@ The following list shows the supported values:
            -**Security/ConfigureWindowsPasswords** +**Security/ConfigureWindowsPasswords** @@ -254,7 +254,7 @@ The following list shows the supported values:
            -**Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices** +**Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices** @@ -298,7 +298,7 @@ The following list shows the supported values:
            -**Security/RecoveryEnvironmentAuthentication** +**Security/RecoveryEnvironmentAuthentication** @@ -327,7 +327,7 @@ The following list shows the supported values: This policy controls the Admin Authentication requirement in RecoveryEnvironment. -Supported values: +Supported values: - 0 - Default: Keep using default(current) behavior. - 1 - RequireAuthentication: Admin Authentication is always required for components in RecoveryEnvironment. @@ -349,7 +349,7 @@ The process of starting Push Button Reset (PBR) in WinRE: 1. Open a cmd as Administrator, run command "reagentc /boottore" and restart the OS to boot to WinRE. 1. OS should boot to the blue screen of WinRE UI, go through TroubleShoot -> Reset this PC, it should show two options: "Keep my files" and "Remove everything". -If the MDM policy is set to "Default" (0) or doesn't exist, the admin authentication flow should work as default behavior: +If the MDM policy is set to "Default" (0) or doesn't exist, the admin authentication flow should work as default behavior: 1. Start PBR in WinRE, choose "Keep my files", it should pop up admin authentication. 1. Click "<-" (right arrow) button and choose "Remove everything", it shouldn't pop up admin authentication and just go to PBR options. @@ -371,7 +371,7 @@ If the MDM policy is set to "NoRequireAuthentication" (2)
            -**Security/RequireDeviceEncryption** +**Security/RequireDeviceEncryption** @@ -417,7 +417,7 @@ The following list shows the supported values:
            -**Security/RequireProvisioningPackageSignature** +**Security/RequireProvisioningPackageSignature** @@ -458,7 +458,7 @@ The following list shows the supported values:
            -**Security/RequireRetrieveHealthCertificateOnBoot** +**Security/RequireRetrieveHealthCertificateOnBoot** @@ -493,7 +493,7 @@ Setting this policy to 1 (Required): > [!NOTE] > We recommend that this policy is set to Required after MDM enrollment. - + Most restricted value is 1. diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md index 20f852795a..72a2fa4349 100644 --- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md +++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md @@ -15,7 +15,7 @@ ms.date: 09/27/2019
            -## ServiceControlManager policies +## ServiceControlManager policies
            @@ -26,7 +26,7 @@ ms.date: 09/27/2019
            -**ServiceControlManager/SvchostProcessMitigation** +**ServiceControlManager/SvchostProcessMitigation** @@ -56,7 +56,7 @@ This policy setting enables process mitigation options on svchost.exe processes. If you enable this policy setting, built-in system services hosted in svchost.exe processes will have stricter security policies enabled on them. -These stricter security policies include a policy requiring all binaries loaded in these processes to be signed by Microsoft, and a policy disallowing dynamically generated code. +These stricter security policies include a policy requiring all binaries loaded in these processes to be signed by Microsoft, and a policy disallowing dynamically generated code. > [!IMPORTANT] > Enabling this policy could cause compatibility issues with third-party software that uses svchost.exe processes (for example, third-party antivirus software). @@ -65,14 +65,14 @@ If you disable or do not configure this policy setting, the stricter security se > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP Friendly name: *Enable svchost.exe mitigation options* - GP name: *SvchostProcessMitigationEnable* - GP path: *System/Service Control Manager Settings/Security Settings* @@ -80,7 +80,7 @@ ADMX Info: -Supported values: +Supported values: - Disabled - Do not add ACG/CIG enforcement and other process mitigation/code integrity policies to SVCHOST processes. - Enabled - Add ACG/CIG enforcement and other process mitigation/code integrity policies to SVCHOST processes. diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 37e5e21450..0cc8ab89e0 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Settings policies +## Settings policies
            @@ -67,7 +67,7 @@ manager: aaroncz
            -**Settings/AllowAutoPlay** +**Settings/AllowAutoPlay** @@ -112,7 +112,7 @@ The following list shows the supported values:
            -**Settings/AllowDataSense** +**Settings/AllowDataSense** @@ -156,7 +156,7 @@ The following list shows the supported values:
            -**Settings/AllowDateTime** +**Settings/AllowDateTime** @@ -197,7 +197,7 @@ The following list shows the supported values:
            -**Settings/AllowEditDeviceName** +**Settings/AllowEditDeviceName**
            @@ -259,7 +259,7 @@ Describes what values are supported in/by this policy and meaning of each value,
            -**Settings/AllowLanguage** +**Settings/AllowLanguage** @@ -301,7 +301,7 @@ The following list shows the supported values:
            -**Settings/AllowOnlineTips** +**Settings/AllowOnlineTips** @@ -333,7 +333,7 @@ If disabled, Settings won't contact Microsoft content services to retrieve tips -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Online Tips* - GP name: *AllowOnlineTips* - GP element: *CheckBox_AllowOnlineTips* @@ -346,7 +346,7 @@ ADMX Info:
            -**Settings/AllowPowerSleep** +**Settings/AllowPowerSleep** @@ -388,7 +388,7 @@ The following list shows the supported values:
            -**Settings/AllowRegion** +**Settings/AllowRegion** @@ -430,7 +430,7 @@ The following list shows the supported values:
            -**Settings/AllowSignInOptions** +**Settings/AllowSignInOptions** @@ -472,7 +472,7 @@ The following list shows the supported values:
            -**Settings/AllowVPN** +**Settings/AllowVPN** @@ -513,7 +513,7 @@ The following list shows the supported values:
            -**Settings/AllowWorkplace** +**Settings/AllowWorkplace** @@ -555,7 +555,7 @@ The following list shows the supported values:
            -**Settings/AllowYourAccount** +**Settings/AllowYourAccount** @@ -596,7 +596,7 @@ The following list shows the supported values:
            -**Settings/ConfigureTaskbarCalendar** +**Settings/ConfigureTaskbarCalendar** @@ -626,7 +626,7 @@ Allows IT Admins to configure the default setting for showing more calendars (be -ADMX Info: +ADMX Info: - GP Friendly name: *Show additional calendar* - GP name: *ConfigureTaskbarCalendar* - GP path: *Start Menu and Taskbar* @@ -647,7 +647,7 @@ The following list shows the supported values:
            -**Settings/PageVisibilityList** +**Settings/PageVisibilityList** @@ -712,7 +712,7 @@ The default value for this setting is an empty string, which is interpreted as s -ADMX Info: +ADMX Info: - GP Friendly name: *Settings Page Visibility* - GP name: *SettingsPageVisibility* - GP element: *SettingsPageVisibilityBox* diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 11d6e32c39..0f0f324cc7 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,7 +18,7 @@ manager: aaroncz
            -## SmartScreen policies +## SmartScreen policies
            @@ -36,7 +36,7 @@ manager: aaroncz
            -**SmartScreen/EnableAppInstallControl** +**SmartScreen/EnableAppInstallControl** @@ -69,7 +69,7 @@ Allows IT Admins to control whether users are allowed to install apps from place -ADMX Info: +ADMX Info: - GP Friendly name: *Configure App Install Control* - GP name: *ConfigureAppInstallControl* - GP path: *Windows Components/Windows Defender SmartScreen/Explorer* @@ -88,7 +88,7 @@ The following list shows the supported values:
            -**SmartScreen/EnableSmartScreenInShell** +**SmartScreen/EnableSmartScreenInShell** @@ -118,7 +118,7 @@ Allows IT Admins to configure SmartScreen for Windows. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Windows Defender SmartScreen* - GP name: *ShellConfigureSmartScreen* - GP path: *Windows Components/Windows Defender SmartScreen/Explorer* @@ -137,7 +137,7 @@ The following list shows the supported values:
            -**SmartScreen/PreventOverrideForFilesInShell** +**SmartScreen/PreventOverrideForFilesInShell** @@ -167,7 +167,7 @@ Allows IT Admins to control whether users can ignore SmartScreen warnings and ru -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Windows Defender SmartScreen* - GP name: *ShellConfigureSmartScreen* - GP element: *ShellConfigureSmartScreen_Dropdown* diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index b97360b3f1..ea98f581cb 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Speech policies +## Speech policies
            @@ -28,7 +28,7 @@ manager: aaroncz
            -**Speech/AllowSpeechModelUpdate** +**Speech/AllowSpeechModelUpdate** @@ -58,7 +58,7 @@ Specifies whether the device will receive updates to the speech recognition and -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Automatic Update of Speech Data* - GP name: *AllowSpeechModelUpdate* - GP path: *Windows Components/Speech* diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index faf949f902..b0fbf583d5 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Start policies +## Start policies
            @@ -136,7 +136,7 @@ manager: aaroncz
            -**Start/AllowPinnedFolderDocuments** +**Start/AllowPinnedFolderDocuments** The table below shows the applicability of Windows: @@ -179,7 +179,7 @@ The following list shows the supported values:
            -**Start/AllowPinnedFolderDownloads** +**Start/AllowPinnedFolderDownloads** The table below shows the applicability of Windows: @@ -222,7 +222,7 @@ The following list shows the supported values:
            -**Start/AllowPinnedFolderFileExplorer** +**Start/AllowPinnedFolderFileExplorer** The table below shows the applicability of Windows: @@ -265,7 +265,7 @@ The following list shows the supported values:
            -**Start/AllowPinnedFolderHomeGroup** +**Start/AllowPinnedFolderHomeGroup** The table below shows the applicability of Windows: @@ -308,7 +308,7 @@ The following list shows the supported values:
            -**Start/AllowPinnedFolderMusic** +**Start/AllowPinnedFolderMusic** The table below shows the applicability of Windows: @@ -351,7 +351,7 @@ The following list shows the supported values:
            -**Start/AllowPinnedFolderNetwork** +**Start/AllowPinnedFolderNetwork** The table below shows the applicability of Windows: @@ -394,7 +394,7 @@ The following list shows the supported values:
            -**Start/AllowPinnedFolderPersonalFolder** +**Start/AllowPinnedFolderPersonalFolder** The table below shows the applicability of Windows: @@ -437,7 +437,7 @@ The following list shows the supported values:
            -**Start/AllowPinnedFolderPictures** +**Start/AllowPinnedFolderPictures** The table below shows the applicability of Windows: @@ -480,7 +480,7 @@ The following list shows the supported values:
            -**Start/AllowPinnedFolderSettings** +**Start/AllowPinnedFolderSettings** The table below shows the applicability of Windows: @@ -523,7 +523,7 @@ The following list shows the supported values:
            -**Start/AllowPinnedFolderVideos** +**Start/AllowPinnedFolderVideos** The table below shows the applicability of Windows: @@ -566,7 +566,7 @@ The following list shows the supported values:
            -**Start/ConfigureStartPins** +**Start/ConfigureStartPins**
            @@ -627,7 +627,7 @@ This string policy will take a JSON file (expected name LayoutModification.json) -**Start/DisableContextMenus** +**Start/DisableContextMenus** The table below shows the applicability of Windows: @@ -659,7 +659,7 @@ Enabling this policy prevents context menus from being invoked in the Start Menu -ADMX Info: +ADMX Info: - GP Friendly name: *Disable context menus in the Start Menu* - GP name: *DisableContextMenusInStart* - GP path: *Start Menu and Taskbar* @@ -683,7 +683,7 @@ The following list shows the supported values:
            -**Start/DisableControlCenter** +**Start/DisableControlCenter** @@ -709,9 +709,9 @@ The following list shows the supported values: -This policy setting disables the Control Center button from the bottom right area on the taskbar. The Control Center area is located at the left of the clock in the taskbar and includes icons for current network and volume. +This policy setting disables the Control Center button from the bottom right area on the taskbar. The Control Center area is located at the left of the clock in the taskbar and includes icons for current network and volume. -If this setting is enabled, Control Center area is displayed but the button to open the Control Center will be disabled. +If this setting is enabled, Control Center area is displayed but the button to open the Control Center will be disabled. >[!Note] > A reboot is required for this policy setting to take effect. @@ -719,7 +719,7 @@ If this setting is enabled, Control Center area is displayed but the button to o -ADMX Info: +ADMX Info: - GP Friendly name: *Remove control center* - GP name: *DisableControlCenter* - GP path: *Start Menu and Taskbar* @@ -737,7 +737,7 @@ The following are the supported values:
            -**Start/DisableEditingQuickSettings** +**Start/DisableEditingQuickSettings** @@ -778,7 +778,7 @@ The following are the supported values:
            -**Start/ForceStartSize** +**Start/ForceStartSize** The table below shows the applicability of Windows: @@ -825,7 +825,7 @@ The following list shows the supported values:
            -**Start/HideAppList** +**Start/HideAppList** The table below shows the applicability of Windows: @@ -859,7 +859,7 @@ The table below shows the applicability of Windows: Allows IT Admins to configure Start by collapsing or removing the all apps list. > [!Note] -> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709. +> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709. To validate on Desktop, do the following steps: @@ -883,7 +883,7 @@ The following list shows the supported values:
            -**Start/HideChangeAccountSettings** +**Start/HideChangeAccountSettings** The table below shows the applicability of Windows: @@ -932,7 +932,7 @@ To validate on Desktop, do the following steps:
            -**Start/HideFrequentlyUsedApps** +**Start/HideFrequentlyUsedApps** The table below shows the applicability of Windows: @@ -989,7 +989,7 @@ To validate on Desktop, do the following steps:
            -**Start/HideHibernate** +**Start/HideHibernate** The table below shows the applicability of Windows: @@ -1041,7 +1041,7 @@ To validate on Laptop, do the following steps:
            -**Start/HideLock** +**Start/HideLock** The table below shows the applicability of Windows: @@ -1090,7 +1090,7 @@ To validate on Desktop, do the following steps:
            -**Start/HidePeopleBar** +**Start/HidePeopleBar** The table below shows the applicability of Windows: @@ -1123,7 +1123,7 @@ Supported value type is integer. -ADMX Info: +ADMX Info: - GP Friendly name: *Remove the People Bar from the taskbar* - GP name: *HidePeopleBar* - GP path: *Start Menu and Taskbar* @@ -1142,7 +1142,7 @@ The following list shows the supported values:
            -**Start/HidePowerButton** +**Start/HidePowerButton** The table below shows the applicability of Windows: @@ -1194,7 +1194,7 @@ To validate on Desktop, do the following steps:
            -**Start/HideRecentJumplists** +**Start/HideRecentJumplists** The table below shows the applicability of Windows: @@ -1253,7 +1253,7 @@ To validate on Desktop, do the following steps:
            -**Start/HideRecentlyAddedApps** +**Start/HideRecentlyAddedApps** The table below shows the applicability of Windows: @@ -1288,7 +1288,7 @@ Allows IT Admins to configure Start by hiding recently added apps. -ADMX Info: +ADMX Info: - GP Friendly name: *Remove "Recently added" list from Start Menu* - GP name: *HideRecentlyAddedApps* - GP path: *Start Menu and Taskbar* @@ -1318,7 +1318,7 @@ To validate on Desktop, do the following steps:
            -**Start/HideRecommendedSection** +**Start/HideRecommendedSection** @@ -1359,7 +1359,7 @@ The following are the supported values:
            -**Start/HideRestart** +**Start/HideRestart** The table below shows the applicability of Windows: @@ -1408,7 +1408,7 @@ To validate on Desktop, do the following steps:
            -**Start/HideShutDown** +**Start/HideShutDown** The table below shows the applicability of Windows: @@ -1457,7 +1457,7 @@ To validate on Desktop, do the following steps:
            -**Start/HideSignOut** +**Start/HideSignOut** The table below shows the applicability of Windows: @@ -1506,7 +1506,7 @@ To validate on Desktop, do the following steps:
            -**Start/HideSleep** +**Start/HideSleep** The table below shows the applicability of Windows: @@ -1555,7 +1555,7 @@ To validate on Desktop, do the following steps:
            -**Start/HideSwitchAccount** +**Start/HideSwitchAccount** The table below shows the applicability of Windows: @@ -1604,7 +1604,7 @@ To validate on Desktop, do the following steps:
            -**Start/HideTaskViewButton** +**Start/HideTaskViewButton** @@ -1646,7 +1646,7 @@ The following are the supported values:
            -**Start/HideUserTile** +**Start/HideUserTile** The table below shows the applicability of Windows: @@ -1699,7 +1699,7 @@ To validate on Desktop, do the following steps:
            -**Start/ImportEdgeAssets** +**Start/ImportEdgeAssets** The table below shows the applicability of Windows: @@ -1759,7 +1759,7 @@ To validate on Desktop, do the following steps:
            -**Start/NoPinningToTaskbar** +**Start/NoPinningToTaskbar** The table below shows the applicability of Windows: @@ -1811,7 +1811,7 @@ To validate on Desktop, do the following steps:
            -**Start/ShowOrHideMostUsedApps** +**Start/ShowOrHideMostUsedApps** @@ -1856,7 +1856,7 @@ On clean install, the user setting defaults to "hide".
            -**Start/SimplifyQuickSettings** +**Start/SimplifyQuickSettings** @@ -1897,7 +1897,7 @@ The following are the supported values:
            -**Start/StartLayout** +**Start/StartLayout** The table below shows the applicability of Windows: @@ -1926,7 +1926,7 @@ The table below shows the applicability of Windows: > [!IMPORTANT] -> In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis. For more information, see [Policy scope](./policy-configuration-service-provider.md#policy-scope) +> In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis. For more information, see [Policy scope](./policy-configuration-service-provider.md#policy-scope) Here's more SKU support information: @@ -1942,7 +1942,7 @@ For more information on how to customize the Start layout, see [Customize and ex -ADMX Info: +ADMX Info: - GP Friendly name: *Start Layout* - GP name: *LockedStartLayout* - GP path: *Start Menu and Taskbar* diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index d0117fde5d..e4a8b1ec6b 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 03/25/2022 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## Storage policies +## Storage policies
            @@ -67,7 +67,7 @@ manager: aaroncz
            -**Storage/AllowDiskHealthModelUpdates** +**Storage/AllowDiskHealthModelUpdates** The table below shows the applicability of Windows: @@ -100,7 +100,7 @@ Supported value type is integer. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow downloading updates to the Disk Failure Prediction Model* - GP name: *SH_AllowDiskHealthModelUpdates* - GP path: *System/Storage Health* @@ -119,7 +119,7 @@ The following list shows the supported values:
            -**Storage/AllowStorageSenseGlobal** +**Storage/AllowStorageSenseGlobal** The table below shows the applicability of Windows: @@ -158,7 +158,7 @@ If you disable this policy setting, the machine will turn off Storage Sense. Use If you don't configure this policy setting, Storage Sense is turned off by default until the user runs into low disk space or the user enables it manually. Users can configure this setting in Storage settings. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Storage Sense* - GP name: *SS_AllowStorageSenseGlobal* - GP path: *System/Storage Sense* @@ -179,7 +179,7 @@ ADMX Info:
            -**Storage/AllowStorageSenseTemporaryFilesCleanup** +**Storage/AllowStorageSenseTemporaryFilesCleanup** Versions prior to version 1903 don't support group policy. @@ -221,7 +221,7 @@ If you don't configure this policy setting, Storage Sense will delete the user -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Storage Sense Temporary Files cleanup* - GP name: *SS_AllowStorageSenseTemporaryFilesCleanup* - GP path: *System/Storage Sense* @@ -242,7 +242,7 @@ ADMX Info:
            -**Storage/ConfigStorageSenseCloudContentDehydrationThreshold** +**Storage/ConfigStorageSenseCloudContentDehydrationThreshold** The table below shows the applicability of Windows: @@ -284,7 +284,7 @@ If you disable or don't configure this policy setting, then Storage Sense won't -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Storage Sense Cloud Content dehydration threshold* - GP name: *SS_ConfigStorageSenseCloudContentDehydrationThreshold* - GP path: *System/Storage Sense* @@ -305,7 +305,7 @@ ADMX Info:
            -**Storage/ConfigStorageSenseDownloadsCleanupThreshold** +**Storage/ConfigStorageSenseDownloadsCleanupThreshold** The table below shows the applicability of Windows: @@ -347,7 +347,7 @@ If you disable or don't configure this policy setting, then Storage Sense won't -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Storage Storage Downloads cleanup threshold* - GP name: *SS_ConfigStorageSenseDownloadsCleanupThreshold* - GP path: *System/Storage Sense* @@ -368,7 +368,7 @@ ADMX Info:
            -**Storage/ConfigStorageSenseGlobalCadence** +**Storage/ConfigStorageSenseGlobalCadence** The table below shows the applicability of Windows: @@ -416,7 +416,7 @@ If you don't configure this policy setting, then the Storage Sense cadence is se -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Storage Sense cadence* - GP name: *SS_ConfigStorageSenseGlobalCadence* - GP path: *System/Storage Sense* @@ -437,7 +437,7 @@ ADMX Info:
            -**Storage/ConfigStorageSenseRecycleBinCleanupThreshold** +**Storage/ConfigStorageSenseRecycleBinCleanupThreshold** The table below shows the applicability of Windows: @@ -479,7 +479,7 @@ If you disable or don't configure this policy setting, Storage Sense will delete -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Storage Sense Recycle Bin cleanup threshold* - GP name: *SS_ConfigStorageSenseRecycleBinCleanupThreshold* - GP path: *System/Storage Sense* @@ -500,7 +500,7 @@ ADMX Info:
            -**Storage/EnhancedStorageDevices** +**Storage/EnhancedStorageDevices** The table below shows the applicability of Windows: @@ -535,14 +535,14 @@ If you disable or don't configure this policy setting, Windows will activate un- > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow Windows to activate Enhanced Storage devices* - GP name: *TCGSecurityActivationDisabled* - GP path: *System/Enhanced Storage Access* @@ -554,7 +554,7 @@ ADMX Info:
            -**Storage/RemovableDiskDenyWriteAccess** +**Storage/RemovableDiskDenyWriteAccess** The table below shows the applicability of Windows: @@ -581,18 +581,18 @@ The table below shows the applicability of Windows: -If you enable this policy setting, write access is denied to this removable storage class. If you disable or don't configure this policy setting, write access is allowed to this removable storage class. +If you enable this policy setting, write access is denied to this removable storage class. If you disable or don't configure this policy setting, write access is allowed to this removable storage class. > [!Note] > To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives." -Supported values for this policy are: +Supported values for this policy are: - 0 - Disable - 1 - Enable -ADMX Info: +ADMX Info: - GP Friendly name: *Removable Disks: Deny write access* - GP name: *RemovableDisks_DenyWrite_Access_2* - GP element: *RemovableDisks_DenyWrite_Access_2* @@ -604,7 +604,7 @@ ADMX Info: -Example for setting the device custom OMA-URI setting to enable this policy: +Example for setting the device custom OMA-URI setting to enable this policy: To deny write access to removable storage within Intune’s custom profile, set OMA-URI to ```./Device/Vendor/MSFT/Policy/Config/Storage/RemovableDiskDenyWriteAccess```, Data type to Integer, and Value to 1. See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settings-windows-10) for information on how to create custom profiles. @@ -616,7 +616,7 @@ See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settin
            -**Storage/WPDDevicesDenyReadAccessPerDevice** +**Storage/WPDDevicesDenyReadAccessPerDevice** The table below shows the applicability of Windows: @@ -663,7 +663,7 @@ Supported values for this policy are: -ADMX Info: +ADMX Info: - GP Friendly name: *WPD Devices: Deny read access* - GP name: *WPDDevices_DenyRead_Access_2* - GP path: *System/Removable Storage Access* @@ -680,7 +680,7 @@ ADMX Info:
            -**Storage/WPDDevicesDenyReadAccessPerUser** +**Storage/WPDDevicesDenyReadAccessPerUser** The table below shows the applicability of Windows: @@ -720,14 +720,14 @@ If enabled, this policy will block end-user from Read access on any Windows Port >[!NOTE] > WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer. -Supported values for this policy are: +Supported values for this policy are: - Not configured - Enabled - Disabled -ADMX Info: +ADMX Info: - GP Friendly name: *WPD Devices: Deny read access* - GP name: *WPDDevices_DenyRead_Access_1* - GP path: *System/Removable Storage Access* @@ -744,7 +744,7 @@ ADMX Info:
            -**Storage/WPDDevicesDenyWriteAccessPerDevice** +**Storage/WPDDevicesDenyWriteAccessPerDevice** The table below shows the applicability of Windows: @@ -784,14 +784,14 @@ If enabled, this policy will block end-user from Write access on any Windows Por >[!NOTE] > WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer. -Supported values for this policy are: +Supported values for this policy are: - Not configured - Enabled - Disabled -ADMX Info: +ADMX Info: - GP Friendly name: *WPD Devices: Deny write access* - GP name: *WPDDevices_DenyWrite_Access_2* - GP path: *System/Removable Storage Access* @@ -808,7 +808,7 @@ ADMX Info:
            -**Storage/WPDDevicesDenyWriteAccessPerUser** +**Storage/WPDDevicesDenyWriteAccessPerUser** The table below shows the applicability of Windows: @@ -848,14 +848,14 @@ If enabled, this policy will block end-user from Write access on any Windows Por >[!NOTE] > WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage. For example, if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browse the USB via explorer. -Supported values for this policy are: +Supported values for this policy are: - Not configured - Enabled - Disabled -ADMX Info: +ADMX Info: - GP Friendly name: *WPD Devices: Deny write access* - GP name: *WPDDevices_DenyWrite_Access_1* - GP path: *System/Removable Storage Access* @@ -873,7 +873,7 @@ ADMX Info: -**StorageHealthMonitor/DisableStorageHealthMonitor** +**StorageHealthMonitor/DisableStorageHealthMonitor** The table below shows the applicability of Windows: diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 4e5c11cbed..9ce3e09e66 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 08/26/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## System policies +## System policies
            @@ -113,7 +113,7 @@ manager: aaroncz
            -**System/AllowBuildPreview** +**System/AllowBuildPreview** The table below shows the applicability of Windows: @@ -148,7 +148,7 @@ If you enable or don't configure this policy setting, users can download and ins -ADMX Info: +ADMX Info: - GP Friendly name: *Toggle user control over Insider builds* - GP name: *AllowBuildPreview* - GP path: *Data Collection and Preview Builds* @@ -168,7 +168,7 @@ The following list shows the supported values:
            -**System/AllowCommercialDataPipeline** +**System/AllowCommercialDataPipeline** The table below shows the applicability of Windows: @@ -211,7 +211,7 @@ See the documentation at [ConfigureWDD](https://aka.ms/ConfigureWDD) for informa -ADMX Info: +ADMX Info: - GP Friendly name: *Allow commercial data pipeline* - GP name: *AllowCommercialDataPipeline* - GP element: *AllowCommercialDataPipeline* @@ -237,7 +237,7 @@ The following list shows the supported values:
            -**System/AllowDesktopAnalyticsProcessing** +**System/AllowDesktopAnalyticsProcessing** @@ -267,7 +267,7 @@ The following list shows the supported values:
            -**System/AllowDeviceNameInDiagnosticData** +**System/AllowDeviceNameInDiagnosticData** The table below shows the applicability of Windows: @@ -297,7 +297,7 @@ This policy allows the device name to be sent to Microsoft as part of Windows di -ADMX Info: +ADMX Info: - GP Friendly name: *Allow device name to be sent in Windows diagnostic data* - GP name: *AllowDeviceNameInDiagnosticData* - GP element: *AllowDeviceNameInDiagnosticData* @@ -323,7 +323,7 @@ The following list shows the supported values:
            -**System/AllowEmbeddedMode** +**System/AllowEmbeddedMode** The table below shows the applicability of Windows: @@ -366,7 +366,7 @@ The following list shows the supported values:
            -**System/AllowExperimentation** +**System/AllowExperimentation** The table below shows the applicability of Windows: @@ -413,7 +413,7 @@ The following list shows the supported values:
            -**System/AllowFontProviders** +**System/AllowFontProviders** The table below shows the applicability of Windows: @@ -450,7 +450,7 @@ This setting is used by lower-level components for text display and fond handlin -ADMX Info: +ADMX Info: - GP Friendly name: *Enable Font Providers* - GP name: *EnableFontProviders* - GP path: *Network/Fonts* @@ -465,7 +465,7 @@ The following list shows the supported values: -To verify if System/AllowFontProviders is set to true: +To verify if System/AllowFontProviders is set to true: - After a client machine is rebooted, check whether there's any network traffic from client machine to fs.microsoft.com. @@ -475,7 +475,7 @@ To verify if System/AllowFontProviders is set to true:
            -**System/AllowLocation** +**System/AllowLocation** The table below shows the applicability of Windows: @@ -513,7 +513,7 @@ For example, an app's original Location setting is Off. The administrator then s -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off location* - GP name: *DisableLocation_2* - GP path: *Windows Components/Location and Sensors* @@ -553,7 +553,7 @@ If you disable this policy setting, devices may not appear in Microsoft Managed
            -**System/AllowStorageCard** +**System/AllowStorageCard** The table below shows the applicability of Windows: @@ -587,7 +587,7 @@ Most restricted value is 0. The following list shows the supported values: -- 0 – SD card use isn't allowed, and USB drives are disabled. This setting doesn't prevent programmatic access to the storage card. +- 0 – SD card use isn't allowed, and USB drives are disabled. This setting doesn't prevent programmatic access to the storage card. - 1 (default) – Allow a storage card. @@ -596,7 +596,7 @@ The following list shows the supported values:
            -**System/AllowTelemetry** +**System/AllowTelemetry** The table below shows the applicability of Windows: @@ -623,11 +623,11 @@ The table below shows the applicability of Windows: -Allows the device to send diagnostic and usage telemetry data, such as Watson. +Allows the device to send diagnostic and usage telemetry data, such as Watson. For more information about diagnostic data, including what is and what isn't collected by Windows, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization). -The following list shows the supported values for Windows 8.1: +The following list shows the supported values for Windows 8.1: - 0 - Not allowed. - 1 – Allowed, except for Secondary Data Requests. - 2 (default) – Allowed. @@ -654,7 +654,7 @@ Most restrictive value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Telemetry* - GP name: *AllowTelemetry* - GP element: *AllowTelemetry* @@ -667,7 +667,7 @@ ADMX Info:
            -**System/AllowUpdateComplianceProcessing** +**System/AllowUpdateComplianceProcessing** The table below shows the applicability of Windows: @@ -708,7 +708,7 @@ If you disable or don't configure this policy setting, devices won't appear in U -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Update Compliance Processing* - GP name: *AllowUpdateComplianceProcessing* - GP element: *AllowUpdateComplianceProcessing* @@ -728,7 +728,7 @@ The following list shows the supported values:
            -**System/AllowUserToResetPhone** +**System/AllowUserToResetPhone** The table below shows the applicability of Windows: @@ -762,7 +762,7 @@ Most restricted value is 0. > This policy is also applicable to Windows 10 and not exclusive to phone. -The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed to reset to factory default settings. @@ -802,7 +802,7 @@ The following list shows the supported values: -**System/BootStartDriverInitialization** +**System/BootStartDriverInitialization** The table below shows the applicability of Windows: @@ -842,14 +842,14 @@ If your malware detection application doesn't include an Early Launch Antimalwar > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP Friendly name: *Boot-Start Driver Initialization Policy* - GP name: *POL_DriverLoadPolicy_Name* - GP path: *System/Early Launch Antimalware* @@ -861,7 +861,7 @@ ADMX Info:
            -**System/ConfigureMicrosoft365UploadEndpoint** +**System/ConfigureMicrosoft365UploadEndpoint** The table below shows the applicability of Windows: @@ -888,7 +888,7 @@ The table below shows the applicability of Windows: This policy sets the upload endpoint for this device’s diagnostic data as part of the Microsoft 365 Update Readiness program. - + If your organization is participating in the program and has been instructed to configure a custom upload endpoint, then use this setting to define that endpoint. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. @@ -896,7 +896,7 @@ The value for this setting will be provided by Microsoft as part of the onboardi Supported value type is string. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Microsoft 365 Update Readiness upload endpoint* - GP name: *ConfigureMicrosoft365UploadEndpoint* - GP element: *ConfigureMicrosoft365UploadEndpoint* @@ -918,7 +918,7 @@ ADMX Info:
            -**System/ConfigureTelemetryOptInChangeNotification** +**System/ConfigureTelemetryOptInChangeNotification** The table below shows the applicability of Windows: @@ -951,7 +951,7 @@ This policy setting determines whether a device shows notifications about teleme -ADMX Info: +ADMX Info: - GP Friendly name: *Configure telemetry opt-in change notifications.* - GP name: *ConfigureTelemetryOptInChangeNotification* - GP element: *ConfigureTelemetryOptInChangeNotification* @@ -969,7 +969,7 @@ The following list shows the supported values:
            -**System/ConfigureTelemetryOptInSettingsUx** +**System/ConfigureTelemetryOptInSettingsUx** The table below shows the applicability of Windows: @@ -1006,7 +1006,7 @@ If you set this policy setting to "Enable Telemetry opt-in Settings" or don't co -ADMX Info: +ADMX Info: - GP Friendly name: *Configure telemetry opt-in setting user interface.* - GP name: *ConfigureTelemetryOptInSettingsUx* - GP element: *ConfigureTelemetryOptInSettingsUx* @@ -1024,7 +1024,7 @@ The following list shows the supported values:
            -**System/DisableDeviceDelete** +**System/DisableDeviceDelete** The table below shows the applicability of Windows: @@ -1052,12 +1052,12 @@ The table below shows the applicability of Windows: This policy setting controls whether the Delete diagnostic data button is enabled in Diagnostic & Feedback Settings page. -- If you enable this policy setting, the Delete diagnostic data button will be disabled in Settings page, preventing the deletion of diagnostic data collected by Microsoft from the device. +- If you enable this policy setting, the Delete diagnostic data button will be disabled in Settings page, preventing the deletion of diagnostic data collected by Microsoft from the device. - If you disable or don't configure this policy setting, the Delete diagnostic data button will be enabled in Settings page, which allows people to erase all diagnostic data collected by Microsoft from that device. -ADMX Info: +ADMX Info: - GP Friendly name: *Disable deleting diagnostic data* - GP name: *DisableDeviceDelete* - GP element: *DisableDeviceDelete* @@ -1079,7 +1079,7 @@ ADMX Info:
            -**System/DisableDiagnosticDataViewer** +**System/DisableDiagnosticDataViewer** The table below shows the applicability of Windows: @@ -1107,12 +1107,12 @@ The table below shows the applicability of Windows: This policy setting controls whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. -- If you enable this policy setting, the Diagnostic Data Viewer won't be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device. +- If you enable this policy setting, the Diagnostic Data Viewer won't be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device. - If you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page. -ADMX Info: +ADMX Info: - GP Friendly name: *Disable diagnostic data viewer.* - GP name: *DisableDiagnosticDataViewer* - GP element: *DisableDiagnosticDataViewer* @@ -1134,7 +1134,7 @@ ADMX Info:
            -**System/DisableEnterpriseAuthProxy** +**System/DisableEnterpriseAuthProxy** The table below shows the applicability of Windows: @@ -1164,7 +1164,7 @@ This policy setting blocks the Connected User Experience and Telemetry service f -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service* - GP name: *DisableEnterpriseAuthProxy* - GP element: *DisableEnterpriseAuthProxy* @@ -1177,7 +1177,7 @@ ADMX Info:
            -**System/DisableOneDriveFileSync** +**System/DisableOneDriveFileSync** The table below shows the applicability of Windows: @@ -1209,13 +1209,13 @@ Allows IT Admins to prevent apps and features from working with files on OneDriv * Microsoft Store apps can't access OneDrive using the WinRT API. * OneDrive doesn't appear in the navigation pane in File Explorer. * OneDrive files aren't kept in sync with the cloud. -* Users can't automatically upload photos and videos from the camera roll folder. +* Users can't automatically upload photos and videos from the camera roll folder. If you disable or don't configure this policy setting, apps and features can work with OneDrive file storage. -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent the usage of OneDrive for file storage* - GP name: *PreventOnedriveFileSync* - GP path: *Windows Components/OneDrive* @@ -1242,7 +1242,7 @@ To validate on Desktop, do the following steps:
            -**System/DisableSystemRestore** +**System/DisableSystemRestore** The table below shows the applicability of Windows: @@ -1282,14 +1282,14 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off System Restore* - GP name: *SR_DisableSR* - GP path: *System/System Restore* @@ -1301,7 +1301,7 @@ ADMX Info:
            -**System/FeedbackHubAlwaysSaveDiagnosticsLocally** +**System/FeedbackHubAlwaysSaveDiagnosticsLocally** The table below shows the applicability of Windows: @@ -1331,7 +1331,7 @@ When feedback in the Feedback Hub is being filed, diagnostic logs are collected -The following list shows the supported values: +The following list shows the supported values: - 0 (default) - False. The Feedback Hub won't always save a local copy of diagnostics that may be created when feedback is submitted. The user will have the option to do so. - 1 - True. The Feedback Hub should always save a local copy of diagnostics that may be created when feedback is submitted. @@ -1342,7 +1342,7 @@ The following list shows the supported values:
            -**System/LimitDiagnosticLogCollection** +**System/LimitDiagnosticLogCollection** The table below shows the applicability of Windows: @@ -1368,13 +1368,13 @@ The table below shows the applicability of Windows: -This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It's sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for more data collection. +This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It's sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for more data collection. If you disable or don't configure this policy setting, we may occasionally collect advanced diagnostic data if the user has opted to send optional diagnostic data. -ADMX Info: +ADMX Info: - GP Friendly name: *Limit Diagnostic Log Collection* - GP name: *LimitDiagnosticLogCollection* - GP path: *Data Collection and Preview Builds* @@ -1386,14 +1386,14 @@ The following list shows the supported values: - 0 – Disabled - 1 – Enabled - +
            -**System/LimitDumpCollection** +**System/LimitDumpCollection** The table below shows the applicability of Windows: @@ -1421,13 +1421,13 @@ The table below shows the applicability of Windows: This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps aren't sent unless we have permission to collect optional diagnostic data. -With this policy setting being enabled, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only. +With this policy setting being enabled, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only. If you disable or don't configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data. -ADMX Info: +ADMX Info: - GP Friendly name: *Limit Dump Collection* - GP name: *LimitDumpCollection* - GP path: *Data Collection and Preview Builds* @@ -1445,7 +1445,7 @@ The following list shows the supported values:
            -**System/LimitEnhancedDiagnosticDataWindowsAnalytics** +**System/LimitEnhancedDiagnosticDataWindowsAnalytics** The table below shows the applicability of Windows: @@ -1471,15 +1471,15 @@ The table below shows the applicability of Windows: -This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. - +This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. + To enable this behavior, you must complete two steps: 1. Enable this policy setting. 2. Set the **AllowTelemetry** level: - - For Windows 10 version 1809 and older: set **AllowTelemetry** to Enhanced. + - For Windows 10 version 1809 and older: set **AllowTelemetry** to Enhanced. > [!NOTE] > **Enhanced** is no longer an option for Windows Holographic, version 21H1. @@ -1487,14 +1487,14 @@ To enable this behavior, you must complete two steps: - For Windows 10 version 19H1 and later: set **AllowTelemetry** to Optional (Full). When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented here: Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics. - + Enabling enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus enhanced level telemetry data. This setting has no effect on computers configured to send Required (Basic) or Optional (Full) diagnostic data to Microsoft. - + If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. -ADMX Info: +ADMX Info: - GP Friendly name: *Limit Enhanced diagnostic data to the minimum required by Windows Analytics* - GP name: *LimitEnhancedDiagnosticDataWindowsAnalytics* - GP element: *LimitEnhancedDiagnosticDataWindowsAnalytics* @@ -1507,7 +1507,7 @@ ADMX Info:
            -**System/TelemetryProxy** +**System/TelemetryProxy** The table below shows the applicability of Windows: @@ -1539,7 +1539,7 @@ If you disable or don't configure this policy setting, Connected User Experience -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Connected User Experiences and Telemetry* - GP name: *TelemetryProxy* - GP element: *TelemetryProxyName* @@ -1552,7 +1552,7 @@ ADMX Info:
            -**System/TurnOffFileHistory** +**System/TurnOffFileHistory** The table below shows the applicability of Windows: @@ -1586,7 +1586,7 @@ If you disable or don't configure this policy setting, File History can be activ -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off File History* - GP name: *DisableFileHistory* - GP path: *Windows Components/File History* diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index dda3779328..9138227f47 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## SystemServices policies +## SystemServices policies
            @@ -44,7 +44,7 @@ manager: aaroncz
            -**SystemServices/ConfigureHomeGroupListenerServiceStartupMode** +**SystemServices/ConfigureHomeGroupListenerServiceStartupMode** The table below shows the applicability of Windows: @@ -71,13 +71,13 @@ The table below shows the applicability of Windows: -This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). +This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. -GP Info: +GP Info: - GP Friendly name: *HomeGroup Listener* - GP path: *Windows Settings/Security Settings/System Services* @@ -87,7 +87,7 @@ GP Info:
            -**SystemServices/ConfigureHomeGroupProviderServiceStartupMode** +**SystemServices/ConfigureHomeGroupProviderServiceStartupMode** The table below shows the applicability of Windows: @@ -114,13 +114,13 @@ The table below shows the applicability of Windows: -This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). +This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. -GP Info: +GP Info: - GP Friendly name: *HomeGroup Provider* - GP path: *Windows Settings/Security Settings/System Services* @@ -130,7 +130,7 @@ GP Info:
            -**SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode** +**SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode** The table below shows the applicability of Windows: @@ -157,13 +157,13 @@ The table below shows the applicability of Windows: -This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). +This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. -GP Info: +GP Info: - GP Friendly name: *Xbox Accessory Management Service* - GP path: *Windows Settings/Security Settings/System Services* @@ -173,7 +173,7 @@ GP Info:
            -**SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode** +**SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode** The table below shows the applicability of Windows: @@ -200,13 +200,13 @@ The table below shows the applicability of Windows: -This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). +This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. -GP Info: +GP Info: - GP Friendly name: *Xbox Live Auth Manager* - GP path: *Windows Settings/Security Settings/System Services* @@ -216,7 +216,7 @@ GP Info:
            -**SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode** +**SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode** The table below shows the applicability of Windows: @@ -243,13 +243,13 @@ The table below shows the applicability of Windows: -This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). +This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. -GP Info: +GP Info: - GP Friendly name: *Xbox Live Game Save* - GP path: *Windows Settings/Security Settings/System Services* @@ -259,7 +259,7 @@ GP Info:
            -**SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode** +**SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode** The table below shows the applicability of Windows: @@ -286,13 +286,13 @@ The table below shows the applicability of Windows: -This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). +This setting determines whether the service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. -GP Info: +GP Info: - GP Friendly name: *Xbox Live Networking Service* - GP path: *Windows Settings/Security Settings/System Services* diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md index 359565b3aa..19193cea93 100644 --- a/windows/client-management/mdm/policy-csp-taskmanager.md +++ b/windows/client-management/mdm/policy-csp-taskmanager.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## TaskManager policies +## TaskManager policies
            @@ -28,7 +28,7 @@ manager: aaroncz
            -**TaskManager/AllowEndTask** +**TaskManager/AllowEndTask** The table below shows the applicability of Windows: @@ -57,9 +57,9 @@ The table below shows the applicability of Windows: This setting determines whether non-administrators can use Task Manager to end tasks. -Supported value type is integer. +Supported value type is integer. -Supported values: +Supported values: - 0 - Disabled. EndTask functionality is blocked in TaskManager. - 1 - Enabled (default). Users can perform EndTask in TaskManager. @@ -71,8 +71,8 @@ Supported values: -**Validation procedure:** -- When this policy is set to 1 - users CAN execute 'End task' on processes in TaskManager. +**Validation procedure:** +- When this policy is set to 1 - users CAN execute 'End task' on processes in TaskManager. - When the policy is set to 0 - users CANNOT execute 'End task' on processes in TaskManager. diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index f6493ca356..eb016f3e4f 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## TaskScheduler policies +## TaskScheduler policies
            @@ -29,7 +29,7 @@ manager: aaroncz
            -**TaskScheduler/EnableXboxGameSaveTask** +**TaskScheduler/EnableXboxGameSaveTask** The table below shows the applicability of Windows: diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index f2976b8893..a643b71697 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 03/03/2022 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## TextInput policies +## TextInput policies
            @@ -110,7 +110,7 @@ manager: aaroncz
            -**TextInput/AllowHardwareKeyboardTextSuggestions** +**TextInput/AllowHardwareKeyboardTextSuggestions**
            @@ -132,7 +132,7 @@ Placeholder only. Do not use in production environment.
            -**TextInput/AllowIMELogging** +**TextInput/AllowIMELogging** The table below shows the applicability of Windows: @@ -179,7 +179,7 @@ The following list shows the supported values:
            -**TextInput/AllowIMENetworkAccess** +**TextInput/AllowIMENetworkAccess** The table below shows the applicability of Windows: @@ -225,7 +225,7 @@ The following list shows the supported values:
            -**TextInput/AllowInputPanel** +**TextInput/AllowInputPanel** The table below shows the applicability of Windows: @@ -272,7 +272,7 @@ The following list shows the supported values:
            -**TextInput/AllowJapaneseIMESurrogatePairCharacters** +**TextInput/AllowJapaneseIMESurrogatePairCharacters** The table below shows the applicability of Windows: @@ -319,7 +319,7 @@ The following list shows the supported values:
            -**TextInput/AllowJapaneseIVSCharacters** +**TextInput/AllowJapaneseIVSCharacters** The table below shows the applicability of Windows: @@ -366,7 +366,7 @@ The following list shows the supported values:
            -**TextInput/AllowJapaneseNonPublishingStandardGlyph** +**TextInput/AllowJapaneseNonPublishingStandardGlyph** The table below shows the applicability of Windows: @@ -413,7 +413,7 @@ The following list shows the supported values:
            -**TextInput/AllowJapaneseUserDictionary** +**TextInput/AllowJapaneseUserDictionary** The table below shows the applicability of Windows: @@ -460,7 +460,7 @@ The following list shows the supported values:
            -**TextInput/AllowKeyboardTextSuggestions** +**TextInput/AllowKeyboardTextSuggestions** The table below shows the applicability of Windows: @@ -490,7 +490,7 @@ The table below shows the applicability of Windows: > [!NOTE] > The policy is only enforced in Windows 10 for desktop. -Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled. +Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled. Most restricted value is 0. @@ -515,7 +515,7 @@ To validate that text prediction is disabled on Windows 10 for desktop, do the f
            -**TextInput/AllowKoreanExtendedHanja** +**TextInput/AllowKoreanExtendedHanja**
            @@ -528,7 +528,7 @@ This policy has been deprecated.
            -**TextInput/AllowLanguageFeaturesUninstall** +**TextInput/AllowLanguageFeaturesUninstall** The table below shows the applicability of Windows: @@ -564,7 +564,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Uninstallation of Language Features* - GP name: *AllowLanguageFeaturesUninstall* - GP path: *Windows Components/Text Input* @@ -583,7 +583,7 @@ The following list shows the supported values:
            -**TextInput/AllowLinguisticDataCollection** +**TextInput/AllowLinguisticDataCollection** The table below shows the applicability of Windows: @@ -614,7 +614,7 @@ This policy setting controls the ability to send inking and typing data to Micro -ADMX Info: +ADMX Info: - GP Friendly name: *Improve inking and typing recognition* - GP name: *AllowLinguisticDataCollection* - GP path: *Windows Components/Text Input* @@ -630,7 +630,7 @@ This setting supports a range of values between 0 and 1.
            -**TextInput/AllowTextInputSuggestionUpdate** +**TextInput/AllowTextInputSuggestionUpdate** The table below shows the applicability of Windows: @@ -677,7 +677,7 @@ The following list shows the supported values:
            -**TextInput/ConfigureJapaneseIMEVersion** +**TextInput/ConfigureJapaneseIMEVersion** The table below shows the applicability of Windows: @@ -705,7 +705,7 @@ The table below shows the applicability of Windows: > [!NOTE] -> - The policy is only enforced in Windows 10 for desktop. +> - The policy is only enforced in Windows 10 for desktop. > - This policy requires reboot to take effect. Allows IT admins to configure Microsoft Japanese IME version in the desktop. @@ -724,7 +724,7 @@ The following list shows the supported values:
            -**TextInput/ConfigureSimplifiedChineseIMEVersion** +**TextInput/ConfigureSimplifiedChineseIMEVersion** The table below shows the applicability of Windows: @@ -752,7 +752,7 @@ The table below shows the applicability of Windows: > [!NOTE] -> - This policy is enforced only in Windows 10 for desktop. +> - This policy is enforced only in Windows 10 for desktop. > - This policy requires reboot to take effect. Allows IT admins to configure Microsoft Simplified Chinese IME version in the desktop. @@ -771,7 +771,7 @@ The following list shows the supported values:
            -**TextInput/ConfigureTraditionalChineseIMEVersion** +**TextInput/ConfigureTraditionalChineseIMEVersion** The table below shows the applicability of Windows: @@ -799,7 +799,7 @@ The table below shows the applicability of Windows: > [!NOTE] -> - This policy is enforced only in Windows 10 for desktop. +> - This policy is enforced only in Windows 10 for desktop. > - This policy requires reboot to take effect. Allows IT admins to configure Microsoft Traditional Chinese IME version in the desktop. @@ -818,7 +818,7 @@ The following list shows the supported values:
            -**TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode** +**TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode** The table below shows the applicability of Windows: @@ -845,10 +845,10 @@ The table below shows the applicability of Windows: -This policy allows the IT admin to enable the touch keyboard to automatically show up when the device is in the desktop mode. +This policy allows the IT admin to enable the touch keyboard to automatically show up when the device is in the desktop mode. -The touch keyboard is enabled in both the tablet and desktop mode. In the tablet mode, when you touch a textbox, the touch keyboard automatically shows up. -But in the desktop mode, by default, the touch keyboard does not automatically show up when you touch a textbox. The user must click the system tray to enable the touch keyboard. +The touch keyboard is enabled in both the tablet and desktop mode. In the tablet mode, when you touch a textbox, the touch keyboard automatically shows up. +But in the desktop mode, by default, the touch keyboard does not automatically show up when you touch a textbox. The user must click the system tray to enable the touch keyboard. When this policy is enabled, the touch keyboard automatically shows up when the device is in the desktop mode. This policy corresponds to "Show the touch keyboard when not in tablet mode and there's no keyboard attached" in the Settings app. @@ -866,7 +866,7 @@ The following list shows the supported values:
            -**TextInput/ExcludeJapaneseIMEExceptJIS0208** +**TextInput/ExcludeJapaneseIMEExceptJIS0208** The table below shows the applicability of Windows: @@ -911,7 +911,7 @@ The following list shows the supported values:
            -**TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC** +**TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC** The table below shows the applicability of Windows: @@ -956,7 +956,7 @@ The following list shows the supported values:
            -**TextInput/ExcludeJapaneseIMEExceptShiftJIS** +**TextInput/ExcludeJapaneseIMEExceptShiftJIS** The table below shows the applicability of Windows: @@ -1001,7 +1001,7 @@ The following list shows the supported values:
            -**TextInput/ForceTouchKeyboardDockedState** +**TextInput/ForceTouchKeyboardDockedState** The table below shows the applicability of Windows: @@ -1034,7 +1034,7 @@ Specifies the touch keyboard is always docked. When this policy is set to enable The following list shows the supported values: -- 0 - (default) - The OS determines when it's most appropriate to be available. +- 0 - (default) - The OS determines when it's most appropriate to be available. - 1 - Touch keyboard is always docked. - 2 - Touch keyboard docking can be changed. @@ -1044,7 +1044,7 @@ The following list shows the supported values:
            -**TextInput/TouchKeyboardDictationButtonAvailability** +**TextInput/TouchKeyboardDictationButtonAvailability** The table below shows the applicability of Windows: @@ -1087,7 +1087,7 @@ The following list shows the supported values:
            -**TextInput/TouchKeyboardEmojiButtonAvailability** +**TextInput/TouchKeyboardEmojiButtonAvailability** The table below shows the applicability of Windows: @@ -1130,7 +1130,7 @@ The following list shows the supported values:
            -**TextInput/TouchKeyboardFullModeAvailability** +**TextInput/TouchKeyboardFullModeAvailability** The table below shows the applicability of Windows: @@ -1173,7 +1173,7 @@ The following list shows the supported values:
            -**TextInput/TouchKeyboardHandwritingModeAvailability** +**TextInput/TouchKeyboardHandwritingModeAvailability** The table below shows the applicability of Windows: @@ -1216,7 +1216,7 @@ The following list shows the supported values:
            -**TextInput/TouchKeyboardNarrowModeAvailability** +**TextInput/TouchKeyboardNarrowModeAvailability** The table below shows the applicability of Windows: @@ -1259,7 +1259,7 @@ The following list shows the supported values:
            -**TextInput/TouchKeyboardSplitModeAvailability** +**TextInput/TouchKeyboardSplitModeAvailability** The table below shows the applicability of Windows: @@ -1302,7 +1302,7 @@ The following list shows the supported values:
            -**TextInput/TouchKeyboardWideModeAvailability** +**TextInput/TouchKeyboardWideModeAvailability** The table below shows the applicability of Windows: diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 610c3a4580..7487a19698 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/28/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## TimeLanguageSettings policies +## TimeLanguageSettings policies
            @@ -38,7 +38,7 @@ manager: aaroncz
            -**TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks** +**TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks** The table below shows the applicability of Windows: @@ -76,7 +76,7 @@ If you disable (value 0) or don't configure this policy setting, language packs -ADMX Info: +ADMX Info: - GP Friendly name: *Block cleanup of unused language packs* - GP name: *BlockCleanupOfUnusedPreinstalledLangPacks* - GP path: *Computer Configuration/Administrative Templates/Control Panel/Regional and Language Options* @@ -94,7 +94,7 @@ ADMX Info:
            -**TimeLanguageSettings/ConfigureTimeZone** +**TimeLanguageSettings/ConfigureTimeZone** The table below shows the applicability of Windows: @@ -140,7 +140,7 @@ Specifies the time zone to be applied to the device. This policy name is the sta
            -**TimeLanguageSettings/MachineUILanguageOverwrite** +**TimeLanguageSettings/MachineUILanguageOverwrite** The table below shows the applicability of Windows: @@ -178,7 +178,7 @@ If you disable or don't configure this policy setting, there's no restriction of -ADMX Info: +ADMX Info: - GP Friendly name: *Force selected system UI language to overwrite the user UI language* - GP name: *MachineUILanguageOverwrite* - GP path: *Computer Configuration/Administrative Templates/Control Panel/Regional and Language Options* @@ -196,7 +196,7 @@ ADMX Info:
            -**TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall** +**TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall** The table below shows the applicability of Windows: @@ -223,9 +223,9 @@ The table below shows the applicability of Windows: -This policy setting restricts standard users from installing language features on demand. This policy doesn't restrict the Windows language, if you want to restrict the Windows language use the following policy: “Restricts the UI languages Windows should use for the selected user.” +This policy setting restricts standard users from installing language features on demand. This policy doesn't restrict the Windows language, if you want to restrict the Windows language use the following policy: “Restricts the UI languages Windows should use for the selected user.” -If you enable this policy setting, the installation of language features is prevented for standard users. +If you enable this policy setting, the installation of language features is prevented for standard users. If you disable or don't configure this policy setting, there's no language feature installation restriction for the standard users. diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md index 44b6119a56..a57ac594c1 100644 --- a/windows/client-management/mdm/policy-csp-troubleshooting.md +++ b/windows/client-management/mdm/policy-csp-troubleshooting.md @@ -15,7 +15,7 @@ ms.date: 09/27/2019
            -## Troubleshooting policies +## Troubleshooting policies
            @@ -27,7 +27,7 @@ ms.date: 09/27/2019
            -**Troubleshooting/AllowRecommendations** +**Troubleshooting/AllowRecommendations** The table below shows the applicability of Windows: @@ -58,7 +58,7 @@ This policy setting allows IT admins to configure, how to apply recommended trou -ADMX Info: +ADMX Info: - GP Friendly name: *Troubleshooting: Allow users to access recommended troubleshooting for known problems* - GP name: *TroubleshootingAllowRecommendations* - GP path: *Troubleshooting and Diagnostics/Microsoft Support Diagnostic Tool* @@ -68,7 +68,7 @@ ADMX Info: This setting is a numeric policy setting with merge algorithm (lowest value is the most secure) that uses the most restrictive settings for complex manageability scenarios. -Supported values: +Supported values: - 0 (default) - Turn off this feature. - 1 - Turn off this feature but still apply critical troubleshooting. - 2 - Notify users when recommended troubleshooting is available, then allow the user to run or ignore it. diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index e056057f7a..23dd80dc02 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 06/15/2022 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.collection: highpri --- @@ -19,7 +19,7 @@ ms.collection: highpri
            -## Update policies +## Update policies
            @@ -138,7 +138,7 @@ ms.collection: highpri
            Update/ManagePreviewBuilds -
            +
            Update/NoUpdateNotificationDuringActiveHours
            @@ -220,11 +220,11 @@ ms.collection: highpri
            Update/SetProxyBehaviorForUpdateDetection
            -
            - Update/ProductVersion +
            + Update/ProductVersion
            -
            - Update/TargetReleaseVersion +
            + Update/TargetReleaseVersion
            Update/UpdateNotificationLevel @@ -241,7 +241,7 @@ ms.collection: highpri
            -**Update/ActiveHoursEnd** +**Update/ActiveHoursEnd** The table below shows the applicability of Windows: @@ -279,7 +279,7 @@ The default is 17 (5 PM). -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off auto-restart for updates during active hours* - GP name: *ActiveHours* - GP element: *ActiveHoursEndTime* @@ -292,7 +292,7 @@ ADMX Info:
            -**Update/ActiveHoursMaxRange** +**Update/ActiveHoursMaxRange** The table below shows the applicability of Windows: @@ -327,7 +327,7 @@ The default value is 18 (hours). -ADMX Info: +ADMX Info: - GP Friendly name: *Specify active hours range for auto-restarts* - GP name: *ActiveHoursMaxRange* - GP element: *ActiveHoursMaxRange* @@ -340,7 +340,7 @@ ADMX Info:
            -**Update/ActiveHoursStart** +**Update/ActiveHoursStart** The table below shows the applicability of Windows: @@ -378,7 +378,7 @@ The default value is 8 (8 AM). -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off auto-restart for updates during active hours* - GP name: *ActiveHours* - GP element: *ActiveHoursStartTime* @@ -391,7 +391,7 @@ ADMX Info:
            -**Update/AllowAutoUpdate** +**Update/AllowAutoUpdate** The table below shows the applicability of Windows: @@ -426,7 +426,7 @@ If the policy isn't configured, end-users get the default behavior (Auto downloa -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Automatic Updates* - GP name: *AutoUpdateCfg* - GP element: *AutoUpdateMode* @@ -454,7 +454,7 @@ The following list shows the supported values:
            -**Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork** +**Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork** The table below shows the applicability of Windows: @@ -489,7 +489,7 @@ This policy is accessible through the Update setting in the user interface or Gr -ADMX Info: +ADMX Info: - GP Friendly name: *Allow updates to be downloaded automatically over metered connections* - GP name: *AllowAutoWindowsUpdateDownloadOverMeteredNetwork* - GP path: *Windows Components/Windows Update* @@ -508,7 +508,7 @@ The following list shows the supported values:
            -**Update/AllowMUUpdateService** +**Update/AllowMUUpdateService** The table below shows the applicability of Windows: @@ -539,7 +539,7 @@ Allows the IT admin to manage whether to scan for app updates from Microsoft Upd -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Automatic Updates* - GP name: *AutoUpdateCfg* - GP element: *AllowMUUpdateServiceId* @@ -567,7 +567,7 @@ $MUSM.RemoveService("7971f918-a847-4430-9279-4a52d1efe18d")
            -**Update/AllowNonMicrosoftSignedUpdate** +**Update/AllowNonMicrosoftSignedUpdate** The table below shows the applicability of Windows: @@ -613,7 +613,7 @@ The following list shows the supported values:
            -**Update/AllowUpdateService** +**Update/AllowUpdateService** The table below shows the applicability of Windows: @@ -651,7 +651,7 @@ Enabling this policy will disable that functionality, and may cause connection t -ADMX Info: +ADMX Info: - GP Friendly name: *Specify intranet Microsoft update service location* - GP name: *CorpWuURL* - GP path: *Windows Components/Windows Update* @@ -670,7 +670,7 @@ The following list shows the supported values:
            -**Update/AutoRestartDeadlinePeriodInDays** +**Update/AutoRestartDeadlinePeriodInDays** The table below shows the applicability of Windows: @@ -701,7 +701,7 @@ For Quality Updates, this policy specifies the deadline in days before automatic The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system, and user busy checks. -Supported value type is integer. Default is seven days. +Supported value type is integer. Default is seven days. Supported values range: 2-30. @@ -718,7 +718,7 @@ If any of the following two policies are enabled, this policy has no effect: -ADMX Info: +ADMX Info: - GP Friendly name: *Specify deadline before auto-restart for update installation* - GP name: *AutoRestartDeadline* - GP element: *AutoRestartDeadline* @@ -731,7 +731,7 @@ ADMX Info:
            -**Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates** +**Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates** The table below shows the applicability of Windows: @@ -762,7 +762,7 @@ For Feature Updates, this policy specifies the deadline in days before automatic The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system, and user busy checks. -Supported value type is integer. Default is 7 days. +Supported value type is integer. Default is 7 days. Supported values range: 2-30. @@ -779,7 +779,7 @@ If any of the following two policies are enabled, this policy has no effect: -ADMX Info: +ADMX Info: - GP Friendly name: *Specify deadline before auto-restart for update installation* - GP name: *AutoRestartDeadline* - GP element: *AutoRestartDeadlineForFeatureUpdates* @@ -792,7 +792,7 @@ ADMX Info:
            -**Update/AutoRestartNotificationSchedule** +**Update/AutoRestartNotificationSchedule** The table below shows the applicability of Windows: @@ -825,7 +825,7 @@ The default value is 15 (minutes). -ADMX Info: +ADMX Info: - GP Friendly name: *Configure auto-restart reminder notifications for updates* - GP name: *AutoRestartNotificationConfig* - GP element: *AutoRestartNotificationSchd* @@ -842,7 +842,7 @@ Supported values are 15, 30, 60, 120, and 240 (minutes).
            -**Update/AutoRestartRequiredNotificationDismissal** +**Update/AutoRestartRequiredNotificationDismissal** The table below shows the applicability of Windows: @@ -873,7 +873,7 @@ Allows the IT Admin to specify the method by which the autorestart required noti -ADMX Info: +ADMX Info: - GP Friendly name: *Configure auto-restart required notification for updates* - GP name: *AutoRestartRequiredNotificationDismissal* - GP element: *AutoRestartRequiredNotificationDismissal* @@ -893,7 +893,7 @@ The following list shows the supported values:
            -**Update/AutomaticMaintenanceWakeUp** +**Update/AutomaticMaintenanceWakeUp** The table below shows the applicability of Windows: @@ -931,7 +931,7 @@ If you disable or don't configure this policy setting, the wake setting as speci -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic Maintenance WakeUp Policy* - GP name: *WakeUpPolicy* - GP path: *Windows Components/Maintenance Scheduler* @@ -939,7 +939,7 @@ ADMX Info: -Supported values: +Supported values: - 0 - Disable - 1 - Enable (Default) @@ -954,7 +954,7 @@ Supported values:
            -**Update/BranchReadinessLevel** +**Update/BranchReadinessLevel** The table below shows the applicability of Windows: @@ -985,7 +985,7 @@ Allows the IT admin to set which branch a device receives their updates from. As -ADMX Info: +ADMX Info: - GP Friendly name: *Select when Preview Builds and Feature Updates are received* - GP name: *DeferFeatureUpdates* - GP element: *BranchReadinessLevelId* @@ -1008,7 +1008,7 @@ The following list shows the supported values:
            -**Update/ConfigureDeadlineForFeatureUpdates** +**Update/ConfigureDeadlineForFeatureUpdates** The table below shows the applicability of Windows: @@ -1038,7 +1038,7 @@ The table below shows the applicability of Windows: Allows admins to specify the number of days before feature updates are installed on the device automatically. Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours, according to [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot). After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify deadlines for automatic updates and restarts* - GP name: *ConfigureDeadlineForFeatureUpdates* - GP element: *ConfigureDeadlineForFeatureUpdates* @@ -1062,7 +1062,7 @@ Default value is 7.
            -**Update/ConfigureDeadlineForQualityUpdates** +**Update/ConfigureDeadlineForQualityUpdates** The table below shows the applicability of Windows: @@ -1092,7 +1092,7 @@ The table below shows the applicability of Windows: Allows admins to specify the number of days before quality updates are installed on a device automatically. Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours, according to [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot). After deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify deadlines for automatic updates and restarts* - GP name: *ConfigureDeadlineForQualityUpdates* - GP element: *ConfigureDeadlineForQualityUpdates* @@ -1116,7 +1116,7 @@ Default value is 7.
            -**Update/ConfigureDeadlineGracePeriod** +**Update/ConfigureDeadlineGracePeriod** The table below shows the applicability of Windows: @@ -1147,7 +1147,7 @@ When used with [Update/ConfigureDeadlineForQualityUpdates](#update-configuredead -ADMX Info: +ADMX Info: - GP Friendly name: *Specify deadlines for automatic updates and restarts* - GP name: *ConfigureDeadlineGracePeriod* - GP element: *ConfigureDeadlineGracePeriod* @@ -1171,7 +1171,7 @@ Default value is 2.
            -**Update/ConfigureDeadlineGracePeriodForFeatureUpdates** +**Update/ConfigureDeadlineGracePeriodForFeatureUpdates** The table below shows the applicability of Windows: @@ -1203,7 +1203,7 @@ When used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredead -ADMX Info: +ADMX Info: - GP Friendly name: *Specify deadlines for automatic updates and restarts* - GP name: *ConfigureDeadlineGracePeriodForFeatureUpdates* - GP element: *ConfigureDeadlineGracePeriodForFeatureUpdates* @@ -1227,7 +1227,7 @@ Default value is 2.
            -**Update/ConfigureDeadlineNoAutoReboot** +**Update/ConfigureDeadlineNoAutoReboot** The table below shows the applicability of Windows: @@ -1261,7 +1261,7 @@ When disabled, if the device has installed updates and is outside of active hour -ADMX Info: +ADMX Info: - GP Friendly name: *Specify deadlines for automatic updates and restarts* - GP name: *ConfigureDeadlineNoAutoReboot* - GP element: *ConfigureDeadlineNoAutoReboot* @@ -1270,7 +1270,7 @@ ADMX Info: -Supported values: +Supported values: - 1 - Enabled - 0 (default) - Disabled @@ -1285,7 +1285,7 @@ Supported values:
            -**Update/ConfigureFeatureUpdateUninstallPeriod** +**Update/ConfigureFeatureUpdateUninstallPeriod** The table below shows the applicability of Windows: @@ -1312,9 +1312,9 @@ The table below shows the applicability of Windows: -Enable IT admin to configure feature update uninstall period. +Enable IT admin to configure feature update uninstall period. -Values range 2 - 60 days. +Values range 2 - 60 days. Default is 10 days. @@ -1324,7 +1324,7 @@ Default is 10 days.
            -**Update/DeferFeatureUpdatesPeriodInDays** +**Update/DeferFeatureUpdatesPeriodInDays** The table below shows the applicability of Windows: @@ -1361,7 +1361,7 @@ Supported values are 0-365 days. -ADMX Info: +ADMX Info: - GP Friendly name: *Select when Preview Builds and Feature Updates are received* - GP name: *DeferFeatureUpdates* - GP element: *DeferFeatureUpdatesPeriodId* @@ -1374,7 +1374,7 @@ ADMX Info:
            -**Update/DeferQualityUpdatesPeriodInDays** +**Update/DeferQualityUpdatesPeriodInDays** The table below shows the applicability of Windows: @@ -1407,7 +1407,7 @@ Supported values are 0-30. -ADMX Info: +ADMX Info: - GP Friendly name: *Select when Quality Updates are received* - GP name: *DeferQualityUpdates* - GP element: *DeferQualityUpdatesPeriodId* @@ -1420,7 +1420,7 @@ ADMX Info:
            -**Update/DeferUpdatePeriod** +**Update/DeferUpdatePeriod** The table below shows the applicability of Windows: @@ -1448,7 +1448,7 @@ The table below shows the applicability of Windows: > [!NOTE] -> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices. +> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](../device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices. Allows IT Admins to specify update delays for up to four weeks. @@ -1468,7 +1468,7 @@ Update: - Maximum deferral: One month - Deferral increment: One week - Update type/notes: If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic: - + - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441 - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4 - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F @@ -1488,7 +1488,7 @@ Other/can't defer: -ADMX Info: +ADMX Info: - GP name: *DeferUpgrade* - GP element: *DeferUpdatePeriodId* - GP ADMX file name: *WindowsUpdate.admx* @@ -1499,7 +1499,7 @@ ADMX Info:
            -**Update/DeferUpgradePeriod** +**Update/DeferUpgradePeriod** The table below shows the applicability of Windows: @@ -1527,7 +1527,7 @@ The table below shows the applicability of Windows: > [!NOTE] -> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices. +> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](../device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices. Allows IT Admins to specify other upgrade delays for up to eight months. @@ -1539,7 +1539,7 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th -ADMX Info: +ADMX Info: - GP name: *DeferUpgrade* - GP element: *DeferUpgradePeriodId* - GP ADMX file name: *WindowsUpdate.admx* @@ -1550,7 +1550,7 @@ ADMX Info:
            -**Update/DetectionFrequency** +**Update/DetectionFrequency** The table below shows the applicability of Windows: @@ -1577,11 +1577,11 @@ The table below shows the applicability of Windows: -Specifies the scan frequency from every 1 - 22 hours with a random variant of 0 - 4 hours. Default is 22 hours. This policy should be enabled only when Update/UpdateServiceUrl is configured to point the device at a WSUS server rather than Microsoft Update. +Specifies the scan frequency from every 1 - 22 hours with a random variant of 0 - 4 hours. Default is 22 hours. This policy should be enabled only when Update/UpdateServiceUrl is configured to point the device at a WSUS server rather than Microsoft Update. -ADMX Info: +ADMX Info: - GP Friendly name: *Automatic Updates detection frequency* - GP name: *DetectionFrequency_Title* - GP element: *DetectionFrequency_Hour2* @@ -1594,7 +1594,7 @@ ADMX Info:
            -**Update/DisableDualScan** +**Update/DisableDualScan** The table below shows the applicability of Windows: @@ -1627,12 +1627,12 @@ For more information about dual scan, see [Demystifying "Dual Scan"](/archive/bl This setting is the same as the Group Policy in **Windows Components** > **Windows Update**: "Do not allow update deferral policies to cause scans against Windows Update." -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not allow update deferral policies to cause scans against Windows Update* - GP name: *DisableDualScan* - GP path: *Windows Components/Windows Update* @@ -1651,7 +1651,7 @@ The following list shows the supported values:
            -**Update/DisableWUfBSafeguards** +**Update/DisableWUfBSafeguards** The table below shows the applicability of Windows: @@ -1684,18 +1684,18 @@ Safeguard holds prevent a device with a known compatibility issue from being off The safeguard holds protection is provided by default to all the devices trying to update to a new Windows 10 Feature Update version via Windows Update. -IT admins can, if necessary, opt devices out of safeguard protections using this policy setting or via the "Disable safeguards for Feature Updates" Group Policy. +IT admins can, if necessary, opt devices out of safeguard protections using this policy setting or via the "Disable safeguards for Feature Updates" Group Policy. > [!NOTE] > Opting out of the safeguards can put devices at risk from known performance issues. We recommend opting out only in an IT environment for validation purposes. Further, you can leverage the Windows Insider Program for Business Release Preview Channel in order to validate the upcoming Windows 10 Feature Update version without the safeguards being applied. > -> The disable safeguards policy will revert to "Not Configured" on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft's default protection from known issues for each new feature update. +> The disable safeguards policy will revert to "Not Configured" on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft's default protection from known issues for each new feature update. > > Disabling safeguards doesn't guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade, as you're bypassing the protection given by Microsoft pertaining to known issues. -ADMX Info: +ADMX Info: - GP Friendly name: *Disable safeguards for Feature Updates* - GP name: *DisableWUfBSafeguards* - GP path: *Windows Components/Windows Update/Windows Update for Business* @@ -1714,7 +1714,7 @@ The following list shows the supported values:
            -**Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection** +**Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection** The table below shows the applicability of Windows: @@ -1741,13 +1741,13 @@ The table below shows the applicability of Windows: -To ensure the highest levels of security, we recommended using WSUS TLS certificate pinning on all devices. +To ensure the highest levels of security, we recommended using WSUS TLS certificate pinning on all devices. -By default, certificate pinning for Windows Update client isn't enforced. +By default, certificate pinning for Windows Update client isn't enforced. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow user proxy to be used as a fallback if detection using system proxy fails* - GP name: *Allow user proxy to be used as a fallback if detection using system proxy fails* - GP path: *Windows Update\SpecifyintranetMicrosoftupdateserviceLocation* @@ -1766,7 +1766,7 @@ The following list shows the supported values:
            -**Update/EngagedRestartDeadline** +**Update/EngagedRestartDeadline** The table below shows the applicability of Windows: @@ -1800,7 +1800,7 @@ The system will reboot on or after the specified deadline. The reboot is priorit > [!NOTE] > If Update/EngagedDeadline is the only policy set (Update/EngagedRestartTransitionSchedule and Update/EngagedRestartSnoozeSchedule aren't set), the behavior goes from reboot required -> engaged behavior -> forced reboot after deadline is reached with a 3-day snooze period. -Supporting value type is integer. +Supporting value type is integer. Default is 14. @@ -1817,7 +1817,7 @@ If any of the following policies are configured, this policy has no effect: -ADMX Info: +ADMX Info: - GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* - GP name: *EngagedRestartTransitionSchedule* - GP element: *EngagedRestartDeadline* @@ -1830,7 +1830,7 @@ ADMX Info:
            -**Update/EngagedRestartDeadlineForFeatureUpdates** +**Update/EngagedRestartDeadlineForFeatureUpdates** The table below shows the applicability of Windows: @@ -1859,7 +1859,7 @@ The table below shows the applicability of Windows: For Feature Updates, this policy specifies the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be executed automatically, within the specified period. -Supported value type is integer. +Supported value type is integer. Default is 14. @@ -1876,7 +1876,7 @@ If any of the following policies are configured, this policy has no effect: -ADMX Info: +ADMX Info: - GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* - GP name: *EngagedRestartTransitionSchedule* - GP element: *EngagedRestartDeadlineForFeatureUpdates* @@ -1889,7 +1889,7 @@ ADMX Info:
            -**Update/EngagedRestartSnoozeSchedule** +**Update/EngagedRestartSnoozeSchedule** The table below shows the applicability of Windows: @@ -1918,7 +1918,7 @@ The table below shows the applicability of Windows: For Quality Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1-3 days. -Supported value type is integer. +Supported value type is integer. Default is three days. @@ -1933,7 +1933,7 @@ If any of the following policies are configured, this policy has no effect: -ADMX Info: +ADMX Info: - GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* - GP name: *EngagedRestartTransitionSchedule* - GP element: *EngagedRestartSnoozeSchedule* @@ -1946,7 +1946,7 @@ ADMX Info:
            -**Update/EngagedRestartSnoozeScheduleForFeatureUpdates** +**Update/EngagedRestartSnoozeScheduleForFeatureUpdates** The table below shows the applicability of Windows: @@ -1975,7 +1975,7 @@ The table below shows the applicability of Windows: For Feature Updates, this policy specifies the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1-3 days. -Supported value type is integer. +Supported value type is integer. Default is three days. @@ -1990,7 +1990,7 @@ If any of the following policies are configured, this policy has no effect: -ADMX Info: +ADMX Info: - GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* - GP name: *EngagedRestartTransitionSchedule* - GP element: *EngagedRestartSnoozeScheduleForFeatureUpdates* @@ -2003,7 +2003,7 @@ ADMX Info:
            -**Update/EngagedRestartTransitionSchedule** +**Update/EngagedRestartTransitionSchedule** The table below shows the applicability of Windows: @@ -2032,11 +2032,11 @@ The table below shows the applicability of Windows: For Quality Updates, this policy specifies the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. -Supported value type is integer. +Supported value type is integer. Default value is 7 days. -Supported value range: 2 - 30. +Supported value range: 2 - 30. If you disable or don't configure this policy, the default behaviors will be used. @@ -2047,7 +2047,7 @@ If any of the following policies are configured, this policy has no effect: -ADMX Info: +ADMX Info: - GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* - GP name: *EngagedRestartTransitionSchedule* - GP element: *EngagedRestartTransitionSchedule* @@ -2060,7 +2060,7 @@ ADMX Info:
            -**Update/EngagedRestartTransitionScheduleForFeatureUpdates** +**Update/EngagedRestartTransitionScheduleForFeatureUpdates** The table below shows the applicability of Windows: @@ -2089,7 +2089,7 @@ The table below shows the applicability of Windows: For Feature Updates, this policy specifies the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. -Supported value type is integer. +Supported value type is integer. Default value is seven days. @@ -2104,7 +2104,7 @@ If any of the following policies are configured, this policy has no effect: -ADMX Info: +ADMX Info: - GP Friendly name: *Specify Engaged restart transition and notification schedule for updates* - GP name: *EngagedRestartTransitionSchedule* - GP element: *EngagedRestartTransitionScheduleForFeatureUpdates* @@ -2117,7 +2117,7 @@ ADMX Info:
            -**Update/ExcludeWUDriversInQualityUpdate** +**Update/ExcludeWUDriversInQualityUpdate** The table below shows the applicability of Windows: @@ -2149,7 +2149,7 @@ Allows IT Admins to exclude Windows Update (WU) drivers during updates. -ADMX Info: +ADMX Info: - GP Friendly name: *Do not include drivers with Windows Updates* - GP name: *ExcludeWUDriversInQualityUpdate* - GP path: *Windows Components/Windows Update* @@ -2168,7 +2168,7 @@ The following list shows the supported values:
            -**Update/FillEmptyContentUrls** +**Update/FillEmptyContentUrls** The table below shows the applicability of Windows: @@ -2202,7 +2202,7 @@ Allows Windows Update Agent to determine the download URL when it's missing from -ADMX Info: +ADMX Info: - GP Friendly name: *Specify intranet Microsoft update service location* - GP name: *CorpWuURL* - GP element: *CorpWUFillEmptyContentUrls* @@ -2222,7 +2222,7 @@ The following list shows the supported values:
            -**Update/IgnoreMOAppDownloadLimit** +**Update/IgnoreMOAppDownloadLimit** The table below shows the applicability of Windows: @@ -2249,7 +2249,7 @@ The table below shows the applicability of Windows: -Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. +Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] > Setting this policy might cause devices to incur costs from MO operators. @@ -2266,7 +2266,7 @@ The following list shows the supported values: To validate this policy: 1. Enable the policy and ensure the device is on a cellular network. -2. Run the scheduled task on your device to check for app updates in the background. For example, on a device, run the following commands in TShell: +2. Run the scheduled task on your device to check for app updates in the background. For example, on a device, run the following commands in TShell: ```TShell exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I' ``` @@ -2277,7 +2277,7 @@ To validate this policy:
            -**Update/IgnoreMOUpdateDownloadLimit** +**Update/IgnoreMOUpdateDownloadLimit** The table below shows the applicability of Windows: @@ -2304,7 +2304,7 @@ The table below shows the applicability of Windows: -Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. +Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] > Setting this policy might cause devices to incur costs from MO operators. @@ -2321,7 +2321,7 @@ The following list shows the supported values: To validate this policy: 1. Enable the policy and ensure the device is on a cellular network. -2. Run the scheduled task on your device to check for app updates in the background. For example, on a device, run the following commands in TShell: +2. Run the scheduled task on your device to check for app updates in the background. For example, on a device, run the following commands in TShell: ```TShell exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I' ``` @@ -2332,7 +2332,7 @@ To validate this policy:
            -**Update/ManagePreviewBuilds** +**Update/ManagePreviewBuilds** The table below shows the applicability of Windows: @@ -2359,13 +2359,13 @@ The table below shows the applicability of Windows: -Used to manage Windows 10 Insider Preview builds. +Used to manage Windows 10 Insider Preview builds. Supported value type is integer. -ADMX Info: +ADMX Info: - GP Friendly name: *Manage preview builds* - GP name: *ManagePreviewBuilds* - GP element: *ManagePreviewBuildsId* @@ -2386,7 +2386,7 @@ The following list shows the supported values:
            -**Update/NoUpdateNotificationDuringActiveHours** +**Update/NoUpdateNotificationDuringActiveHours** The table below shows the applicability of Windows: @@ -2417,12 +2417,12 @@ This policy can be used in conjunction with Update/ActiveHoursStart and Update/A Supported value type is a boolean. -0 (Default) This configuration will provide the default behavior (notifications may display during active hours) +0 (Default) This configuration will provide the default behavior (notifications may display during active hours) 1: This setting will prevent notifications from displaying during active hours. -ADMX Info: +ADMX Info: - GP Friendly name: *Display options for update notifications* - GP name: *NoUpdateNotificationDuringActiveHours* - GP element: *NoUpdateNotificationDuringActiveHours* @@ -2435,7 +2435,7 @@ ADMX Info: -**Update/PauseDeferrals** +**Update/PauseDeferrals** The table below shows the applicability of Windows: @@ -2463,7 +2463,7 @@ The table below shows the applicability of Windows: > [!NOTE] -> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices. +> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](../device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices. Allows IT Admins to pause updates and upgrades for up to five weeks. Paused deferrals will be reset after five weeks. @@ -2473,7 +2473,7 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th -ADMX Info: +ADMX Info: - GP name: *DeferUpgrade* - GP element: *PauseDeferralsId* - GP ADMX file name: *WindowsUpdate.admx* @@ -2491,7 +2491,7 @@ The following list shows the supported values:
            -**Update/PauseFeatureUpdates** +**Update/PauseFeatureUpdates** The table below shows the applicability of Windows: @@ -2523,7 +2523,7 @@ Allows IT Admins to pause feature updates for up to 35 days. We recommend that y -ADMX Info: +ADMX Info: - GP Friendly name: *Select when Preview Builds and Feature Updates are received* - GP name: *DeferFeatureUpdates* - GP element: *PauseFeatureUpdatesId* @@ -2543,7 +2543,7 @@ The following list shows the supported values:
            -**Update/PauseFeatureUpdatesStartTime** +**Update/PauseFeatureUpdatesStartTime** The table below shows the applicability of Windows: @@ -2570,14 +2570,14 @@ The table below shows the applicability of Windows: -Specifies the date and time when the IT admin wants to start pausing the Feature Updates. When this policy is configured, Feature Updates will be paused for 35 days from the specified start date. +Specifies the date and time when the IT admin wants to start pausing the Feature Updates. When this policy is configured, Feature Updates will be paused for 35 days from the specified start date. -- Supported value type is string (yyyy-mm-dd, ex. 2018-10-28). +- Supported value type is string (yyyy-mm-dd, ex. 2018-10-28). - Supported operations are Add, Get, Delete, and Replace. -ADMX Info: +ADMX Info: - GP Friendly name: *Select when Preview Builds and Feature Updates are received* - GP name: *DeferFeatureUpdates* - GP element: *PauseFeatureUpdatesStartId* @@ -2590,7 +2590,7 @@ ADMX Info:
            -**Update/PauseQualityUpdates** +**Update/PauseQualityUpdates** The table below shows the applicability of Windows: @@ -2621,7 +2621,7 @@ Allows IT Admins to pause quality updates. For those running Windows 10, version -ADMX Info: +ADMX Info: - GP Friendly name: *Select when Quality Updates are received* - GP name: *DeferQualityUpdates* - GP element: *PauseQualityUpdatesId* @@ -2641,7 +2641,7 @@ The following list shows the supported values:
            -**Update/PauseQualityUpdatesStartTime** +**Update/PauseQualityUpdatesStartTime** The table below shows the applicability of Windows: @@ -2668,14 +2668,14 @@ The table below shows the applicability of Windows: -Specifies the date and time when the IT admin wants to start pausing the Quality Updates. When this policy is configured, Quality Updates will be paused for 35 days from the specified start date. +Specifies the date and time when the IT admin wants to start pausing the Quality Updates. When this policy is configured, Quality Updates will be paused for 35 days from the specified start date. -- Supported value type is string (yyyy-mm-dd, ex. 2018-10-28). +- Supported value type is string (yyyy-mm-dd, ex. 2018-10-28). - Supported operations are Add, Get, Delete, and Replace. -ADMX Info: +ADMX Info: - GP Friendly name: *Select when Quality Updates are received* - GP name: *DeferQualityUpdates* - GP element: *PauseQualityUpdatesStartId* @@ -2688,7 +2688,7 @@ ADMX Info:
            -**Update/PhoneUpdateRestrictions** +**Update/PhoneUpdateRestrictions** This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead. @@ -2699,7 +2699,7 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
            -**Update/ProductVersion** +**Update/ProductVersion** The table below shows the applicability of Windows: @@ -2726,13 +2726,13 @@ The table below shows the applicability of Windows: -Available in Windows 10, version 2004 and later. Enables IT administrators to specify which product they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy to target a new product. +Available in Windows 10, version 2004 and later. Enables IT administrators to specify which product they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy to target a new product. If no product is specified, the device will continue receiving newer versions of the Windows product it's currently on. For details about different Windows 10 versions, see [release information](/windows/release-health/release-information). -ADMX Info: +ADMX Info: - GP Friendly name: *Select the target Feature Update version* - GP name: *TargetReleaseVersion* - GP element: *ProductVersion* @@ -2759,7 +2759,7 @@ By using this Windows Update for Business policy to upgrade devices to a new pro
            -**Update/RequireDeferUpgrade** +**Update/RequireDeferUpgrade** The table below shows the applicability of Windows: @@ -2787,13 +2787,13 @@ The table below shows the applicability of Windows: > [!NOTE] -> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. +> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](../device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. Allows the IT admin to set a device to General Availability Channel train. -ADMX Info: +ADMX Info: - GP name: *DeferUpgrade* - GP element: *DeferUpgradePeriodId* - GP ADMX file name: *WindowsUpdate.admx* @@ -2811,7 +2811,7 @@ The following list shows the supported values:
            -**Update/RequireUpdateApproval** +**Update/RequireUpdateApproval** The table below shows the applicability of Windows: @@ -2839,7 +2839,7 @@ The table below shows the applicability of Windows: > [!NOTE] -> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. +> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end user. EULAs are approved once an update is approved. @@ -2858,7 +2858,7 @@ The following list shows the supported values:
            -**Update/ScheduleImminentRestartWarning** +**Update/ScheduleImminentRestartWarning** The table below shows the applicability of Windows: @@ -2891,7 +2891,7 @@ The default value is 15 (minutes). -ADMX Info: +ADMX Info: - GP Friendly name: *Configure auto-restart warning notifications schedule for updates* - GP name: *RestartWarnRemind* - GP element: *RestartWarn* @@ -2908,7 +2908,7 @@ Supported values are 15, 30, or 60 (minutes).
            -**Update/ScheduleRestartWarning** +**Update/ScheduleRestartWarning** The table below shows the applicability of Windows: @@ -2944,7 +2944,7 @@ The default value is 4 (hours). -ADMX Info: +ADMX Info: - GP Friendly name: *Configure auto-restart warning notifications schedule for updates* - GP name: *RestartWarnRemind* - GP element: *RestartWarnRemind* @@ -2961,7 +2961,7 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
            -**Update/ScheduledInstallDay** +**Update/ScheduledInstallDay** The table below shows the applicability of Windows: @@ -2996,7 +2996,7 @@ Supported operations are Add, Delete, Get, and Replace. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Automatic Updates* - GP name: *AutoUpdateCfg* - GP element: *AutoUpdateSchDay* @@ -3022,7 +3022,7 @@ The following list shows the supported values:
            -**Update/ScheduledInstallEveryWeek** +**Update/ScheduledInstallEveryWeek** The table below shows the applicability of Windows: @@ -3049,9 +3049,9 @@ The table below shows the applicability of Windows: -Enables the IT admin to schedule the update installation on every week. +Enables the IT admin to schedule the update installation on every week. -Supported Value type is integer. +Supported Value type is integer. Supported values: - 0 - no update in the schedule. @@ -3060,7 +3060,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Automatic Updates* - GP name: *AutoUpdateCfg* - GP element: *AutoUpdateSchEveryWeek* @@ -3073,7 +3073,7 @@ ADMX Info:
            -**Update/ScheduledInstallFirstWeek** +**Update/ScheduledInstallFirstWeek** The table below shows the applicability of Windows: @@ -3100,9 +3100,9 @@ The table below shows the applicability of Windows: -Enables the IT admin to schedule the update installation on the first week of the month. +Enables the IT admin to schedule the update installation on the first week of the month. -Supported value type is integer. +Supported value type is integer. Supported values: - 0 - no update in the schedule. @@ -3111,7 +3111,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Automatic Updates* - GP name: *AutoUpdateCfg* - GP element: *AutoUpdateSchFirstWeek* @@ -3124,7 +3124,7 @@ ADMX Info:
            -**Update/ScheduledInstallFourthWeek** +**Update/ScheduledInstallFourthWeek** The table below shows the applicability of Windows: @@ -3151,9 +3151,9 @@ The table below shows the applicability of Windows: -Enables the IT admin to schedule the update installation on the fourth week of the month. +Enables the IT admin to schedule the update installation on the fourth week of the month. -Supported value type is integer. +Supported value type is integer. Supported values: - 0 - no update in the schedule. @@ -3162,7 +3162,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Automatic Updates* - GP name: *AutoUpdateCfg* - GP element: *ScheduledInstallFourthWeek* @@ -3175,7 +3175,7 @@ ADMX Info:
            -**Update/ScheduledInstallSecondWeek** +**Update/ScheduledInstallSecondWeek** The table below shows the applicability of Windows: @@ -3202,9 +3202,9 @@ The table below shows the applicability of Windows: -Enables the IT admin to schedule the update installation on the second week of the month. +Enables the IT admin to schedule the update installation on the second week of the month. -Supported vlue type is integer. +Supported vlue type is integer. Supported values: @@ -3214,7 +3214,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Automatic Updates* - GP name: *AutoUpdateCfg* - GP element: *ScheduledInstallSecondWeek* @@ -3227,7 +3227,7 @@ ADMX Info:
            -**Update/ScheduledInstallThirdWeek** +**Update/ScheduledInstallThirdWeek** The table below shows the applicability of Windows: @@ -3254,9 +3254,9 @@ The table below shows the applicability of Windows: -Enables the IT admin to schedule the update installation on the third week of the month. +Enables the IT admin to schedule the update installation on the third week of the month. -Supported value type is integer. +Supported value type is integer. Supported values: - 0 - no update in the schedule. @@ -3265,7 +3265,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Automatic Updates* - GP name: *AutoUpdateCfg* - GP element: *ScheduledInstallThirdWeek* @@ -3278,7 +3278,7 @@ ADMX Info:
            -**Update/ScheduledInstallTime** +**Update/ScheduledInstallTime** The table below shows the applicability of Windows: @@ -3317,7 +3317,7 @@ The default value is 3. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure Automatic Updates* - GP name: *AutoUpdateCfg* - GP element: *AutoUpdateSchTime* @@ -3330,7 +3330,7 @@ ADMX Info:
            -**Update/SetAutoRestartNotificationDisable** +**Update/SetAutoRestartNotificationDisable** The table below shows the applicability of Windows: @@ -3361,7 +3361,7 @@ Allows the IT Admin to disable autorestart notifications for update installation -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off auto-restart notifications for update installations* - GP name: *AutoRestartNotificationDisable* - GP element: *AutoRestartNotificationSchd* @@ -3381,7 +3381,7 @@ The following list shows the supported values:
            -**Update/SetDisablePauseUXAccess** +**Update/SetDisablePauseUXAccess** The table below shows the applicability of Windows: @@ -3410,15 +3410,15 @@ The table below shows the applicability of Windows: This policy allows the IT admin to disable the "Pause Updates" feature. When this policy is enabled, the user can't access the "Pause updates" feature. -Supported value type is integer. +Supported value type is integer. -Default is 0. +Default is 0. Supported values 0, 1. -ADMX Info: +ADMX Info: - GP name: *SetDisablePauseUXAccess* - GP ADMX file name: *WindowsUpdate.admx* @@ -3428,7 +3428,7 @@ ADMX Info:
            -**Update/SetDisableUXWUAccess** +**Update/SetDisableUXWUAccess** The table below shows the applicability of Windows: @@ -3457,15 +3457,15 @@ The table below shows the applicability of Windows: This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user can't access the Windows Update scan, download, and install features. -Supported value type is integer. +Supported value type is integer. -Default is 0. +Default is 0. Supported values 0, 1. -ADMX Info: +ADMX Info: - GP name: *SetDisableUXWUAccess* - GP ADMX file name: *WindowsUpdate.admx* @@ -3475,7 +3475,7 @@ ADMX Info:
            -**Update/SetEDURestart** +**Update/SetEDURestart** The table below shows the applicability of Windows: @@ -3508,7 +3508,7 @@ When you set this policy along with Update/ActiveHoursStart, Update/ActiveHoursE -ADMX Info: +ADMX Info: - GP Friendly name: *Update Power Policy for Cart Restarts* - GP name: *SetEDURestart* - GP path: *Windows Components/Windows Update* @@ -3527,7 +3527,7 @@ The following list shows the supported values:
            -**Update/SetPolicyDrivenUpdateSourceForDriverUpdates** +**Update/SetPolicyDrivenUpdateSourceForDriverUpdates** The table below shows the applicability of Windows: @@ -3554,7 +3554,7 @@ The table below shows the applicability of Windows: -Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. +Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, also configure the scan source policies for other update types: - SetPolicyDrivenUpdateSourceForFeatureUpdates @@ -3562,11 +3562,11 @@ If you configure this policy, also configure the scan source policies for other - SetPolicyDrivenUpdateSourceForOtherUpdates >[!NOTE] ->If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* - GP name: *SetPolicyDrivenUpdateSourceForDriver* - GP path: *Windows Components/Windows Update* @@ -3576,8 +3576,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download, and deploy Drivers from Windows Update. -- 1: Enabled, Detect, download, and deploy Drivers from Windows Server Update Server (WSUS). +- 0: (Default) Detect, download, and deploy Drivers from Windows Update. +- 1: Enabled, Detect, download, and deploy Drivers from Windows Server Update Server (WSUS). @@ -3585,7 +3585,7 @@ The following list shows the supported values:
            -**Update/SetPolicyDrivenUpdateSourceForFeatureUpdates** +**Update/SetPolicyDrivenUpdateSourceForFeatureUpdates** The table below shows the applicability of Windows: @@ -3612,7 +3612,7 @@ The table below shows the applicability of Windows: -Configure this policy to specify whether to receive Windows Feature Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. +Configure this policy to specify whether to receive Windows Feature Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, also configure the scan source policies for other update types: - SetPolicyDrivenUpdateSourceForQualityUpdates @@ -3620,11 +3620,11 @@ If you configure this policy, also configure the scan source policies for other - SetPolicyDrivenUpdateSourceForOtherUpdates >[!NOTE] ->If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* - GP name: *SetPolicyDrivenUpdateSourceForFeature* - GP path: *Windows Components/Windows Update* @@ -3634,8 +3634,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download, and deploy Feature Updates from Windows Update. -- 1: Enabled, Detect, download, and deploy Feature Updates from Windows Server Update Server (WSUS). +- 0: (Default) Detect, download, and deploy Feature Updates from Windows Update. +- 1: Enabled, Detect, download, and deploy Feature Updates from Windows Server Update Server (WSUS). @@ -3643,7 +3643,7 @@ The following list shows the supported values:
            -**Update/SetPolicyDrivenUpdateSourceForOtherUpdates** +**Update/SetPolicyDrivenUpdateSourceForOtherUpdates** The table below shows the applicability of Windows: @@ -3670,7 +3670,7 @@ The table below shows the applicability of Windows: -Configure this policy to specify whether to receive Other Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. +Configure this policy to specify whether to receive Other Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, also configure the scan source policies for other update types: - SetPolicyDrivenUpdateSourceForFeatureUpdates @@ -3678,11 +3678,11 @@ If you configure this policy, also configure the scan source policies for other - SetPolicyDrivenUpdateSourceForDriverUpdates >[!NOTE] ->If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* - GP name: *SetPolicyDrivenUpdateSourceForOther* - GP path: *Windows Components/Windows Update* @@ -3693,7 +3693,7 @@ ADMX Info: The following list shows the supported values: - 0: (Default) Detect, download, and deploy Other updates from Windows Update. -- 1: Enabled, Detect, download, and deploy Other updates from Windows Server Update Server (WSUS). +- 1: Enabled, Detect, download, and deploy Other updates from Windows Server Update Server (WSUS). @@ -3701,7 +3701,7 @@ The following list shows the supported values:
            -**Update/SetPolicyDrivenUpdateSourceForQualityUpdates** +**Update/SetPolicyDrivenUpdateSourceForQualityUpdates** The table below shows the applicability of Windows: @@ -3728,7 +3728,7 @@ The table below shows the applicability of Windows: -Configure this policy to specify whether to receive Windows Quality Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. +Configure this policy to specify whether to receive Windows Quality Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, also configure the scan source policies for other update types: - SetPolicyDrivenUpdateSourceForFeatureUpdates @@ -3736,11 +3736,11 @@ If you configure this policy, also configure the scan source policies for other - SetPolicyDrivenUpdateSourceForOtherUpdates >[!NOTE] ->If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* - GP name: *SetPolicyDrivenUpdateSourceForQuality* - GP path: *Windows Components/Windows Update* @@ -3750,8 +3750,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download, and deploy Quality Updates from Windows Update. -- 1: Enabled, Detect, download, and deploy Quality Updates from Windows Server Update Server (WSUS). +- 0: (Default) Detect, download, and deploy Quality Updates from Windows Update. +- 1: Enabled, Detect, download, and deploy Quality Updates from Windows Server Update Server (WSUS). @@ -3759,7 +3759,7 @@ The following list shows the supported values:
            -**Update/SetProxyBehaviorForUpdateDetection** +**Update/SetProxyBehaviorForUpdateDetection** The table below shows the applicability of Windows: @@ -3792,7 +3792,7 @@ This policy setting doesn't impact those customers who have, per Microsoft recom -ADMX Info: +ADMX Info: - GP Friendly name: *Select the proxy behavior for Windows Update client for detecting updates with non-TLS (HTTP) based service* - GP name: *Select the proxy behavior* - GP element: *Select the proxy behavior* @@ -3804,7 +3804,7 @@ ADMX Info: The following list shows the supported values: - 0 (default) - Allow system proxy only for HTTP scans. -- 1 - Allow user proxy to be used as a fallback if detection using system proxy fails. +- 1 - Allow user proxy to be used as a fallback if detection using system proxy fails. > [!NOTE] > Configuring this policy setting to 1 exposes your environment to potential security risk and makes scans unsecure. @@ -3815,7 +3815,7 @@ The following list shows the supported values:
            -**Update/TargetReleaseVersion** +**Update/TargetReleaseVersion** The table below shows the applicability of Windows: @@ -3846,7 +3846,7 @@ Available in Windows 10, version 1803 and later. Enables IT administrators to sp -ADMX Info: +ADMX Info: - GP Friendly name: *Select the target Feature Update version* - GP name: *TargetReleaseVersion* - GP element: *TargetReleaseVersionInfo* @@ -3868,7 +3868,7 @@ Supported value type is a string containing Windows 10 version number. For examp
            -**Update/UpdateNotificationLevel** +**Update/UpdateNotificationLevel** The table below shows the applicability of Windows: @@ -3897,7 +3897,7 @@ The table below shows the applicability of Windows: Display options for update notifications. This policy allows you to define what Windows Update notifications users see. This policy doesn't control how and when updates are downloaded and installed. -Options: +Options: - 0 (default) - Use the default Windows Update notifications. - 1 - Turn off all notifications, excluding restart warnings. @@ -3908,7 +3908,7 @@ Options: -ADMX Info: +ADMX Info: - GP Friendly name: *Display options for update notifications* - GP name: *UpdateNotificationLevel* - GP path: *Windows Components/Windows Update* @@ -3929,7 +3929,7 @@ ADMX Info:
            -**Update/UpdateServiceUrl** +**Update/UpdateServiceUrl** The table below shows the applicability of Windows: @@ -3965,7 +3965,7 @@ Supported operations are Get and Replace. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify intranet Microsoft update service location* - GP name: *CorpWuURL* - GP element: *CorpWUURL_Name* @@ -4005,7 +4005,7 @@ Example
            -**Update/UpdateServiceUrlAlternate** +**Update/UpdateServiceUrlAlternate** The table below shows the applicability of Windows: @@ -4041,13 +4041,13 @@ To use this setting, you must set two server name values: the server from which Supported value type is string and the default value is an empty string, "". If the setting isn't configured, and if Automatic Updates isn't disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. > [!NOTE] -> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect. -> If the "Alternate Download Server" Group Policy isn't set, it will use the WSUS server by default to download updates. +> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect. +> If the "Alternate Download Server" Group Policy isn't set, it will use the WSUS server by default to download updates. > This policy isn't supported on Windows RT. Setting this policy won't have any effect on Windows RT PCs. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify intranet Microsoft update service location* - GP name: *CorpWuURL* - GP element: *CorpWUContentHost_Name* diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 628076c675..a4779f0075 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 11/24/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -50,7 +50,7 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s ```xml *S-1-5-32-544 ``` - + - Grant a user right to multiple groups (Administrators, Authenticated Users) via SID: ```xml *S-1-5-32-544*S-1-5-11 @@ -60,7 +60,7 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s ```xml *S-1-5-32-544Authenticated Users ``` - + - Grant a user right to multiple groups (Authenticated Users, Administrators) via strings: ```xml Authenticated UsersAdministrators @@ -70,7 +70,7 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s ```xml ``` - + If you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag (``) to wrap the data fields. You can specify one or more user groups within the CDATA tag by using 0xF000 as the delimiter/separator. > [!NOTE] @@ -441,9 +441,9 @@ This user right determines which users and groups can change the time and date o > [!CAUTION] > Configuring user rights replaces existing users or groups previously assigned to those user rights. The system requires that Local Service account (SID S-1-5-19) always has the ChangeSystemTime right. Therefore, Local Service must always be specified in addition to any other accounts being configured in this policy. -> +> > Not including the Local Service account will result in failure with the following error: -> +> > | Error code | Symbolic name | Error description | Header | > |----------|----------|----------|----------| > | 0x80070032 (Hex)|ERROR_NOT_SUPPORTED|The request isn't supported.| winerror.h | @@ -965,7 +965,7 @@ Assigning this user right to a user allows programs running on behalf of that us > Assigning this user right can be a security risk. Assign this user right to trusted users only. > [!NOTE] -> By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. +> By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 1. The access token that is being impersonated is for this user. 1. The user, in this sign-in session, created the access token by signing in to the network with explicit credentials. diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md index 1647ce615c..11630b2ae4 100644 --- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md +++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 11/25/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -31,7 +31,7 @@ manager: aaroncz
            -**VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity** +**VirtualizationBasedTechnology/HypervisorEnforcedCodeIntegrity** The table below shows the applicability of Windows: @@ -82,7 +82,7 @@ The following are the supported values:
            -**VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable** +**VirtualizationBasedTechnology/RequireUEFIMemoryAttributesTable** The table below shows the applicability of Windows: diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 8d71416429..6c4a95d9d8 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,7 +18,7 @@ manager: aaroncz
            -## Wifi policies +## Wifi policies
            @@ -48,7 +48,7 @@ manager: aaroncz
            -**WiFi/AllowWiFiHotSpotReporting** +**WiFi/AllowWiFiHotSpotReporting**
            @@ -61,7 +61,7 @@ This policy has been deprecated.
            -**Wifi/AllowAutoConnectToWiFiSenseHotspots** +**Wifi/AllowAutoConnectToWiFiSenseHotspots** @@ -93,7 +93,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services* - GP name: *WiFiSense* - GP path: *Network/WLAN Service/WLAN Settings* @@ -112,7 +112,7 @@ The following list shows the supported values:
            -**Wifi/AllowInternetSharing** +**Wifi/AllowInternetSharing** @@ -144,7 +144,7 @@ Most restricted value is 0. -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit use of Internet Connection Sharing on your DNS domain network* - GP name: *NC_ShowSharedAccessUI* - GP path: *Network/Network Connections* @@ -163,7 +163,7 @@ The following list shows the supported values:
            -**Wifi/AllowManualWiFiConfiguration** +**Wifi/AllowManualWiFiConfiguration** @@ -209,7 +209,7 @@ The following list shows the supported values:
            -**Wifi/AllowWiFi** +**Wifi/AllowWiFi** @@ -252,7 +252,7 @@ The following list shows the supported values:
            -**Wifi/AllowWiFiDirect** +**Wifi/AllowWiFiDirect** @@ -293,7 +293,7 @@ The following list shows the supported values:
            -**Wifi/WLANScanMode** +**Wifi/WLANScanMode** diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md index 80be71fb1a..9ced4af382 100644 --- a/windows/client-management/mdm/policy-csp-windowsautopilot.md +++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 11/25/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -19,7 +19,7 @@ manager: aaroncz
            -## WindowsAutoPilot policies +## WindowsAutoPilot policies
            @@ -31,7 +31,7 @@ manager: aaroncz
            -**WindowsAutoPilot/EnableAgilityPostEnrollment** +**WindowsAutoPilot/EnableAgilityPostEnrollment** diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index 8ebc7d88fe..1365e72a03 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## WindowsConnectionManager policies +## WindowsConnectionManager policies
            @@ -29,7 +29,7 @@ manager: aaroncz
            -**WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork** +**WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork** The table below shows the applicability of Windows: @@ -74,14 +74,14 @@ If this policy setting isn't configured or is disabled, computers are allowed to > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP Friendly name: *Prohibit connection to non-domain networks when connected to domain authenticated network* - GP name: *WCM_BlockNonDomain* - GP path: *Network/Windows Connection Manager* diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 874ba7b1ce..cac7ae5d62 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -18,7 +18,7 @@ manager: aaroncz -## WindowsDefenderSecurityCenter policies +## WindowsDefenderSecurityCenter policies
            @@ -92,7 +92,7 @@ manager: aaroncz
            -**WindowsDefenderSecurityCenter/CompanyName** +**WindowsDefenderSecurityCenter/CompanyName** The table below shows the applicability of Windows: @@ -121,13 +121,13 @@ The table below shows the applicability of Windows: The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display the contact options. -- Supported value type is string. +- Supported value type is string. - Supported operations are Add, Get, Replace and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify contact company name* - GP name: *EnterpriseCustomization_CompanyName* - GP element: *Presentation_EnterpriseCustomization_CompanyName* @@ -140,7 +140,7 @@ ADMX Info:
            -**WindowsDefenderSecurityCenter/DisableAccountProtectionUI** +**WindowsDefenderSecurityCenter/DisableAccountProtectionUI** The table below shows the applicability of Windows: @@ -171,7 +171,7 @@ Use this policy setting to specify if to display the Account protection area in -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the Account protection area* - GP name: *AccountProtection_UILockdown* - GP path: *Windows Components/Windows Defender Security Center/Account protection* @@ -190,7 +190,7 @@ Valid values:
            -**WindowsDefenderSecurityCenter/DisableAppBrowserUI** +**WindowsDefenderSecurityCenter/DisableAppBrowserUI** The table below shows the applicability of Windows: @@ -219,12 +219,12 @@ The table below shows the applicability of Windows: Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area. -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the App and browser protection area* - GP name: *AppBrowserProtection_UILockdown* - GP path: *Windows Components/Windows Defender Security Center/App and browser protection* @@ -243,7 +243,7 @@ The following list shows the supported values:
            -**WindowsDefenderSecurityCenter/DisableClearTpmButton** +**WindowsDefenderSecurityCenter/DisableClearTpmButton** The table below shows the applicability of Windows: @@ -283,7 +283,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Disable the Clear TPM button* - GP name: *DeviceSecurity_DisableClearTpmButton* - GP path: *Windows Components/Windows Security/Device security* @@ -304,7 +304,7 @@ ADMX Info:
            -**WindowsDefenderSecurityCenter/DisableDeviceSecurityUI** +**WindowsDefenderSecurityCenter/DisableDeviceSecurityUI** The table below shows the applicability of Windows: @@ -335,7 +335,7 @@ Use this policy setting if you want to disable the display of the Device securit -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the Device security area* - GP name: *DeviceSecurity_UILockdown* - GP path: *Windows Components/Windows Defender Security Center/Device security* @@ -354,7 +354,7 @@ Valid values:
            -**WindowsDefenderSecurityCenter/DisableEnhancedNotifications** +**WindowsDefenderSecurityCenter/DisableEnhancedNotifications** The table below shows the applicability of Windows: @@ -386,12 +386,12 @@ Use this policy if you want Windows Defender Security Center to only display not > [!NOTE] > If Suppress notification is enabled then users won't see critical or non-critical messages. -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Hide non-critical notifications* - GP name: *Notifications_DisableEnhancedNotifications* - GP path: *Windows Components/Windows Defender Security Center/Notifications* @@ -410,7 +410,7 @@ The following list shows the supported values:
            -**WindowsDefenderSecurityCenter/DisableFamilyUI** +**WindowsDefenderSecurityCenter/DisableFamilyUI** The table below shows the applicability of Windows: @@ -439,12 +439,12 @@ The table below shows the applicability of Windows: Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area. -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the Family options area* - GP name: *FamilyOptions_UILockdown* - GP path: *Windows Components/Windows Defender Security Center/Family options* @@ -463,7 +463,7 @@ The following list shows the supported values:
            -**WindowsDefenderSecurityCenter/DisableHealthUI** +**WindowsDefenderSecurityCenter/DisableHealthUI** The table below shows the applicability of Windows: @@ -492,12 +492,12 @@ The table below shows the applicability of Windows: Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area. -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the Device performance and health area* - GP name: *DevicePerformanceHealth_UILockdown* - GP path: *Windows Components/Windows Defender Security Center/Device performance and health* @@ -516,7 +516,7 @@ The following list shows the supported values:
            -**WindowsDefenderSecurityCenter/DisableNetworkUI** +**WindowsDefenderSecurityCenter/DisableNetworkUI** The table below shows the applicability of Windows: @@ -545,12 +545,12 @@ The table below shows the applicability of Windows: Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area. -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the Firewall and network protection area* - GP name: *FirewallNetworkProtection_UILockdown* - GP path: *Windows Components/Windows Defender Security Center/Firewall and network protection* @@ -569,7 +569,7 @@ The following list shows the supported values:
            -**WindowsDefenderSecurityCenter/DisableNotifications** +**WindowsDefenderSecurityCenter/DisableNotifications** The table below shows the applicability of Windows: @@ -598,12 +598,12 @@ The table below shows the applicability of Windows: Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or don't configure this setting, Windows Defender Security Center notifications will display on devices. -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Hide all notifications* - GP name: *Notifications_DisableNotifications* - GP path: *Windows Components/Windows Defender Security Center/Notifications* @@ -622,7 +622,7 @@ The following list shows the supported values:
            -**WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning** +**WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning** The table below shows the applicability of Windows: @@ -662,7 +662,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the TPM Firmware Update recommendation.* - GP name: *DeviceSecurity_DisableTpmFirmwareUpdateWarning* - GP path: *Windows Components/Windows Security/Device security* @@ -683,7 +683,7 @@ ADMX Info:
            -**WindowsDefenderSecurityCenter/DisableVirusUI** +**WindowsDefenderSecurityCenter/DisableVirusUI** The table below shows the applicability of Windows: @@ -712,12 +712,12 @@ The table below shows the applicability of Windows: Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or don't configure this setting, Windows Defender Security Center will display this area. -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the Virus and threat protection area* - GP name: *VirusThreatProtection_UILockdown* - GP path: *Windows Components/Windows Defender Security Center/Virus and threat protection* @@ -736,7 +736,7 @@ The following list shows the supported values:
            -**WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride** +**WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride** The table below shows the applicability of Windows: @@ -765,12 +765,12 @@ The table below shows the applicability of Windows: Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or don't configure this setting, local users can make changes in the exploit protection settings area. -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Prevent users from modifying settings* - GP name: *AppBrowserProtection_DisallowExploitProtectionOverride* - GP path: *Windows Components/Windows Defender Security Center/App and browser protection* @@ -789,7 +789,7 @@ The following list shows the supported values:
            -**WindowsDefenderSecurityCenter/Email** +**WindowsDefenderSecurityCenter/Email** The table below shows the applicability of Windows: @@ -818,12 +818,12 @@ The table below shows the applicability of Windows: The email address that is displayed to users. The default mail application is used to initiate email actions. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options. -- Supported value type is string. +- Supported value type is string. - Supported operations are Add, Get, Replace and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify contact email address or Email ID* - GP name: *EnterpriseCustomization_Email* - GP element: *Presentation_EnterpriseCustomization_Email* @@ -836,7 +836,7 @@ ADMX Info:
            -**WindowsDefenderSecurityCenter/EnableCustomizedToasts** +**WindowsDefenderSecurityCenter/EnableCustomizedToasts** The table below shows the applicability of Windows: @@ -865,12 +865,12 @@ The table below shows the applicability of Windows: Enable this policy to display your company name and contact options in the notifications. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text. -- Supported value type is integer. +- Supported value type is integer. - Supported operations are Add, Get, Replace, and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure customized notifications* - GP name: *EnterpriseCustomization_EnableCustomizedToasts* - GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization* @@ -889,7 +889,7 @@ The following list shows the supported values:
            -**WindowsDefenderSecurityCenter/EnableInAppCustomization** +**WindowsDefenderSecurityCenter/EnableInAppCustomization** The table below shows the applicability of Windows: @@ -918,12 +918,12 @@ The table below shows the applicability of Windows: Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or don't configure this setting, or don't provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center won't display the contact card fly out notification. -- Support value type is integer. +- Support value type is integer. - Supported operations are Add, Get, Replace, and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Configure customized contact information* - GP name: *EnterpriseCustomization_EnableInAppCustomization* - GP path: *Windows Components/Windows Defender Security Center/Enterprise Customization* @@ -942,7 +942,7 @@ The following list shows the supported values:
            -**WindowsDefenderSecurityCenter/HideRansomwareDataRecovery** +**WindowsDefenderSecurityCenter/HideRansomwareDataRecovery** The table below shows the applicability of Windows: @@ -973,7 +973,7 @@ Use this policy setting to hide the Ransomware data recovery area in Windows Def -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the Ransomware data recovery area* - GP name: *VirusThreatProtection_HideRansomwareRecovery* - GP path: *Windows Components/Windows Defender Security Center/Virus and threat protection* @@ -992,7 +992,7 @@ Valid values:
            -**WindowsDefenderSecurityCenter/HideSecureBoot** +**WindowsDefenderSecurityCenter/HideSecureBoot** The table below shows the applicability of Windows: @@ -1023,7 +1023,7 @@ Use this policy to hide the Secure boot area in the Windows Defender Security Ce -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the Secure boot area* - GP name: *DeviceSecurity_HideSecureBoot* - GP path: *Windows Components/Windows Defender Security Center/Device security* @@ -1042,7 +1042,7 @@ Valid values:
            -**WindowsDefenderSecurityCenter/HideTPMTroubleshooting** +**WindowsDefenderSecurityCenter/HideTPMTroubleshooting** The table below shows the applicability of Windows: @@ -1073,7 +1073,7 @@ Use this policy to hide the Security processor (TPM) troubleshooting area in the -ADMX Info: +ADMX Info: - GP Friendly name: *Hide the Security processor (TPM) troubleshooter page* - GP name: *DeviceSecurity_HideTPMTroubleshooting* - GP path: *Windows Components/Windows Defender Security Center/Device security* @@ -1092,7 +1092,7 @@ Valid values:
            -**WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl** +**WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl** The table below shows the applicability of Windows: @@ -1134,7 +1134,7 @@ Supported values: -ADMX Info: +ADMX Info: - GP Friendly name: *Hide Windows Security Systray* - GP name: *Systray_HideSystray* - GP path: *Windows Components/Windows Security/Systray* @@ -1155,7 +1155,7 @@ ADMX Info:
            -**WindowsDefenderSecurityCenter/Phone** +**WindowsDefenderSecurityCenter/Phone** The table below shows the applicability of Windows: @@ -1184,12 +1184,12 @@ The table below shows the applicability of Windows: The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices won't display contact options. -- Supported value type is string. +- Supported value type is string. - Supported operations are Add, Get, Replace, and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify contact phone number or Skype ID* - GP name: *EnterpriseCustomization_Phone* - GP element: *Presentation_EnterpriseCustomization_Phone* @@ -1202,7 +1202,7 @@ ADMX Info:
            -**WindowsDefenderSecurityCenter/URL** +**WindowsDefenderSecurityCenter/URL** The table below shows the applicability of Windows: @@ -1231,12 +1231,12 @@ The table below shows the applicability of Windows: The help portal URL that is displayed to users. The default browser is used to initiate this action. If you disable or don't configure this setting, or don't have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device won't display contact options. -- Supported value type is string. +- Supported value type is string. - Supported operations are Add, Get, Replace, and Delete. -ADMX Info: +ADMX Info: - GP Friendly name: *Specify contact website* - GP name: *EnterpriseCustomization_URL* - GP element: *Presentation_EnterpriseCustomization_URL* diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 6879085541..97e61809eb 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## WindowsInkWorkspace policies +## WindowsInkWorkspace policies
            @@ -31,7 +31,7 @@ manager: aaroncz
            -**WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace** +**WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace** The table below shows the applicability of Windows: @@ -62,7 +62,7 @@ Show recommended app suggestions in the ink workspace. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow suggested apps in Windows Ink Workspace* - GP name: *AllowSuggestedAppsInWindowsInkWorkspace* - GP path: *Windows Components/Windows Ink Workspace* @@ -81,7 +81,7 @@ The following list shows the supported values:
            -**WindowsInkWorkspace/AllowWindowsInkWorkspace** +**WindowsInkWorkspace/AllowWindowsInkWorkspace** The table below shows the applicability of Windows: @@ -112,7 +112,7 @@ Specifies whether to allow the user to access the ink workspace. -ADMX Info: +ADMX Info: - GP Friendly name: *Allow Windows Ink Workspace* - GP name: *AllowWindowsInkWorkspace* - GP element: *AllowWindowsInkWorkspaceDropdown* diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 0bc134a4cc..0c5e572c58 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## WindowsLogon policies +## WindowsLogon policies
            @@ -47,16 +47,16 @@ manager: aaroncz
            > [!TIP] -> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
            -**WindowsLogon/AllowAutomaticRestartSignOn** +**WindowsLogon/AllowAutomaticRestartSignOn** The table below shows the applicability of Windows: @@ -98,7 +98,7 @@ If you disable this policy setting, the device doesn't configure automatic sign -ADMX Info: +ADMX Info: - GP Friendly name: *Sign-in and lock last interactive user automatically after a restart* - GP name: *AutomaticRestartSignOn* - GP path: *Windows Components/Windows Logon Options* @@ -119,7 +119,7 @@ ADMX Info:
            -**WindowsLogon/ConfigAutomaticRestartSignOn** +**WindowsLogon/ConfigAutomaticRestartSignOn** The table below shows the applicability of Windows: @@ -150,7 +150,7 @@ This policy setting controls the configuration under which an automatic restart, If you enable this policy setting, you can choose one of the following two options: -- Enabled if BitLocker is on and not suspended: Specifies that automatic sign in and lock occurs only if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device’s hard drive at this time if BitLocker isn't on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components. +- Enabled if BitLocker is on and not suspended: Specifies that automatic sign in and lock occurs only if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device’s hard drive at this time if BitLocker isn't on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components. BitLocker is suspended during updates if: - The device doesn't have TPM 2.0 and PCR7 - The device doesn't use a TPM-only protector @@ -161,7 +161,7 @@ If you disable or don't configure this setting, automatic sign in defaults to th -ADMX Info: +ADMX Info: - GP Friendly name: *Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot* - GP name: *ConfigAutomaticRestartSignOn* - GP path: *Windows Components/Windows Logon Options* @@ -182,7 +182,7 @@ ADMX Info:
            -**WindowsLogon/DisableLockScreenAppNotifications** +**WindowsLogon/DisableLockScreenAppNotifications** The table below shows the applicability of Windows: @@ -218,7 +218,7 @@ If you disable or don't configure this policy setting, users can choose which ap -ADMX Info: +ADMX Info: - GP Friendly name: *Turn off app notifications on the lock screen* - GP name: *DisableLockScreenAppNotifications* - GP path: *System/Logon* @@ -230,7 +230,7 @@ ADMX Info:
            -**WindowsLogon/DontDisplayNetworkSelectionUI** +**WindowsLogon/DontDisplayNetworkSelectionUI** The table below shows the applicability of Windows: @@ -291,7 +291,7 @@ Here's an example to enable this policy: -ADMX Info: +ADMX Info: - GP Friendly name: *Do not display network selection UI* - GP name: *DontDisplayNetworkSelectionUI* - GP path: *System/Logon* @@ -303,7 +303,7 @@ ADMX Info:
            -**WindowsLogon/EnableFirstLogonAnimation** +**WindowsLogon/EnableFirstLogonAnimation** The table below shows the applicability of Windows: @@ -343,7 +343,7 @@ If you don't configure this policy setting, the user who completes the initial W -ADMX Info: +ADMX Info: - GP Friendly name: *Show first sign-in animation* - GP name: *EnableFirstLogonAnimation* - GP path: *System/Logon* @@ -351,7 +351,7 @@ ADMX Info: -Supported values: +Supported values: - 0 - disabled - 1 - enabled @@ -366,7 +366,7 @@ Supported values:
            -**WindowsLogon/EnableMPRNotifications** +**WindowsLogon/EnableMPRNotifications** The table below shows the applicability of Windows: @@ -401,7 +401,7 @@ If you enable (1) or do not configure this policy setting this policy, MPR notif -Supported values: +Supported values: - 0 - disabled - 1 (default)- enabled @@ -412,7 +412,7 @@ Supported values:
            -**WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers** +**WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers** The table below shows the applicability of Windows: @@ -439,7 +439,7 @@ The table below shows the applicability of Windows: -This policy setting allows local users to be enumerated on domain-joined computers. +This policy setting allows local users to be enumerated on domain-joined computers. If you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers. @@ -448,7 +448,7 @@ If you disable or don't configure this policy setting, the Logon UI won't enumer -ADMX Info: +ADMX Info: - GP Friendly name: *Enumerate local users on domain-joined computers* - GP name: *EnumerateLocalUsers* - GP path: *System/Logon* @@ -460,7 +460,7 @@ ADMX Info:
            -**WindowsLogon/HideFastUserSwitching** +**WindowsLogon/HideFastUserSwitching** The table below shows the applicability of Windows: @@ -491,7 +491,7 @@ This policy setting allows you to hide the Switch account button on the sign-in -ADMX Info: +ADMX Info: - GP Friendly name: *Hide entry points for Fast User Switching* - GP name: *HideFastUserSwitching* - GP path: *System/Logon* diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index e03c8cee0e..97687279b6 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## WindowsPowerShell policies +## WindowsPowerShell policies
            @@ -29,7 +29,7 @@ manager: aaroncz
            -**WindowsPowerShell/TurnOnPowerShellScriptBlockLogging** +**WindowsPowerShell/TurnOnPowerShellScriptBlockLogging** The table below shows the applicability of Windows: @@ -68,14 +68,14 @@ If you enable the Script Block Invocation Logging, PowerShell additionally logs > [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). +> > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). -ADMX Info: +ADMX Info: - GP Friendly name: *Turn on PowerShell Script Block Logging* - GP name: *EnableScriptBlockLogging* - GP path: *Windows Components/Windows PowerShell* diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index b66b784a64..614d5d9496 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -16,7 +16,7 @@ ms.date: 10/14/2020
            -## WindowsSandbox policies +## WindowsSandbox policies
            @@ -71,14 +71,14 @@ The table below shows the applicability of Windows: -This policy setting allows the IT admin to enable or disable audio input to the Sandbox. +This policy setting allows the IT admin to enable or disable audio input to the Sandbox. > [!NOTE] > There may be security implications of exposing host audio input to the container. -If this policy isn't configured, end-users get the default behavior (audio input enabled). +If this policy isn't configured, end-users get the default behavior (audio input enabled). -If audio input is disabled, a user won't be able to enable audio input from their own configuration file. +If audio input is disabled, a user won't be able to enable audio input from their own configuration file. If audio input is enabled, a user will be able to disable audio input from their own configuration file to make the device more secure. @@ -91,12 +91,12 @@ ADMX Info: - GP Friendly name: *Allow audio input in Windows Sandbox* - GP name: *AllowAudioInput* -- GP path: *Windows Components/Windows Sandbox* +- GP path: *Windows Components/Windows Sandbox* - GP ADMX file name: *WindowsSandbox.admx* -The following are the supported values: +The following are the supported values: - 0 - Disabled - 1 (default) - Enabled @@ -114,7 +114,7 @@ The following are the supported values: -**WindowsSandbox/AllowClipboardRedirection** +**WindowsSandbox/AllowClipboardRedirection** Available in the latest Windows 10 insider preview build. @@ -145,9 +145,9 @@ The table below shows the applicability of Windows: This policy setting allows the IT admin to enable or disable sharing of the host clipboard with the sandbox. -If this policy isn't configured, end-users get the default behavior (clipboard redirection enabled). +If this policy isn't configured, end-users get the default behavior (clipboard redirection enabled). -If clipboard sharing is disabled, a user won't be able to enable clipboard sharing from their own configuration file. +If clipboard sharing is disabled, a user won't be able to enable clipboard sharing from their own configuration file. If clipboard sharing is enabled, a user will be able to disable clipboard sharing from their own configuration file to make the device more secure. @@ -165,7 +165,7 @@ ADMX Info: -The following are the supported values: +The following are the supported values: - 0 - Disabled - 1 (default) - Enabled @@ -183,7 +183,7 @@ The following are the supported values:
            -**WindowsSandbox/AllowNetworking** +**WindowsSandbox/AllowNetworking** Available in the latest Windows 10 insider preview build. @@ -234,7 +234,7 @@ ADMX Info: -The following are the supported values: +The following are the supported values: - 0 - Disabled - 1 (default) - Enabled @@ -250,7 +250,7 @@ The following are the supported values:
            -**WindowsSandbox/AllowPrinterRedirection** +**WindowsSandbox/AllowPrinterRedirection** Available in the latest Windows 10 insider preview build. @@ -281,9 +281,9 @@ The table below shows the applicability of Windows: This policy setting allows the IT admin to enable or disable printer sharing from the host into the Sandbox. -If this policy isn't configured, end-users get the default behavior (printer sharing disabled). +If this policy isn't configured, end-users get the default behavior (printer sharing disabled). -If printer sharing is disabled, a user won't be able to enable printer sharing from their own configuration file. +If printer sharing is disabled, a user won't be able to enable printer sharing from their own configuration file. If printer sharing is enabled, a user will be able to disable printer sharing from their own configuration file to make the device more secure. @@ -296,7 +296,7 @@ ADMX Info: - GP Friendly name: *Allow printer sharing with Windows Sandbox* - GP name: *AllowPrinterRedirection* -- GP path: *Windows Components/Windows Sandbox* +- GP path: *Windows Components/Windows Sandbox* - GP ADMX file name: *WindowsSandbox.admx* @@ -318,7 +318,7 @@ The following are the supported values:
            -**WindowsSandbox/AllowVGPU** +**WindowsSandbox/AllowVGPU** Available in the latest Windows 10 insider preview build. @@ -350,11 +350,11 @@ The table below shows the applicability of Windows: This policy setting allows the IT admin to enable or disable virtualized GPU for Windows Sandbox. > [!NOTE] -> Enabling virtualized GPU can potentially increase the attack surface of Windows Sandbox. +> Enabling virtualized GPU can potentially increase the attack surface of Windows Sandbox. -If this policy isn't configured, end-users get the default behavior (vGPU is disabled). +If this policy isn't configured, end-users get the default behavior (vGPU is disabled). -If vGPU is disabled, a user won't be able to enable vGPU support from their own configuration file. +If vGPU is disabled, a user won't be able to enable vGPU support from their own configuration file. If vGPU is enabled, a user will be able to disable vGPU support from their own configuration file to make the device more secure. @@ -389,7 +389,7 @@ The following are the supported values:
            -**WindowsSandbox/AllowVideoInput** +**WindowsSandbox/AllowVideoInput** Available in the latest Windows 10 insider preview build. @@ -418,14 +418,14 @@ The table below shows the applicability of Windows: -This policy setting allows the IT admin to enable or disable video input to the Sandbox. +This policy setting allows the IT admin to enable or disable video input to the Sandbox. > [!NOTE] > There may be security implications of exposing host video input to the container. -If this policy isn't configured, users get the default behavior (video input disabled). +If this policy isn't configured, users get the default behavior (video input disabled). -If video input is disabled, users won't be able to enable video input from their own configuration file. +If video input is disabled, users won't be able to enable video input from their own configuration file. If video input is enabled, users will be able to disable video input from their own configuration file to make the device more secure. @@ -434,7 +434,7 @@ If video input is enabled, users will be able to disable video input from their -ADMX Info: +ADMX Info: - GP Friendly name: *Allow video input in Windows Sandbox* - GP name: *AllowVideoInput* - GP path: *Windows Components/Windows Sandbox* diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 1c50ab927a..b290aca34c 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -8,7 +8,7 @@ ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/27/2019 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -17,7 +17,7 @@ manager: aaroncz
            -## WirelessDisplay policies +## WirelessDisplay policies
            @@ -53,7 +53,7 @@ manager: aaroncz
            -**WirelessDisplay/AllowMdnsAdvertisement** +**WirelessDisplay/AllowMdnsAdvertisement** The table below shows the applicability of Windows: @@ -95,7 +95,7 @@ The following list shows the supported values:
            -**WirelessDisplay/AllowMdnsDiscovery** +**WirelessDisplay/AllowMdnsDiscovery** The table below shows the applicability of Windows: @@ -137,7 +137,7 @@ The following list shows the supported values:
            -**WirelessDisplay/AllowMovementDetectionOnInfrastructure** +**WirelessDisplay/AllowMovementDetectionOnInfrastructure** The table below shows the applicability of Windows: @@ -186,7 +186,7 @@ The following list shows the supported values:
            -**WirelessDisplay/AllowProjectionFromPC** +**WirelessDisplay/AllowProjectionFromPC** The table below shows the applicability of Windows: @@ -228,7 +228,7 @@ The following list shows the supported values:
            -**WirelessDisplay/AllowProjectionFromPCOverInfrastructure** +**WirelessDisplay/AllowProjectionFromPCOverInfrastructure** The table below shows the applicability of Windows: @@ -270,7 +270,7 @@ The following list shows the supported values:
            -**WirelessDisplay/AllowProjectionToPC** +**WirelessDisplay/AllowProjectionToPC** The table below shows the applicability of Windows: @@ -305,7 +305,7 @@ Supported value type is integer. -ADMX Info: +ADMX Info: - GP Friendly name: *Don't allow this PC to be projected to* - GP name: *AllowProjectionToPC* - GP path: *Windows Components/Connect* @@ -324,7 +324,7 @@ The following list shows the supported values:
            -**WirelessDisplay/AllowProjectionToPCOverInfrastructure** +**WirelessDisplay/AllowProjectionToPCOverInfrastructure** The table below shows the applicability of Windows: @@ -366,7 +366,7 @@ The following list shows the supported values:
            -**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver** +**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver** The table below shows the applicability of Windows: @@ -408,7 +408,7 @@ The following list shows the supported values:
            -**WirelessDisplay/RequirePinForPairing** +**WirelessDisplay/RequirePinForPairing** The table below shows the applicability of Windows: @@ -443,7 +443,7 @@ Supported value type is integer. -ADMX Info: +ADMX Info: - GP Friendly name: *Require pin for pairing* - GP name: *RequirePinForPairing* - GP path: *Windows Components/Connect* diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md index 16bce236f5..8bd3586113 100644 --- a/windows/client-management/mdm/policy-ddf-file.md +++ b/windows/client-management/mdm/policy-ddf-file.md @@ -1,7 +1,7 @@ --- title: Policy DDF file description: Learn about the OMA DM device description framework (DDF) for the Policy configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -14,7 +14,6 @@ ms.date: 10/28/2020 # Policy DDF file - This topic shows the OMA DM device description framework (DDF) for the **Policy** configuration service provider. DDF files are used only with OMA DM provisioning XML. You can view various Policy DDF files by clicking the following links: @@ -30,4 +29,4 @@ You can view various Policy DDF files by clicking the following links: - [View the Policy DDF file for Windows 10, version 1607](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml) - [View the Policy DDF file for Windows 10, version 1607 release 8C](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) -You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-ddf.md). diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md index 5b0882d135..2462a7dcbb 100644 --- a/windows/client-management/mdm/provisioning-csp.md +++ b/windows/client-management/mdm/provisioning-csp.md @@ -1,7 +1,7 @@ --- title: Provisioning CSP description: The Provisioning configuration service provider is used for bulk user enrollment to an MDM service. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -29,7 +29,7 @@ The Provisioning configuration service provider is used for bulk user enrollment > [!NOTE] > Bulk enrollment does not work when two-factor authentication is enabled. -For bulk enrollment step-by-step guide, see [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md). +For bulk enrollment step-by-step guide, see [Bulk enrollment](../bulk-enrollment-using-windows-provisioning-tool.md). The following shows the Provisioning configuration service provider in tree format. diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md index 78bb60896b..abed3e7963 100644 --- a/windows/client-management/mdm/pxlogical-csp.md +++ b/windows/client-management/mdm/pxlogical-csp.md @@ -1,7 +1,7 @@ --- title: PXLOGICAL configuration service provider description: The PXLOGICAL configuration service provider is used to add, remove, or modify WAP logical and physical proxies by using WAP or the standard Windows techniques. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -69,76 +69,76 @@ PXLOGICAL ``` -**PXPHYSICAL** +**PXPHYSICAL** Defines a group of logical proxy settings. The element's mwid attribute is a Microsoft provisioning XML attribute, and is optional when adding a NAP or a proxy. It's required when updating and deleting existing NAPs and proxies and must have its value set to 1. -**DOMAIN** +**DOMAIN** Specifies the domain associated with the proxy (for example, "\*.com"). A Windows device supports only one proxy that doesn't have a DOMAIN parameter, or has an empty DOMAIN value. That is, the device only supports one default proxy. All other proxy configurations must have a DOMAIN parameter with a non-empty value. A query of this parameter returns a semicolon-delimited string of all domains associated with the proxy. -**NAME** +**NAME** Specifies the name of the logical proxy. When a list of proxies is displayed to the user they're displayed together in a single line, so the length of this value should be short for readability. -**PORT** +**PORT** Defines the bindings between a port number and one or more protocols or services. This configuration service provider can accept a maximum of two ports per physical proxy. A query of this characteristic returns information relating only to the first port. -**PORTNBR** +**PORTNBR** Specifies the port number associated with some services on this proxy. If the PORTNBR is 80 or 443, or the PORT characteristic is missing, it's treated as an HTTP proxy. -**SERVICE** +**SERVICE** Specifies the service associated with the port number. Windows supports accepting WAP push connectionless sessions over a Short Message Service (SMS) bearer for WAP push messages. Internet Explore uses HTTP protocol, not WAP proxy. A query of this parameter returns a semicolon-delimited string of services for only the first port. -**PUSHENABLED** +**PUSHENABLED** Specifies whether or not push operations are enabled. If this element is used in PXLOGICAL, it applies to all of the PXPHYSICAL elements embedded in the PXLOGICAL element. A value of "0" indicates that the proxy doesn't support push operations. A value of "1" indicates that the proxy supports push operations. -**PROXY-ID** +**PROXY-ID** Used during initial bootstrapping. Specifies the unique identifier of the logical proxy. -***PROXY-ID*** +***PROXY-ID*** Used during bootstrapping updates. Specifies the unique identifier of the logical proxy. The name of the **PROXY-ID** element is the same as the value passed during initial bootstrapping. -**TRUST** +**TRUST** Specifies whether or not the physical proxies in this logical proxy are privileged. The SECPOLICY\_TRUSTED\_WAP\_PROXY security policy (4121) governs what roles can set this element. -**PXPHYSICAL** +**PXPHYSICAL** Defines a group of physical proxy settings associated with the parent logical proxy. The element's mwid attribute is a Microsoft provisioning XML attribute, and is optional when adding a NAP or a proxy. It's required when updating and deleting existing NAPs and proxies and must have its value set to 1. -**PHYSICAL-PROXY-ID** +**PHYSICAL-PROXY-ID** Used during initial bootstrapping. Specifies the identifier of the physical proxy. When a list of proxies is displayed to the user they're displayed together in a single line, so the length of this value should be short for readability. -***PHYSICAL-PROXY-ID*** +***PHYSICAL-PROXY-ID*** Used during bootstrapping updates. Specifies the identifier of the physical proxy. The name of the **PHYSICAL-PROXY-ID** element is the same as the value passed during initial bootstrapping. -**PXADDR** +**PXADDR** Specifies the address of the physical proxy. -**PXADDRTYPE** +**PXADDRTYPE** Specifies the format and protocol of the PXADDR element for a physical proxy. The only values supported are "E164" and "IPv4". -**TO-NAPID** +**TO-NAPID** Specifies the network access point associated with this physical proxy. Only one per proxy is supported. If **TO-NAPID** is used, the NAP whose **NAPID** is referred to by **TO-NAPID** must also be added. @@ -162,5 +162,5 @@ These features are available only for the device technique. In addition, the par ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md index 50bb03819f..42e06b3bc0 100644 --- a/windows/client-management/mdm/reboot-csp.md +++ b/windows/client-management/mdm/reboot-csp.md @@ -1,7 +1,7 @@ --- title: Reboot CSP description: Learn how the Reboot configuration service provider (CSP) is used to configure reboot settings. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -37,13 +37,13 @@ Reboot --------DailyRecurrent ``` -**./Vendor/MSFT/Reboot** +**./Vendor/MSFT/Reboot** The root node for the Reboot configuration service provider. The supported operation is Get. -**RebootNow** +**RebootNow** This node executes a reboot of the device. RebootNow triggers a reboot within 5 minutes to allow the user to wrap up any active work. @@ -52,13 +52,13 @@ This node executes a reboot of the device. RebootNow triggers a reboot within 5 The supported operations are Execute and Get. -**Schedule** +**Schedule** The supported operation is Get. -**Schedule/Single** +**Schedule/Single** -This node will execute a reboot at a scheduled date and time. The date and time value is **ISO 8601**, and both the date and time are required. +This node will execute a reboot at a scheduled date and time. The date and time value is **ISO 8601**, and both the date and time are required. Example to configure: 2018-10-25T18:00:00 Setting a null (empty) date will delete the existing schedule. In accordance with the ISO 8601 format, the date and time representation needs to be 0000-00-00T00:00:00. @@ -66,9 +66,9 @@ Setting a null (empty) date will delete the existing schedule. In accordance wit - The supported operations are Get, Add, Replace, and Delete. - The supported data type is "String". -**Schedule/DailyRecurrent** +**Schedule/DailyRecurrent** -This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. The CSP will return the date time in the following format: 2018-06-29T10:00:00+01:00. +This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. The CSP will return the date time in the following format: 2018-06-29T10:00:00+01:00. Example to configure: 2018-10-25T18:00:00 - The supported operations are Get, Add, Replace, and Delete. @@ -76,4 +76,4 @@ Example to configure: 2018-10-25T18:00:00 ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md index 3628eaf7e4..25c6107ae8 100644 --- a/windows/client-management/mdm/reboot-ddf-file.md +++ b/windows/client-management/mdm/reboot-ddf-file.md @@ -1,7 +1,7 @@ --- title: Reboot DDF file description: This topic shows the OMA DM device description framework (DDF) for the Reboot configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **Reboot** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md index 96140781af..5d7e167612 100644 --- a/windows/client-management/mdm/remotefind-csp.md +++ b/windows/client-management/mdm/remotefind-csp.md @@ -1,7 +1,7 @@ --- title: RemoteFind CSP description: The RemoteFind configuration service provider retrieves the location information for a particular device. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -41,34 +41,34 @@ RemoteFind --------AltitudeAccuracy --------Age ``` -**DesiredAccuracy** +**DesiredAccuracy** Optional. The node accepts the requested radius value in meters. Valid values for accuracy are any value between 1 and 1000 meters. The default value is 50. Replacing this value only replaces it for the current session. The value isn't retained. -- Supported operations are Replace and Get. +- Supported operations are Replace and Get. - The Add command isn't supported. -**Timeout** +**Timeout** Optional. Value is DWORD in seconds. The default value is 7, and the range is 0 to 1800 seconds. Replacing this value only replaces it for the current session. The value isn't retained. -- Supported operations are Replace and Get. +- Supported operations are Replace and Get. - The Add command isn't supported. -**MaximumAge** +**MaximumAge** Optional. The value represents the desired time window in minutes that the server will accept a successful location retrieval. The node enables the server to set the requested age value in 100 nanoseconds. Valid values for accuracy include any integer value between 0 and 1440 minutes. The default value is 60. Replacing this value only replaces it for the current session. The value isn't retained. -- Supported operations are Replace and Get. +- Supported operations are Replace and Get. - The Add command isn't supported. -**Location** +**Location** Required. Nodes under this path must be queried atomically in order to succeed. This condition is to prevent servers from querying incomplete sets of data. -**Latitude** +**Latitude** Required. Provides the latitude of the last successful remote find. The value returned is double. @@ -77,7 +77,7 @@ The default value is Null. Supported operation is Get. -**Longitude** +**Longitude** Required. Provides the longitude of the last successful remote find. The value returned is double. @@ -86,7 +86,7 @@ The default value is Null. Supported operation is Get. -**Altitude** +**Altitude** Required. Provides the altitude of the last successful remote find. The value returned is double. @@ -95,7 +95,7 @@ The default value is Null. Supported operation is Get. -**Accuracy** +**Accuracy** Required. Provides the accuracy in meters of the location fix of the last successful remote find. Values range from 0 – 1000 meters. The value returned is an integer. @@ -104,7 +104,7 @@ The default value is 0. Supported operation is Get. -**AltitudeAccuracy** +**AltitudeAccuracy** Required. Provides the altitude accuracy in meters of the location fix of the last successful remote find. Values range from 0 – 1000 meters. The value returned is an integer. @@ -113,7 +113,7 @@ The default value is 0. Supported operation is Get. -**Age** +**Age** Required. Provides the age in 100 nanoseconds for the current location data. The value returned is an integer. @@ -128,64 +128,64 @@ Supported operation is Get. ```xml - - 1 - - 10 - - 30 - - - ./Vendor/MSFT/RemoteFind/Location/Latitude - - - - - 40 - - - ./Vendor/MSFT/RemoteFind/Location/Longitude - - - - - 40 - - - ./Vendor/MSFT/RemoteFind/Location/Altitude - - - - - 45 - - - ./Vendor/MSFT/RemoteFind/Location/Accuracy - - - - - 50 - - - ./Vendor/MSFT/RemoteFind/Location/AltitudeAccuracy - - - - - 60 - - - ./Vendor/MSFT/RemoteFind/Location/Age - - - - - + + 1 + + 10 + + 30 + + + ./Vendor/MSFT/RemoteFind/Location/Latitude + + + + + 40 + + + ./Vendor/MSFT/RemoteFind/Location/Longitude + + + + + 40 + + + ./Vendor/MSFT/RemoteFind/Location/Altitude + + + + + 45 + + + ./Vendor/MSFT/RemoteFind/Location/Accuracy + + + + + 50 + + + ./Vendor/MSFT/RemoteFind/Location/AltitudeAccuracy + + + + + 60 + + + ./Vendor/MSFT/RemoteFind/Location/Age + + + + + ``` ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md index e92498a5f3..1b391b32f9 100644 --- a/windows/client-management/mdm/remotefind-ddf-file.md +++ b/windows/client-management/mdm/remotefind-ddf-file.md @@ -1,7 +1,7 @@ --- title: RemoteFind DDF file description: This topic shows the OMA DM device description framework (DDF) for the RemoteFind configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **RemoteFind** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md index 441f69fe60..fc8e8d1044 100644 --- a/windows/client-management/mdm/remotering-csp.md +++ b/windows/client-management/mdm/remotering-csp.md @@ -1,7 +1,7 @@ --- title: RemoteRing CSP description: The RemoteRing CSP can be used to remotely trigger a device to produce an audible ringing sound regardless of the volume that's set on the device. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -32,7 +32,7 @@ Root RemoteRing ----Ring ``` -**Ring** +**Ring** Required. The node accepts requests to ring the device. The supported operation is Exec. diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md index 07413835c9..73d74f2f2f 100644 --- a/windows/client-management/mdm/remotewipe-csp.md +++ b/windows/client-management/mdm/remotewipe-csp.md @@ -1,7 +1,7 @@ --- title: RemoteWipe CSP description: Learn how the RemoteWipe configuration service provider (CSP) can be used by mobile operators DM server or enterprise management server to remotely wipe a device. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -41,15 +41,15 @@ RemoteWipe --------Status ``` -**doWipe** +**doWipe** Exec on this node starts a remote reset of the device. A remote reset is equivalent to running "Reset this PC > Remove everything" from the Settings app, with **Clean Data** set to No and **Delete Files** set to Yes. The return status code indicates whether the device accepted the Exec command. If a doWipe reset is started and then interrupted, the PC will attempt to roll-back to the pre-reset state. If the PC can't be rolled-back, the recovery environment will take no additional actions and the PC could be in an unusable state and Windows will have to be reinstalled. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. Supported operation is Exec. -**doWipePersistProvisionedData** -Exec on this node specifies that provisioning packages in the `%SystemDrive%\ProgramData\Microsoft\Provisioning` folder will be retained and then applied to the OS after the reset. +**doWipePersistProvisionedData** +Exec on this node specifies that provisioning packages in the `%SystemDrive%\ProgramData\Microsoft\Provisioning` folder will be retained and then applied to the OS after the reset. When used with OMA Client Provisioning, a dummy value of "1" should be included for this element. @@ -57,41 +57,41 @@ Supported operation is Exec. The information that was backed up will be restored and applied to the device when it resumes. The return status code shows whether the device accepted the Exec command. -**doWipeProtected** +**doWipeProtected** Added in Windows 10, version 1703. Exec on this node performs a remote reset on the device and also fully cleans the internal drive. Drives that are cleaned with doWipeProtected aren't expected to meet industry or government standards for data cleaning. In some device configurations, this command may leave the device unable to boot. The return status code indicates whether the device accepted the Exec command, but not whether the reset was successful. The doWipeProtected is functionally similar to doWipe. But unlike doWipe, which can be easily circumvented by simply power cycling the device, if a reset that uses doWipeProtected is interrupted, upon restart it will clean the PC's disk partitions. Because doWipeProtected will clean the partitions in case of failure or interruption, use doWipeProtected in lost/stolen device scenarios. Supported operation is Exec. -**doWipePersistUserData** +**doWipePersistUserData** Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device, and persist user accounts and data. This setting is equivalent to selecting "Reset this PC > Keep my files" when manually starting a reset from the Settings app. The return status code shows whether the device accepted the Exec command. -**AutomaticRedeployment** +**AutomaticRedeployment** Added in Windows 10, version 1809. Node for the Autopilot Reset operation. -**AutomaticRedeployment/doAutomaticRedeployment** +**AutomaticRedeployment/doAutomaticRedeployment** Added in Windows 10, version 1809. Exec on this node triggers Autopilot Reset operation. This node works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard. -**AutomaticRedeployment/LastError** +**AutomaticRedeployment/LastError** Added in Windows 10, version 1809. Error value, if any, associated with Autopilot Reset operation (typically an HRESULT). -**AutomaticRedeployment/Status** -Added in Windows 10, version 1809. Status value indicating current state of an Autopilot Reset operation. +**AutomaticRedeployment/Status** +Added in Windows 10, version 1809. Status value indicating current state of an Autopilot Reset operation. -Supported values: +Supported values: -- 0: Never run (not started). The default state. +- 0: Never run (not started). The default state. - 1: Complete. -- 10: Reset has been scheduled. -- 20: Reset is scheduled and waiting for a reboot. -- 30: Failed during CSP Execute ("Exec" in SyncML). -- 40: Failed: power requirements not met. +- 10: Reset has been scheduled. +- 20: Reset is scheduled and waiting for a reboot. +- 30: Failed during CSP Execute ("Exec" in SyncML). +- 40: Failed: power requirements not met. - 50: Failed: reset internals failed during reset attempt. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml)   diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md index 290767b7a1..cb8b212a60 100644 --- a/windows/client-management/mdm/remotewipe-ddf-file.md +++ b/windows/client-management/mdm/remotewipe-ddf-file.md @@ -1,7 +1,7 @@ --- title: RemoteWipe DDF file description: Learn about the OMA DM device description framework (DDF) for the RemoteWipe configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 08/13/2018 This topic shows the OMA DM device description framework (DDF) for the **RemoteWipe** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the DDF for Windows 10, version 1809. diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md index 79814579cb..690823bd91 100644 --- a/windows/client-management/mdm/reporting-csp.md +++ b/windows/client-management/mdm/reporting-csp.md @@ -1,7 +1,7 @@ --- title: Reporting CSP description: The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -44,19 +44,19 @@ Reporting ------------Type ``` -**Reporting** +**Reporting** The root node for the reporting configuration service provider. -**Reporting/EnterpriseDataProtection** +**Reporting/EnterpriseDataProtection** Interior node for retrieving the Windows Information Protection (formerly known as Enterprise Data Protection) logs. -**RetrieveByTimeRange** +**RetrieveByTimeRange** Returns the logs that exist within the StartTime and StopTime. The StartTime and StopTime are expressed in ISO 8601 format. If the StartTime and StopTime aren't specified, then the values are interpreted as either first existing or last existing time. Here are the other possible scenarios: @@ -65,34 +65,34 @@ Here are the other possible scenarios: - If the StopTime is specified, but the StartTime isn't specified, then all logs that exist before the StopTime are returned. - If the StartTime is specified, but the StopTime isn't specified, then all that logs that exist from the StartTime are returned. -**RetrieveByCount** +**RetrieveByCount** Interior node for retrieving a specified number of logs from the StartTime. The StartTime is expressed in ISO 8601 format. You can set the number of logs required by setting LogCount and StartTime. It returns the specified number of logs or less, if the total number of logs is less than LogCount. -**Logs** +**Logs** Contains the reporting logs. -- Value type is XML. +- Value type is XML. - Supported operation is Get. -**StartTime** +**StartTime** Specifies the starting time for retrieving logs. - Value type is string. Use ISO 8601 format. - Supported operations are Get and Replace. -**StopTime** +**StopTime** Specifies the ending time for retrieving logs. - Value type is string. Use ISO 8601 format. - Supported operations are Get and Replace. -**Type** +**Type** Added in Windows 10, version 1703. Specifies the type of logs to retrieve. You can use this policy to retrieve the Windows Information Protection learning logs. - Value type is integer. - Supported operations are Get and Replace. -**LogCount** +**LogCount** Specifies the number of logs to retrieve from the StartTime. - Value type is int. @@ -170,7 +170,7 @@ Retrieve a specified number of security auditing logs starting from the specifie - + ``` @@ -178,4 +178,4 @@ Retrieve a specified number of security auditing logs starting from the specifie ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](index.yml) \ No newline at end of file diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md index a18c3cb3b6..f69c53b09e 100644 --- a/windows/client-management/mdm/reporting-ddf-file.md +++ b/windows/client-management/mdm/reporting-ddf-file.md @@ -1,7 +1,7 @@ --- title: Reporting DDF file description: View the OMA DM device description framework (DDF) for the Reporting configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the Reporting configuration service provider. This CSP was added in Windows 10, version 1511. Support for desktop security auditing was added for the desktop in Windows 10, version 1607. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for the desktop CSP. diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md index 0ff47616c0..7c02b4278c 100644 --- a/windows/client-management/mdm/rootcacertificates-csp.md +++ b/windows/client-management/mdm/rootcacertificates-csp.md @@ -1,7 +1,7 @@ --- title: RootCATrustedCertificates CSP description: Learn how the RootCATrustedCertificates configuration service provider (CSP) enables the enterprise to set the Root Certificate Authority (CA) certificates. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -68,53 +68,53 @@ RootCATrustedCertificates ------------ValidTo ------------TemplateName ``` -**Device or User** +**Device or User** For device certificates, use **./Device/Vendor/MSFT** path, and for user certificates use **./User/Vendor/MSFT** path. -**RootCATrustedCertificates** +**RootCATrustedCertificates** The root node for the RootCATrustedCertificates configuration service provider. -**RootCATrustedCertificates/Root/** +**RootCATrustedCertificates/Root/** Defines the certificate store that contains root or self-signed certificates, in this case, the computer store. > [!Note] > The **./User/** configuration is not supported for **RootCATrustedCertificates/Root/**. -**RootCATrustedCertificates/CA** +**RootCATrustedCertificates/CA** Node for CA certificates. -**RootCATrustedCertificates/TrustedPublisher** +**RootCATrustedCertificates/TrustedPublisher** Node for trusted publisher certificates. -**RootCATrustedCertificates/TrustedPeople** +**RootCATrustedCertificates/TrustedPeople** Node for trusted people certificates. -**RootCATrustedCertificates/UntrustedCertificates** +**RootCATrustedCertificates/UntrustedCertificates** Added in Windows 10, version 1803. Node for certificates that aren't trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable. -**_CertHash_** +**_CertHash_** Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. This node is common for all the principal root nodes. The supported operations are Get and Delete. The following nodes are all common to the **_CertHash_** node: -- **/EncodedCertificate** +- **/EncodedCertificate** Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. The supported operations are Add, Get, and Replace. -- **/IssuedBy** +- **/IssuedBy** Returns the name of the certificate issuer. This name is equivalent to the **Issuer** member in the CERT\_INFO data structure. The only supported operation is Get. -- **/IssuedTo** +- **/IssuedTo** Returns the name of the certificate subject. This name is equivalent to the **Subject** member in the CERT\_INFO data structure. The only supported operation is Get. -- **/ValidFrom** +- **/ValidFrom** Returns the starting date of the certificate's validity. This date is equivalent to the **NotBefore** member in the CERT\_INFO data structure. The only supported operation is Get. -- **/ValidTo** +- **/ValidTo** Returns the expiration date of the certificate. This date is equivalent to the **NotAfter** member in the CERT\_INFO data structure. The only supported operation is Get. -- **/TemplateName** +- **/TemplateName** Returns the certificate template name. The only supported operation is Get. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md index 67f5c3a6d7..6d2e87da05 100644 --- a/windows/client-management/mdm/rootcacertificates-ddf-file.md +++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md @@ -1,7 +1,7 @@ --- title: RootCATrustedCertificates DDF file description: Learn about the OMA DM device description framework (DDF) for the RootCACertificates configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 03/07/2018 This topic shows the OMA DM device description framework (DDF) for the **RootCACertificates** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is for Windows 10, version 1803. diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md index 0e11d6566e..6a0f58509c 100644 --- a/windows/client-management/mdm/secureassessment-csp.md +++ b/windows/client-management/mdm/secureassessment-csp.md @@ -1,7 +1,7 @@ --- title: SecureAssessment CSP description: Learn how the SecureAssessment configuration service provider (CSP) is used to provide configuration information for the secure assessment browser. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -37,17 +37,17 @@ SecureAssessment ----AllowTextSuggestions ----Assessments ``` -**./Vendor/MSFT/SecureAssessment** +**./Vendor/MSFT/SecureAssessment** The root node for the SecureAssessment configuration service provider. The supported operation is Get. -**LaunchURI** +**LaunchURI** URI link to an assessment that's automatically loaded when the secure assessment browser is launched. The supported operations are Add, Delete, Get, and Replace. -**TesterAccount** +**TesterAccount** The user name of the test taking account. - To specify a domain account, use domain\\user. @@ -56,23 +56,23 @@ The user name of the test taking account. The supported operations are Add, Delete, Get, and Replace. -**AllowScreenMonitoring** -Added in Windows 10, version 1703. Boolean value that indicates whether screen capture is allowed by the app. +**AllowScreenMonitoring** +Added in Windows 10, version 1703. Boolean value that indicates whether screen capture is allowed by the app. Supported operations are Get and Replace. -**RequirePrinting** +**RequirePrinting** Added in Windows 10, version 1703. Boolean value that indicates whether printing is allowed by the app. -Supported operations are Get and Replace. +Supported operations are Get and Replace. -**AllowTextSuggestions** -Added in Windows 10, version 1703. Boolean value that indicates whether keyboard text suggestions are allowed by the app. +**AllowTextSuggestions** +Added in Windows 10, version 1703. Boolean value that indicates whether keyboard text suggestions are allowed by the app. Supported operations are Get and Replace. -**Assessments** -Added in Windows 11, version 22H2. Enables support for multiple assessments. When configured, users can select from a list of assessments. The node accepts an XML string that represents the list of available assessments. +**Assessments** +Added in Windows 11, version 22H2. Enables support for multiple assessments. When configured, users can select from a list of assessments. The node accepts an XML string that represents the list of available assessments. Supported operations are Add, Delete, Get and Replace. @@ -127,9 +127,9 @@ Example: ## Related topics -[Set up Take a Test on multiple PCs](/education/windows/take-a-test-multiple-pcs) +[Set up Take a Test](/education/windows/take-a-test-multiple-pcs) + +[Configuration service provider reference](index.yml) -[Configuration service provider reference](configuration-service-provider-reference.md) - diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md index 67118163ea..7302a11288 100644 --- a/windows/client-management/mdm/secureassessment-ddf-file.md +++ b/windows/client-management/mdm/secureassessment-ddf-file.md @@ -1,7 +1,7 @@ --- title: SecureAssessment DDF file description: View the OMA DM device description framework (DDF) for the SecureAssessment configuration service provider. DDF files are used only with OMA DM provisioning XML -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **SecureAssessment** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md index a3f9722270..72474375fb 100644 --- a/windows/client-management/mdm/securitypolicy-csp.md +++ b/windows/client-management/mdm/securitypolicy-csp.md @@ -1,7 +1,7 @@ --- title: SecurityPolicy CSP description: The SecurityPolicy CSP is used to configure security policy settings for WAP push, OMA DM, Service Indication (SI), Service Loading (SL), and MMS. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -39,7 +39,7 @@ SecurityPolicy ----PolicyID ``` -***PolicyID*** +***PolicyID*** Defines the security policy identifier as a decimal value. The following security policies are supported. @@ -80,7 +80,7 @@ The following security policies are supported. - **Policy name**: WSP Push Policy - **Policy description**: This setting indicates whether Wireless Session Protocol (WSP) notifications from the WAP stack are routed. - Default value: 1 - - Supported values: + - Supported values: - 0: Routing of WSP notifications isn't allowed. - 1: Routing of WSP notifications is allowed. @@ -88,7 +88,7 @@ The following security policies are supported. - **Policy name**: Network PIN signed OTA Provision Message User Prompt Policy - **Policy description**: This policy specifies whether the device will prompt a UI to get the user confirmation before processing a pure network pin signed OTA Provisioning message. If prompt, the user has the ability to discard the OTA provisioning message. - Default value: 0 - - Supported values: + - Supported values: - 0: The device prompts a UI to get user confirmation when the OTA WAP provisioning message is signed purely with network pin. - 1: There's no user prompt. @@ -166,7 +166,7 @@ Setting a security policy: ./Vendor/MSFT/SecurityPolicy/4141 - int + int 0 @@ -187,7 +187,7 @@ Querying a security policy: 1 - ./Vendor/MSFT/SecurityPolicy/4141 + ./Vendor/MSFT/SecurityPolicy/4141 @@ -206,4 +206,4 @@ The following table shows the Microsoft custom elements that this Configuration ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md index 84c80b01df..89e0c49e59 100644 --- a/windows/client-management/mdm/sharedpc-csp.md +++ b/windows/client-management/mdm/sharedpc-csp.md @@ -74,37 +74,35 @@ A boolean value that specifies whether the policies for education environment ar The supported operations are Add, Get, Replace, and Delete. -The default value changed to false in Windows 10, version 1703. The default value is Not Configured and this node needs to be configured independent of EnableSharedPCMode. - -In Windows 10, version 1607, the value is set to True and the education environment is automatically configured when SharedPC mode is configured. +The default value is Not Configured. **SetPowerPolicies** -Optional. A boolean value that specifies that the power policies should be set when configuring SharedPC mode. +A boolean value that specifies that the power policies should be set when configuring SharedPC mode. The supported operations are Add, Get, Replace, and Delete. The default value is Not Configured and the effective power settings are determined by the OS's default power settings. Its value in the SharedPC provisioning package is True. **MaintenanceStartTime** -Optional. An integer value that specifies the daily start time of maintenance hour. Given in minutes from midnight. The range is 0-1440. +An integer value that specifies the daily start time of maintenance hour. Given in minutes from midnight. The range is 0-1440. The supported operations are Add, Get, Replace, and Delete. The default value is Not Configured and its value in the SharedPC provisioning package is 0 (12 AM). **SignInOnResume** -Optional. A boolean value that, when set to True, requires sign in whenever the device wakes up from sleep mode. +A boolean value that, when set to True, requires sign in whenever the device wakes up from sleep mode. The supported operations are Add, Get, Replace, and Delete. The default value is Not Configured and its value in the SharedPC provisioning package is True. **SleepTimeout** -The amount of time in seconds before the PC sleeps. 0 means the PC never sleeps. Default is 5 minutes. This node is optional. +The amount of time in seconds before the PC sleeps. 0 means the PC never sleeps. Default is 5 minutes. The supported operations are Add, Get, Replace, and Delete. -The default value is Not Configured, and effective behavior is determined by the OS's default settings. Its value in the SharedPC provisioning package for Windows 10, version 1703 is 300, and in Windows 10, version 1607 is 3600. +The default value is Not Configured, and effective behavior is determined by the OS's default settings. Its value in SharedPC provisioning package is 300. **EnableAccountManager** A boolean that enables the account manager for shared PC mode. @@ -120,9 +118,9 @@ The supported operations are Add, Get, Replace, and Delete. The following list shows the supported values: -- 0 (default) - Only guest accounts are allowed. -- 1 - Only domain-joined accounts are enabled. -- 2 - Domain-joined and guest accounts are allowed. +- 0 (default) - Only guest accounts are allowed. +- 1 - Only domain-joined accounts are enabled. +- 2 - Domain-joined and guest accounts are allowed. Its value in the SharedPC provisioning package is 1 or 2. @@ -131,12 +129,7 @@ Configures when accounts are deleted. The supported operations are Add, Get, Replace, and Delete. -For Windows 10, version 1607, here's the list shows the supported values: - -- 0 - Delete immediately. -- 1 (default) - Delete at disk space threshold. - -For Windows 10, version 1703, here's the list of supported values: +This is the list of supported values: - 0 - Delete immediately. - 1 - Delete at disk space threshold. @@ -163,23 +156,23 @@ For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevel The supported operations are Add, Get, Replace, and Delete. **RestrictLocalStorage** -Added in Windows 10, version 1703. Restricts the user from using local storage. This node is optional. +Restricts the user from using local storage. -The default value is Not Configured and behavior is no such restriction applied. Value type is bool. Supported operations are Add, Get, Replace, and Delete. Default in SharedPC provisioning package is False. +The default value is Not Configured. Value type is bool. Supported operations are Add, Get, Replace, and Delete. Default in SharedPC provisioning package is False. **KioskModeAUMID** -Added in Windows 10, version 1703. Specifies the AUMID of the app to use with assigned access. This node is optional. +Specifies the AUMID of the app to use with assigned access. - Value type is string. - Supported operations are Add, Get, Replace, and Delete. **KioskModeUserTileDisplayText** -Added in Windows 10, version 1703. Specifies the display text for the account shown on the sign-in screen that launches the app specified by KioskModeAUMID. This node is optional. +Specifies the display text for the account shown on the sign-in screen that launches the app specified by KioskModeAUMID. Value type is string. Supported operations are Add, Get, Replace, and Delete. **InactiveThreshold** -Added in Windows 10, version 1703. Accounts will start being deleted when they haven't been logged on during the specified period, given as number of days. +Accounts will start being deleted when they haven't been logged on during the specified period, given as number of days. - The default value is Not Configured. - Value type is integer. @@ -188,7 +181,7 @@ Added in Windows 10, version 1703. Accounts will start being deleted when they h The default in the SharedPC provisioning package is 30. **MaxPageFileSizeMB** -Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM. This node is optional. +Maximum size of the paging file in MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM. - Default value is Not Configured. - Value type is integer. @@ -198,4 +191,4 @@ The default in the SharedPC provisioning package is 1024. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md index 75667401c6..87ee1da106 100644 --- a/windows/client-management/mdm/sharedpc-ddf-file.md +++ b/windows/client-management/mdm/sharedpc-ddf-file.md @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **SharedPC** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the DDF for Windows 10, version 1703. diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md index 03f3fe6afa..53182c42d1 100644 --- a/windows/client-management/mdm/storage-csp.md +++ b/windows/client-management/mdm/storage-csp.md @@ -1,7 +1,7 @@ --- title: Storage CSP description: Learn how the Storage enterprise configuration service provider (CSP) is used to configure the storage card settings. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -29,7 +29,7 @@ The following shows the Storage configuration service provider in tree format. Storage ----Disable ``` -**Disable** +**Disable** Required. A Boolean value that specifies whether to enable or disable a storage card. A value of **True** disables the storage card. A value of **False** enables the storage card. The default value is **False**. The value is case sensitive. The supported operations are Get and Replace. @@ -42,4 +42,4 @@ The supported operations are Get and Replace. System/AllowStorageCard in [Policy CSP](policy-configuration-service-provider.md) -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md index 4d2a9283a7..aba4222037 100644 --- a/windows/client-management/mdm/storage-ddf-file.md +++ b/windows/client-management/mdm/storage-ddf-file.md @@ -1,7 +1,7 @@ --- title: Storage DDF file description: Learn about the OMA DM device description framework (DDF) for the Storage configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -19,7 +19,7 @@ Storage CSP is deprecated. Use System/AllowStorageCard in [Policy CSP](policy-co This topic shows the OMA DM device description framework (DDF) for the **Storage** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. @@ -87,4 +87,4 @@ System/AllowStorageCard in [Policy CSP](policy-configuration-service-provider.md [Storage CSP (deprecated)](storage-csp.md) -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 802b366a55..32fc177aa9 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -1,7 +1,7 @@ --- title: SUPL CSP description: Learn how the SUPL configuration service provider (CSP) is used to configure the location client. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -31,14 +31,14 @@ The SUPL configuration service provider is used to configure the location client - **V2 UPL**: CDMA - **Location Service**: Configuration - - **SUPL**: + - **SUPL**: - Settings that need to get pushed to the GNSS driver to configure the SUPL behavior: - Address of the Home SUPL (H-SLP) server. - H-SLP server certificate. - Positioning method. - Version of the protocol to use by default. - MCC/MNC value pairs that are used to specify which networks' UUIC the SUPL account matches. - - **V2 UPL**: + - **V2 UPL**: - Address of the server—a mobile positioning center for non-trusted mode. - The positioning method used by the MPC for non-trusted mode. @@ -61,7 +61,7 @@ SUPL ----------------MCCMNPairs ----------------HighAccPositioningMethod ----------------LocMasterSwitchDependencyNII -----------------NIDefaultTimeout +----------------NIDefaultTimeout ----------------ServerAccessInterval ----------------RootCertificate --------------------Name @@ -72,43 +72,43 @@ SUPL ----------------RootCertificate3 --------------------Name --------------------Data -----V2UPL1 +----V2UPL1 --------MPC --------PDE --------PositioningMethod_MR --------LocMasterSwitchDependencyNII --------ApplicationTypeIndicator_MR ---------NIDefaultTimeout +--------NIDefaultTimeout --------ServerAccessInterval ``` -**SUPL1** +**SUPL1** Required for SUPL. Defines the account for the SUPL Enabled Terminal (SET) node. Only one SUPL account is supported at a given time. -**AppID** +**AppID** Required. The AppID for SUPL is automatically set to `"ap0004"`. This value is a read-only value. -**Addr** +**Addr** Optional. Specifies the address of the Home SUPL Location Platform (H-SLP) server for non-proxy mode. The value is a server address specified as a fully qualified domain name, and the port specified as an integer, with the format *server*: *port*. If this value isn't specified, the device infers the H-SLP address from the IMSI as defined in the SUPL standard. To use automatic generation of the H-SLP address based on the IMSI, the MNC length must be set correctly on the UICC. Generally, this value is 2 or 3. For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned. But the configuration service provider will continue processing the rest of the parameters. -**Version** +**Version** Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0.0, set this value to 1. For SUPL 2.0.0, set this value to 2. The default is 1. Refer to FullVersion to define the minor version and the service indicator. -**FullVersion** +**FullVersion** Added in Windows 10, version 2004. Optional. Determines the full version (X.Y.Z where X, Y, and Z are the major version, the minor version, and the service indicator, respectively) of the SUPL protocol to use. The default is 1.0.0. If FullVersion is defined, Version field is ignored. -**MCCMNCPairs** +**MCCMNCPairs** Required. List all of the MCC and MNC pairs owned by the mobile operator. This list is used to verify that the UICC matches the network and SUPL can be used. When the UICC and network don't match, the device uses the default location service and doesn't use SUPL. This value is a string with the format `(X1, Y1)(X2, Y2)…(Xn, Yn)`, in which `X` is an MCC and `Y` is an MNC. For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. -**HighAccPositioningMethod** +**HighAccPositioningMethod** Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers: |Value|Description| @@ -127,7 +127,7 @@ The default is 0. The default method in Windows devices provides high-quality as For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. -**LocMasterSwitchDependencyNII** +**LocMasterSwitchDependencyNII** Optional. Boolean. Specifies whether the location toggle on the **location** screen in **Settings** is also used to manage SUPL network-initiated (NI) requests for location. If the value is set to 0, the NI behavior is independent from the current location toggle setting. If the value is set to 1, the NI behavior follows the current location toggle setting. The default value is 1. This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used. @@ -155,78 +155,78 @@ When the location toggle is set to Off and this value is set to 0, the location For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. -**NIDefaultTimeout** +**NIDefaultTimeout** Optional. Time in seconds. It defines that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended. This value manages the settings for SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL, then these values will differ, and the SUPL setting will always be used. -**ServerAccessInterval** +**ServerAccessInterval** Optional. Integer. Defines the minimum interval of time in seconds between mobile originated requests sent to the server to prevent overloading the mobile operator's network. The default value is 60. -**RootCertificate** +**RootCertificate** Required. Specifies the root certificate for the H-SLP server. Windows doesn't support a non-secure mode. If this node isn't included, the configuration service provider will fail but may not return a specific error. -**RootCertificate/Name** +**RootCertificate/Name** Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer. -**RootCertificate/Data** +**RootCertificate/Data** The base 64 encoded blob of the H-SLP root certificate. -**RootCertificate2** +**RootCertificate2** Specifies the root certificate for the H-SLP server. -**RootCertificate2/Name** +**RootCertificate2/Name** Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer. -**RootCertificate2/Data** +**RootCertificate2/Data** The base 64 encoded blob of the H-SLP root certificate. -**RootCertificate3** +**RootCertificate3** Specifies the root certificate for the H-SLP server. -**RootCertificate3/Name** +**RootCertificate3/Name** Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer. -**RootCertificate3/Data** +**RootCertificate3/Data** The base 64 encoded blob of the H-SLP root certificate. -**RootCertificate4** +**RootCertificate4** Added in Windows 10, version 1809. Specifies the root certificate for the H-SLP server. -**RootCertificate4/Name** +**RootCertificate4/Name** Added in Windows 10, version 1809. Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer. -**RootCertificate4/Data** +**RootCertificate4/Data** Added in Windows 10, version 1809. The base 64 encoded blob of the H-SLP root certificate. -**RootCertificate5** +**RootCertificate5** Added in Windows 10, version 1809. Specifies the root certificate for the H-SLP server. -**RootCertificate5/Name** +**RootCertificate5/Name** Added in Windows 10, version 1809. Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer. -**RootCertificate5/Data** +**RootCertificate5/Data** Added in Windows 10, version 1809. The base 64 encoded blob of the H-SLP root certificate. -**RootCertificate6** +**RootCertificate6** Added in Windows 10, version 1809. Specifies the root certificate for the H-SLP server. -**RootCertificate6/Name** +**RootCertificate6/Name** Added in Windows 10, version 1809. Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer. -**RootCertificate6/Data** +**RootCertificate6/Data** Added in Windows 10, version 1809. The base 64 encoded blob of the H-SLP root certificate. -**V2UPL1** +**V2UPL1** Required for V2 UPL for CDMA. Specifies the account settings for user plane location and IS-801 for CDMA. Only one account is supported at a given time. -**MPC** +**MPC** Optional. Specifies the address of the mobile positioning center (MPC), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter is mandatory and the PDE parameter must be empty. -**PDE** +**PDE** Optional. Specifies the address of the Position Determination Entity (PDE), in the format *ipAddress*: *portNumber*. For non-trusted mode of operation, this parameter must be empty. -**PositioningMethod\_MR** +**PositioningMethod\_MR** Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers: |Value|Description| @@ -245,7 +245,7 @@ The default is 0. The default method provides high-quality assisted GNSS positio   For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. -**LocMasterSwitchDependencyNII** +**LocMasterSwitchDependencyNII** Optional. Boolean. Specifies whether the location toggle on the **location** screen in **Settings** is also used to manage network-initiated requests for location. If the value is set to 0, the NI behavior is independent from the current location toggle setting. If the value is set to 1, the NI behavior follows the current location toggle setting. For CDMA devices, this value must be set to 1. The default value is 1. This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL, then these values will differ, and the SUPL setting will always be used. @@ -273,15 +273,15 @@ When the location toggle is set to Off and this value is set to 0, the location For OMA DM, if the format for this node is incorrect then an entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. -**ApplicationTypeIndicator\_MR** +**ApplicationTypeIndicator\_MR** Required. This value must always be set to `00000011`. -**NIDefaultTimeout** +**NIDefaultTimeout** Optional. Time in seconds. It defines that the network-initiated location request is displayed to the user, while awaiting a response and before doing the default action. The default is 30 seconds. A value between 20 and 60 seconds is recommended. This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL, then these values will differ, and the SUPL setting will always be used. -**ServerAccessInterval** +**ServerAccessInterval** Optional. Integer. Defines the minimum interval of time in seconds between mobile originated requests sent to the server to prevent overloading the mobile operator's network. The default value is 60. ## Unsupported Nodes @@ -447,4 +447,4 @@ The following table shows the Microsoft custom elements that this configuration   ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index 62a7531702..6ddf560abe 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -1,7 +1,7 @@ --- title: SUPL DDF file description: This topic shows the OMA DM device description framework (DDF) for the SUPL configuration service provider. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 06/03/2020 This topic shows the OMA DM device description framework (DDF) for the **SUPL** configuration service provider (CSP). -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the DDF for the current version for this CSP. diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index a7ea49f35d..60c07c552b 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -1,7 +1,7 @@ --- title: SurfaceHub CSP description: The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -73,7 +73,7 @@ SurfaceHub --------WorkspaceKey ``` -**./Vendor/MSFT/SurfaceHub** +**./Vendor/MSFT/SurfaceHub** The root node for the Surface Hub configuration service provider. **DeviceAccount** @@ -158,35 +158,35 @@ Domain of the device account when you're using Active Directory. To use a device Username of the device account when you're using Active Directory. To use a device account from Active Directory, you should specify both DomainName and UserName for the device account. -- The data type is string. +- The data type is string. - Supported operation is Get and Replace. **DeviceAccount/UserPrincipalName** User principal name (UPN) of the device account. To use a device account from Azure Active Directory or a hybrid deployment, you should specify the UPN of the device account. -- The data type is string. +- The data type is string. - Supported operation is Get and Replace. **DeviceAccount/SipAddress** Session Initiation Protocol (SIP) address of the device account. Normally, the device will try to auto-discover the SIP. This field is only required if auto-discovery fails. -- The data type is string. +- The data type is string. - Supported operation is Get and Replace. **DeviceAccount/Password** Password for the device account. -- The data type is string. +- The data type is string. - Supported operation is Get and Replace. The operation Get is allowed, but it will always return a blank. **DeviceAccount/ValidateAndCommit** This method validates the data provided and then commits the changes. -- The data type is string. +- The data type is string. - Supported operation is Execute. **DeviceAccount/Email** @@ -204,28 +204,28 @@ Valid values: - 1 - disabled It performs the following: -- The data type is integer. +- The data type is integer. - Supported operation is Get and Replace. **DeviceAccount/ExchangeServer** Exchange server of the device account. Normally, the device will try to auto-discover the Exchange server. This field is only required if auto-discovery fails. -- The data type is string. +- The data type is string. - Supported operation is Get and Replace. **DeviceAccount/ExchangeModernAuthEnabled** Added in KB4598291 for Windows 10, version 20H2. Specifies, whether Device Account calendar sync will attempt to use token-based Modern Authentication to connect to the Exchange Server. Default value is True. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **DeviceAccount/CalendarSyncEnabled** Specifies, whether calendar sync and other Exchange server services is enabled. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **DeviceAccount/ErrorContext** @@ -252,14 +252,14 @@ Node for maintenance schedule. Specifies the start time for maintenance hours in minutes from midnight. For example, to set a 2:00 am start time, set this value to 120. -- The data type is integer. +- The data type is integer. - Supported operation is Get and Replace. **MaintenanceHoursSimple/Hours/Duration** Specifies the duration of maintenance window in minutes. For example, to set a 3-hour duration, set this value to 180. -- The data type is integer. +- The data type is integer. - Supported operation is Get and Replace. **InBoxApps** @@ -274,7 +274,7 @@ Added in Windows 10, version 1703. Node for the Skype for Business settings. Added in Windows 10, version 1703. Specifies the domain of the Skype for Business account when you're using Active Directory. For more information, see Set up Skype for Business Online. -- The data type is string. +- The data type is string. - Supported operation is Get and Replace. **InBoxApps/Welcome** @@ -284,14 +284,14 @@ Node for the welcome screen. Automatically turn on the screen using motion sensors. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **InBoxApps/Welcome/CurrentBackgroundPath** Download location for image, to be used as the background during user sessions and on the welcome screen. To set this location, specify an https URL to a 32-bit PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, ensure they're valid and installed on the Hub. Otherwise, it may not be able to load the image. -- The data type is string. +- The data type is string. - Supported operation is Get and Replace. **InBoxApps/Welcome/MeetingInfoOption** @@ -304,7 +304,7 @@ Valid values: - 1 - Organizer, time, and subject. Subject is hidden in private meetings. It performs the following: -- The data type is integer. +- The data type is integer. - Supported operation is Get and Replace. **InBoxApps/Whiteboard** @@ -315,21 +315,21 @@ Node for the Whiteboard app settings. Invitations to collaborate from the Whiteboard app aren't allowed. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **InBoxApps/Whiteboard/SigninDisabled** Sign-ins from the Whiteboard app aren't allowed. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **InBoxApps/Whiteboard/TelemeteryDisabled** Telemetry collection from the Whiteboard app isn't allowed. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **InBoxApps/WirelessProjection** @@ -340,14 +340,14 @@ Node for the wireless projector app settings. Users must enter a PIN to wireless project to the device. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **InBoxApps/WirelessProjection/Enabled** Enables wireless projection to the device. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **InBoxApps/WirelessProjection/Channel** @@ -362,7 +362,7 @@ Wireless channel to use for Miracast operation. The supported channels are defin The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly, the driver will either not boot or will broadcast on the wrong channel (which senders won't be looking for). -- The data type is integer. +- The data type is integer. - Supported operation is Get and Replace. **InBoxApps/Connect** @@ -375,7 +375,7 @@ Added in Windows 10, version 1703. Specifies, whether to automatically launch th If this setting is true, the Connect app will be automatically launched. If false, the user will need to launch the Connect app manually from the Hub’s settings. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **Properties** @@ -386,21 +386,21 @@ Node for the device properties. Friendly name of the device. Specifies the name that users see when they want wireless project to the device. -- The data type is string. +- The data type is string. - Supported operation is Get and Replace. **Properties/DefaultVolume** Added in Windows 10, version 1703. Specifies the default volume value for a new session. Permitted values are 0-100. The default is 45. -- The data type is integer. +- The data type is integer. - Supported operation is Get and Replace. **Properties/DefaultAutomaticFraming** Added in KB5010415 for Windows 10, version 20H2. Specifies whether the Surface Hub 2 Smart Camera feature to automatically zoom and keep users centered in the video is enabled. Default value is True. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **Properties/ScreenTimeout** @@ -424,7 +424,7 @@ The following table shows the permitted values. |240|4 hours| It performs the following: -- The data type is integer. +- The data type is integer. - Supported operation is Get and Replace. **Properties/SessionTimeout** @@ -448,7 +448,7 @@ The following table shows the permitted values. |240|4 hours| It performs the following: -- The data type is integer. +- The data type is integer. - Supported operation is Get and Replace. **Properties/SleepTimeout** @@ -472,7 +472,7 @@ The following table shows the permitted values. |240|4 hours| It performs the following: -- The data type is integer. +- The data type is integer. - Supported operation is Get and Replace. **Properties/SleepMode** @@ -485,7 +485,7 @@ Valid values: - 1 - Hibernate It performs the following: -- The data type is integer. +- The data type is integer. - Supported operation is Get and Replace. **Properties/AllowSessionResume** @@ -494,7 +494,7 @@ Added in Windows 10, version 1703. Specifies whether to allow the ability to res If this setting is true, the "Resume Session" feature will be available on the welcome screen when the screen is idle. If false, once the screen idles, the session will be automatically cleaned up as if the “End Session" feature was initiated. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **Properties/AllowAutoProxyAuth** @@ -503,14 +503,14 @@ Added in Windows 10, version 1703. Specifies whether to use the device account f If this setting is true, the device account will be used for proxy authentication. If false, a separate account will be used. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **Properties/ProxyServers** Added in KB4499162 for Windows 10, version 1703. Specifies hostnames of proxy servers to automatically provide device account credentials to before any user interaction (if AllowAutoProxyAuth is enabled). This is a semi-colon separated list of server names (FQDN), without any extra prefixes (for example, https://). -- The data type is string. +- The data type is string. - Supported operation is Get and Replace. **Properties/DisableSigninSuggestions** @@ -519,7 +519,7 @@ Added in Windows 10, version 1703. Specifies whether to disable auto-populating If this setting is true, the sign-in dialog won't be populated. If false, the dialog will auto-populate. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **Properties/DoNotShowMyMeetingsAndFiles** @@ -528,7 +528,7 @@ Added in Windows 10, version 1703. Specifies whether to disable the "My mee If this setting is true, the “My meetings and files” feature won't be shown. When false, the “My meetings and files” feature will be shown. -- The data type is boolean. +- The data type is boolean. - Supported operation is Get and Replace. **MOMAgent** @@ -539,16 +539,16 @@ Node for the Microsoft Operations Management Suite. GUID identifying the Microsoft Operations Management Suite workspace ID to collect the data. Set this GUID to an empty string to disable the MOM agent. -- The data type is string. +- The data type is string. - Supported operation is Get and Replace. -**MOMAgent/WorkspaceKey** +**MOMAgent/WorkspaceKey** Primary key for authenticating with the workspace. -- The data type is string. +- The data type is string. - Supported operation is Get and Replace. The Get operation is allowed, but it will always return an empty string. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md index 3f66986007..19363a0c32 100644 --- a/windows/client-management/mdm/surfacehub-ddf-file.md +++ b/windows/client-management/mdm/surfacehub-ddf-file.md @@ -1,7 +1,7 @@ --- title: SurfaceHub DDF file description: This topic shows the OMA DM device description framework (DDF) for the SurfaceHub configuration service provider. This CSP was added in Windows 10, version 1511. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the SurfaceHub configuration service provider. This CSP was added in Windows 10, version 1511. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md index c271871ce1..e44dd9087b 100644 --- a/windows/client-management/mdm/tenantlockdown-csp.md +++ b/windows/client-management/mdm/tenantlockdown-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/13/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -38,22 +38,22 @@ The following example shows the TenantLockdown configuration service provider in TenantLockdown ----RequireNetworkInOOBE ``` -**./Vendor/MSFT/TenantLockdown** +**./Vendor/MSFT/TenantLockdown** The root node for the TenantLockdown configuration service provider. -**RequireNetworkInOOBE** +**RequireNetworkInOOBE** Specifies whether a network connection is required during the out-of-box experience (OOBE) at first logon. When RequireNetworkInOOBE is true, when the device goes through OOBE at first sign in or after a reset, the user is required to choose a network before proceeding. There's no "skip for now" option. -- Value type is bool. +- Value type is bool. - Supported operations are Get and Replace. - - True - Require network in OOBE. + - True - Require network in OOBE. - False - No network connection requirement in OOBE. Example scenario: Henry is the IT admin at Contoso. He deploys 1000 devices successfully with RequireNetworkInOOBE set to true. When users accidentally or intentionally reset their device, they are required to connect to a network before they can proceed. Upon successful connection, users see the Contoso branded sign-in experience where they must use their Azure AD credentials. There is no option to skip the network connection and create a local account. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md index 12dc9f5348..20ef115f73 100644 --- a/windows/client-management/mdm/tenantlockdown-ddf.md +++ b/windows/client-management/mdm/tenantlockdown-ddf.md @@ -7,18 +7,18 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 08/13/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- -# TenantLockdown DDF file +# TenantLockdown DDF file > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. This topic shows the OMA DM device description framework (DDF) for the **TenantLockdown** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is for Windows 10, version 1809. diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 031dc15d89..eaea592be5 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -1,995 +1,918 @@ items: - - name: Mobile Device Management + - name: Configuration service provider reference href: index.yml + expanded: true items: - - name: Overview - items: - - name: MDM overview - href: mdm-overview.md - - name: What's new in MDM enrollment and management - href: new-in-windows-mdm-enrollment-management.md - - name: Change history for MDM documentation - href: change-history-for-mdm-documentation.md - - name: Azure Active Directory integration with MDM - href: azure-active-directory-integration-with-mdm.md - items: - - name: Add an Azure AD tenant and Azure AD subscription - href: add-an-azure-ad-tenant-and-azure-ad-subscription.md - - name: Register your free Azure Active Directory subscription - href: register-your-free-azure-active-directory-subscription.md - - name: Device enrollment - href: mobile-device-enrollment.md - items: - - name: MDM enrollment of Windows devices - href: mdm-enrollment-of-windows-devices.md - - name: "Azure AD and Microsoft Intune: Automatic MDM enrollment" - href: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md - - name: Enroll a Windows 10 device automatically using Group Policy - href: enroll-a-windows-10-device-automatically-using-group-policy.md - - name: Bulk enrollment - href: bulk-enrollment-using-windows-provisioning-tool.md - - name: Federated authentication device enrollment - href: federated-authentication-device-enrollment.md - - name: Certificate authentication device enrollment - href: certificate-authentication-device-enrollment.md - - name: On-premises authentication device enrollment - href: on-premise-authentication-device-enrollment.md - - name: Disconnecting a device from MDM (unenrollment) - href: disconnecting-from-mdm-unenrollment.md - - name: Understanding ADMX policies - href: understanding-admx-backed-policies.md - items: - - name: Enable ADMX policies in MDM - href: enable-admx-backed-policies-in-mdm.md - - name: Win32 and Desktop Bridge app policy configuration - href: win32-and-centennial-app-policy-configuration.md - - name: Enterprise settings, policies, and app management - href: windows-mdm-enterprise-settings.md - items: - - name: Enterprise app management - href: enterprise-app-management.md - items: - - name: Deploy and configure App-V apps using MDM - href: appv-deploy-and-config.md - - name: Management tool for the Microsoft Store for Business - href: management-tool-for-windows-store-for-business.md - - name: REST API reference for Microsoft Store for Business - href: rest-api-reference-windows-store-for-business.md - items: - - name: Data structures for Microsoft Store for Business - href: data-structures-windows-store-for-business.md - - name: Get Inventory - href: get-inventory.md - - name: Get product details - href: get-product-details.md - - name: Get localized product details - href: get-localized-product-details.md - - name: Get offline license - href: get-offline-license.md - - name: Get product packages - href: get-product-packages.md - - name: Get product package - href: get-product-package.md - - name: Get seats - href: get-seats.md - - name: Get seat - href: get-seat.md - - name: Assign seats - href: assign-seats.md - - name: Reclaim seat from user - href: reclaim-seat-from-user.md - - name: Bulk assign and reclaim seats from users - href: bulk-assign-and-reclaim-seats-from-user.md - - name: Get seats assigned to a user - href: get-seats-assigned-to-a-user.md - - name: Mobile device management (MDM) for device updates - href: device-update-management.md - - name: Secured-Core PC Configuration Lock - href: config-lock.md - - name: Certificate renewal - href: certificate-renewal-windows-mdm.md + - name: Device description framework (DDF) files + href: configuration-service-provider-ddf.md + - name: Support scenarios + href: configuration-service-provider-support.md + - name: WMI Bridge provider + items: - name: Using PowerShell scripting with the WMI Bridge Provider - href: using-powershell-scripting-with-the-wmi-bridge-provider.md + href: ../using-powershell-scripting-with-the-wmi-bridge-provider.md - name: WMI providers supported in Windows 10 - href: wmi-providers-supported-in-windows.md - - name: Diagnose MDM failures in Windows 10 - href: diagnose-mdm-failures-in-windows-10.md - - name: Push notification support for device management - href: push-notification-windows-mdm.md - - name: MAM support for device management - href: implement-server-side-mobile-application-management.md - - name: OMA DM protocol support - href: oma-dm-protocol-support.md + href: ../wmi-providers-supported-in-windows.md + - name: Understanding ADMX policies + href: ../understanding-admx-backed-policies.md + items: + - name: Enable ADMX policies in MDM + href: ../enable-admx-backed-policies-in-mdm.md + - name: Win32 and Desktop Bridge app policy configuration + href: ../win32-and-centennial-app-policy-configuration.md + - name: OMA DM protocol support + href: ../oma-dm-protocol-support.md + items: + - name: Structure of OMA DM provisioning files + href: ../structure-of-oma-dm-provisioning-files.md + - name: Server requirements for OMA DM + href: ../server-requirements-windows-mdm.md + - name: Configuration service providers (CSPs) + expanded: true + items: + - name: Policy + href: policy-configuration-service-provider.md items: - - name: Structure of OMA DM provisioning files - href: structure-of-oma-dm-provisioning-files.md - - name: Server requirements for OMA DM - href: server-requirements-windows-mdm.md - - name: DMProcessConfigXMLFiltered - href: dmprocessconfigxmlfiltered.md - - name: Configuration service provider reference - href: configuration-service-provider-reference.md + - name: Policy CSP DDF file + href: policy-ddf-file.md + - name: Policy CSP support scenarios + items: + - name: ADMX policies in Policy CSP + href: policies-in-policy-csp-admx-backed.md + - name: Policies in Policy CSP supported by Group Policy + href: policies-in-policy-csp-supported-by-group-policy.md + - name: Policies in Policy CSP supported by HoloLens 2 + href: policies-in-policy-csp-supported-by-hololens2.md + - name: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite + href: policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md + - name: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition + href: policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md + - name: Policies in Policy CSP supported by Windows 10 IoT Core + href: policies-in-policy-csp-supported-by-iot-core.md + - name: Policies in Policy CSP supported by Microsoft Surface Hub + href: policies-in-policy-csp-supported-by-surface-hub.md + - name: Policy CSPs that can be set using Exchange Active Sync (EAS) + href: policies-in-policy-csp-that-can-be-set-using-eas.md + - name: Policy CSP areas + expanded: true + items: + - name: AboveLock + href: policy-csp-abovelock.md + - name: Accounts + href: policy-csp-accounts.md + - name: ActiveXControls + href: policy-csp-activexcontrols.md + - name: ADMX_ActiveXInstallService + href: policy-csp-admx-activexinstallservice.md + - name: ADMX_AddRemovePrograms + href: policy-csp-admx-addremoveprograms.md + - name: ADMX_AdmPwd + href: policy-csp-admx-admpwd.md + - name: ADMX_AppCompat + href: policy-csp-admx-appcompat.md + - name: ADMX_AppxPackageManager + href: policy-csp-admx-appxpackagemanager.md + - name: ADMX_AppXRuntime + href: policy-csp-admx-appxruntime.md + - name: ADMX_AttachmentManager + href: policy-csp-admx-attachmentmanager.md + - name: ADMX_AuditSettings + href: policy-csp-admx-auditsettings.md + - name: ADMX_Bits + href: policy-csp-admx-bits.md + - name: ADMX_CipherSuiteOrder + href: policy-csp-admx-ciphersuiteorder.md + - name: ADMX_COM + href: policy-csp-admx-com.md + - name: ADMX_ControlPanel + href: policy-csp-admx-controlpanel.md + - name: ADMX_ControlPanelDisplay + href: policy-csp-admx-controlpaneldisplay.md + - name: ADMX_Cpls + href: policy-csp-admx-cpls.md + - name: ADMX_CredentialProviders + href: policy-csp-admx-credentialproviders.md + - name: ADMX_CredSsp + href: policy-csp-admx-credssp.md + - name: ADMX_CredUI + href: policy-csp-admx-credui.md + - name: ADMX_CtrlAltDel + href: policy-csp-admx-ctrlaltdel.md + - name: ADMX_DataCollection + href: policy-csp-admx-datacollection.md + - name: ADMX_DCOM + href: policy-csp-admx-dcom.md + - name: ADMX_Desktop + href: policy-csp-admx-desktop.md + - name: ADMX_DeviceCompat + href: policy-csp-admx-devicecompat.md + - name: ADMX_DeviceGuard + href: policy-csp-admx-deviceguard.md + - name: ADMX_DeviceInstallation + href: policy-csp-admx-deviceinstallation.md + - name: ADMX_DeviceSetup + href: policy-csp-admx-devicesetup.md + - name: ADMX_DFS + href: policy-csp-admx-dfs.md + - name: ADMX_DigitalLocker + href: policy-csp-admx-digitallocker.md + - name: ADMX_DiskDiagnostic + href: policy-csp-admx-diskdiagnostic.md + - name: ADMX_DistributedLinkTracking + href: policy-csp-admx-distributedlinktracking.md + - name: ADMX_DnsClient + href: policy-csp-admx-dnsclient.md + - name: ADMX_DWM + href: policy-csp-admx-dwm.md + - name: ADMX_EAIME + href: policy-csp-admx-eaime.md + - name: ADMX_EncryptFilesonMove + href: policy-csp-admx-encryptfilesonmove.md + - name: ADMX_EventLogging + href: policy-csp-admx-eventlogging.md + - name: ADMX_EnhancedStorage + href: policy-csp-admx-enhancedstorage.md + - name: ADMX_ErrorReporting + href: policy-csp-admx-errorreporting.md + - name: ADMX_EventForwarding + href: policy-csp-admx-eventforwarding.md + - name: ADMX_EventLog + href: policy-csp-admx-eventlog.md + - name: ADMX_EventViewer + href: policy-csp-admx-eventviewer.md + - name: ADMX_Explorer + href: policy-csp-admx-explorer.md + - name: ADMX_ExternalBoot + href: policy-csp-admx-externalboot.md + - name: ADMX_FileRecovery + href: policy-csp-admx-filerecovery.md + - name: ADMX_FileRevocation + href: policy-csp-admx-filerevocation.md + - name: ADMX_FileServerVSSProvider + href: policy-csp-admx-fileservervssprovider.md + - name: ADMX_FileSys + href: policy-csp-admx-filesys.md + - name: ADMX_FolderRedirection + href: policy-csp-admx-folderredirection.md + - name: ADMX_FramePanes + href: policy-csp-admx-framepanes.md + - name: ADMX_FTHSVC + href: policy-csp-admx-fthsvc.md + - name: ADMX_Globalization + href: policy-csp-admx-globalization.md + - name: ADMX_GroupPolicy + href: policy-csp-admx-grouppolicy.md + - name: ADMX_Help + href: policy-csp-admx-help.md + - name: ADMX_HelpAndSupport + href: policy-csp-admx-helpandsupport.md + - name: ADMX_HotSpotAuth + href: policy-csp-admx-hotspotauth.md + - name: ADMX_ICM + href: policy-csp-admx-icm.md + - name: ADMX_IIS + href: policy-csp-admx-iis.md + - name: ADMX_iSCSI + href: policy-csp-admx-iscsi.md + - name: ADMX_kdc + href: policy-csp-admx-kdc.md + - name: ADMX_Kerberos + href: policy-csp-admx-kerberos.md + - name: ADMX_LanmanServer + href: policy-csp-admx-lanmanserver.md + - name: ADMX_LanmanWorkstation + href: policy-csp-admx-lanmanworkstation.md + - name: ADMX_LeakDiagnostic + href: policy-csp-admx-leakdiagnostic.md + - name: ADMX_LinkLayerTopologyDiscovery + href: policy-csp-admx-linklayertopologydiscovery.md + - name: ADMX_LocationProviderAdm + href: policy-csp-admx-locationprovideradm.md + - name: ADMX_Logon + href: policy-csp-admx-logon.md + - name: ADMX_MicrosoftDefenderAntivirus + href: policy-csp-admx-microsoftdefenderantivirus.md + - name: ADMX_MMC + href: policy-csp-admx-mmc.md + - name: ADMX_MMCSnapins + href: policy-csp-admx-mmcsnapins.md + - name: ADMX_MobilePCMobilityCenter + href: policy-csp-admx-mobilepcmobilitycenter.md + - name: ADMX_MobilePCPresentationSettings + href: policy-csp-admx-mobilepcpresentationsettings.md + - name: ADMX_MSAPolicy + href: policy-csp-admx-msapolicy.md + - name: ADMX_msched + href: policy-csp-admx-msched.md + - name: ADMX_MSDT + href: policy-csp-admx-msdt.md + - name: ADMX_MSI + href: policy-csp-admx-msi.md + - name: ADMX_MsiFileRecovery + href: policy-csp-admx-msifilerecovery.md + - name: ADMX_nca + href: policy-csp-admx-nca.md + - name: ADMX_NCSI + href: policy-csp-admx-ncsi.md + - name: ADMX_Netlogon + href: policy-csp-admx-netlogon.md + - name: ADMX_NetworkConnections + href: policy-csp-admx-networkconnections.md + - name: ADMX_OfflineFiles + href: policy-csp-admx-offlinefiles.md + - name: ADMX_pca + href: policy-csp-admx-pca.md + - name: ADMX_PeerToPeerCaching + href: policy-csp-admx-peertopeercaching.md + - name: ADMX_PenTraining + href: policy-csp-admx-pentraining.md + - name: ADMX_PerformanceDiagnostics + href: policy-csp-admx-performancediagnostics.md + - name: ADMX_Power + href: policy-csp-admx-power.md + - name: ADMX_PowerShellExecutionPolicy + href: policy-csp-admx-powershellexecutionpolicy.md + - name: ADMX_PreviousVersions + href: policy-csp-admx-previousversions.md + - name: ADMX_Printing + href: policy-csp-admx-printing.md + - name: ADMX_Printing2 + href: policy-csp-admx-printing2.md + - name: ADMX_Programs + href: policy-csp-admx-programs.md + - name: ADMX_Reliability + href: policy-csp-admx-reliability.md + - name: ADMX_RemoteAssistance + href: policy-csp-admx-remoteassistance.md + - name: ADMX_RemovableStorage + href: policy-csp-admx-removablestorage.md + - name: ADMX_RPC + href: policy-csp-admx-rpc.md + - name: ADMX_Scripts + href: policy-csp-admx-scripts.md + - name: ADMX_sdiageng + href: policy-csp-admx-sdiageng.md + - name: ADMX_sdiagschd + href: policy-csp-admx-sdiagschd.md + - name: ADMX_Securitycenter + href: policy-csp-admx-securitycenter.md + - name: ADMX_Sensors + href: policy-csp-admx-sensors.md + - name: ADMX_ServerManager + href: policy-csp-admx-servermanager.md + - name: ADMX_Servicing + href: policy-csp-admx-servicing.md + - name: ADMX_SettingSync + href: policy-csp-admx-settingsync.md + - name: ADMX_SharedFolders + href: policy-csp-admx-sharedfolders.md + - name: ADMX_Sharing + href: policy-csp-admx-sharing.md + - name: ADMX_ShellCommandPromptRegEditTools + href: policy-csp-admx-shellcommandpromptregedittools.md + - name: ADMX_Smartcard + href: policy-csp-admx-smartcard.md + - name: ADMX_Snmp + href: policy-csp-admx-snmp.md + - name: ADMX_StartMenu + href: policy-csp-admx-startmenu.md + - name: ADMX_SystemRestore + href: policy-csp-admx-systemrestore.md + - name: ADMX_TabletShell + href: policy-csp-admx-tabletshell.md + - name: ADMX_Taskbar + href: policy-csp-admx-taskbar.md + - name: ADMX_tcpip + href: policy-csp-admx-tcpip.md + - name: ADMX_TerminalServer + href: policy-csp-admx-terminalserver.md + - name: ADMX_Thumbnails + href: policy-csp-admx-thumbnails.md + - name: ADMX_TouchInput + href: policy-csp-admx-touchinput.md + - name: ADMX_TPM + href: policy-csp-admx-tpm.md + - name: ADMX_UserExperienceVirtualization + href: policy-csp-admx-userexperiencevirtualization.md + - name: ADMX_UserProfiles + href: policy-csp-admx-userprofiles.md + - name: ADMX_W32Time + href: policy-csp-admx-w32time.md + - name: ADMX_WCM + href: policy-csp-admx-wcm.md + - name: ADMX_WDI + href: policy-csp-admx-wdi.md + - name: ADMX_WinCal + href: policy-csp-admx-wincal.md + - name: ADMX_WindowsConnectNow + href: policy-csp-admx-windowsconnectnow.md + - name: ADMX_WindowsExplorer + href: policy-csp-admx-windowsexplorer.md + - name: ADMX_WindowsMediaDRM + href: policy-csp-admx-windowsmediadrm.md + - name: ADMX_WindowsMediaPlayer + href: policy-csp-admx-windowsmediaplayer.md + - name: ADMX_WindowsRemoteManagement + href: policy-csp-admx-windowsremotemanagement.md + - name: ADMX_WindowsStore + href: policy-csp-admx-windowsstore.md + - name: ADMX_WinInit + href: policy-csp-admx-wininit.md + - name: ADMX_WinLogon + href: policy-csp-admx-winlogon.md + - name: ADMX-Winsrv + href: policy-csp-admx-winsrv.md + - name: ADMX_wlansvc + href: policy-csp-admx-wlansvc.md + - name: ADMX_WordWheel + href: policy-csp-admx-wordwheel.md + - name: ADMX_WorkFoldersClient + href: policy-csp-admx-workfoldersclient.md + - name: ADMX_WPN + href: policy-csp-admx-wpn.md + - name: ApplicationDefaults + href: policy-csp-applicationdefaults.md + - name: ApplicationManagement + href: policy-csp-applicationmanagement.md + - name: AppRuntime + href: policy-csp-appruntime.md + - name: AppVirtualization + href: policy-csp-appvirtualization.md + - name: AttachmentManager + href: policy-csp-attachmentmanager.md + - name: Audit + href: policy-csp-audit.md + - name: Authentication + href: policy-csp-authentication.md + - name: Autoplay + href: policy-csp-autoplay.md + - name: BitLocker + href: policy-csp-bitlocker.md + - name: BITS + href: policy-csp-bits.md + - name: Bluetooth + href: policy-csp-bluetooth.md + - name: Browser + href: policy-csp-browser.md + - name: Camera + href: policy-csp-camera.md + - name: Cellular + href: policy-csp-cellular.md + - name: Connectivity + href: policy-csp-connectivity.md + - name: ControlPolicyConflict + href: policy-csp-controlpolicyconflict.md + - name: CredentialsDelegation + href: policy-csp-credentialsdelegation.md + - name: CredentialProviders + href: policy-csp-credentialproviders.md + - name: CredentialsUI + href: policy-csp-credentialsui.md + - name: Cryptography + href: policy-csp-cryptography.md + - name: DataProtection + href: policy-csp-dataprotection.md + - name: DataUsage + href: policy-csp-datausage.md + - name: Defender + href: policy-csp-defender.md + - name: DeliveryOptimization + href: policy-csp-deliveryoptimization.md + - name: Desktop + href: policy-csp-desktop.md + - name: DesktopAppInstaller + href: policy-csp-desktopappinstaller.md + - name: DeviceGuard + href: policy-csp-deviceguard.md + - name: DeviceHealthMonitoring + href: policy-csp-devicehealthmonitoring.md + - name: DeviceInstallation + href: policy-csp-deviceinstallation.md + - name: DeviceLock + href: policy-csp-devicelock.md + - name: Display + href: policy-csp-display.md + - name: DmaGuard + href: policy-csp-dmaguard.md + - name: EAP + href: policy-csp-eap.md + - name: Education + href: policy-csp-education.md + - name: EnterpriseCloudPrint + href: policy-csp-enterprisecloudprint.md + - name: ErrorReporting + href: policy-csp-errorreporting.md + - name: EventLogService + href: policy-csp-eventlogservice.md + - name: Experience + href: policy-csp-experience.md + - name: ExploitGuard + href: policy-csp-exploitguard.md + - name: Feeds + href: policy-csp-feeds.md + - name: FileExplorer + href: policy-csp-fileexplorer.md + - name: Games + href: policy-csp-games.md + - name: Handwriting + href: policy-csp-handwriting.md + - name: HumanPresence + href: policy-csp-humanpresence.md + - name: InternetExplorer + href: policy-csp-internetexplorer.md + - name: Kerberos + href: policy-csp-kerberos.md + - name: KioskBrowser + href: policy-csp-kioskbrowser.md + - name: LanmanWorkstation + href: policy-csp-lanmanworkstation.md + - name: Licensing + href: policy-csp-licensing.md + - name: LocalPoliciesSecurityOptions + href: policy-csp-localpoliciessecurityoptions.md + - name: LocalSecurityAuthority + href: policy-csp-lsa.md + - name: LocalUsersAndGroups + href: policy-csp-localusersandgroups.md + - name: LockDown + href: policy-csp-lockdown.md + - name: Maps + href: policy-csp-maps.md + - name: MemoryDump + href: policy-csp-memorydump.md + - name: Messaging + href: policy-csp-messaging.md + - name: MixedReality + href: policy-csp-mixedreality.md + - name: MSSecurityGuide + href: policy-csp-mssecurityguide.md + - name: MSSLegacy + href: policy-csp-msslegacy.md + - name: Multitasking + href: policy-csp-multitasking.md + - name: NetworkIsolation + href: policy-csp-networkisolation.md + - name: NetworkListManager + href: policy-csp-networklistmanager.md + - name: NewsAndInterests + href: policy-csp-newsandinterests.md + - name: Notifications + href: policy-csp-notifications.md + - name: Power + href: policy-csp-power.md + - name: Printers + href: policy-csp-printers.md + - name: Privacy + href: policy-csp-privacy.md + - name: RemoteAssistance + href: policy-csp-remoteassistance.md + - name: RemoteDesktop + href: policy-csp-remotedesktop.md + - name: RemoteDesktopServices + href: policy-csp-remotedesktopservices.md + - name: RemoteManagement + href: policy-csp-remotemanagement.md + - name: RemoteProcedureCall + href: policy-csp-remoteprocedurecall.md + - name: RemoteShell + href: policy-csp-remoteshell.md + - name: RestrictedGroups + href: policy-csp-restrictedgroups.md + - name: Search + href: policy-csp-search.md + - name: Security + href: policy-csp-security.md + - name: ServiceControlManager + href: policy-csp-servicecontrolmanager.md + - name: Settings + href: policy-csp-settings.md + - name: Speech + href: policy-csp-speech.md + - name: Start + href: policy-csp-start.md + - name: Storage + href: policy-csp-storage.md + - name: System + href: policy-csp-system.md + - name: SystemServices + href: policy-csp-systemservices.md + - name: TaskManager + href: policy-csp-taskmanager.md + - name: TaskScheduler + href: policy-csp-taskscheduler.md + - name: TextInput + href: policy-csp-textinput.md + - name: TimeLanguageSettings + href: policy-csp-timelanguagesettings.md + - name: Troubleshooting + href: policy-csp-troubleshooting.md + - name: Update + href: policy-csp-update.md + - name: UserRights + href: policy-csp-userrights.md + - name: VirtualizationBasedTechnology + href: policy-csp-virtualizationbasedtechnology.md + - name: WebThreatDefense + href: policy-csp-webthreatdefense.md + - name: Wifi + href: policy-csp-wifi.md + - name: WindowsAutoPilot + href: policy-csp-windowsautopilot.md + - name: WindowsConnectionManager + href: policy-csp-windowsconnectionmanager.md + - name: WindowsDefenderSecurityCenter + href: policy-csp-windowsdefendersecuritycenter.md + - name: WindowsDefenderSmartScreen + href: policy-csp-smartscreen.md + - name: WindowsInkWorkspace + href: policy-csp-windowsinkworkspace.md + - name: WindowsLogon + href: policy-csp-windowslogon.md + - name: WindowsPowerShell + href: policy-csp-windowspowershell.md + - name: WindowsSandbox + href: policy-csp-windowssandbox.md + - name: WirelessDisplay + href: policy-csp-wirelessdisplay.md + - name: AccountManagement + href: accountmanagement-csp.md items: - - name: AccountManagement CSP - href: accountmanagement-csp.md - items: - - name: AccountManagement DDF file - href: accountmanagement-ddf.md - - name: Accounts CSP - href: accounts-csp.md - items: - - name: Accounts DDF file - href: accounts-ddf-file.md - - name: ActiveSync CSP - href: activesync-csp.md - items: - - name: ActiveSync DDF file - href: activesync-ddf-file.md - - name: AllJoynManagement CSP - href: alljoynmanagement-csp.md - items: - - name: AllJoynManagement DDF - href: alljoynmanagement-ddf.md - - name: APPLICATION CSP - href: application-csp.md - - name: ApplicationControl CSP - href: applicationcontrol-csp.md - items: - - name: ApplicationControl DDF file - href: applicationcontrol-csp-ddf.md - - name: AppLocker CSP - href: applocker-csp.md - items: - - name: AppLocker DDF file - href: applocker-ddf-file.md - - name: AppLocker XSD - href: applocker-xsd.md - - name: AssignedAccess CSP - href: assignedaccess-csp.md - items: - - name: AssignedAccess DDF file - href: assignedaccess-ddf.md - - name: BitLocker CSP - href: bitlocker-csp.md - items: - - name: BitLocker DDF file - href: bitlocker-ddf-file.md - - name: CellularSettings CSP - href: cellularsettings-csp.md - - name: CertificateStore CSP - href: certificatestore-csp.md - items: - - name: CertificateStore DDF file - href: certificatestore-ddf-file.md - - name: CleanPC CSP - href: cleanpc-csp.md - items: - - name: CleanPC DDF - href: cleanpc-ddf.md - - name: ClientCertificateInstall CSP - href: clientcertificateinstall-csp.md - items: - - name: ClientCertificateInstall DDF file - href: clientcertificateinstall-ddf-file.md - - name: CM_CellularEntries CSP - href: cm-cellularentries-csp.md - - name: CMPolicy CSP - href: cmpolicy-csp.md - - name: CMPolicyEnterprise CSP - href: cmpolicyenterprise-csp.md - items: - - name: CMPolicyEnterprise DDF file - href: cmpolicyenterprise-ddf-file.md - - name: CustomDeviceUI CSP - href: customdeviceui-csp.md - items: - - name: CustomDeviceUI DDF file - href: customdeviceui-ddf.md - - name: Defender CSP - href: defender-csp.md - items: - - name: Defender DDF file - href: defender-ddf.md - - name: DevDetail CSP - href: devdetail-csp.md - items: - - name: DevDetail DDF file - href: devdetail-ddf-file.md - - name: DeveloperSetup CSP - href: developersetup-csp.md - items: - - name: DeveloperSetup DDF - href: developersetup-ddf.md - - name: DeviceLock CSP - href: devicelock-csp.md - items: - - name: DeviceLock DDF file - href: devicelock-ddf-file.md - - name: DeviceManageability CSP - href: devicemanageability-csp.md - items: - - name: DeviceManageability DDF - href: devicemanageability-ddf.md - - name: DeviceStatus CSP - href: devicestatus-csp.md - items: - - name: DeviceStatus DDF - href: devicestatus-ddf.md - - name: DevInfo CSP - href: devinfo-csp.md - items: - - name: DevInfo DDF file - href: devinfo-ddf-file.md - - name: DiagnosticLog CSP - href: diagnosticlog-csp.md - items: - - name: DiagnosticLog DDF file - href: diagnosticlog-ddf.md - - name: DMAcc CSP - href: dmacc-csp.md - items: - - name: DMAcc DDF file - href: dmacc-ddf-file.md - - name: DMClient CSP - href: dmclient-csp.md - items: - - name: DMClient DDF file - href: dmclient-ddf-file.md - - name: DMSessionActions CSP - href: dmsessionactions-csp.md - items: - - name: DMSessionActions DDF file - href: dmsessionactions-ddf.md - - name: DynamicManagement CSP - href: dynamicmanagement-csp.md - items: - - name: DynamicManagement DDF file - href: dynamicmanagement-ddf.md - - name: EMAIL2 CSP - href: email2-csp.md - items: - - name: EMAIL2 DDF file - href: email2-ddf-file.md - - name: EnrollmentStatusTracking CSP - href: enrollmentstatustracking-csp.md - items: - - name: EnrollmentStatusTracking DDF file - href: enrollmentstatustracking-csp-ddf.md - - name: EnterpriseAPN CSP - href: enterpriseapn-csp.md - items: - - name: EnterpriseAPN DDF - href: enterpriseapn-ddf.md - - name: EnterpriseAppVManagement CSP - href: enterpriseappvmanagement-csp.md - items: - - name: EnterpriseAppVManagement DDF file - href: enterpriseappvmanagement-ddf.md - - name: EnterpriseDataProtection CSP - href: enterprisedataprotection-csp.md - items: - - name: EnterpriseDataProtection DDF file - href: enterprisedataprotection-ddf-file.md - - name: EnterpriseDesktopAppManagement CSP - href: enterprisedesktopappmanagement-csp.md - items: - - name: EnterpriseDesktopAppManagement DDF - href: enterprisedesktopappmanagement-ddf-file.md - - name: EnterpriseDesktopAppManagement XSD - href: enterprisedesktopappmanagement2-xsd.md - - name: EnterpriseModernAppManagement CSP - href: enterprisemodernappmanagement-csp.md - items: - - name: EnterpriseModernAppManagement DDF - href: enterprisemodernappmanagement-ddf.md - - name: EnterpriseModernAppManagement XSD - href: enterprisemodernappmanagement-xsd.md - - name: eUICCs CSP - href: euiccs-csp.md - items: - - name: eUICCs DDF file - href: euiccs-ddf-file.md - - name: Firewall CSP - href: firewall-csp.md - items: - - name: Firewall DDF file - href: firewall-ddf-file.md - - name: HealthAttestation CSP - href: healthattestation-csp.md - items: - - name: HealthAttestation DDF - href: healthattestation-ddf.md - - name: Local Administrator Password Solution CSP - href: laps-csp.md - items: - - name: Local Administrator Password Solution DDF - href: laps-ddf-file.md - - name: MultiSIM CSP - href: multisim-csp.md - items: - - name: MultiSIM DDF file - href: multisim-ddf.md - - name: NAP CSP - href: nap-csp.md - - name: NAPDEF CSP - href: napdef-csp.md - - name: NetworkProxy CSP - href: networkproxy-csp.md - items: - - name: NetworkProxy DDF file - href: networkproxy-ddf.md - - name: NetworkQoSPolicy CSP - href: networkqospolicy-csp.md - items: - - name: NetworkQoSPolicy DDF file - href: networkqospolicy-ddf.md - - name: NodeCache CSP - href: nodecache-csp.md - items: - - name: NodeCache DDF file - href: nodecache-ddf-file.md - - name: Office CSP - href: office-csp.md - items: - - name: Office DDF - href: office-ddf.md - - name: PassportForWork CSP - href: passportforwork-csp.md - items: - - name: PassportForWork DDF file - href: passportforwork-ddf.md - - name: PersonalDataEncryption CSP - href: personaldataencryption-csp.md - items: - - name: PersonalDataEncryption DDF file - href: personaldataencryption-ddf-file.md - - name: Personalization CSP - href: personalization-csp.md - items: - - name: Personalization DDF file - href: personalization-ddf.md - - name: Policy CSP - href: policy-configuration-service-provider.md - items: - - name: Policy CSP DDF file - href: policy-ddf-file.md - - name: Policies in Policy CSP supported by Group Policy - href: policies-in-policy-csp-supported-by-group-policy.md - - name: ADMX policies in Policy CSP - href: policies-in-policy-csp-admx-backed.md - - name: Policies in Policy CSP supported by HoloLens 2 - href: policies-in-policy-csp-supported-by-hololens2.md - - name: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite - href: policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md - - name: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition - href: policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md - - name: Policies in Policy CSP supported by Windows 10 IoT Enterprise - href: ./configuration-service-provider-reference.md - - name: Policies in Policy CSP supported by Windows 10 IoT Core - href: policies-in-policy-csp-supported-by-iot-core.md - - name: Policies in Policy CSP supported by Microsoft Surface Hub - href: policies-in-policy-csp-supported-by-surface-hub.md - - name: Policy CSPs that can be set using Exchange Active Sync (EAS) - href: policies-in-policy-csp-that-can-be-set-using-eas.md - - name: AboveLock - href: policy-csp-abovelock.md - - name: Accounts - href: policy-csp-accounts.md - - name: ActiveXControls - href: policy-csp-activexcontrols.md - - name: ADMX_ActiveXInstallService - href: policy-csp-admx-activexinstallservice.md - - name: ADMX_AddRemovePrograms - href: policy-csp-admx-addremoveprograms.md - - name: ADMX_AdmPwd - href: policy-csp-admx-admpwd.md - - name: ADMX_AppCompat - href: policy-csp-admx-appcompat.md - - name: ADMX_AppxPackageManager - href: policy-csp-admx-appxpackagemanager.md - - name: ADMX_AppXRuntime - href: policy-csp-admx-appxruntime.md - - name: ADMX_AttachmentManager - href: policy-csp-admx-attachmentmanager.md - - name: ADMX_AuditSettings - href: policy-csp-admx-auditsettings.md - - name: ADMX_Bits - href: policy-csp-admx-bits.md - - name: ADMX_CipherSuiteOrder - href: policy-csp-admx-ciphersuiteorder.md - - name: ADMX_COM - href: policy-csp-admx-com.md - - name: ADMX_ControlPanel - href: policy-csp-admx-controlpanel.md - - name: ADMX_ControlPanelDisplay - href: policy-csp-admx-controlpaneldisplay.md - - name: ADMX_Cpls - href: policy-csp-admx-cpls.md - - name: ADMX_CredentialProviders - href: policy-csp-admx-credentialproviders.md - - name: ADMX_CredSsp - href: policy-csp-admx-credssp.md - - name: ADMX_CredUI - href: policy-csp-admx-credui.md - - name: ADMX_CtrlAltDel - href: policy-csp-admx-ctrlaltdel.md - - name: ADMX_DataCollection - href: policy-csp-admx-datacollection.md - - name: ADMX_DCOM - href: policy-csp-admx-dcom.md - - name: ADMX_Desktop - href: policy-csp-admx-desktop.md - - name: ADMX_DeviceCompat - href: policy-csp-admx-devicecompat.md - - name: ADMX_DeviceGuard - href: policy-csp-admx-deviceguard.md - - name: ADMX_DeviceInstallation - href: policy-csp-admx-deviceinstallation.md - - name: ADMX_DeviceSetup - href: policy-csp-admx-devicesetup.md - - name: ADMX_DFS - href: policy-csp-admx-dfs.md - - name: ADMX_DigitalLocker - href: policy-csp-admx-digitallocker.md - - name: ADMX_DiskDiagnostic - href: policy-csp-admx-diskdiagnostic.md - - name: ADMX_DistributedLinkTracking - href: policy-csp-admx-distributedlinktracking.md - - name: ADMX_DnsClient - href: policy-csp-admx-dnsclient.md - - name: ADMX_DWM - href: policy-csp-admx-dwm.md - - name: ADMX_EAIME - href: policy-csp-admx-eaime.md - - name: ADMX_EncryptFilesonMove - href: policy-csp-admx-encryptfilesonmove.md - - name: ADMX_EventLogging - href: policy-csp-admx-eventlogging.md - - name: ADMX_EnhancedStorage - href: policy-csp-admx-enhancedstorage.md - - name: ADMX_ErrorReporting - href: policy-csp-admx-errorreporting.md - - name: ADMX_EventForwarding - href: policy-csp-admx-eventforwarding.md - - name: ADMX_EventLog - href: policy-csp-admx-eventlog.md - - name: ADMX_EventViewer - href: policy-csp-admx-eventviewer.md - - name: ADMX_Explorer - href: policy-csp-admx-explorer.md - - name: ADMX_ExternalBoot - href: policy-csp-admx-externalboot.md - - name: ADMX_FileRecovery - href: policy-csp-admx-filerecovery.md - - name: ADMX_FileRevocation - href: policy-csp-admx-filerevocation.md - - name: ADMX_FileServerVSSProvider - href: policy-csp-admx-fileservervssprovider.md - - name: ADMX_FileSys - href: policy-csp-admx-filesys.md - - name: ADMX_FolderRedirection - href: policy-csp-admx-folderredirection.md - - name: ADMX_FramePanes - href: policy-csp-admx-framepanes.md - - name: ADMX_FTHSVC - href: policy-csp-admx-fthsvc.md - - name: ADMX_Globalization - href: policy-csp-admx-globalization.md - - name: ADMX_GroupPolicy - href: policy-csp-admx-grouppolicy.md - - name: ADMX_Help - href: policy-csp-admx-help.md - - name: ADMX_HelpAndSupport - href: policy-csp-admx-helpandsupport.md - - name: ADMX_HotSpotAuth - href: policy-csp-admx-hotspotauth.md - - name: ADMX_ICM - href: policy-csp-admx-icm.md - - name: ADMX_IIS - href: policy-csp-admx-iis.md - - name: ADMX_iSCSI - href: policy-csp-admx-iscsi.md - - name: ADMX_kdc - href: policy-csp-admx-kdc.md - - name: ADMX_Kerberos - href: policy-csp-admx-kerberos.md - - name: ADMX_LanmanServer - href: policy-csp-admx-lanmanserver.md - - name: ADMX_LanmanWorkstation - href: policy-csp-admx-lanmanworkstation.md - - name: ADMX_LeakDiagnostic - href: policy-csp-admx-leakdiagnostic.md - - name: ADMX_LinkLayerTopologyDiscovery - href: policy-csp-admx-linklayertopologydiscovery.md - - name: ADMX_LocationProviderAdm - href: policy-csp-admx-locationprovideradm.md - - name: ADMX_Logon - href: policy-csp-admx-logon.md - - name: ADMX_MicrosoftDefenderAntivirus - href: policy-csp-admx-microsoftdefenderantivirus.md - - name: ADMX_MMC - href: policy-csp-admx-mmc.md - - name: ADMX_MMCSnapins - href: policy-csp-admx-mmcsnapins.md - - name: ADMX_MobilePCMobilityCenter - href: policy-csp-admx-mobilepcmobilitycenter.md - - name: ADMX_MobilePCPresentationSettings - href: policy-csp-admx-mobilepcpresentationsettings.md - - name: ADMX_MSAPolicy - href: policy-csp-admx-msapolicy.md - - name: ADMX_msched - href: policy-csp-admx-msched.md - - name: ADMX_MSDT - href: policy-csp-admx-msdt.md - - name: ADMX_MSI - href: policy-csp-admx-msi.md - - name: ADMX_MsiFileRecovery - href: policy-csp-admx-msifilerecovery.md - - name: ADMX_nca - href: policy-csp-admx-nca.md - - name: ADMX_NCSI - href: policy-csp-admx-ncsi.md - - name: ADMX_Netlogon - href: policy-csp-admx-netlogon.md - - name: ADMX_NetworkConnections - href: policy-csp-admx-networkconnections.md - - name: ADMX_OfflineFiles - href: policy-csp-admx-offlinefiles.md - - name: ADMX_pca - href: policy-csp-admx-pca.md - - name: ADMX_PeerToPeerCaching - href: policy-csp-admx-peertopeercaching.md - - name: ADMX_PenTraining - href: policy-csp-admx-pentraining.md - - name: ADMX_PerformanceDiagnostics - href: policy-csp-admx-performancediagnostics.md - - name: ADMX_Power - href: policy-csp-admx-power.md - - name: ADMX_PowerShellExecutionPolicy - href: policy-csp-admx-powershellexecutionpolicy.md - - name: ADMX_PreviousVersions - href: policy-csp-admx-previousversions.md - - name: ADMX_Printing - href: policy-csp-admx-printing.md - - name: ADMX_Printing2 - href: policy-csp-admx-printing2.md - - name: ADMX_Programs - href: policy-csp-admx-programs.md - - name: ADMX_Reliability - href: policy-csp-admx-reliability.md - - name: ADMX_RemoteAssistance - href: policy-csp-admx-remoteassistance.md - - name: ADMX_RemovableStorage - href: policy-csp-admx-removablestorage.md - - name: ADMX_RPC - href: policy-csp-admx-rpc.md - - name: ADMX_Scripts - href: policy-csp-admx-scripts.md - - name: ADMX_sdiageng - href: policy-csp-admx-sdiageng.md - - name: ADMX_sdiagschd - href: policy-csp-admx-sdiagschd.md - - name: ADMX_Securitycenter - href: policy-csp-admx-securitycenter.md - - name: ADMX_Sensors - href: policy-csp-admx-sensors.md - - name: ADMX_ServerManager - href: policy-csp-admx-servermanager.md - - name: ADMX_Servicing - href: policy-csp-admx-servicing.md - - name: ADMX_SettingSync - href: policy-csp-admx-settingsync.md - - name: ADMX_SharedFolders - href: policy-csp-admx-sharedfolders.md - - name: ADMX_Sharing - href: policy-csp-admx-sharing.md - - name: ADMX_ShellCommandPromptRegEditTools - href: policy-csp-admx-shellcommandpromptregedittools.md - - name: ADMX_Smartcard - href: policy-csp-admx-smartcard.md - - name: ADMX_Snmp - href: policy-csp-admx-snmp.md - - name: ADMX_StartMenu - href: policy-csp-admx-startmenu.md - - name: ADMX_SystemRestore - href: policy-csp-admx-systemrestore.md - - name: ADMX_TabletShell - href: policy-csp-admx-tabletshell.md - - name: ADMX_Taskbar - href: policy-csp-admx-taskbar.md - - name: ADMX_tcpip - href: policy-csp-admx-tcpip.md - - name: ADMX_TerminalServer - href: policy-csp-admx-terminalserver.md - - name: ADMX_Thumbnails - href: policy-csp-admx-thumbnails.md - - name: ADMX_TouchInput - href: policy-csp-admx-touchinput.md - - name: ADMX_TPM - href: policy-csp-admx-tpm.md - - name: ADMX_UserExperienceVirtualization - href: policy-csp-admx-userexperiencevirtualization.md - - name: ADMX_UserProfiles - href: policy-csp-admx-userprofiles.md - - name: ADMX_W32Time - href: policy-csp-admx-w32time.md - - name: ADMX_WCM - href: policy-csp-admx-wcm.md - - name: ADMX_WDI - href: policy-csp-admx-wdi.md - - name: ADMX_WinCal - href: policy-csp-admx-wincal.md - - name: ADMX_WindowsConnectNow - href: policy-csp-admx-windowsconnectnow.md - - name: ADMX_WindowsExplorer - href: policy-csp-admx-windowsexplorer.md - - name: ADMX_WindowsMediaDRM - href: policy-csp-admx-windowsmediadrm.md - - name: ADMX_WindowsMediaPlayer - href: policy-csp-admx-windowsmediaplayer.md - - name: ADMX_WindowsRemoteManagement - href: policy-csp-admx-windowsremotemanagement.md - - name: ADMX_WindowsStore - href: policy-csp-admx-windowsstore.md - - name: ADMX_WinInit - href: policy-csp-admx-wininit.md - - name: ADMX_WinLogon - href: policy-csp-admx-winlogon.md - - name: ADMX-Winsrv - href: policy-csp-admx-winsrv.md - - name: ADMX_wlansvc - href: policy-csp-admx-wlansvc.md - - name: ADMX_WordWheel - href: policy-csp-admx-wordwheel.md - - name: ADMX_WorkFoldersClient - href: policy-csp-admx-workfoldersclient.md - - name: ADMX_WPN - href: policy-csp-admx-wpn.md - - name: ApplicationDefaults - href: policy-csp-applicationdefaults.md - - name: ApplicationManagement - href: policy-csp-applicationmanagement.md - - name: AppRuntime - href: policy-csp-appruntime.md - - name: AppVirtualization - href: policy-csp-appvirtualization.md - - name: AttachmentManager - href: policy-csp-attachmentmanager.md - - name: Audit - href: policy-csp-audit.md - - name: Authentication - href: policy-csp-authentication.md - - name: Autoplay - href: policy-csp-autoplay.md - - name: BitLocker - href: policy-csp-bitlocker.md - - name: BITS - href: policy-csp-bits.md - - name: Bluetooth - href: policy-csp-bluetooth.md - - name: Browser - href: policy-csp-browser.md - - name: Camera - href: policy-csp-camera.md - - name: Cellular - href: policy-csp-cellular.md - - name: Connectivity - href: policy-csp-connectivity.md - - name: ControlPolicyConflict - href: policy-csp-controlpolicyconflict.md - - name: CredentialsDelegation - href: policy-csp-credentialsdelegation.md - - name: CredentialProviders - href: policy-csp-credentialproviders.md - - name: CredentialsUI - href: policy-csp-credentialsui.md - - name: Cryptography - href: policy-csp-cryptography.md - - name: DataProtection - href: policy-csp-dataprotection.md - - name: DataUsage - href: policy-csp-datausage.md - - name: Defender - href: policy-csp-defender.md - - name: DeliveryOptimization - href: policy-csp-deliveryoptimization.md - - name: Desktop - href: policy-csp-desktop.md - - name: DesktopAppInstaller - href: policy-csp-desktopappinstaller.md - - name: DeviceGuard - href: policy-csp-deviceguard.md - - name: DeviceHealthMonitoring - href: policy-csp-devicehealthmonitoring.md - - name: DeviceInstallation - href: policy-csp-deviceinstallation.md - - name: DeviceLock - href: policy-csp-devicelock.md - - name: Display - href: policy-csp-display.md - - name: DmaGuard - href: policy-csp-dmaguard.md - - name: EAP - href: policy-csp-eap.md - - name: Education - href: policy-csp-education.md - - name: EnterpriseCloudPrint - href: policy-csp-enterprisecloudprint.md - - name: ErrorReporting - href: policy-csp-errorreporting.md - - name: EventLogService - href: policy-csp-eventlogservice.md - - name: Experience - href: policy-csp-experience.md - - name: ExploitGuard - href: policy-csp-exploitguard.md - - name: Feeds - href: policy-csp-feeds.md - - name: FileExplorer - href: policy-csp-fileexplorer.md - - name: Games - href: policy-csp-games.md - - name: Handwriting - href: policy-csp-handwriting.md - - name: HumanPresence - href: policy-csp-humanpresence.md - - name: InternetExplorer - href: policy-csp-internetexplorer.md - - name: Kerberos - href: policy-csp-kerberos.md - - name: KioskBrowser - href: policy-csp-kioskbrowser.md - - name: LanmanWorkstation - href: policy-csp-lanmanworkstation.md - - name: Licensing - href: policy-csp-licensing.md - - name: LocalPoliciesSecurityOptions - href: policy-csp-localpoliciessecurityoptions.md - - name: LocalSecurityAuthority - href: policy-csp-lsa.md - - name: LocalUsersAndGroups - href: policy-csp-localusersandgroups.md - - name: LockDown - href: policy-csp-lockdown.md - - name: Maps - href: policy-csp-maps.md - - name: MemoryDump - href: policy-csp-memorydump.md - - name: Messaging - href: policy-csp-messaging.md - - name: MixedReality - href: policy-csp-mixedreality.md - - name: MSSecurityGuide - href: policy-csp-mssecurityguide.md - - name: MSSLegacy - href: policy-csp-msslegacy.md - - name: Multitasking - href: policy-csp-multitasking.md - - name: NetworkIsolation - href: policy-csp-networkisolation.md - - name: NetworkListManager - href: policy-csp-networklistmanager.md - - name: NewsAndInterests - href: policy-csp-newsandinterests.md - - name: Notifications - href: policy-csp-notifications.md - - name: Power - href: policy-csp-power.md - - name: Printers - href: policy-csp-printers.md - - name: Privacy - href: policy-csp-privacy.md - - name: RemoteAssistance - href: policy-csp-remoteassistance.md - - name: RemoteDesktop - href: policy-csp-remotedesktop.md - - name: RemoteDesktopServices - href: policy-csp-remotedesktopservices.md - - name: RemoteManagement - href: policy-csp-remotemanagement.md - - name: RemoteProcedureCall - href: policy-csp-remoteprocedurecall.md - - name: RemoteShell - href: policy-csp-remoteshell.md - - name: RestrictedGroups - href: policy-csp-restrictedgroups.md - - name: Search - href: policy-csp-search.md - - name: Security - href: policy-csp-security.md - - name: ServiceControlManager - href: policy-csp-servicecontrolmanager.md - - name: Settings - href: policy-csp-settings.md - - name: Speech - href: policy-csp-speech.md - - name: Start - href: policy-csp-start.md - - name: Storage - href: policy-csp-storage.md - - name: System - href: policy-csp-system.md - - name: SystemServices - href: policy-csp-systemservices.md - - name: TaskManager - href: policy-csp-taskmanager.md - - name: TaskScheduler - href: policy-csp-taskscheduler.md - - name: TextInput - href: policy-csp-textinput.md - - name: TimeLanguageSettings - href: policy-csp-timelanguagesettings.md - - name: Troubleshooting - href: policy-csp-troubleshooting.md - - name: Update - href: policy-csp-update.md - - name: UserRights - href: policy-csp-userrights.md - - name: VirtualizationBasedTechnology - href: policy-csp-virtualizationbasedtechnology.md - - name: WebThreatDefense - href: policy-csp-webthreatdefense.md - - name: Wifi - href: policy-csp-wifi.md - - name: WindowsAutoPilot - href: policy-csp-windowsautopilot.md - - name: WindowsConnectionManager - href: policy-csp-windowsconnectionmanager.md - - name: WindowsDefenderSecurityCenter - href: policy-csp-windowsdefendersecuritycenter.md - - name: WindowsDefenderSmartScreen - href: policy-csp-smartscreen.md - - name: WindowsInkWorkspace - href: policy-csp-windowsinkworkspace.md - - name: WindowsLogon - href: policy-csp-windowslogon.md - - name: WindowsPowerShell - href: policy-csp-windowspowershell.md - - name: WindowsSandbox - href: policy-csp-windowssandbox.md - - name: WirelessDisplay - href: policy-csp-wirelessdisplay.md - - name: Provisioning CSP - href: provisioning-csp.md - - name: PXLOGICAL CSP - href: pxlogical-csp.md - - name: Reboot CSP - href: reboot-csp.md - items: - - name: Reboot DDF file - href: reboot-ddf-file.md - - name: RemoteFind CSP - href: remotefind-csp.md - items: - - name: RemoteFind DDF file - href: remotefind-ddf-file.md - - name: RemoteWipe CSP - href: remotewipe-csp.md - items: - - name: RemoteWipe DDF file - href: remotewipe-ddf-file.md - - name: Reporting CSP - href: reporting-csp.md - items: - - name: Reporting DDF file - href: reporting-ddf-file.md - - name: RootCATrustedCertificates CSP - href: rootcacertificates-csp.md - items: - - name: RootCATrustedCertificates DDF file - href: rootcacertificates-ddf-file.md - - name: SecureAssessment CSP - href: secureassessment-csp.md - items: - - name: SecureAssessment DDF file - href: secureassessment-ddf-file.md - - name: SecurityPolicy CSP - href: securitypolicy-csp.md - - name: SharedPC CSP - href: sharedpc-csp.md - items: - - name: SharedPC DDF file - href: sharedpc-ddf-file.md - - name: Storage CSP - href: storage-csp.md - items: - - name: Storage DDF file - href: storage-ddf-file.md - - name: SUPL CSP - href: supl-csp.md - items: - - name: SUPL DDF file - href: supl-ddf-file.md - - name: SurfaceHub CSP - href: surfacehub-csp.md - items: - - name: SurfaceHub DDF file - href: surfacehub-ddf-file.md - - name: TenantLockdown CSP - href: tenantlockdown-csp.md - items: - - name: TenantLockdown DDF file - href: tenantlockdown-ddf.md - - name: TPMPolicy CSP - href: tpmpolicy-csp.md - items: - - name: TPMPolicy DDF file - href: tpmpolicy-ddf-file.md - - name: UEFI CSP - href: uefi-csp.md - items: - - name: UEFI DDF file - href: uefi-ddf.md - - name: UnifiedWriteFilter CSP - href: unifiedwritefilter-csp.md - items: - - name: UnifiedWriteFilter DDF file - href: unifiedwritefilter-ddf.md - - name: UniversalPrint CSP - href: universalprint-csp.md - items: - - name: UniversalPrint DDF file - href: universalprint-ddf-file.md - - name: Update CSP - href: update-csp.md - items: - - name: Update DDF file - href: update-ddf-file.md - - name: VPN CSP - href: vpn-csp.md - items: - - name: VPN DDF file - href: vpn-ddf-file.md - - name: VPNv2 CSP - href: vpnv2-csp.md - items: - - name: VPNv2 DDF file - href: vpnv2-ddf-file.md - - name: ProfileXML XSD - href: vpnv2-profile-xsd.md - - name: EAP configuration - href: eap-configuration.md - - name: w4 APPLICATION CSP - href: w4-application-csp.md - - name: w7 APPLICATION CSP - href: w7-application-csp.md - - name: WiFi CSP - href: wifi-csp.md - items: - - name: WiFi DDF file - href: wifi-ddf-file.md - - name: Win32AppInventory CSP - href: win32appinventory-csp.md - items: - - name: Win32AppInventory DDF file - href: win32appinventory-ddf-file.md - - name: Win32CompatibilityAppraiser CSP - href: win32compatibilityappraiser-csp.md - items: - - name: Win32CompatibilityAppraiser DDF file - href: win32compatibilityappraiser-ddf.md - - name: WindowsAdvancedThreatProtection CSP - href: windowsadvancedthreatprotection-csp.md - items: - - name: WindowsAdvancedThreatProtection DDF file - href: windowsadvancedthreatprotection-ddf.md - - name: WindowsAutopilot CSP - href: windowsautopilot-csp.md - items: - - name: WindowsAutopilot DDF file - href: windowsautopilot-ddf-file.md - - name: WindowsDefenderApplicationGuard CSP - href: windowsdefenderapplicationguard-csp.md - items: - - name: WindowsDefenderApplicationGuard DDF file - href: windowsdefenderapplicationguard-ddf-file.md - - name: WindowsLicensing CSP - href: windowslicensing-csp.md - items: - - name: WindowsLicensing DDF file - href: windowslicensing-ddf-file.md - - name: WiredNetwork CSP - href: wirednetwork-csp.md - items: - - name: WiredNetwork DDF file - href: wirednetwork-ddf-file.md + - name: AccountManagement DDF file + href: accountmanagement-ddf.md + - name: Accounts + href: accounts-csp.md + items: + - name: Accounts DDF file + href: accounts-ddf-file.md + - name: ActiveSync + href: activesync-csp.md + items: + - name: ActiveSync DDF file + href: activesync-ddf-file.md + - name: AllJoynManagement + href: alljoynmanagement-csp.md + items: + - name: AllJoynManagement DDF + href: alljoynmanagement-ddf.md + - name: APPLICATION + href: application-csp.md + - name: ApplicationControl + href: applicationcontrol-csp.md + items: + - name: ApplicationControl DDF file + href: applicationcontrol-csp-ddf.md + - name: AppLocker + href: applocker-csp.md + items: + - name: AppLocker DDF file + href: applocker-ddf-file.md + - name: AppLocker XSD + href: applocker-xsd.md + - name: AssignedAccess + href: assignedaccess-csp.md + items: + - name: AssignedAccess DDF file + href: assignedaccess-ddf.md + - name: BitLocker + href: bitlocker-csp.md + items: + - name: BitLocker DDF file + href: bitlocker-ddf-file.md + - name: CellularSettings + href: cellularsettings-csp.md + - name: CertificateStore + href: certificatestore-csp.md + items: + - name: CertificateStore DDF file + href: certificatestore-ddf-file.md + - name: CleanPC + href: cleanpc-csp.md + items: + - name: CleanPC DDF + href: cleanpc-ddf.md + - name: ClientCertificateInstall + href: clientcertificateinstall-csp.md + items: + - name: ClientCertificateInstall DDF file + href: clientcertificateinstall-ddf-file.md + - name: CM_CellularEntries + href: cm-cellularentries-csp.md + - name: CMPolicy + href: cmpolicy-csp.md + - name: CMPolicyEnterprise + href: cmpolicyenterprise-csp.md + items: + - name: CMPolicyEnterprise DDF file + href: cmpolicyenterprise-ddf-file.md + - name: CustomDeviceUI + href: customdeviceui-csp.md + items: + - name: CustomDeviceUI DDF file + href: customdeviceui-ddf.md + - name: Defender + href: defender-csp.md + items: + - name: Defender DDF file + href: defender-ddf.md + - name: DevDetail + href: devdetail-csp.md + items: + - name: DevDetail DDF file + href: devdetail-ddf-file.md + - name: DeveloperSetup + href: developersetup-csp.md + items: + - name: DeveloperSetup DDF + href: developersetup-ddf.md + - name: DeviceLock + href: devicelock-csp.md + items: + - name: DeviceLock DDF file + href: devicelock-ddf-file.md + - name: DeviceManageability + href: devicemanageability-csp.md + items: + - name: DeviceManageability DDF + href: devicemanageability-ddf.md + - name: DeviceStatus + href: devicestatus-csp.md + items: + - name: DeviceStatus DDF + href: devicestatus-ddf.md + - name: DevInfo + href: devinfo-csp.md + items: + - name: DevInfo DDF file + href: devinfo-ddf-file.md + - name: DiagnosticLog + href: diagnosticlog-csp.md + items: + - name: DiagnosticLog DDF file + href: diagnosticlog-ddf.md + - name: DMAcc + href: dmacc-csp.md + items: + - name: DMAcc DDF file + href: dmacc-ddf-file.md + - name: DMClient + href: dmclient-csp.md + items: + - name: DMClient DDF file + href: dmclient-ddf-file.md + - name: DMSessionActions + href: dmsessionactions-csp.md + items: + - name: DMSessionActions DDF file + href: dmsessionactions-ddf.md + - name: DynamicManagement + href: dynamicmanagement-csp.md + items: + - name: DynamicManagement DDF file + href: dynamicmanagement-ddf.md + - name: EMAIL2 + href: email2-csp.md + items: + - name: EMAIL2 DDF file + href: email2-ddf-file.md + - name: EnrollmentStatusTracking + href: enrollmentstatustracking-csp.md + items: + - name: EnrollmentStatusTracking DDF file + href: enrollmentstatustracking-csp-ddf.md + - name: EnterpriseAPN + href: enterpriseapn-csp.md + items: + - name: EnterpriseAPN DDF + href: enterpriseapn-ddf.md + - name: EnterpriseAppVManagement + href: enterpriseappvmanagement-csp.md + items: + - name: EnterpriseAppVManagement DDF file + href: enterpriseappvmanagement-ddf.md + - name: EnterpriseDataProtection + href: enterprisedataprotection-csp.md + items: + - name: EnterpriseDataProtection DDF file + href: enterprisedataprotection-ddf-file.md + - name: EnterpriseDesktopAppManagement + href: enterprisedesktopappmanagement-csp.md + items: + - name: EnterpriseDesktopAppManagement DDF + href: enterprisedesktopappmanagement-ddf-file.md + - name: EnterpriseDesktopAppManagement XSD + href: enterprisedesktopappmanagement2-xsd.md + - name: EnterpriseModernAppManagement + href: enterprisemodernappmanagement-csp.md + items: + - name: EnterpriseModernAppManagement DDF + href: enterprisemodernappmanagement-ddf.md + - name: EnterpriseModernAppManagement XSD + href: enterprisemodernappmanagement-xsd.md + - name: eUICCs + href: euiccs-csp.md + items: + - name: eUICCs DDF file + href: euiccs-ddf-file.md + - name: Firewall + href: firewall-csp.md + items: + - name: Firewall DDF file + href: firewall-ddf-file.md + - name: HealthAttestation + href: healthattestation-csp.md + items: + - name: HealthAttestation DDF + href: healthattestation-ddf.md + - name: Local Administrator Password Solution + href: laps-csp.md + items: + - name: Local Administrator Password Solution DDF + href: laps-ddf-file.md + - name: MultiSIM + href: multisim-csp.md + items: + - name: MultiSIM DDF file + href: multisim-ddf.md + - name: NAP + href: nap-csp.md + - name: NAPDEF + href: napdef-csp.md + - name: NetworkProxy + href: networkproxy-csp.md + items: + - name: NetworkProxy DDF file + href: networkproxy-ddf.md + - name: NetworkQoSPolicy + href: networkqospolicy-csp.md + items: + - name: NetworkQoSPolicy DDF file + href: networkqospolicy-ddf.md + - name: NodeCache + href: nodecache-csp.md + items: + - name: NodeCache DDF file + href: nodecache-ddf-file.md + - name: Office + href: office-csp.md + items: + - name: Office DDF + href: office-ddf.md + - name: PassportForWork + href: passportforwork-csp.md + items: + - name: PassportForWork DDF file + href: passportforwork-ddf.md + - name: PersonalDataEncryption + href: personaldataencryption-csp.md + items: + - name: PersonalDataEncryption DDF file + href: personaldataencryption-ddf-file.md + - name: Personalization + href: personalization-csp.md + items: + - name: Personalization DDF file + href: personalization-ddf.md + - name: Provisioning + href: provisioning-csp.md + - name: PXLOGICAL + href: pxlogical-csp.md + - name: Reboot + href: reboot-csp.md + items: + - name: Reboot DDF file + href: reboot-ddf-file.md + - name: RemoteFind + href: remotefind-csp.md + items: + - name: RemoteFind DDF file + href: remotefind-ddf-file.md + - name: RemoteWipe + href: remotewipe-csp.md + items: + - name: RemoteWipe DDF file + href: remotewipe-ddf-file.md + - name: Reporting + href: reporting-csp.md + items: + - name: Reporting DDF file + href: reporting-ddf-file.md + - name: RootCATrustedCertificates + href: rootcacertificates-csp.md + items: + - name: RootCATrustedCertificates DDF file + href: rootcacertificates-ddf-file.md + - name: SecureAssessment + href: secureassessment-csp.md + items: + - name: SecureAssessment DDF file + href: secureassessment-ddf-file.md + - name: SecurityPolicy + href: securitypolicy-csp.md + - name: SharedPC + href: sharedpc-csp.md + items: + - name: SharedPC DDF file + href: sharedpc-ddf-file.md + - name: Storage + href: storage-csp.md + items: + - name: Storage DDF file + href: storage-ddf-file.md + - name: SUPL + href: supl-csp.md + items: + - name: SUPL DDF file + href: supl-ddf-file.md + - name: SurfaceHub + href: surfacehub-csp.md + items: + - name: SurfaceHub DDF file + href: surfacehub-ddf-file.md + - name: TenantLockdown + href: tenantlockdown-csp.md + items: + - name: TenantLockdown DDF file + href: tenantlockdown-ddf.md + - name: TPMPolicy + href: tpmpolicy-csp.md + items: + - name: TPMPolicy DDF file + href: tpmpolicy-ddf-file.md + - name: UEFI + href: uefi-csp.md + items: + - name: UEFI DDF file + href: uefi-ddf.md + - name: UnifiedWriteFilter + href: unifiedwritefilter-csp.md + items: + - name: UnifiedWriteFilter DDF file + href: unifiedwritefilter-ddf.md + - name: UniversalPrint + href: universalprint-csp.md + items: + - name: UniversalPrint DDF file + href: universalprint-ddf-file.md + - name: Update + href: update-csp.md + items: + - name: Update DDF file + href: update-ddf-file.md + - name: VPN + href: vpn-csp.md + items: + - name: VPN DDF file + href: vpn-ddf-file.md + - name: VPNv2 + href: vpnv2-csp.md + items: + - name: VPNv2 DDF file + href: vpnv2-ddf-file.md + - name: ProfileXML XSD + href: vpnv2-profile-xsd.md + - name: EAP configuration + href: eap-configuration.md + - name: w4 APPLICATION + href: w4-application-csp.md + - name: w7 APPLICATION + href: w7-application-csp.md + - name: WiFi + href: wifi-csp.md + items: + - name: WiFi DDF file + href: wifi-ddf-file.md + - name: Win32AppInventory + href: win32appinventory-csp.md + items: + - name: Win32AppInventory DDF file + href: win32appinventory-ddf-file.md + - name: Win32CompatibilityAppraiser + href: win32compatibilityappraiser-csp.md + items: + - name: Win32CompatibilityAppraiser DDF file + href: win32compatibilityappraiser-ddf.md + - name: WindowsAdvancedThreatProtection + href: windowsadvancedthreatprotection-csp.md + items: + - name: WindowsAdvancedThreatProtection DDF file + href: windowsadvancedthreatprotection-ddf.md + - name: WindowsAutopilot + href: windowsautopilot-csp.md + items: + - name: WindowsAutopilot DDF file + href: windowsautopilot-ddf-file.md + - name: WindowsDefenderApplicationGuard + href: windowsdefenderapplicationguard-csp.md + items: + - name: WindowsDefenderApplicationGuard DDF file + href: windowsdefenderapplicationguard-ddf-file.md + - name: WindowsLicensing + href: windowslicensing-csp.md + items: + - name: WindowsLicensing DDF file + href: windowslicensing-ddf-file.md + - name: WiredNetwork + href: wirednetwork-csp.md + items: + - name: WiredNetwork DDF file + href: wirednetwork-ddf-file.md diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md index 14bb56f7ca..7ed88086de 100644 --- a/windows/client-management/mdm/tpmpolicy-csp.md +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/01/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -34,10 +34,10 @@ The following example shows the TPMPolicy configuration service provider in tree TPMPolicy ----IsActiveZeroExhaust ``` -**./Device/Vendor/MSFT/TPMPolicy** +**./Device/Vendor/MSFT/TPMPolicy**

            Defines the root node.

            -**IsActiveZeroExhaust** +**IsActiveZeroExhaust**

            Boolean value that indicates that network traffic from the device to public IP addresses is not allowed unless directly intended by the user (zero exhaust). The default value is false. Examples of zero-exhaust configuration and the conditions it requires are described below:

              diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md index 42f7a373d5..fa01f620af 100644 --- a/windows/client-management/mdm/tpmpolicy-ddf-file.md +++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 12/05/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -16,9 +16,9 @@ manager: aaroncz This topic shows the OMA DM device description framework (DDF) for the **TPMPolicy** configuration service provider. The TPMPolicy CSP was added in Windows 10, version 1703. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). -The XML below is the current version for this CSP. +The XML below is the current version for this CSP. ```xml @@ -71,4 +71,4 @@ The XML below is the current version for this CSP. -``` +``` diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md index b1fd8cdde4..aa2b3b9ef4 100644 --- a/windows/client-management/mdm/uefi-csp.md +++ b/windows/client-management/mdm/uefi-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/02/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -62,105 +62,105 @@ Uefi ``` The following list describes the characteristics and parameters. -**./Vendor/MSFT/UEFI** +**./Vendor/MSFT/UEFI** Root node. -**DeviceIdentifier** +**DeviceIdentifier** Retrieves XML from UEFI that describes the device identifier. Supported operation is Get. -**Identity** +**Identity** Node for identity certificate operations. Supported operation is Get. -**Identity/Current** +**Identity/Current** Retrieves XML from UEFI that describes the current UEFI identity certificate information. Supported operation is Get. -**Identity/Apply** +**Identity/Apply** Applies an identity information package to UEFI. Input is the signed package in base64 encoded format. Value type is Base64. Supported operation is Replace. -**Identity/Result** +**Identity/Result** Retrieves the binary result package of the previous Identity/Apply operation. Supported operation is Get. -**Permissions** +**Permissions** Node for settings permission operations. -**Permissions/Current** +**Permissions/Current** Retrieves XML from UEFI that describes the current UEFI settings permissions. Supported operation is Get. -**Permissions/Apply** +**Permissions/Apply** Apply a permissions information package to UEFI. Input is the signed package in base64 encoded format. Value type is Base64. Supported operation is Replace. -**Permissions/Result** +**Permissions/Result** Retrieves the binary result package of the previous Permissions/Apply operation. This binary package contains XML describing the action taken for each individual permission. Supported operation is Get. -**Settings** +**Settings** Node for device settings operations. -**Settings/Current** +**Settings/Current** Retrieves XML from UEFI that describes the current UEFI settings. Supported operation is Get. -**Settings/Apply** +**Settings/Apply** Apply a settings information package to UEFI. Input is the signed package in base64 encoded format. Value type is Base64. Supported operation is Replace. -**Settings/Result** +**Settings/Result** Retrieves the binary result package of the previous Settings/Apply operation. This binary package contains XML describing the action taken for each individual setting. Supported operation is Get. -**Identity2** +**Identity2** Node for identity certificate operations. Alternate endpoint for sending a second identity package without an OS restart. -**Identity2/Apply** +**Identity2/Apply** Apply an identity information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two identity packages in the same session. Value type is Base64. Supported operation is Replace. -**Identity2/Result** +**Identity2/Result** Retrieves the binary result package of the previous Identity2/Apply operation. Supported operation is Get. -**Permissions2** +**Permissions2** Node for settings permission operations. Alternate endpoint for sending a second permission package without an OS restart. -**Permissions2/Apply** +**Permissions2/Apply** Apply a permissions information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two permissions information packages in the same session. Value type is Base64. Supported operation is Replace. -**Permissions2/Result** +**Permissions2/Result** Retrieves the binary result package from the previous Permissions2/Apply operation. This binary package contains XML describing the action taken for each individual permission. Supported operation is Get. -**Settings2** +**Settings2** Node for device settings operations. Alternate endpoint for sending a second settings package without an OS restart. -**Settings2/Apply** +**Settings2/Apply** Apply a settings information package to UEFI. Input is the signed package in base64 encoded format. Alternate location for sending two settings information packages in the same session. Value type is Base64. Supported operation is Replace. -**Settings2/Result** +**Settings2/Result** Retrieves the binary result package of previous Settings2/Apply operation. This binary package contains XML describing the action taken for each individual setting. Supported operation is Get. diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md index 51dec0bdd7..8a5ce332a6 100644 --- a/windows/client-management/mdm/uefi-ddf.md +++ b/windows/client-management/mdm/uefi-ddf.md @@ -7,18 +7,18 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 10/02/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # UEFI DDF file -This topic shows the OMA DM device description framework (DDF) for the **Uefi** configuration service provider. +This topic shows the OMA DM device description framework (DDF) for the **Uefi** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). -The XML below is for Windows 10, version 1809. +The XML below is for Windows 10, version 1809. ```xml diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md index 6e9a7e9322..001fc121c8 100644 --- a/windows/client-management/mdm/unifiedwritefilter-csp.md +++ b/windows/client-management/mdm/unifiedwritefilter-csp.md @@ -1,7 +1,7 @@ --- title: UnifiedWriteFilter CSP description: The UnifiedWriteFilter (UWF) configuration service provider allows you to remotely manage the UWF. Understand how it helps protect physical storage media. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -37,7 +37,7 @@ UnifiedWriteFilter ┃ ┣━━━OverlayConsumption ┃ ┣━━━AvailableOverlaySpace ┃ ┣━━━CriticalOverlayThreshold -┃ ┣━━━SWAPFileSize +┃ ┣━━━SWAPFileSize ┃ ┣━━━WarningOverlayThreshold ┃ ┣━━━OverlayType ┃ ┣━━━OverlayFlags @@ -84,25 +84,25 @@ UnifiedWriteFilter ┣━━━ShutdownSystem ┗━━━RestartSystem ``` -**CurrentSession** +**CurrentSession** Required. Represents the current UWF configuration in the current session (power cycle). -**CurrentSession/FilterEnabled** +**CurrentSession/FilterEnabled** Required. Indicates if UWF is enabled for the current session. The only supported operation is Get. -**CurrentSession/OverlayConsumption** +**CurrentSession/OverlayConsumption** Required. The current size, in megabytes, of the UWF overlay. The only supported operation is Get. -**CurrentSession/AvailableOverlaySpace** +**CurrentSession/AvailableOverlaySpace** Required. The amount of free space, in megabytes, available for the UWF overlay. The only supported operation is Get. -**CurrentSession/CriticalOverlayThreshold** +**CurrentSession/CriticalOverlayThreshold** Required. The critical threshold size, in megabytes. UWF sends a critical threshold notification event when the UWF overlay size reaches or exceeds this value. The only supported operation is Get. @@ -123,7 +123,7 @@ Setting the value To “move” swapfile to another volume, set the SwapfileSize property on that other volume's CSP note to non-zero. -Currently SwapfileSize shouldn't be relied for determining or controlling the overlay size, +Currently SwapfileSize shouldn't be relied for determining or controlling the overlay size, **CurrentSession/MaximumOverlaySize** or **NextSession/MaximumOverlaySize** should be used for that purpose. @@ -134,201 +134,201 @@ should be used for that purpose. > Only single swapfile is supported in current implementation and creating swapfile on specific volume will disable any other swapfile created on other volumes. -**CurrentSession/WarningOverlayThreshold** +**CurrentSession/WarningOverlayThreshold** Required. The warning threshold size, in megabytes. UWF sends a warning threshold notification event when the UWF overlay size reaches or exceeds this value. Supported operations are Get and Replace. -**CurrentSession/OverlayType** +**CurrentSession/OverlayType** Required. Indicates the type of overlay in the current session. The only supported operation is Get. -**CurrentSession/MaximumOverlaySize** +**CurrentSession/MaximumOverlaySize** Required. Indicates the maximum cache size, in megabytes, of the overlay in the current session. The only supported operation is Get. -**CurrentSession/PersisitDomainSecretKey** +**CurrentSession/PersisitDomainSecretKey** Required. Indicates if the domain secret registry key is in the registry exclusion list. If the registry key isn't in the exclusion list, changes don't persist after a restart. The only supported operation is Get. -**CurrentSession/PersistTSCAL** +**CurrentSession/PersistTSCAL** Required. Indicates if the Terminal Server Client Access License (TSCAL) registry key is in the UWF registry exclusion list. If the registry key isn't in the exclusion list, changes don't persist after a restart. The only supported operation is Get. -**CurrentSession/RegistryExclusions** +**CurrentSession/RegistryExclusions** Required. The root node that contains all registry exclusions. -**CurrentSession/RegistryExclusions/***ExcludedRegistry* +**CurrentSession/RegistryExclusions/***ExcludedRegistry* Optional. A registry key in the registry exclusion list for UWF in the current session. The only supported operation is Get. -**CurrentSession/ServicingEnabled** +**CurrentSession/ServicingEnabled** Required. Indicates when servicing is enabled in the current session. The only supported operation is Get. -**CurrentSession/Volume** +**CurrentSession/Volume** Required. The root node to contain all volumes protected by UWF in the current session. -**CurrentSession/Volume/***Volume* +**CurrentSession/Volume/***Volume* Optional. Represents a specific volume in the current session. -**CurrentSession/Volume/*Volume*/Protected** +**CurrentSession/Volume/*Volume*/Protected** Required. Indicates if the volume is currently protected by UWF in the current session. The only supported operation is Get. -**CurrentSession/Volume/*Volume*/BindByDriveLetter** +**CurrentSession/Volume/*Volume*/BindByDriveLetter** Required. Indicates the type of binding that the volume uses in the current session. The only supported operation is Get. -**CurrentSession/Volume/*Volume*/DriveLetter** +**CurrentSession/Volume/*Volume*/DriveLetter** Required. The drive letter of the volume. If the volume doesn't have a drive letter, this value is NULL. The only supported operation is Get. -**CurrentSession/Volume/*Volume*/Exclusions** +**CurrentSession/Volume/*Volume*/Exclusions** Required. The root node that contains all file exclusions for the volume. -**CurrentSession/Volume/*Volume*/Exclusions/***ExclusionPath* +**CurrentSession/Volume/*Volume*/Exclusions/***ExclusionPath* Optional. A string that contains the full path of the file or folder relative to the volume. The only supported operation is Get. -**CurrentSession/Volume/*Volume*/CommitFile** +**CurrentSession/Volume/*Volume*/CommitFile** Required. This method commits changes from the overlay to the physical volume for a specified file on a volume protected by Unified Write Filter (UWF). Supported operations are Get and Execute. -**CurrentSession/Volume/*Volume*/CommitFileDeletion** +**CurrentSession/Volume/*Volume*/CommitFileDeletion** Required. This method deletes the specified file and commits the deletion to the physical volume. Supported operations are Get and Execute. -**CurrentSession/ShutdownPending** +**CurrentSession/ShutdownPending** Required. This value is True if the system is pending on shutdown. Otherwise, it's False. The only supported operation is Get. -**CurrentSession/CommitRegistry** +**CurrentSession/CommitRegistry** Required. This method commits changes to the specified registry key and value. Supported operations are Get and Execute. -**CurrentSession/CommitRegistryDeletion** +**CurrentSession/CommitRegistryDeletion** Required. This method deletes the specified registry key or registry value and commits the deletion. Supported operations are Get and Execute. -**NextSession** +**NextSession** Required. The root node that contains settings for the next UWF session (after a reboot). -**NextSession/FilterEnabled** +**NextSession/FilterEnabled** Required. Boolean value that indicates if UWF is enabled for the next session. Supported operations are Get and Replace. -**NextSession/HORMEnabled** +**NextSession/HORMEnabled** Added in Windows 10, version 1607. Required. Boolean value that indicates if Hibernate Once/Resume Many (HORM) is enabled for the next session. Supported operations are Get and Replace. -**NextSession/OverlayType** +**NextSession/OverlayType** Required. Indicates the type of overlay for the next session. Supported operations are Get and Replace. -**NextSession/MaximumOverlaySize** +**NextSession/MaximumOverlaySize** Required. Indicates the maximum cache size, in megabytes, of the overlay for the next session. Supported operations are Get and Replace. -**NextSession/PersisitDomainSecretKey** +**NextSession/PersisitDomainSecretKey** Required. Indicates if the domain secret registry key is in the registry exclusion list. If the registry key isn't in the exclusion list, changes don't persist after a restart. Supported operations are Get and Replace. -**NextSession/PersistTSCAL** +**NextSession/PersistTSCAL** Required. Indicates if the Terminal Server Client Access License (TSCAL) registry key is in the UWF registry exclusion list. If the registry key isn't in the exclusion list, changes don't persist after a restart. Supported operations are Get and Replace. -**NextSession/RegistryExclusions** +**NextSession/RegistryExclusions** Required. The root node that contains all registry exclusions for the next session. Supported operations are Add, Delete, and Replace. -**NextSession/RegistryExclusions/***ExcludedRegistry* +**NextSession/RegistryExclusions/***ExcludedRegistry* Optional. A registry key in the registry exclusion list for UWF. Supported operations are Add, Delete, Get, and Replace. -**NextSession/ServicingEnabled** +**NextSession/ServicingEnabled** Required. Indicates when to enable servicing. Supported operations are Get and Replace. -**NextSession/Volume** +**NextSession/Volume** Required. The root node that contains all volumes protected by UWF for the next session. -**NextSession/Volume/***Volume* +**NextSession/Volume/***Volume* Optional. Represents a specific volume in the next session. Supported operations are Add, Delete, and Replace. -**NextSession/Volume/*Volume*/Protected** +**NextSession/Volume/*Volume*/Protected** Required. Indicates if the volume is currently protected by UWF in the next session. Supported operations are Get and Replace. -**NextSession/Volume/*Volume*/BindByDriveLetter** +**NextSession/Volume/*Volume*/BindByDriveLetter** Required. Indicates the type of binding that the volume uses in the next session. Supported operations are Get and Replace. -**NextSession/Volume/*Volume*/DriveLetter** +**NextSession/Volume/*Volume*/DriveLetter** The drive letter of the volume. If the volume doesn't have a drive letter, this value is NULL. The only supported operation is Get. -**NextSession/Volume/*Volume*/Exclusions** +**NextSession/Volume/*Volume*/Exclusions** Required. The root node that contains all file exclusions for this volume in the next session. -**NextSession/Volume/*Volume*/Exclusions/***ExclusionPath* +**NextSession/Volume/*Volume*/Exclusions/***ExclusionPath* Optional. A string that contains the full path of the file or folder relative to the volume. Supported operations are Add, Delete, Get, and Replace. -**ResetSettings** +**ResetSettings** Required. Restores UWF settings to the original state that was captured at installation time. Supported operations are Get and Execute. -**ShutdownSystem** +**ShutdownSystem** Required. Safely shuts down a system protected by UWF, even if the overlay is full. Supported operations are Get and Execute. -**RestartSystem** +**RestartSystem** Required. Safely restarts a system protected by UWF, even if the overlay is full. Supported operations are Get and Execute. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) - - - - +[Configuration service provider reference](index.yml) + + + + diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md index f6cfcd2307..72f53c6d59 100644 --- a/windows/client-management/mdm/unifiedwritefilter-ddf.md +++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md @@ -1,7 +1,7 @@ --- title: UnifiedWriteFilter DDF File description: UnifiedWriteFilter DDF File -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -16,7 +16,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **UnifiedWriteFilter** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). ```xml diff --git a/windows/client-management/mdm/universalprint-csp.md b/windows/client-management/mdm/universalprint-csp.md index bb4cae4a7b..5feb529511 100644 --- a/windows/client-management/mdm/universalprint-csp.md +++ b/windows/client-management/mdm/universalprint-csp.md @@ -42,7 +42,7 @@ PrinterProvisioning --------ErrorCode ``` -**./Vendor/MSFT/PrinterProvisioning** +**./Vendor/MSFT/PrinterProvisioning** The root node for the Universal Print PrinterProvisioning configuration service provider. **UPPrinterInstalls** diff --git a/windows/client-management/mdm/universalprint-ddf-file.md b/windows/client-management/mdm/universalprint-ddf-file.md index 6e8412dfa0..a3c8a08811 100644 --- a/windows/client-management/mdm/universalprint-ddf-file.md +++ b/windows/client-management/mdm/universalprint-ddf-file.md @@ -15,7 +15,7 @@ manager: aaroncz This article shows the OMA DM device description framework (DDF) for the **UniversalPrint** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index e7c54fb69a..e027f8aa00 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -1,7 +1,7 @@ --- title: Update CSP description: Learn how the Update configuration service provider (CSP) enables IT administrators to manage and control the rollout of new updates. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -227,4 +227,4 @@ Added in Windows 10, version 1803. Returns the result of last RollBack FeatureUp ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md index 06da8be6f1..ea83f69b30 100644 --- a/windows/client-management/mdm/update-ddf-file.md +++ b/windows/client-management/mdm/update-ddf-file.md @@ -1,7 +1,7 @@ --- title: Update DDF file description: Learn about the OMA DM device description framework (DDF) for the Update configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 02/23/2018 This topic shows the OMA DM device description framework (DDF) for the **Update** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is for Windows 10, version 1803. diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md index 6d484acd8d..4c6e172346 100644 --- a/windows/client-management/mdm/vpn-csp.md +++ b/windows/client-management/mdm/vpn-csp.md @@ -1,7 +1,7 @@ --- title: VPN CSP description: Learn how the VPN configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -347,4 +347,4 @@ An example is corp.contoso.com. [VPNv2 CSP](vpnv2-csp.md) -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md index 4cf629cb79..e44a34731e 100644 --- a/windows/client-management/mdm/vpn-ddf-file.md +++ b/windows/client-management/mdm/vpn-ddf-file.md @@ -1,7 +1,7 @@ --- title: VPN DDF file description: Learn about the OMA DM device description framework (DDF) for the VPN configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -1393,4 +1393,4 @@ This topic shows the OMA DM device description framework (DDF) for the **VPN** c [VPN configuration service provider (deprecated)](vpn-csp.md) -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index fb60f1756f..31356e2621 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -326,10 +326,10 @@ VPNv2 ------------DisableClassBasedDefaultRoute ------------PlumbIKEv2TSAsRoutes ``` -**Device or User profile** +**Device or User profile** For user profile, use **./User/Vendor/MSFT** path and for device profile, use **./Device/Vendor/MSFT** path. -**VPNv2/**ProfileName +**VPNv2/**ProfileName Unique alpha numeric identifier for the profile. The profile name must not include a forward slash (/). Supported operations include Get, Add, and Delete. @@ -337,20 +337,20 @@ Supported operations include Get, Add, and Delete. > [!NOTE] > If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard. -**VPNv2/**ProfileName**/AppTriggerList** +**VPNv2/**ProfileName**/AppTriggerList** Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect. -**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId +**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you shouldn't skip numbers. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App** +**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App** App Node under the Row ID. -**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Id** +**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Id** App identity, which is either an app’s package family name or file path. The type is inferred by the ID, and therefore can't be specified in the get only App/Type field -**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Type** +**VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Type** Returns the type of **App/Id**. This value can be either of the following values: - PackageFamilyName - When this value is returned, the App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of the Microsoft Store application. @@ -358,35 +358,35 @@ Returns the type of **App/Id**. This value can be either of the following values Value type is chr. Supported operation is Get. -**VPNv2/**ProfileName**/RouteList/** +**VPNv2/**ProfileName**/RouteList/** Optional node. List of routes to be added to the routing table for the VPN interface. This information is required for split tunneling case where the VPN server site has more subnets that the default subnet based on the IP assigned to the interface. Every computer that runs TCP/IP makes routing decisions. These decisions are controlled by the IP routing table. Adding values under this node updates the routing table with routes for the VPN interface post connection. The values under this node represent the destination prefix of IP routes. A destination prefix consists of an IP address prefix and a prefix length. Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this during connect negotiation and don't need this information in the VPN Profile. Check with your VPN server administrator to determine whether you need this information in the VPN profile. -**VPNv2/**ProfileName**/RouteList/**routeRowId +**VPNv2/**ProfileName**/RouteList/**routeRowId A sequential integer identifier for the RouteList. This value is required if you're adding routes. Sequencing must start at 0. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/RouteList/**routeRowId**/Address** +**VPNv2/**ProfileName**/RouteList/**routeRowId**/Address** Subnet address in IPv4/v6 address format which, along with the prefix, will be used to determine the destination prefix to send via the VPN Interface. This subnet address is the IP address part of the destination prefix. Supported operations include Get, Add, Replace, and Delete. Value type is chr. Example, `192.168.0.0` -**VPNv2/**ProfileName**/RouteList/**routeRowId**/PrefixSize** +**VPNv2/**ProfileName**/RouteList/**routeRowId**/PrefixSize** The subnet prefix size part of the destination prefix for the route entry. This subnet prefix, along with the address, will be used to determine the destination prefix to route through the VPN Interface. Value type is int. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/RouteList/**routeRowId**/Metric** +**VPNv2/**ProfileName**/RouteList/**routeRowId**/Metric** Added in Windows 10, version 1607. The route's metric. Value type is int. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/RouteList/**routeRowId**/ExclusionRoute** +**VPNv2/**ProfileName**/RouteList/**routeRowId**/ExclusionRoute** Added in Windows 10, version 1607. A boolean value that specifies if the route being added should point to the VPN Interface or the Physical Interface as the Gateway. Valid values: - False (default) - This route will direct traffic over the VPN @@ -394,20 +394,20 @@ Added in Windows 10, version 1607. A boolean value that specifies if the route Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/DomainNameInformationList** +**VPNv2/**ProfileName**/DomainNameInformationList** Optional node. Name Resolution Policy Table (NRPT) rules for the VPN profile. The Name Resolution Policy Table (NRPT) is a table of namespaces and corresponding settings stored in the Windows registry that determines the DNS client behavior when issuing queries and processing responses. Each row in the NRPT represents a rule for a portion of the namespace for which the DNS client issues queries. Before name resolution queries are issued, the DNS client consults the NRPT to determine if any extra flags must be set in the query. After the response is received, the client again consults the NRPT to check for any special processing or policy requirements. In the absence of the NRPT, the client operates based on the DNS servers and suffixes set on the interface. -> [!NOTE] +> [!NOTE] > Only applications using the [Windows DNS API](/windows/win32/dns/dns-reference) can make use of the NRPT and therefore all settings configured within the DomainNameInformationList section. Applications using their own DNS implementation bypass the Windows DNS API. One example of applications not using the Windows DNS API is nslookup, so always use the PowerShell CmdLet [Resolve-DNSName](/powershell/module/dnsclient/resolve-dnsname) to check the functionality of the NRPT. -**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId A sequential integer identifier for the Domain Name information. Sequencing must start at 0. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainName** +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainName** Used to indicate the namespace to which the policy applies. When a Name query is issued, the DNS client compares the name in the query to all of the namespaces under DomainNameInformationList to find a match. This parameter can be one of the following types: - FQDN - Fully qualified domain name @@ -415,7 +415,7 @@ Used to indicate the namespace to which the policy applies. When a Name query is Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainNameType** +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainNameType** Returns the namespace type. This value can be one of the following values: - FQDN - If the DomainName wasn't prepended with a**.** and applies only to the fully qualified domain name (FQDN) of a specified host. @@ -423,20 +423,20 @@ Returns the namespace type. This value can be one of the following values: Value type is chr. Supported operation is Get. -**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DnsServers** +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DnsServers** List of comma-separated DNS Server IP addresses to use for the namespace. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/WebProxyServers** +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/WebProxyServers** Optional. Web Proxy Server IP address if you're redirecting traffic through your intranet. -> [!NOTE] -> Currently only one web proxy server is supported. +> [!NOTE] +> Currently only one web proxy server is supported. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/AutoTrigger** +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/AutoTrigger** Added in Windows 10, version 1607. Optional. Boolean to determine whether this domain name rule will trigger the VPN. If set to False, this DomainName rule won't trigger the VPN. @@ -447,7 +447,7 @@ By default, this value is false. Value type is bool. -**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/Persistent** +**VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/Persistent** Added in Windows 10, version 1607. A boolean value that specifies if the rule being added should persist even when the VPN isn't connected. Value values: - False (default) - This DomainName rule will only be applied when VPN is connected. @@ -455,7 +455,7 @@ Added in Windows 10, version 1607. A boolean value that specifies if the rule b Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/TrafficFilterList** +**VPNv2/**ProfileName**/TrafficFilterList** An optional node that specifies a list of rules. Only traffic that matches these rules can be sent via the VPN Interface. > [!NOTE] @@ -463,13 +463,13 @@ An optional node that specifies a list of rules. Only traffic that matches these When multiple rules are being added, each rule operates based on an OR with the other rules. Within each rule, each property operates based on an AND with each other. -**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId A sequential integer identifier for the Traffic Filter rules. Sequencing must start at 0. -**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/App** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/App** Per app VPN rule. This property will allow only the apps specified to be allowed over the VPN interface. Value type is chr. -**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/App/Id** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/App/Id** App identity for the app-based traffic filter. The value for this node can be one of the following values: @@ -480,20 +480,20 @@ The value for this node can be one of the following values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/App/Type** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/App/Type** Returns the type of ID of the **App/Id**. Value type is chr. Supported operation is Get. -**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/Claims** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/Claims** Reserved for future use. -**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/Protocol** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/Protocol** Numeric value from 0-255 representing the IP protocol to allow. For example, TCP = 6 and UDP = 17. Value type is int. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/LocalPortRanges** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/LocalPortRanges** A list of comma-separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`. > [!NOTE] @@ -501,7 +501,7 @@ A list of comma-separated values specifying local port ranges to allow. For exam Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RemotePortRanges** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RemotePortRanges** A list of comma-separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`. > [!NOTE] @@ -509,17 +509,17 @@ A list of comma-separated values specifying remote port ranges to allow. For exa Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/LocalAddressRanges** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/LocalAddressRanges** A list of comma-separated values specifying local IP address ranges to allow. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RemoteAddressRanges** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RemoteAddressRanges** A list of comma-separated values specifying remote IP address ranges to allow. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RoutingPolicyType** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RoutingPolicyType** Specifies the routing policy if an App or Claims type is used in the traffic filter. The scope of this property is for this traffic filter rule alone. The value can be one of the following values: - SplitTunnel - For this traffic filter rule, only the traffic meant for the VPN interface (as determined by the networking stack) goes over the interface. Internet traffic can continue to go over the other interfaces. @@ -529,7 +529,7 @@ This property is only applicable for App ID-based Traffic Filter rules. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/Direction** +**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/Direction** Added in Windows 10, version 2004. Specifies the traffic direction to apply this policy to. Default is Outbound. The value can be one of the following values: - Outbound - The rule applies to all outbound traffic @@ -539,19 +539,19 @@ If no inbound filter is provided, then by default all unsolicited inbound traffi Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/EdpModeId** +**VPNv2/**ProfileName**/EdpModeId** Enterprise ID, which is required for connecting this VPN profile with a Windows Information Protection policy. When this ID is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device. Additionally when a connection is being established with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin doesn't have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the Windows Information Protection policies and App lists automatically takes effect. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/RememberCredentials** +**VPNv2/**ProfileName**/RememberCredentials** Boolean value (true or false) for caching credentials. Default is false, which means don't cache credentials. If set to true, credentials are cached whenever possible. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/AlwaysOn** +**VPNv2/**ProfileName**/AlwaysOn** An optional flag to enable Always On mode. This flag will automatically connect the VPN at sign in and will stay connected until the user manually disconnects. > [!NOTE] @@ -559,7 +559,7 @@ An optional flag to enable Always On mode. This flag will automatically connect Preserving user Always On preference -Windows has a feature to preserve a user’s AlwaysOn preference. If a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList. +Windows has a feature to preserve a user’s AlwaysOn preference. If a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList. Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows won't check the box if the profile name exists in the below registry value in order to preserve user preference. Key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config` Value: AutoTriggerDisabledProfilesList @@ -573,7 +573,7 @@ Valid values: Value type is bool. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/DeviceTunnel** (./Device only profile) +**VPNv2/**ProfileName**/DeviceTunnel** (./Device only profile) Device tunnel profile. Valid values: @@ -599,124 +599,124 @@ Valid values: - False = Don't register the connection's address in DNS (default). - True = Register the connection's addresses in DNS. -**VPNv2/**ProfileName**/DnsSuffix** +**VPNv2/**ProfileName**/DnsSuffix** Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. Windows has a limit of 50 DNS suffixes that can be set. Windows name resolution will apply each suffix in order. Long DNS suffix lists may impact performance. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/ByPassForLocal** +**VPNv2/**ProfileName**/ByPassForLocal** Reserved for future use. -**VPNv2/**ProfileName**/TrustedNetworkDetection** +**VPNv2/**ProfileName**/TrustedNetworkDetection** Optional. Comma-separated string to identify the trusted network. VPN won't connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/ProfileXML** +**VPNv2/**ProfileName**/ProfileXML** Added in Windows 10, version 1607. The XML schema for provisioning all the fields of a VPN. For the XSD, see [ProfileXML XSD](vpnv2-profile-xsd.md). Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/Proxy** +**VPNv2/**ProfileName**/Proxy** A collection of configuration objects to enable a post-connect proxy support for VPN Force Tunnel connections. The proxy defined for this profile is applied when this profile is active and connected. > [!NOTE] > VPN proxy settings are used only on Force Tunnel connections. On Split Tunnel connections, the general proxy settings are used. -**VPNv2/**ProfileName**/Proxy/Manual** +**VPNv2/**ProfileName**/Proxy/Manual** Optional node containing the manual server settings. -**VPNv2/**ProfileName**/Proxy/Manual/Server** +**VPNv2/**ProfileName**/Proxy/Manual/Server** Optional. Proxy server address as a fully qualified hostname or an IP address. You should set this element together with Port. Example, proxy.contoso.com. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/Proxy/AutoConfigUrl** +**VPNv2/**ProfileName**/Proxy/AutoConfigUrl** Optional. URL to automatically retrieve the proxy settings. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/APNBinding** +**VPNv2/**ProfileName**/APNBinding** Reserved for future use. -**VPNv2/**ProfileName**/APNBinding/ProviderId** +**VPNv2/**ProfileName**/APNBinding/ProviderId** Reserved for future use. Optional node. -**VPNv2/**ProfileName**/APNBinding/AccessPointName** +**VPNv2/**ProfileName**/APNBinding/AccessPointName** Reserved for future use. -**VPNv2/**ProfileName**/APNBinding/UserName** +**VPNv2/**ProfileName**/APNBinding/UserName** Reserved for future use. -**VPNv2/**ProfileName**/APNBinding/Password** +**VPNv2/**ProfileName**/APNBinding/Password** Reserved for future use. -**VPNv2/**ProfileName**/APNBinding/IsCompressionEnabled** +**VPNv2/**ProfileName**/APNBinding/IsCompressionEnabled** Reserved for future use. -**VPNv2/**ProfileName**/APNBinding/AuthenticationType** +**VPNv2/**ProfileName**/APNBinding/AuthenticationType** Reserved for future use. -**VPNv2/**ProfileName**/DeviceCompliance** +**VPNv2/**ProfileName**/DeviceCompliance** Added in Windows 10, version 1607. Nodes under DeviceCompliance can be used to enable Azure Active Directory-based Conditional Access for VPN. -**VPNv2/**ProfileName**/DeviceCompliance/Enabled** +**VPNv2/**ProfileName**/DeviceCompliance/Enabled** Added in Windows 10, version 1607. Enables the Device Compliance flow from the client. If marked as True, the VPN Client will attempt to communicate with Azure Active Directory to get a certificate to use for authentication. The VPN should be set up to use Certificate Auth and the VPN Server must trust the Server returned by Azure Active Directory (AAD). Value type is bool. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/DeviceCompliance/Sso** +**VPNv2/**ProfileName**/DeviceCompliance/Sso** Added in Windows 10, version 1607. Nodes under SSO can be used to choose a certificate different from the VPN Authentication cert for the Kerberos Authentication if there's Device Compliance. -**VPNv2/**ProfileName**/DeviceCompliance/Sso/Enabled** +**VPNv2/**ProfileName**/DeviceCompliance/Sso/Enabled** Added in Windows 10, version 1607. If this field is set to True, the VPN Client will look for a separate certificate for Kerberos Authentication. Value type is bool. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/DeviceCompliance/Sso/IssuerHash** +**VPNv2/**ProfileName**/DeviceCompliance/Sso/IssuerHash** Added in Windows 10, version 1607. Hashes for the VPN Client to look for the correct certificate for Kerberos Authentication. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/DeviceCompliance/Sso/Eku** +**VPNv2/**ProfileName**/DeviceCompliance/Sso/Eku** Added in Windows 10, version 1607. Comma-Separated list of EKUs for the VPN Client to look for the correct certificate for Kerberos Authentication. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/PluginProfile** +**VPNv2/**ProfileName**/PluginProfile** Nodes under the PluginProfile are required when using a Microsoft Store based VPN plugin. -**VPNv2/**ProfileName**/PluginProfile/ServerUrlList** +**VPNv2/**ProfileName**/PluginProfile/ServerUrlList** Required for plug-in profiles. Semicolon-separated list of servers in URL, hostname, or IP format. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/PluginProfile/CustomConfiguration** +**VPNv2/**ProfileName**/PluginProfile/CustomConfiguration** Optional. This property is an HTML encoded XML blob for SSL-VPN plug-in specific configuration including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plugin provider for format and other details. Most plugins can also configure values based on the server negotiations and defaults. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/PluginProfile/PluginPackageFamilyName** +**VPNv2/**ProfileName**/PluginProfile/PluginPackageFamilyName** Required for plug-in profiles. Package family name for the SSL-VPN plug-in. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/PluginProfile/CustomStoreUrl** +**VPNv2/**ProfileName**/PluginProfile/CustomStoreUrl** Reserved for future use. -**VPNv2/**ProfileName**/NativeProfile** +**VPNv2/**ProfileName**/NativeProfile** Nodes under NativeProfile are required when using a Windows Inbox VPN Protocol (IKEv2, PPTP, and L2TP). -**VPNv2/**ProfileName**/NativeProfile/Servers** -Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com. +**VPNv2/**ProfileName**/NativeProfile/Servers** +Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com. -The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. +The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) separated by commas. For example, server1.example.com,server2.example.com. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/RoutingPolicyType** +**VPNv2/**ProfileName**/NativeProfile/RoutingPolicyType** Optional for native profiles. Type of routing policy. This value can be one of the following values: - SplitTunnel - Traffic can go over any interface as determined by the networking stack. @@ -724,7 +724,7 @@ Optional for native profiles. Type of routing policy. This value can be one of t Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/NativeProtocolType** +**VPNv2/**ProfileName**/NativeProfile/NativeProtocolType** Required for native profiles. Type of tunneling protocol used. This value can be one of the following values: - PPTP @@ -735,12 +735,12 @@ Required for native profiles. Type of tunneling protocol used. This value can be Value type is chr. Supported operations include Get, Add, Replace, and Delete. > [!NOTE] -> The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order isn't customizable. +> The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order isn't customizable. -**VPNv2/**ProfileName**/NativeProfile/Authentication** +**VPNv2/**ProfileName**/NativeProfile/Authentication** Required node for native profile. It contains authentication information for the native VPN profile. -**VPNv2/**ProfileName**/NativeProfile/Authentication/UserMethod** +**VPNv2/**ProfileName**/NativeProfile/Authentication/UserMethod** This value can be one of the following: - EAP @@ -748,7 +748,7 @@ This value can be one of the following: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/Authentication/MachineMethod** +**VPNv2/**ProfileName**/NativeProfile/Authentication/MachineMethod** This is only supported in IKEv2. This value can be one of the following values: @@ -757,34 +757,34 @@ This value can be one of the following values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/Authentication/Eap** +**VPNv2/**ProfileName**/NativeProfile/Authentication/Eap** Required when the native profile specifies EAP authentication. EAP configuration XML. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/Authentication/Eap/Configuration** +**VPNv2/**ProfileName**/NativeProfile/Authentication/Eap/Configuration** HTML encoded XML of the EAP configuration. For more information about EAP configuration XML, see [EAP configuration](eap-configuration.md). Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/Authentication/Eap/Type** +**VPNv2/**ProfileName**/NativeProfile/Authentication/Eap/Type** Reserved for future use. -**VPNv2/**ProfileName**/NativeProfile/Authentication/Certificate** +**VPNv2/**ProfileName**/NativeProfile/Authentication/Certificate** Reserved for future use. -**VPNv2/**ProfileName**/NativeProfile/Authentication/Certificate/Issuer** +**VPNv2/**ProfileName**/NativeProfile/Authentication/Certificate/Issuer** Reserved for future use. -**VPNv2/**ProfileName**/NativeProfile/Authentication/Certificate/Eku** +**VPNv2/**ProfileName**/NativeProfile/Authentication/Certificate/Eku** Reserved for future use. -**VPNv2/**ProfileName**/NativeProfile/CryptographySuite** -Added in Windows 10, version 1607. Properties of IPSec tunnels. +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite** +Added in Windows 10, version 1607. Properties of IPSec tunnels. [!NOTE] If you specify any of the properties under CryptographySuite, you must specify all of them. It's not valid to specify just some of the properties. -**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/AuthenticationTransformConstants** +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/AuthenticationTransformConstants** Added in Windows 10, version 1607. The following list contains the valid values: @@ -798,7 +798,7 @@ The following list contains the valid values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/CipherTransformConstants** +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/CipherTransformConstants** Added in Windows 10, version 1607. The following list contains the valid values: @@ -814,7 +814,7 @@ The following list contains the valid values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/EncryptionMethod** +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/EncryptionMethod** Added in Windows 10, version 1607. The following list contains the valid values: @@ -829,7 +829,7 @@ The following list contains the valid values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/IntegrityCheckMethod** +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/IntegrityCheckMethod** Added in Windows 10, version 1607. The following list contains the valid values: @@ -841,7 +841,7 @@ The following list contains the valid values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/DHGroup** +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/DHGroup** Added in Windows 10, version 1607. The following list contains the valid values: @@ -855,7 +855,7 @@ The following list contains the valid values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/PfsGroup** +**VPNv2/**ProfileName**/NativeProfile/CryptographySuite/PfsGroup** Added in Windows 10, version 1607. The following list contains the valid values: @@ -870,17 +870,17 @@ The following list contains the valid values: Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/L2tpPsk** +**VPNv2/**ProfileName**/NativeProfile/L2tpPsk** Added in Windows 10, version 1607. The preshared key used for an L2TP connection. Value type is chr. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/DisableClassBasedDefaultRoute** +**VPNv2/**ProfileName**/NativeProfile/DisableClassBasedDefaultRoute** Added in Windows 10, version 1607. Specifies the class-based default routes. For example, if the interface IP begins with 10, it assumes a class an IP and pushes the route to 10.0.0.0/8 Value type is bool. Supported operations include Get, Add, Replace, and Delete. -**VPNv2/**ProfileName**/NativeProfile/PlumbIKEv2TSAsRoutes** +**VPNv2/**ProfileName**/NativeProfile/PlumbIKEv2TSAsRoutes** Determines whether plumbing IPSec traffic selectors as routes onto VPN interface is enabled. If set to False, plumbing traffic selectors as routes is disabled. @@ -928,11 +928,11 @@ Profile example .contoso.com 10.5.5.5 - - %ProgramFiles%\Internet Explorer\iexplore.exe - - - Microsoft.MicrosoftEdge_8wekyb3d8bbwe + + %ProgramFiles%\Internet Explorer\iexplore.exe + + + Microsoft.MicrosoftEdge_8wekyb3d8bbwe
              10.0.0.0
              @@ -1033,7 +1033,7 @@ DomainNameInformationList 10013 - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/0/DomainName + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/0/DomainName .contoso.com @@ -1042,7 +1042,7 @@ DomainNameInformationList 10014 - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/0/DnsServers + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/0/DnsServers 192.168.0.11,192.168.0.12 @@ -1053,7 +1053,7 @@ DomainNameInformationList 10013 - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/1/DomainName + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/1/DomainName .contoso.com @@ -1063,7 +1063,7 @@ DomainNameInformationList 10015 - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/1/WebProxyServers + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/1/WebProxyServers 192.168.0.100:8888 @@ -1075,7 +1075,7 @@ DomainNameInformationList 10016 - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/2/DomainName + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/2/DomainName finance.contoso.com @@ -1084,7 +1084,7 @@ DomainNameInformationList 10017 - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/2/DnsServers + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/2/DnsServers 192.168.0.11,192.168.0.12 @@ -1096,7 +1096,7 @@ DomainNameInformationList 10016 - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/3/DomainName + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/3/DomainName finance.contoso.com @@ -1105,7 +1105,7 @@ DomainNameInformationList 10017 - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/3/WebProxyServers + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/3/WebProxyServers 192.168.0.11:8080 @@ -1116,7 +1116,7 @@ DomainNameInformationList 10016 - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/4/DomainName + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/4/DomainName . @@ -1125,7 +1125,7 @@ DomainNameInformationList 10017 - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/4/DnsServers + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/4/DnsServers 192.168.0.11,192.168.0.12 @@ -1137,7 +1137,7 @@ DomainNameInformationList 10016 - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/5/DomainName + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/5/DomainName . @@ -1146,7 +1146,7 @@ DomainNameInformationList 10017 - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/5/WebProxyServers + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/5/WebProxyServers 192.168.0.11 @@ -1205,7 +1205,7 @@ TrafficFilterLIst App 10014 - ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/1/App/Id + ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/1/App/Id Microsoft.MicrosoftEdge_8wekyb3d8bbwe @@ -1215,7 +1215,7 @@ TrafficFilterLIst App 10015 - ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/App/Id + ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/App/Id SYSTEM @@ -1230,7 +1230,7 @@ Protocol $CmdID$ - ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/Protocol + ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/Protocol int @@ -1243,45 +1243,45 @@ Protocol $CmdID$ - ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/LocalPortRanges + ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/LocalPortRanges 10,20-50,100-200 - + RemotePortRanges $CmdID$ - ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/RemotePortRanges + ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/RemotePortRanges 20-50,100-200,300 - + LocalAddressRanges $CmdID$ - ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/LocalAddressRanges/LocURI> + ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/LocalAddressRanges/LocURI> 3.3.3.3/32,1.1.1.1-2.2.2.2 - + RemoteAddressRanges $CmdID$ - ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/RemoteAddressRanges + ./Vendor/MSFT/VPNv2/VPNProfileName/TrafficFilterList/3/RemoteAddressRanges 30.30.0.0/16,10.10.10.10-20.20.20.20 - + RoutingPolicyType $CmdID$ @@ -1292,7 +1292,7 @@ Protocol ForceTunnel - + EDPModeId $CmdID$ @@ -1303,7 +1303,7 @@ Protocol corp.contoso.com - + RememberCredentials $CmdID$ @@ -1317,7 +1317,7 @@ Protocol true - + AlwaysOn $CmdID$ @@ -1331,7 +1331,7 @@ Protocol true - + Lockdown $CmdID$ @@ -1345,7 +1345,7 @@ Protocol true - + DnsSuffix $CmdID$ @@ -1356,7 +1356,7 @@ Protocol Adatum.com - + TrustedNetworkDetection @@ -1383,7 +1383,7 @@ Manual 192.168.0.100:8888 - + AutoConfigUrl $CmdID$ @@ -1412,7 +1412,7 @@ Device Compliance - Sso true - + IssuerHash 10011 @@ -1423,7 +1423,7 @@ Device Compliance - Sso ffffffffffffffffffffffffffffffffffffffff;ffffffffffffffffffffffffffffffffffffffee - + Eku 10011 @@ -1450,7 +1450,7 @@ PluginPackageFamilyName selfhost.corp.contoso.com - + 10002 @@ -1461,7 +1461,7 @@ PluginPackageFamilyName TestVpnPluginApp-SL_8wekyb3d8bbwe - + 10003 @@ -1487,7 +1487,7 @@ Servers Selfhost.corp.contoso.com - + RoutingPolicyType 10007 @@ -1498,7 +1498,7 @@ Servers ForceTunnel - + NativeProtocolType @@ -1510,7 +1510,7 @@ Servers Automatic - + Authentication UserMethod @@ -1523,7 +1523,7 @@ Servers Eap - + MachineMethod @@ -1535,7 +1535,7 @@ Servers Eap - + CryptographySuite 10004 @@ -1591,8 +1591,8 @@ Servers PFS2048 - - DisableClassBasedDefaultRoute + + DisableClassBasedDefaultRoute 10011 @@ -1608,9 +1608,9 @@ Servers ## See also -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) + + - - diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md index ec744e211f..3446055b9a 100644 --- a/windows/client-management/mdm/vpnv2-ddf-file.md +++ b/windows/client-management/mdm/vpnv2-ddf-file.md @@ -16,7 +16,7 @@ ms.date: 10/30/2020 This topic shows the OMA DM device description framework (DDF) for the **VPNv2** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is for Windows 10, version 2004. diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index 6e67b7102c..6398ed6e10 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -1,7 +1,7 @@ --- title: ProfileXML XSD description: Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -444,4 +444,4 @@ Here's the XSD for the ProfileXML node in the VPNv2 CSP and VpnManagementAgent:: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](index.yml) \ No newline at end of file diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index 7bc64259b1..e0fd9b6275 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -1,7 +1,7 @@ --- title: w4 APPLICATION CSP description: Use an APPLICATION configuration service provider (CSP) that has an APPID of w4 to configure Multimedia Messaging Service (MMS). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -82,4 +82,4 @@ Optional. The maximum authorized size, in KB, for multimedia content. This param ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index f5dc037820..0c88306677 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -1,7 +1,7 @@ --- title: w7 APPLICATION CSP description: Learn that the APPLICATION configuration service provider (CSP) that has an APPID of w7 is used for bootstrapping a device with an OMA DM account. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -54,7 +54,7 @@ APPLICATION ---NAME ---PROTOVER ---PROVIDER-ID ----ROLE +---ROLE ---TO-NAPID ---USEHWDEVID ---SSLCLIENTCERTSEARCHCRITERIA @@ -64,30 +64,30 @@ APPLICATION > All parameter names and characteristic types are case sensitive and must use all uppercase. Both APPSRV and CLIENT credentials must be provided in provisioning XML. -**APPADDR** +**APPADDR** This characteristic is used in the w7 APPLICATION characteristic to specify the DM server address. -**APPADDR/ADDR** +**APPADDR/ADDR** Optional. The ADDR parameter is used in the APPADDR characteristic to get or set the address of the OMA DM server. This parameter takes a string value. -**APPADDR/ADDRTYPE** +**APPADDR/ADDRTYPE** Optional. The ADDRTYPE parameter is used in the APPADDR characteristic to get or set the format of the ADDR parameter. This parameter takes a string value. In OMA DM XML, if there are multiple instances of this parameter, the first valid parameter value is used. -**APPADDR/PORT** +**APPADDR/PORT** This characteristic is used in the APPADDR characteristic to specify port information. -**APPADDR/PORT/PORTNBR** +**APPADDR/PORT/PORTNBR** Required. The PORTNBR parameter is used in the PORT characteristic to get or set the number of the port to connect to. This parameter takes a numeric value in string format. -**APPAUTH** +**APPAUTH** This characteristic is used in the w7 APPLICATION characteristic to specify authentication information. -**APPAUTH/AAUTHDATA** +**APPAUTH/AAUTHDATA** Optional. The AAUTHDATA parameter is used in the APPAUTH characteristic to get or set more data used in authentication. This parameter is used to convey the nonce for digest authentication type. This parameter takes a string value. The value of this parameter is a base64-encoded in the form of a series of bytes. If the AAUTHTYPE is DIGEST, this value is used as a nonce value in the MD5 hash calculation, and the octal form of the binary data should be used when calculating the hash at the server side and device side. -**APPAUTH/AAUTHLEVEL** +**APPAUTH/AAUTHLEVEL** Required. The AAUTHLEVEL parameter is used in the APPAUTH characteristic to indicate whether credentials are for server authentication or client authentication. This parameter takes a string value. You can set this value. Valid values: @@ -96,13 +96,13 @@ Valid values: - CLIENT - specifies that the server authenticates itself to the OMA DM Client at the DM protocol level. -**APPAUTH/AAUTHNAME** +**APPAUTH/AAUTHNAME** Optional. The AAUTHNAME parameter is used in the APPAUTH characteristic to differentiate OMA DM client names. This parameter takes a string value. You can set this value. -**APPAUTH/AAUTHSECRET** +**APPAUTH/AAUTHSECRET** Required. The AAUTHSECRET parameter is used in the APPAUTH characteristic to get or set the authentication secret used to authenticate the user. This parameter takes a string value. -**APPAUTH/AAUTHTYPE** +**APPAUTH/AAUTHTYPE** Optional. The AAUTHTYPE parameter of the APPAUTH characteristic is used to get or set the method of authentication. This parameter takes a string value. Valid values: @@ -111,20 +111,20 @@ Valid values: - DIGEST - Specifies that the SyncML DM 'syncml:auth-md5' authentication type. - When AAUTHLEVEL is CLIENT, then AAUTHTYPE must be DIGEST. When AAUTHLEVEL is APPSRV, AAUTHTYPE can be BASIC or DIGEST. -**APPID** +**APPID** Required. The APPID parameter is used in the APPLICATION characteristic to differentiate the types of available application services and protocols. This parameter takes a string value. You can get or set this value. The only valid value to configure the OMA Client Provisioning bootstrap APPID is w7. -**BACKCOMPATRETRYDISABLED** +**BACKCOMPATRETRYDISABLED** Optional. The BACKCOMPATRETRYDISABLED parameter is used in the APPLICATION characteristic to specify whether to retry resending a package with an older protocol version (for example, 1.1) in the SyncHdr (not including the first time). > [!Note] > This parameter doesn't contain a value. The existence of this parameter means backward compatibility retry is disabled. If the parameter is missing, it means backward compatibility retry is enabled. -**CONNRETRYFREQ** +**CONNRETRYFREQ** Optional. The CONNRETRYFREQ parameter is used in the APPLICATION characteristic to specify how many retries the DM client performs when there are Connection Manager-level or WinInet-level errors. This parameter takes a numeric value in string format. The default value is “3”. You can set this parameter. -**DEFAULTENCODING** +**DEFAULTENCODING** Optional. The DEFAULTENCODING parameter is used in the APPLICATION characteristic to specify whether the DM client should use WBXML or XML for the DM package when communicating with the server. You can get or set this parameter. The valid values are: @@ -132,7 +132,7 @@ The valid values are: - application/vnd.syncml.dm+xml (Default) - application/vnd.syncml.dm+wbxml -**INIT** +**INIT** Optional. The INIT parameter is used in the APPLICATION characteristic to indicate that the management server wants the client to initiate a management session immediately after settings approval. If the current w7 APPLICATION document will be put in ROM, the INIT parameter must not be present. > [!Note] @@ -140,18 +140,18 @@ Optional. The INIT parameter is used in the APPLICATION characteristic to indica This parameter forces the device to attempt to connect with the OMA DM server. The connection attempt fails if the XML is set during the coldinit phase. A common cause of this failure is that immediately after coldinit is finished the radio isn't yet ready.   -**INITIALBACKOFFTIME** +**INITIALBACKOFFTIME** Optional. The INITIALBACKOFFTIME parameter is used in the APPLICATION characteristic to specify the initial wait time in milliseconds when the DM client retries for the first time. The wait time grows exponentially. This parameter takes a numeric value in string format. The default value is “16000”. You can get or set this parameter. -**MAXBACKOFFTIME** +**MAXBACKOFFTIME** Optional. The MAXBACKOFFTIME parameter is used in the APPLICATION characteristic to specify the maximum number of milliseconds to sleep after package-sending failure. This parameter takes numeric value in string format. The default value is “86400000”. You can set this parameter. -**NAME** +**NAME** Optional. The NAME parameter is used in the APPLICATION characteristic to specify a user readable application identity. This parameter is used to define part of the registry path for the APPLICATION parameters. You can set this parameter. The NAME parameter can be a string or null (no value). If no value is specified, the registry location will default to <unnamed>. -**PROTOVER** +**PROTOVER** Optional. The PROTOVER parameter is used in the APPLICATION characteristic to specify the OMA DM Protocol version the server supports. No default value is assumed. The protocol version set by this node will match the protocol version that the DM client reports to the server in SyncHdr in package 1. If this node isn't specified when adding a DM server account, the latest DM protocol version that the client supports is used. In Windows Phone, this version is 1.2. This parameter is a Microsoft custom parameter. You can set this parameter. Possible values: @@ -159,22 +159,22 @@ Possible values: - 1.1 - 1.2 -**PROVIDER-ID** +**PROVIDER-ID** Optional. The PROVIDER-ID parameter is used in the APPLICATION characteristic to differentiate OMA DM servers. It specifies the server identifier for a management server used in the current management session. This parameter takes a string value. You can set this parameter. -**ROLE** +**ROLE** Optional. The ROLE parameter is used in the APPLICATION characteristic to specify the security application chamber that the DM session should run with when communicating with the DM server. The only supported roles are 8 (mobile operator) and 32 (enterprise). If this parameter isn't present, the mobile operator role is assumed. The enterprise role can only be set by the enterprise enrollment client. The enterprise client can't set the mobile operator role. This parameter is a Microsoft custom parameter. This parameter takes a numeric value in string format. You can get or set this parameter. -**TO-NAPID** +**TO-NAPID** Optional. The TO-NAPID parameter is used in the APPLICATION characteristic to specify the Network Access Point the client will use to connect to the OMA DM server. If multiple TO-NAPID parameters are specified, only the first TO-NAPID value will be stored. This parameter takes a string value. You can set this parameter. -**USEHWDEVID** +**USEHWDEVID** Optional. The USEHWDEVID parameter is used in the APPLICATION characteristic to specify use of device hardware identification. It doesn't have a value. - If the parameter isn't present, the default behavior is to use an application-specific GUID used rather than the hardware device ID. - If the parameter is present, the hardware device ID will be provided at the **./DevInfo/DevID** node and in the Source LocURI for the DM package sent to the server. International Mobile Subscriber Identity (IMEI) is returned for a GSM device. -**SSLCLIENTCERTSEARCHCRITERIA** +**SSLCLIENTCERTSEARCHCRITERIA** Optional. The SSLCLIENTCERTSEARCHCRITERIA parameter is used in the APPLICATION characteristic to specify the client certificate search criteria. This parameter supports search by subject attribute and certificate stores. If any other criteria are provided, it's ignored. The string is a concatenation of name/value pairs, each member of the pair delimited by the "&" character. The name and values are delimited by the "=" character. If there are multiple values, each value is delimited by the Unicode character "U+F000". If the name or value contains characters not in the UNRESERVED set (as specified in RFC2396), then those characters are URI-escaped per the RFC. @@ -189,10 +189,10 @@ Subject specifies the certificate to search for. For example, to specify that yo > `%EF%80%80` is the UTF8-encoded character U+F000. ```xml - ``` ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index 60791f3a53..c025bf6ec4 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -1,7 +1,7 @@ --- title: WiFi CSP description: The WiFi configuration service provider (CSP) provides the functionality to add or delete Wi-Fi networks on a Windows device. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -45,7 +45,7 @@ The following example shows the WiFi configuration service provider in tree form or ./User/Vendor/MSFT WiFi ----Profile +---Profile ------SSID ---------WlanXML ---------WiFiCost @@ -250,4 +250,4 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID ‘MyNetw ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md index 3f1d8d46e7..f2a53dc84b 100644 --- a/windows/client-management/mdm/wifi-ddf-file.md +++ b/windows/client-management/mdm/wifi-ddf-file.md @@ -1,7 +1,7 @@ --- title: WiFi DDF file description: Learn about the OMA DM device description framework (DDF) for the WiFi configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md index 82a4e341dd..0cc696cfdb 100644 --- a/windows/client-management/mdm/win32appinventory-csp.md +++ b/windows/client-management/mdm/win32appinventory-csp.md @@ -1,7 +1,7 @@ --- title: Win32AppInventory CSP description: Learn how the Win32AppInventory configuration service provider (CSP) is used to provide an inventory of installed applications on a device. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -101,4 +101,4 @@ The supported operation is Get. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md index 9cd08b73e2..9f2d2298b4 100644 --- a/windows/client-management/mdm/win32appinventory-ddf-file.md +++ b/windows/client-management/mdm/win32appinventory-ddf-file.md @@ -1,7 +1,7 @@ --- title: Win32AppInventory DDF file description: Learn about the OMA DM device description framework (DDF) for the Win32AppInventory configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **Win32AppInventory** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md index 816e68336d..07fdbf9364 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 07/19/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -57,172 +57,172 @@ Win32CompatibilityAppraiser --------WerConnectionReport ``` -**./Vendor/MSFT/Win32CompatibilityAppraiser** +**./Vendor/MSFT/Win32CompatibilityAppraiser** The root node for the Win32CompatibilityAppraiser configuration service provider. -**CompatibilityAppraiser** +**CompatibilityAppraiser** This represents the state of the Compatibility Appraiser. -**CompatibilityAppraiser/AppraiserConfigurationDiagnosis** -This represents various settings that affect whether the Compatibility Appraiser can collect and upload compatibility data. +**CompatibilityAppraiser/AppraiserConfigurationDiagnosis** +This represents various settings that affect whether the Compatibility Appraiser can collect and upload compatibility data. -**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/CommercialId** +**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/CommercialId** The unique identifier specifying what organization owns this device. This helps correlate telemetry after it has been uploaded. -Value type is string. +Value type is string. Supported operation is Get. -**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/CommercialIdSetAndValid** +**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/CommercialIdSetAndValid** A boolean value representing whether the CommercialId is set to a valid value. Valid values are strings in the form of GUIDs, with no surrounding braces. -Value type is bool. +Value type is bool. Supported operation is Get. -**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/AllTargetOsVersionsRequested** +**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/AllTargetOsVersionsRequested** A boolean value representing whether the flag to request that the Compatibility Appraiser check compatibility with all possible Windows 10 versions has been set. By default, versions 1507 and 1511, and any version equal to or less than the current version, are not checked. -Value type is bool. +Value type is bool. Supported operation is Get. -**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/OsSkuIsValidForAppraiser** +**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/OsSkuIsValidForAppraiser** A boolean value indicating whether the current Windows SKU is able to run the Compatibility Appraiser. Value type is bool. Supported operation is Get. -**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/AppraiserCodeAndDataVersionsAboveMinimum** -An integer value representing whether the installed versions of the Compatibility Appraiser code and data meet the minimum requirement to provide useful data. +**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/AppraiserCodeAndDataVersionsAboveMinimum** +An integer value representing whether the installed versions of the Compatibility Appraiser code and data meet the minimum requirement to provide useful data. The values are: - -- 0 == Neither the code nor data is of a sufficient version. + +- 0 == Neither the code nor data is of a sufficient version. - 1 == The code version is insufficient but the data version is sufficient. - 2 == The code version is sufficient but the data version is insufficient. - 3 == Both the code and data are of a sufficient version. -Value type is integer. +Value type is integer. Supported operation is Get. -**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/RebootPending** +**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/RebootPending** A boolean value representing whether a reboot is pending on this computer. A newly-installed version of the Compatibility Appraiser may require a reboot before useful data is able to be sent. -Value type is bool. +Value type is bool. Supported operation is Get. -**CompatibilityAppraiser/AppraiserRunResultReport** +**CompatibilityAppraiser/AppraiserRunResultReport** This provides an XML representation of the last run of Appraiser and the last runs of Appraiser of certain types or configurations. For the report XML schema see [Appraiser run result report](#appraiser-run-result-report). -**UniversalTelemetryClient** +**UniversalTelemetryClient** This represents the state of the Universal Telemetry Client, or DiagTrack service. -**UniversalTelemetryClient/UtcConfigurationDiagnosis** +**UniversalTelemetryClient/UtcConfigurationDiagnosis** This represents various settings that affect whether the Universal Telemetry Client can upload data and how much data it can upload. -**UniversalTelemetryClient/UtcConfigurationDiagnosis/TelemetryOptIn** -An integer value representing what level of telemetry will be uploaded. +**UniversalTelemetryClient/UtcConfigurationDiagnosis/TelemetryOptIn** +An integer value representing what level of telemetry will be uploaded. -Value type is integer. +Value type is integer. Supported operation is Get. The values are: - + - 0 == Security data will be sent. - 1 == Basic telemetry will be sent. - 2 == Enhanced telemetry will be sent. - 3 == Full telemetry will be sent. -**UniversalTelemetryClient/UtcConfigurationDiagnosis/CommercialDataOptIn** -An integer value representing whether the CommercialDataOptIn setting is allowing any data to upload. +**UniversalTelemetryClient/UtcConfigurationDiagnosis/CommercialDataOptIn** +An integer value representing whether the CommercialDataOptIn setting is allowing any data to upload. -Value type is integer. +Value type is integer. Supported operation is Get. The values are: - + - 0 == Setting is disabled. - 1 == Setting is enabled. - 2 == Setting is not applicable to this version of Windows. -**UniversalTelemetryClient/UtcConfigurationDiagnosis/DiagTrackServiceRunning** +**UniversalTelemetryClient/UtcConfigurationDiagnosis/DiagTrackServiceRunning** A boolean value representing whether the DiagTrack service is running. This service must be running in order to upload UTC data. -Value type is bool. +Value type is bool. Supported operation is Get. -**UniversalTelemetryClient/UtcConfigurationDiagnosis/MsaServiceEnabled** +**UniversalTelemetryClient/UtcConfigurationDiagnosis/MsaServiceEnabled** A boolean value representing whether the Microsoft account service is enabled. This service must be enabled for UTC data to be indexed with Global Device IDs. -Value type is bool. +Value type is bool. Supported operation is Get. -**UniversalTelemetryClient/UtcConfigurationDiagnosis/InternetExplorerTelemetryOptIn** +**UniversalTelemetryClient/UtcConfigurationDiagnosis/InternetExplorerTelemetryOptIn** An integer value representing what websites Internet Explorer will collect telemetry data for. -Value type is integer. +Value type is integer. Supported operation is Get. The values are: - + - 0 == Telemetry collection is disabled. - 1 == Telemetry collection is enabled for websites in the local intranet, trusted websites, and machine local zones. - 2 == Telemetry collection is enabled for internet websites and restricted website zones. - 3 == Telemetry collection is enabled for all websites. - 0x7FFFFFFF == Telemetry collection is not configured. -**UniversalTelemetryClient/UtcConnectionReport** +**UniversalTelemetryClient/UtcConnectionReport** This provides an XML representation of the UTC connections during the most recent summary period. For the report XML schema, see [UTC connection report](#utc-connection-report). -**WindowsErrorReporting** +**WindowsErrorReporting** This represents the state of the Windows Error Reporting service. -**WindowsErrorReporting/WerConfigurationDiagnosis** +**WindowsErrorReporting/WerConfigurationDiagnosis** This represents various settings that affect whether the Windows Error Reporting service can upload data and how much data it can upload. -**WindowsErrorReporting/WerConfigurationDiagnosis/WerTelemetryOptIn** -An integer value indicating the amount of WER data that will be uploaded. +**WindowsErrorReporting/WerConfigurationDiagnosis/WerTelemetryOptIn** +An integer value indicating the amount of WER data that will be uploaded. -Value type is integer. +Value type is integer. Supported operation is Get. The values are: - + - 0 == Data will not send due to UTC opt-in. - 1 == Data will not send due to WER opt-in. - 2 == Basic WER data will send but not the complete set of data. - 3 == The complete set of WER data will send. -**WindowsErrorReporting/WerConfigurationDiagnosis/MostRestrictiveSetting** -An integer value representing which setting category (system telemetry, WER basic policies, WER advanced policies, and WER consent policies) is causing the overall WerTelemetryOptIn value to be restricted. +**WindowsErrorReporting/WerConfigurationDiagnosis/MostRestrictiveSetting** +An integer value representing which setting category (system telemetry, WER basic policies, WER advanced policies, and WER consent policies) is causing the overall WerTelemetryOptIn value to be restricted. -Value type is integer. +Value type is integer. Supported operation is Get. The values are: - + - 0 == System telemetry settings are restricting upload. - 1 == WER basic policies are restricting uploads. - 2 == WER advanced policies are restricting uploads. - 3 == WER consent policies are restricting uploads. - 4 == There are no restrictive settings. -**WindowsErrorReporting/WerConnectionReport** +**WindowsErrorReporting/WerConnectionReport** This provides an XML representation of the most recent WER connections of various types. For the report XML schema, see [Windows Error Reporting connection report](#windows-error-reporting-connection-report). @@ -682,4 +682,4 @@ For the report XML schema, see [Windows Error Reporting connection report](#wind ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](index.yml) \ No newline at end of file diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md index 56b7cbd8ed..59b68ae164 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md @@ -7,18 +7,18 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 07/19/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- -# Win32CompatibilityAppraiser DDF file +# Win32CompatibilityAppraiser DDF file > [!WARNING] > Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. This topic shows the OMA DM device description framework (DDF) for the **Win32CompatibilityAppraiser** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is for Windows 10, version 1809 and later. diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md index 48b0ea237e..af34c66886 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md @@ -1,7 +1,7 @@ --- title: WindowsAdvancedThreatProtection CSP description: The Windows Defender Advanced Threat Protection (WDATP) CSP allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -48,34 +48,34 @@ WindowsAdvancedThreatProtection The following list describes the characteristics and parameters. -**./Device/Vendor/MSFT/WindowsAdvancedThreatProtection** +**./Device/Vendor/MSFT/WindowsAdvancedThreatProtection** The root node for the Windows Defender Advanced Threat Protection configuration service provider. Supported operation is Get. -**Onboarding** +**Onboarding** Sets Windows Defender Advanced Threat Protection Onboarding blob and initiates onboarding to Windows Defender Advanced Threat Protection. The data type is a string. Supported operations are Get and Replace. -**HealthState** +**HealthState** Node that represents the Windows Defender Advanced Threat Protection health state. -**HealthState/LastConnected** +**HealthState/LastConnected** Contains the timestamp of the last successful connection. Supported operation is Get. -**HealthState/SenseIsRunning** +**HealthState/SenseIsRunning** Boolean value that identifies the Windows Defender Advanced Threat Protection Sense running state. The default value is false. Supported operation is Get. -**HealthState/OnboardingState** +**HealthState/OnboardingState** Represents the onboarding state. Supported operation is Get. @@ -85,15 +85,15 @@ The following list shows the supported values: - 0 (default) – Not onboarded - 1 – Onboarded -**HealthState/OrgId** +**HealthState/OrgId** String that represents the OrgID. Supported operation is Get. -**Configuration** +**Configuration** Represents Windows Defender Advanced Threat Protection configuration. -**Configuration/SampleSharing** +**Configuration/SampleSharing** Returns or sets the Windows Defender Advanced Threat Protection Sample Sharing configuration parameter. The following list shows the supported values: @@ -103,7 +103,7 @@ The following list shows the supported values: Supported operations are Get and Replace. -**Configuration/TelemetryReportingFrequency** +**Configuration/TelemetryReportingFrequency** Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection diagnostic data reporting frequency. The following list shows the supported values: @@ -113,27 +113,27 @@ The following list shows the supported values: Supported operations are Get and Replace. -**Offboarding** +**Offboarding** Sets the Windows Defender Advanced Threat Protection Offboarding blob and initiates offboarding to Windows Defender Advanced Threat Protection. The data type is a string. Supported operations are Get and Replace. -**DeviceTagging** +**DeviceTagging** Added in Windows 10, version 1709. Represents Windows Defender Advanced Threat Protection configuration for managing role based access and device tagging. Supported operation is Get. -**DeviceTagging/Group** +**DeviceTagging/Group** Added in Windows 10, version 1709. Device group identifiers. The data type is a string. Supported operations are Get and Replace. -**DeviceTagging/Criticality** -Added in Windows 10, version 1709. Asset criticality value. Supported values: +**DeviceTagging/Criticality** +Added in Windows 10, version 1709. Asset criticality value. Supported values: - 0 - Normal - 1 - Critical @@ -247,11 +247,11 @@ Supported operations are Get and Replace. - + ``` ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md index cddb4f73e0..88f7963c28 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md @@ -2,7 +2,7 @@ title: WindowsAdvancedThreatProtection DDF file description: Learn about the OMA DM device description framework (DDF) for the WindowsAdvancedThreatProtection configuration service provider (CSP). ms.assetid: 0C62A790-4351-48AF-89FD-7D46C42D13E0 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -16,7 +16,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **WindowsAdvancedThreatProtection** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/windowsautopilot-csp.md b/windows/client-management/mdm/windowsautopilot-csp.md index b50630eea2..b92231671c 100644 --- a/windows/client-management/mdm/windowsautopilot-csp.md +++ b/windows/client-management/mdm/windowsautopilot-csp.md @@ -1,7 +1,7 @@ --- title: WindowsAutopilot CSP description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, which results in security and privacy concerns in Autopilot. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -31,7 +31,7 @@ The WindowsAutopilot CSP exposes Windows Autopilot related device information. T **./Vendor/MSFT/WindowsAutopilot** -Root node for the WindowsAutopilot configuration service provider. +Root node for the WindowsAutopilot configuration service provider. Supported operation is Get. **HardwareMismatchRemediationData** @@ -42,4 +42,4 @@ Supported operation is Get. ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](index.yml) \ No newline at end of file diff --git a/windows/client-management/mdm/windowsautopilot-ddf-file.md b/windows/client-management/mdm/windowsautopilot-ddf-file.md index dfc52ce96c..551d857ce8 100644 --- a/windows/client-management/mdm/windowsautopilot-ddf-file.md +++ b/windows/client-management/mdm/windowsautopilot-ddf-file.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 02/07/2022 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -16,9 +16,9 @@ manager: aaroncz > [!WARNING] > Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -This topic shows the device description framework (DDF) for the **WindowsAutopilot** configuration service provider. +This topic shows the device description framework (DDF) for the **WindowsAutopilot** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). ```xml WindowsAutopilot diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 15cbeaed69..184b0bbad8 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 11/02/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -49,16 +49,16 @@ WindowsDefenderApplicationGuard --------AuditApplicationGuard ``` -**./Device/Vendor/MSFT/WindowsDefenderApplicationGuard** +**./Device/Vendor/MSFT/WindowsDefenderApplicationGuard** Root node. Supported operation is Get. -**Settings** +**Settings** Interior node. Supported operation is Get. -**Settings/AllowWindowsDefenderApplicationGuard** +**Settings/AllowWindowsDefenderApplicationGuard** Turn on Microsoft Defender Application Guard in Enterprise Mode. -Value type is integer. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. @@ -69,16 +69,16 @@ The following list shows the supported values: - 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (added in Windows 10, version 2004). - 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (added in Windows 10, version 2004). -**Settings/ClipboardFileType** +**Settings/ClipboardFileType** Determines the type of content that can be copied from the host to Application Guard environment and vice versa. -Value type is integer. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. This policy setting is supported on Microsoft Edge on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode. -The following list shows the supported values: +The following list shows the supported values: - 1 - Allow text copying. - 2 - Allow image copying. @@ -93,16 +93,16 @@ ADMX Info: - GP ADMX file name: *AppHVSI.admx* -**Settings/ClipboardSettings** +**Settings/ClipboardSettings** This policy setting allows you to decide how the clipboard behaves while in Application Guard. -Value type is integer. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. This policy setting is supported on Microsoft Edge on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode. -The following list shows the supported values: +The following list shows the supported values: - 0 (default) - Completely turns Off the clipboard functionality for the Application Guard. - 1 - Turns On clipboard operation from an isolated session to the host. @@ -121,17 +121,17 @@ ADMX Info: - GP ADMX file name: *AppHVSI.admx* -**Settings/PrintingSettings** +**Settings/PrintingSettings** This policy setting allows you to decide how the print functionality behaves while in Application Guard. -Value type is integer. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. This policy setting is supported on Microsoft Edge on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode. The following list shows the supported values: - + - 0 (default) - Disables all print functionality. - 1 - Enables only XPS printing. - 2 - Enables only PDF printing. @@ -158,17 +158,17 @@ ADMX Info: - GP ADMX file name: *AppHVSI.admx* -**Settings/BlockNonEnterpriseContent** -This policy setting allows you to decide whether websites can load non-enterprise content in Microsoft Edge and Internet Explorer. +**Settings/BlockNonEnterpriseContent** +This policy setting allows you to decide whether websites can load non-enterprise content in Microsoft Edge and Internet Explorer. -Value type is integer. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. This policy setting is supported on Microsoft Edge on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode. The following list shows the supported values: - + - 0 (default) - Non-enterprise content embedded in enterprise sites is allowed to open outside of the Microsoft Defender Application Guard container, directly in Internet Explorer and Microsoft Edge. - 1 - Non-enterprise content embedded on enterprise sites is stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard. @@ -177,87 +177,87 @@ The following list shows the supported values: ADMX Info: - + - GP Friendly name: *Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer* - GP name: *BlockNonEnterpriseContent* - GP path: *Windows Components/Microsoft Defender Application Guard* - GP ADMX file name: *AppHVSI.admx* -**Settings/AllowPersistence** -This policy setting allows you to decide whether data should persist across different sessions in Application Guard. +**Settings/AllowPersistence** +This policy setting allows you to decide whether data should persist across different sessions in Application Guard. -Value type is integer. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. -The following list shows the supported values: +The following list shows the supported values: - 0 - Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user sign out. - 1 - Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions. ADMX Info: - + - GP Friendly name: *Allow data persistence for Microsoft Defender Application Guard* - GP name: *AllowPersistence* - GP path: *Windows Components/Microsoft Defender Application Guard* - GP ADMX file name: *AppHVSI.admx* -**Settings/AllowVirtualGPU** +**Settings/AllowVirtualGPU** Added in Windows 10, version 1803. This policy setting allows you to determine whether Application Guard can use the virtual Graphics Processing Unit (GPU) to process graphics. Value type is integer. -Supported operations are Add, Get, Replace, and Delete. +Supported operations are Add, Get, Replace, and Delete. This policy setting is supported on Microsoft Edge on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode. If you enable this setting, Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If you enable this setting without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. -The following list shows the supported values: +The following list shows the supported values: - 0 (default) - Can't access the vGPU and uses the CPU to support rendering graphics. When the policy isn't configured, it's the same as disabled (0). -- 1 - Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This functionality can create a faster experience when working with graphics intense websites or watching video within the container. +- 1 - Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This functionality can create a faster experience when working with graphics intense websites or watching video within the container. > [!WARNING] > Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device. ADMX Info: - + - GP Friendly name: *Allow hardware-accelerated rendering for Microsoft Defender Application Guard* - GP name: *AllowVirtualGPU* - GP path: *Windows Components/Microsoft Defender Application Guard* - GP ADMX file name: *AppHVSI.admx* -**Settings/SaveFilesToHost** -Added in Windows 10, version 1803. This policy setting allows you to determine whether users can elect to download files from Edge in the container and persist files from container to the host operating system. This policy setting also enables users to elect files on the host operating system and upload it through Edge in the container. +**Settings/SaveFilesToHost** +Added in Windows 10, version 1803. This policy setting allows you to determine whether users can elect to download files from Edge in the container and persist files from container to the host operating system. This policy setting also enables users to elect files on the host operating system and upload it through Edge in the container. -Value type is integer. +Value type is integer. -Supported operations are Add, Get, Replace, and Delete. +Supported operations are Add, Get, Replace, and Delete. -The following list shows the supported values: +The following list shows the supported values: - 0 (default) - The user can't download files from Edge in the container to the host file system, or upload files from host file system to Edge in the container. When the policy isn't configured, it's the same as disabled (0). -- 1 - Turns on the functionality to allow users to download files from Edge in the container to the host file system. +- 1 - Turns on the functionality to allow users to download files from Edge in the container to the host file system. ADMX Info: - + - GP Friendly name: *Allow files to download and save to the host operating system from Microsoft Defender Application Guard* - GP name: *SaveFilesToHost* - GP path: *Windows Components/Microsoft Defender Application Guard* - GP ADMX file name: *AppHVSI.admx* -**Settings/CertificateThumbprints** -Added in Windows 10, version 1809. This policy setting allows certain device level Root Certificates to be shared with the Microsoft Defender Application Guard container. +**Settings/CertificateThumbprints** +Added in Windows 10, version 1809. This policy setting allows certain device level Root Certificates to be shared with the Microsoft Defender Application Guard container. -Value type is string. +Value type is string. Supported operations are Add, Get, Replace, and Delete. @@ -265,14 +265,14 @@ This policy setting is supported on Microsoft Edge on Windows 10/Windows 11 Ente If you enable this setting, certificates with a thumbprint matching the ones specified will be transferred into the container. Multiple certificates can be specified by using a comma to separate the thumbprints for each certificate you want to transfer. -Here's an example: +Here's an example: b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda924 If you disable or don’t configure this setting, certificates aren't shared with the Microsoft Defender Application Guard container. ADMX Info: - + - GP Friendly name: *Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device* - GP name: *CertificateThumbprints* - GP path: *Windows Components/Microsoft Defender Application Guard* @@ -280,12 +280,12 @@ ADMX Info: > [!NOTE] -> To enforce this policy, device restart or user logon/logoff is required. +> To enforce this policy, device restart or user logon/logoff is required. -**Settings/AllowCameraMicrophoneRedirection** +**Settings/AllowCameraMicrophoneRedirection** Added in Windows 10, version 1809. This policy setting allows you to determine whether applications inside Microsoft Defender Application Guard can access the device’s camera and microphone when these settings are enabled on the user’s device. -Value type is integer. +Value type is integer. Supported operations are Add, Get, Replace, and Delete. @@ -295,8 +295,8 @@ If you enable this policy setting, applications inside Microsoft Defender Applic If you disable or don't configure this policy setting, applications inside Microsoft Defender Application Guard will be unable to access the camera and microphone on the user’s device. -The following list shows the supported values: - +The following list shows the supported values: + - 0 (default) - Microsoft Defender Application Guard can't access the device’s camera and microphone. When the policy isn't configured, it's the same as disabled (0). - 1 - Turns on the functionality to allow Microsoft Defender Application Guard to access the device’s camera and microphone. @@ -305,17 +305,17 @@ The following list shows the supported values: ADMX Info: - + - GP Friendly name: *Allow camera and microphone access in Microsoft Defender Application Guard* - GP name: *AllowCameraMicrophoneRedirection* - GP path: *Windows Components/Microsoft Defender Application Guard* - GP ADMX file name: *AppHVSI.admx* -**Status** +**Status** Returns bitmask that indicates status of Application Guard installation for Microsoft Edge and prerequisites on the device. -Value type is integer. +Value type is integer. Supported operation is Get. @@ -327,10 +327,10 @@ Supported operation is Get. - Bit 5 - Set to 1 when the client machine meets minimum hardware requirements. - Bit 6 - Set to 1 when system reboot is required. -**PlatformStatus** -Added in Windows 10, version 2004. Applies to Microsoft Office/Generic platform. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. +**PlatformStatus** +Added in Windows 10, version 2004. Applies to Microsoft Office/Generic platform. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. -Value type is integer. +Value type is integer. Supported operation is Get. @@ -341,8 +341,8 @@ Supported operation is Get. - Bit 4 - Reserved for Microsoft. - Bit 5 - Set to 1 when the client machine meets minimum hardware requirements. -**InstallWindowsDefenderApplicationGuard** -Initiates remote installation of Application Guard feature. +**InstallWindowsDefenderApplicationGuard** +Initiates remote installation of Application Guard feature. Supported operations are Get and Execute. @@ -351,26 +351,26 @@ The following list shows the supported values: - Install - Will initiate feature install. - Uninstall - Will initiate feature uninstall. -**Audit** +**Audit** Interior node. Supported operation is Get. -**Audit/AuditApplicationGuard** +**Audit/AuditApplicationGuard** This policy setting allows you to decide whether auditing events can be collected from Application Guard. -Value type in integer. +Value type in integer. Supported operations are Add, Get, Replace, and Delete. This policy setting is supported on Windows 10/Windows 11 Enterprise or Windows 10/Windows 11 Education with Microsoft Defender Application Guard in Enterprise mode. The following list shows the supported values: - + - 0 (default) - Audit event logs aren't collected for Application Guard. - 1 - Application Guard inherits its auditing policies from system and starts to audit security events for Application Guard container. ADMX Info: - + - GP Friendly name: *Allow auditing events in Microsoft Defender Application Guard* - GP name: *AuditApplicationGuard* - GP path: *Windows Components/Microsoft Defender Application Guard* @@ -379,4 +379,4 @@ ADMX Info: ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md index c49a7214d2..393b8c0a28 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 09/10/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz --- @@ -16,9 +16,9 @@ manager: aaroncz > [!WARNING] > Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -This topic shows the OMA DM device description framework (DDF) for the **WindowsDefenderApplicationGuard** configuration service provider. +This topic shows the OMA DM device description framework (DDF) for the **WindowsDefenderApplicationGuard** configuration service provider. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). This XML is for Windows 10, version 1809 and later. diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index f120a8272e..c418d82de4 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -1,7 +1,7 @@ --- title: WindowsLicensing CSP description: Learn how the WindowsLicensing configuration service provider (CSP) is designed for licensing related management scenarios. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -51,12 +51,12 @@ WindowsLicensing --------Status (Added in Windows 10, version 1809) ``` -**./Device/Vendor/MSFT/WindowsLicensing** +**./Device/Vendor/MSFT/WindowsLicensing** This node is the root node for the WindowsLicensing configuration service provider. The supported operation is Get. -**UpgradeEditionWithProductKey** +**UpgradeEditionWithProductKey** Enters a product key for an edition upgrade of Windows 10 desktop devices. > [!NOTE] @@ -96,14 +96,14 @@ Activation or changing a product key can be carried out on the following edition - Windows 10/Windows 11 Home - Windows 10/Windows 11 Pro -**Edition** +**Edition** Returns a value that maps to the Windows 10 or Windows 11 edition. Take the value, convert it into its hexadecimal equivalent and search the GetProductInfo function page on MSDN for edition information. The data type is an Int. The supported operation is Get. -**Status** +**Status** Returns the status of an edition upgrade on Windows devices. The status corresponds to one of the following values: - 0 = Failed @@ -116,13 +116,13 @@ The data type is an Int. The supported operation is Get. - -**LicenseKeyType** +**LicenseKeyType** Returns the parameter type used by Windows 10 or Windows 11 devices for an edition upgrade, activation, or product key change. - Windows 10 or Windows 11 client devices require a product key. @@ -149,44 +149,44 @@ The data type is a chr. The supported operation is Get. -**CheckApplicability** +**CheckApplicability** Returns TRUE if the entered product key can be used for an edition upgrade, activation or changing a product key of Windows 10 or Windows 11 for desktop devices. The data type is a chr. The supported operation is Exec. -**ChangeProductKey** +**ChangeProductKey** Added in Windows 10, version 1703. Installs a product key for Windows desktop devices. Doesn't reboot. The data type is a chr. The supported operation is Execute. -**Subscriptions** +**Subscriptions** Added in Windows 10, version 1607. Node for subscriptions. -**Subscriptions/SubscriptionId** +**Subscriptions/SubscriptionId** Added in Windows 10, version 1607. Node for subscription IDs. -**Subscriptions/SubscriptionId/Status** +**Subscriptions/SubscriptionId/Status** Added in Windows 10, version 1607. Returns the status of the subscription. The data type is an Int. The supported operation is Get. -**Subscriptions/SubscriptionId/Name** +**Subscriptions/SubscriptionId/Name** Added in Windows 10, version 1607. Returns the name of the subscription. The data type is a chr. The supported operation is Get. -**SMode** +**SMode** Interior node for managing S mode. -**SMode/SwitchingPolicy** +**SMode/SwitchingPolicy** Added in Windows 10, version 1809. Determines whether a consumer can switch the device out of S mode. This setting is only applicable to devices available in S mode. For examples, see [Add S mode SwitchingPolicy](#smode-switchingpolicy-add), [Get S mode SwitchingPolicy](#smode-switchingpolicy-get), [Replace S mode SwitchingPolicy](#smode-switchingpolicy-replace) and [Delete S mode SwitchingPolicy](#smode-switchingpolicy-delete) Value type is integer. @@ -194,11 +194,11 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. Supported values: - + - 0 - No Restriction: The user is allowed to switch the device out of S mode. - 1 - User Blocked: The admin has blocked the user from switching their device out of S mode. Only the admin can switch the device out of S mode through the SMode/SwitchFromSMode node. -**SMode/SwitchFromSMode** +**SMode/SwitchFromSMode** Added in Windows 10, version 1809. Switches a device out of S mode if possible. Doesn't reboot. For an example, see [Execute SwitchFromSMode](#smode-switchfromsmode-execute) Supported operation is Execute. @@ -206,11 +206,11 @@ Supported operation is Execute. **SMode/Status** Added in Windows 10, version 1809. Returns the status of the latest SwitchFromSMode set request. For an example, see [Get S mode status](#smode-status-example) -Value type is integer. +Value type is integer. Supported operation is Get. -Values: +Values: - Request fails with error code 404 - no SwitchFromSMode request has been made. - 0 - The device successfully switched out of S mode. @@ -234,7 +234,7 @@ Values: chr - XXXXX-XXXXX-XXXXX-XXXXX-XXXXX + XXXXX-XXXXX-XXXXX-XXXXX-XXXXX @@ -313,7 +313,7 @@ Values: chr - XXXXX-XXXXX-XXXXX-XXXXX-XXXXX + XXXXX-XXXXX-XXXXX-XXXXX-XXXXX @@ -324,7 +324,7 @@ Values: > [!NOTE] > `XXXXX-XXXXX-XXXXX-XXXXX-XXXXX` in the **Data** tag should be replaced with your product key. - ## ADMX files and the Group Policy Editor -To capture the end-to-end MDM handling of ADMX Group Policies, an IT administrator must use a UI, such as the Group Policy Editor (gpedit.msc), to gather the necessary data. The MDM ISV console UI determines how to gather the needed Group Policy data from the IT administrator. ADMX Group Policies are organized in a hierarchy and can have a scope of machine, user, or both. The Group Policy example in the next section uses a machine-wide Group Policy named "Publishing Server 2 Settings." When this Group Policy is selected, its available states are **Not Configured**, **Enabled**, and **Disabled**. +To capture the end-to-end MDM handling of ADMX Group Policies, an IT administrator must use a UI, such as the Group Policy Editor (gpedit.msc), to gather the necessary data. The MDM ISV console UI determines how to gather the needed Group Policy data from the IT administrator. ADMX Group Policies are organized in a hierarchy and can have a scope of machine, user, or both. The Group Policy example in the next section uses a machine-wide Group Policy named "Publishing Server 2 Settings." When this Group Policy is selected, its available states are **Not Configured**, **Enabled**, and **Disabled**. -The ADMX file that the MDM ISV uses to determine what UI to display to the IT administrator is the same ADMX file that the client uses for the policy definition. The ADMX file is processed either by the OS at build time or set by the client at OS runtime. In either case, the client and the MDM ISV must be synchronized with the ADMX policy definitions. Each ADMX file corresponds to a Group Policy category and typically contains several policy definitions, each of which represents a single Group Policy. For example, the policy definition for the "Publishing Server 2 Settings" is contained in the appv.admx file, which holds the policy definitions for the Microsoft Application Virtualization (App-V) Group Policy category. +The ADMX file that the MDM ISV uses to determine what UI to display to the IT administrator is the same ADMX file that the client uses for the policy definition. The ADMX file is processed either by the OS at build time or set by the client at OS runtime. In either case, the client and the MDM ISV must be synchronized with the ADMX policy definitions. Each ADMX file corresponds to a Group Policy category and typically contains several policy definitions, each of which represents a single Group Policy. For example, the policy definition for the "Publishing Server 2 Settings" is contained in the appv.admx file, which holds the policy definitions for the Microsoft Application Virtualization (App-V) Group Policy category. Group Policy option button setting: - If **Enabled** is selected, the necessary data entry controls are displayed for the user in the UI. When IT administrator enters the data and clicks **Apply**, the following events occur: - - The MDM ISV server sets up a Replace SyncML command with a payload that contains the user-entered data. + - The MDM ISV server sets up a Replace SyncML command with a payload that contains the user-entered data. - The MDM client stack receives this data, which causes the Policy CSP to update the device's registry per the ADMX policy definition. - If **Disabled** is selected and you click **Apply**, the following events occur: - - The MDM ISV server sets up a Replace SyncML command with a payload set to ``. + - The MDM ISV server sets up a Replace SyncML command with a payload set to ``. - The MDM client stack receives this command, which causes the Policy CSP to either delete the device's registry settings, set the registry keys, or both, per the state change directed by the ADMX policy definition. - If **Not Configured** is selected and you click **Apply**, the following events occur: - - MDM ISV server sets up a Delete SyncML command. + - MDM ISV server sets up a Delete SyncML command. - The MDM client stack receives this command, which causes the Policy CSP to delete the device's registry settings per the ADMX policy definition. The following diagram shows the main display for the Group Policy Editor. @@ -65,15 +65,15 @@ The following diagram shows the settings for the "Publishing Server 2 Settings" Most Group Policies are a simple Boolean type. For a Boolean Group Policy, if you select **Enabled**, the options panel contains no data input fields and the payload of the SyncML is simply ``. However, if there are data input fields in the options panel, the MDM server must supply this data. The following *Enabling a Group Policy* example illustrates this complexity. In this example, 10 name-value pairs are described by `` tags in the payload, which correspond to the 10 data input fields in the Group Policy Editor options panel for the "Publishing Server 2 Settings" Group Policy. The ADMX file, which defines the Group Policies, is consumed by the MDM server, similarly to how the Group Policy Editor consumes it. The Group Policy Editor displays a UI to receive the complete Group Policy instance data, which the MDM server's IT administrator console must also do. For every `` element and ID attribute in the ADMX policy definition, there must be a corresponding `` element and ID attribute in the payload. The ADMX file drives the policy definition and is required by the MDM server via the SyncML protocol. > [!IMPORTANT] -> Any data entry field that is displayed in the Group Policy page of the Group Policy Editor must be supplied in the encoded XML of the SyncML payload. The SyncML data payload is equivalent to the user-supplied Group Policy data through GPEdit.msc. +> Any data entry field that is displayed in the Group Policy page of the Group Policy Editor must be supplied in the encoded XML of the SyncML payload. The SyncML data payload is equivalent to the user-supplied Group Policy data through GPEdit.msc. -For more information about the Group Policy description format, see [Administrative Template File (ADMX) format](/previous-versions/windows/desktop/Policy/admx-schema). Elements can be Text, MultiText, Boolean, Enum, Decimal, or List (for more information, see [policy elements](/previous-versions/windows/desktop/Policy/element-elements)). +For more information about the Group Policy description format, see [Administrative Template File (ADMX) format](/previous-versions/windows/desktop/Policy/admx-schema). Elements can be Text, MultiText, Boolean, Enum, Decimal, or List (for more information, see [policy elements](/previous-versions/windows/desktop/Policy/element-elements)). For example, if you search for the string, "Publishing_Server2_Name_Prompt" in both the *Enabling a policy* example and its corresponding ADMX policy definition in the appv.admx file, you'll find the following occurrences: Enabling a policy example: ```XML -`` +`` ``` Appv.admx file: @@ -120,15 +120,15 @@ The following SyncML examples describe how to set an MDM policy that is defined ./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2 - ]]> @@ -233,7 +233,7 @@ This section describes sample SyncML for the various ADMX elements like Text, Mu ### How a Group Policy policy category path and name are mapped to an MDM area and policy name -Below is the internal OS mapping of a Group Policy to an MDM area and name. This mapping is part of a set of Windows manifest that when compiled parses out the associated ADMX file, finds the specified Group Policy policy and stores that definition (metadata) in the MDM Policy CSP client store.  ADMX backed policies are organized hierarchically. Their scope can be **machine**, **user**, or have a scope of **both**. When the MDM policy is referred to through a SyncML command and the Policy CSP URI, as shown below, this metadata is referenced and determines what registry keys are set or removed. Machine-scope policies are referenced via .\Device and the user scope policies via .\User. +Below is the internal OS mapping of a Group Policy to an MDM area and name. This mapping is part of a set of Windows manifest that when compiled parses out the associated ADMX file, finds the specified Group Policy policy and stores that definition (metadata) in the MDM Policy CSP client store.  ADMX backed policies are organized hierarchically. Their scope can be **machine**, **user**, or have a scope of **both**. When the MDM policy is referred to through a SyncML command and the Policy CSP URI, as shown below, this metadata is referenced and determines what registry keys are set or removed. Machine-scope policies are referenced via .\Device and the user scope policies via .\User. `./[Device|User]/Vendor/MSFT/Policy/Config/[config|result]//` @@ -480,7 +480,7 @@ Variations of the `list` element are dictated by attributes. These attributes ar ### Decimal Element ```XML - diff --git a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md similarity index 100% rename from windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md rename to windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/win32-and-centennial-app-policy-configuration.md similarity index 97% rename from windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md rename to windows/client-management/win32-and-centennial-app-policy-configuration.md index 824f17444b..e64d03da7e 100644 --- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md +++ b/windows/client-management/win32-and-centennial-app-policy-configuration.md @@ -7,12 +7,12 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.date: 03/23/2020 -ms.reviewer: +ms.reviewer: manager: aaroncz --- # Win32 and Desktop Bridge app ADMX policy Ingestion - + ## In this section - [Overview](#overview) @@ -25,13 +25,13 @@ manager: aaroncz ## Overview -Starting in Windows 10, version 1703, you can ingest ADMX files (ADMX ingestion) and set those ADMX policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies. +Starting in Windows 10, version 1703, you can ingest ADMX files (ADMX ingestion) and set those ADMX policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies. NOTE: Starting from the following Windows 10 version Replace command is supported -- Windows 10, version 1903 with KB4512941 and KB4517211 installed -- Windows 10, version 1809 with KB4512534 and KB installed -- Windows 10, version 1803 with KB4512509 and KB installed -- Windows 10, version 1709 with KB4516071 and KB installed +- Windows 10, version 1903 with KB4512941 and KB4517211 installed +- Windows 10, version 1809 with KB4512534 and KB installed +- Windows 10, version 1803 with KB4512509 and KB installed +- Windows 10, version 1709 with KB4516071 and KB installed When the ADMX policies are ingested, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations: @@ -53,7 +53,7 @@ When the ADMX policies are ingested, the registry keys to which each policy is w - software\microsoft\windows\windows search\preferences\ - software\microsoft\exchange\ - software\policies\microsoft\vba\security\ -- software\microsoft\onedrive +- software\microsoft\onedrive - software\Microsoft\Edge - Software\Microsoft\EdgeUpdate\ @@ -61,7 +61,7 @@ When the ADMX policies are ingested, the registry keys to which each policy is w > Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still ingest ADMX files and set ADMX policies regardless of whether the device is domain joined or non-domain joined. > [!NOTE] -> Settings that cannot be configured using custom policy ingestion have to be set by pushing the appropriate registry keys directly (for example, by using PowerShell script). +> Settings that cannot be configured using custom policy ingestion have to be set by pushing the appropriate registry keys directly (for example, by using PowerShell script). ## Ingesting an app ADMX file @@ -204,7 +204,7 @@ The following ADMX file example shows how to ingest a Win32 or Desktop Bridge ap **Request Syncml** The ADMX file is escaped and sent in SyncML format through the Policy CSP URI, `./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}/{SettingType}/{FileUid or AdmxFileName}`. -When the ADMX file is imported, the policy states for each new policy are the same as those in a regular MDM policy: Enabled, Disabled, or Not Configured. +When the ADMX file is imported, the policy states for each new policy are the same as those in a regular MDM policy: Enabled, Disabled, or Not Configured. The following example shows an ADMX file in SyncML format: @@ -365,7 +365,7 @@ The following example shows an ADMX file in SyncML format: 21102Add200 ``` -### URI format for configuring an app policy +### URI format for configuring an app policy The following example shows how to derive a Win32 or Desktop Bridge app policy name and policy area name: @@ -394,7 +394,7 @@ The following example shows how to derive a Win32 or Desktop Bridge app policy n ``` -As documented in [Policy CSP](policy-configuration-service-provider.md), the URI format to configure a policy via Policy CSP is: +As documented in [Policy CSP](mdm/policy-configuration-service-provider.md), the URI format to configure a policy via Policy CSP is: './{user or device}/Vendor/MSFT/Policy/Config/{AreaName}/{PolicyName}'. **User or device policy** diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/windows-mdm-enterprise-settings.md similarity index 97% rename from windows/client-management/mdm/windows-mdm-enterprise-settings.md rename to windows/client-management/windows-mdm-enterprise-settings.md index 0c7b48f2a8..b9eadf5502 100644 --- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md +++ b/windows/client-management/windows-mdm-enterprise-settings.md @@ -1,10 +1,10 @@ --- title: Enterprise settings, policies, and app management description: The DM client manages the interaction between a device and a server. Learn more about the client-server management workflow. -MS-HAID: +MS-HAID: - 'p\_phdevicemgmt.enterprise\_settings\_\_policies\_\_and\_app\_management' - 'p\_phDeviceMgmt.windows\_mdm\_enterprise\_settings' -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -18,7 +18,7 @@ ms.date: 06/26/2017 The actual management interaction between the device and server is done via the DM client. The DM client communicates with the enterprise management server via DM v1.2 SyncML syntax. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://technical.openmobilealliance.org/). -Windows currently supports one MDM server. The DM client that is configured via the enrollment process is granted access to enterprise related settings. Enterprise MDM settings are exposed via various configuration service providers to the DM client. For the list of available configuration service providers, see [Configuration service provider reference](configuration-service-provider-reference.md). +Windows currently supports one MDM server. The DM client that is configured via the enrollment process is granted access to enterprise related settings. Enterprise MDM settings are exposed via various configuration service providers to the DM client. For the list of available configuration service providers, see [Configuration service provider reference](mdm/index.yml). The DM client is configured during the enrollment process to be invoked by the task scheduler to periodically poll the MDM server. diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/wmi-providers-supported-in-windows.md similarity index 98% rename from windows/client-management/mdm/wmi-providers-supported-in-windows.md rename to windows/client-management/wmi-providers-supported-in-windows.md index 3026a02d56..d4efdf99e2 100644 --- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md +++ b/windows/client-management/wmi-providers-supported-in-windows.md @@ -1,10 +1,10 @@ --- title: WMI providers supported in Windows 10 description: Manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service with Windows Management Infrastructure (WMI). -MS-HAID: +MS-HAID: - 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview' - 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows' -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -19,7 +19,7 @@ ms.date: 06/26/2017 Windows Management Infrastructure (WMI) providers (and the classes they support) are used to manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service. The following subsections show the list WMI MDM classes that are supported in Windows 10. > [!NOTE] -> Applications installed using WMI classes are not removed when the MDM account is removed from device. +> Applications installed using WMI classes are not removed when the MDM account is removed from device. The child node names of the result from a WMI query are separated by a forward slash (/) and not URI escaped. Here is an example query. @@ -105,7 +105,7 @@ For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmw | [**wpcusersettings**](/windows/win32/parcon/parental-controls-wmi-provider-schema) | Yes | | [**wpcwebsettings**](/windows/win32/parcon/parental-controls-wmi-provider-schema) | Yes | - + ### Win32 WMI classes @@ -124,7 +124,7 @@ For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmw [**Win32\_DiskDrive**](/windows/win32/cimwin32prov/win32-diskdrive) | Yes [**Win32\_DiskPartition**](/windows/win32/cimwin32prov/win32-diskpartition) | [**Win32\_DisplayConfiguration**](/previous-versions//aa394137(v=vs.85)) | Yes -[**Win32\_DMAChannel**](/windows/win32/cimwin32prov/win32-dmachannel) | +[**Win32\_DMAChannel**](/windows/win32/cimwin32prov/win32-dmachannel) | [**Win32\_DriverVXD**](/previous-versions//aa394141(v=vs.85)) | [**Win32\_EncryptableVolume**](/windows/win32/secprov/win32-encryptablevolume) | [**Win32\_Environment**](/windows/win32/cimwin32prov/win32-environment) | @@ -148,10 +148,10 @@ For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmw [**Win32\_PageFileSetting**](/windows/win32/cimwin32prov/win32-pagefilesetting) | [**Win32\_ParallelPort**](/windows/win32/cimwin32prov/win32-parallelport) | [**Win32\_PCMCIAController**](/windows/win32/cimwin32prov/win32-pcmciacontroller) | -[**Win32\_PhysicalMedia**](/previous-versions/windows/desktop/cimwin32a/win32-physicalmedia) | +[**Win32\_PhysicalMedia**](/previous-versions/windows/desktop/cimwin32a/win32-physicalmedia) | [**Win32\_PhysicalMemory**](/windows/win32/cimwin32prov/win32-physicalmemory) | Yes -[**Win32\_PnPDevice**](/windows/win32/cimwin32prov/win32-pnpdevice) | -[**Win32\_PnPEntity**](/windows/win32/cimwin32prov/win32-pnpentity) | +[**Win32\_PnPDevice**](/windows/win32/cimwin32prov/win32-pnpdevice) | +[**Win32\_PnPEntity**](/windows/win32/cimwin32prov/win32-pnpentity) | [**Win32\_PointingDevice**](/windows/win32/cimwin32prov/win32-pointingdevice) | [**Win32\_PortableBattery**](/windows/win32/cimwin32prov/win32-portablebattery) | [**Win32\_PortResource**](/windows/win32/cimwin32prov/win32-portresource) | @@ -179,11 +179,11 @@ For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmw [**Win32\_UTCTime**](/previous-versions/windows/desktop/wmitimepprov/win32-utctime) | Yes [**Win32\_VideoController**](/windows/win32/cimwin32prov/win32-videocontroller) | **Win32\_WindowsUpdateAgentVersion** | - + ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](mdm/index.yml) ## Related Links [CIM Video Controller](/windows/win32/cimwin32prov/cim-videocontroller) diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml index 0c16704142..177b63d3e2 100644 --- a/windows/configuration/TOC.yml +++ b/windows/configuration/TOC.yml @@ -68,8 +68,6 @@ href: kiosk-single-app.md - name: Set up a multi-app kiosk href: lock-down-windows-10-to-specific-apps.md - - name: Set up a shared or guest PC - href: set-up-shared-or-guest-pc.md - name: Kiosk reference information items: - name: More kiosk methods and reference information @@ -92,7 +90,15 @@ href: kiosk-mdm-bridge.md - name: Troubleshoot kiosk mode issues href: kiosk-troubleshoot.md - + +- name: Configure multi-user and guest devices + items: + - name: Shared devices concepts + href: shared-devices-concepts.md + - name: Configure shared devices with Shared PC + href: set-up-shared-or-guest-pc.md + - name: Shared PC technical reference + href: shared-pc-technical.md - name: Use provisioning packages items: diff --git a/windows/configuration/images/icons/accessibility.svg b/windows/configuration/images/icons/accessibility.svg new file mode 100644 index 0000000000..21a6b4f235 --- /dev/null +++ b/windows/configuration/images/icons/accessibility.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/windows/configuration/images/icons/group-policy.svg b/windows/configuration/images/icons/group-policy.svg new file mode 100644 index 0000000000..ace95add6b --- /dev/null +++ b/windows/configuration/images/icons/group-policy.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/windows/configuration/images/icons/intune.svg b/windows/configuration/images/icons/intune.svg new file mode 100644 index 0000000000..6e0d938aed --- /dev/null +++ b/windows/configuration/images/icons/intune.svg @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + + + Icon-intune-329 + + + + + + + + \ No newline at end of file diff --git a/windows/configuration/images/icons/powershell.svg b/windows/configuration/images/icons/powershell.svg new file mode 100644 index 0000000000..ab2d5152ca --- /dev/null +++ b/windows/configuration/images/icons/powershell.svg @@ -0,0 +1,20 @@ + + + + + + + + + + MsPortalFx.base.images-10 + + + + + + + + + + \ No newline at end of file diff --git a/windows/configuration/images/icons/provisioning-package.svg b/windows/configuration/images/icons/provisioning-package.svg new file mode 100644 index 0000000000..dbbad7d780 --- /dev/null +++ b/windows/configuration/images/icons/provisioning-package.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/windows/configuration/images/icons/registry.svg b/windows/configuration/images/icons/registry.svg new file mode 100644 index 0000000000..06ab4c09d7 --- /dev/null +++ b/windows/configuration/images/icons/registry.svg @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + + + + Icon-general-18 + + + \ No newline at end of file diff --git a/windows/configuration/images/icons/windows-os.svg b/windows/configuration/images/icons/windows-os.svg new file mode 100644 index 0000000000..da64baf975 --- /dev/null +++ b/windows/configuration/images/icons/windows-os.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/windows/configuration/images/shared-pc-intune.png b/windows/configuration/images/shared-pc-intune.png new file mode 100644 index 0000000000..401e937a2a Binary files /dev/null and b/windows/configuration/images/shared-pc-intune.png differ diff --git a/windows/configuration/images/shared-pc-wcd.png b/windows/configuration/images/shared-pc-wcd.png new file mode 100644 index 0000000000..a0f86ed11e Binary files /dev/null and b/windows/configuration/images/shared-pc-wcd.png differ diff --git a/windows/configuration/images/sharedpc-guest-win11.png b/windows/configuration/images/sharedpc-guest-win11.png new file mode 100644 index 0000000000..c6091c3b2d Binary files /dev/null and b/windows/configuration/images/sharedpc-guest-win11.png differ diff --git a/windows/configuration/images/sharedpc-kiosk-win11se.png b/windows/configuration/images/sharedpc-kiosk-win11se.png new file mode 100644 index 0000000000..1a0f0afeb1 Binary files /dev/null and b/windows/configuration/images/sharedpc-kiosk-win11se.png differ diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md index 191ecb60c4..6490c7a003 100644 --- a/windows/configuration/set-up-shared-or-guest-pc.md +++ b/windows/configuration/set-up-shared-or-guest-pc.md @@ -1,353 +1,153 @@ --- -title: Set up a shared or guest PC with Windows 10/11 -description: Windows 10 and Windows has shared PC mode, which optimizes Windows client for shared use scenarios. -ms.prod: w10 -author: lizgt2000 -ms.author: lizlong -ms.topic: article +title: Set up a shared or guest Windows device +description: Description of how to configured Shared PC mode, which is a Windows feature that optimizes devices for shared use scenarios. +ms.date: 10/15/2022 +ms.prod: windows +ms.technology: windows +ms.topic: reference ms.localizationpriority: medium -ms.reviewer: sybruckm +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: manager: aaroncz -ms.collection: highpri +ms.collection: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Windows 11 SE --- -# Set up a shared or guest PC with Windows 10/11 +# Set up a shared or guest Windows device +**Shared PC** offers options to facilitate the management and optimization of shared devices. The customizations offered by Shared PC are listed in the following table. -**Applies to** +| Area Name | Setting name and description| +|---|---| +|Shared PC mode | **EnableSharedPCMode** or **EnableSharedPCModeWithOneDriveSync**: when enabled, **Shared PC mode** is turned on and different settings are configured in the local group policy object (LGPO). For a detailed list of settings enabled by Shared PC Mode in the LGPO, see the [Shared PC technical reference](shared-pc-technical.md#enablesharedpcmode-and-enablesharedpcmodewithonedrivesync).
              • This setting controls the API: [IsEnabled][UWP-1]
              | +| Account management | **EnableAccountManager**: when enabled, automatic account management is turned on. The following settings define the behavior of *account manager*:
              • **DeletionPolicy**
              • **DiskLevelDeletion**
              • **DiskLevelCaching**
              • **InactiveThreshold**
              For more information, see the [Shared PC CSP documentation][WIN-3].

              **AccountModel**: this option controls which types of users can sign-in to the device, and can be used to enable the Guest and Kiosk accounts. For more information, see the [Shared PC CSP documentation][WIN-3].

              **KioskModeAUMID**: configures an application (referred as Application User Model ID - AUMID) to automatically execute when the kiosk account is used to sign in. A new account will be created and will use assigned access to only run the app specified by the AUMID. [Find the Application User Model ID of an installed app][WIN-7].

              **KioskModeUserTileDisplayText**: sets the display text on the kiosk account if **KioskModeAUMID** has been set.| +| Advanced customizations | **SetEduPolicies**: when enabled, specific settings designed for education devices are configured in the LGPO. For a detailed list of settings enabled by SetEduPolicies in the LGPO, see [Shared PC technical reference](shared-pc-technical.md#setedupolicy).
              • This setting controls the API: [IsEducationEnvironment][UWP-2]

              **SetPowerPolicies**: when enabled, different power settings optimized for shared devices are configured in the LGPO. For a detailed list of settings enabled by SetPowerPolicies in the LGPO, see [Shared PC technical reference](shared-pc-technical.md#setpowerpolicies).

              **SleepTimeout**: specifies all timeouts for when the PC should sleep.

              **SignInOnResume**: if enabled, specifies if the user is required to sign in with a password when the PC wakes from sleep.

              **MaintenanceStartTime**: by default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update or Search indexing) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For a detailed list of settings enabled by MaintenanceStartTime, see [Shared PC technical reference](shared-pc-technical.md#maintenancestarttime).

              **MaxPageFileSizeMB**: adjusts the maximum page file size in MB. This can be used to fine-tune page file behavior, especially on low end PCs.

              **RestrictLocalStorage**: when enabled, users are prevented from saving or viewing local storage while using File Explorer.
              • This setting controls the API: [ShouldAvoidLocalStorage][UWP-3]
              | -- Windows 10 -- Windows 11 +## Configure Shared PC -Windows client has a *shared PC mode*, which optimizes Windows client for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows client Pro, Pro Education, Education, and Enterprise. +Shared PC can be configured using the following methods: -> [!NOTE] -> If you're interested in using Windows client for shared PCs in a school, see [Use Set up School PCs app](/education/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education. +- Microsoft Intune/MDM +- Provisioning package (PPKG) +- PowerShell script -## Shared PC mode concepts -A Windows client PC in shared PC mode is designed to be management- and maintenance-free with high reliability. In shared PC mode, only one user can be signed in at a time. When the PC is locked, the currently signed in user can always be signed out at the lock screen. +Follow the instructions below to configure your devices, selecting the option that best suits your needs. -### Account models -It is intended that shared PCs are joined to an Active Directory or Azure Active Directory domain by a user with the necessary rights to perform a domain join as part of a setup process. This enables any user that is part of the directory to sign-in to the PC. If using Azure Active Directory Premium, any domain user can also be configured to sign in with administrative rights. Additionally, shared PC mode can be configured to enable a **Guest** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used. Windows client has a **kiosk mode** account. Shared PC mode can be configured to enable a **Kiosk** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used to run a specified app in assigned access (kiosk) mode. +#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune) -### Account management -When the account management service is turned on in shared PC mode, accounts are automatically deleted. Account deletion applies to Active Directory, Azure Active Directory, and local accounts that are created by the **Guest** and **Kiosk** options. Account management is performed both at sign-off time (to make sure there is enough disk space for the next user) as well as during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out or when disk space is low. In Windows client, an inactive option is added which deletes accounts if they haven't signed in after a specified number of days. +To configure devices using Microsoft Intune, [create a **Settings catalog** policy][MEM-2], and use the settings listed under the category **`Shared PC`**: -### Maintenance and sleep -Shared PC mode is configured to take advantage of maintenance time periods which run while the PC is not in use. Therefore, sleep is strongly recommended so that the PC can wake up when it is not in use to perform maintenance, clean up accounts, and run Windows Update. The recommended settings can be set by choosing **SetPowerPolicies** in the list of shared PC options. Additionally, on devices without Advanced Configuration and Power Interface (ACPI) wake alarms, shared PC mode will always override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods. +:::image type="content" source="./images/shared-pc-intune.png" alt-text="Screenshot that shows the Shared PC policies in the Intune settings catalog." lightbox="./images/shared-pc-intune.png" border="True"::: -While shared PC mode does not configure Windows Update itself, it is strongly recommended to configure Windows Update to automatically install updates and reboot (if necessary) during maintenance hours. This will help ensure the PC is always up to date and not interrupting users with updates. +Assign the policy to a security group that contains as members the devices or users that you want to configure. -Use one of the following methods to configure Windows Update: +Alternatively, you can configure devices using a [custom policy][MEM-1] with the [SharedPC CSP][WIN-3]. -- Group Policy: Set **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates** to `4` and check **Install during automatic maintenance**. -- MDM: Set **Update/AllowAutoUpdate** to `4`. -- Provisioning: In Windows Imaging and Configuration Designer (ICD), set **Policies/Update/AllowAutoUpdate** to `4`. +#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg) -[Learn more about the AllowAutoUpdate settings](/windows/client-management/mdm/policy-configuration-service-provider#Update_AllowAutoUpdate) +To configure devices using a provisioning package, [create a provisioning package][WIN-1] using WCD, and use the settings listed under the category **`SharedPC`**: -### App behavior +:::image type="content" source="./images/shared-pc-wcd.png" alt-text="Screenshot that shows the Shared PC policies in WCD." lightbox="./images/shared-pc-wcd.png" border="False"::: -Apps can take advantage of shared PC mode with the following three APIs: +For a list and description of CSP settings exposed in Windows Configuration Designer, see the [SharedPC WCD reference][WIN-4]. -- [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings) - This informs apps when the PC has been configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences. -- [ShouldAvoidLocalStorage](/uwp/api/windows.system.profile.sharedmodesettings) - This informs apps when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app. -- [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings) - This informs apps when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality. - +Follow the steps in [Apply a provisioning package][WIN-2] to apply the package that you created. -### Customization -Shared PC mode exposes a set of customizations to tailor the behavior to your requirements. These customizations are the options that you'll set either using MDM or a provisioning package as explained in [Configuring Shared PC mode for Windows](#configuring-shared-pc-mode-for-windows). The options are listed in the following table. +#### [:::image type="icon" source="images/icons/powershell.svg"::: **PowerShell**](#tab/powershell) -| Setting | Value | -|:---|:---| -| EnableSharedPCMode | Set as **True**. If this is not set to **True**, shared PC mode is not turned on and none of the other settings apply. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings)

              Some of the remaining settings in **SharedPC** are optional, but we strongly recommend that you also set `EnableAccountManager` to **True**. | -| AccountManagement: AccountModel | This option controls how users can sign-in on the PC. Choosing domain-joined will enable any user in the domain to sign-in.

              Specifying the guest option will add the **Guest** option to the sign-in screen and enable anonymous guest access to the PC.

              - **Only guest** allows anyone to use the PC as a local standard (non-admin) account.
              - **Domain-joined only** allows users to sign in with an Active Directory or Azure AD account.
              - **Domain-joined and guest** allows users to sign in with an Active Directory, Azure AD, or local standard account. | -| AccountManagement: DeletionPolicy | - **Delete immediately** will delete the account on sign-out.

              - **Delete at disk space threshold** will start deleting accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed.

              Example: The caching number is 50 and the deletion number is 25. Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) at a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign-off of an account if free space is under the deletion threshold and disk space is very low, regardless if the PC is actively in use or not.
              - **Delete at disk space threshold and inactive threshold** will apply the same disk space checks as noted above, but also delete accounts if they have not signed in within the number of days specified by **InactiveThreshold** | -| AccountManagement: DiskLevelCaching | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account caching. | -| AccountManagement: DiskLevelDeletion | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account deletion. | -| AccountManagement: InactiveThreshold | If you set **DeletionPolicy** to **Delete at disk space threshold and inactive threshold**, set the number of days after which an account that has not signed in will be deleted. | -| AccountManagement: EnableAccountManager | Set as **True** to enable automatic account management. If this is not set to true, no automatic account management will be done. | -| AccountManagement: KioskModeAUMID | Set an Application User Model ID (AUMID) to enable the kiosk account on the sign-in screen. A new account will be created and will use assigned access to only run the app specified by the AUMID. Note that the app must be installed on the PC. Set the name of the account using **KioskModeUserTileDisplayText**, or a default name will be used. [Find the Application User Model ID of an installed app](/previous-versions/windows/embedded/dn449300(v=winembedded.82)) | -| AccountManagement: KioskModeUserTileDisplayText | Sets the display text on the kiosk account if **KioskModeAUMID** has been set. | -| Customization: MaintenanceStartTime | By default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For example, if you want maintenance to begin at 2 AM, enter `120` as the value. | -| Customization: MaxPageFileSizeMB | Adjusts the maximum page file size in MB. This can be used to fine-tune page file behavior, especially on low end PCs. | -| Customization: RestrictLocalStorage | Set as **True** to restrict the user from saving or viewing local storage when using File Explorer. This setting controls this API: [ShouldAvoidLocalStorage](/uwp/api/windows.system.profile.sharedmodesettings) | -| Customization: SetEduPolicies | Set to **True** for PCs that will be used in a school. For more information, see [Windows client configuration recommendations for education customers](/education/windows/configure-windows-for-education). This setting controls this API: [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings) | -| Customization: SetPowerPolicies | When set as **True**:
              - Prevents users from changing power settings
              - Turns off hibernate
              - Overrides all power state transitions to sleep (e.g. lid close) | -| Customization: SignInOnResume | This setting specifies if the user is required to sign in with a password when the PC wakes from sleep. | -| Customization: SleepTimeout | Specifies all timeouts for when the PC should sleep. Enter the amount of idle time in seconds. If you don't set sleep timeout, the default of 1 hour applies. | -[Policies: Authentication](wcd/wcd-policies.md#authentication) (optional related setting) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. +To configure devices using a PowerShell script, you can use the [MDM Bridge WMI Provider][WIN-6]. -## Configuring Shared PC mode for Windows +> [!TIP] +> PowerShell scripts can be executed as scheduled tasks via Group Policy. -You can configure Windows to be in shared PC mode in a couple different ways: +> [!IMPORTANT] +> For all device settings, the WMI Bridge client must be executed as SYSTEM (LocalSystem) account. +> +> To test a PowerShell script, you can: +> 1. [Download the psexec tool](/sysinternals/downloads/psexec) +> 1. Open an elevated command prompt and run: `psexec.exe -i -s powershell.exe` +> 1. Run the script in the PowerShell session -- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp). To set up a shared device policy for Windows client in Intune, complete the following steps: +Edit the following sample PowerShell script to customize the settings that you want to configure: +```powershell +$namespaceName = "root\cimv2\mdm\dmmap" +$parentID="./Vendor/MSFT/Policy/Config" +$className = "MDM_SharedPC" +$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className +if (-not ($cimObject)) { + $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance} +} +$cimObject.EnableSharedPCMode = $True +$cimObject.SetEduPolicies = $True +$cimObject.SetPowerPolicies = $True +$cimObject.MaintenanceStartTime = 0 +$cimObject.SignInOnResume = $True +$cimObject.SleepTimeout = 0 +$cimObject.EnableAccountManager = $True +$cimObject.AccountModel = 2 +$cimObject.DeletionPolicy = 1 +$cimObject.DiskLevelDeletion = 25 +$cimObject.DiskLevelCaching = 50 +$cimObject.RestrictLocalStorage = $False +$cimObject.KioskModeAUMID = "" +$cimObject.KioskModeUserTileDisplayText = "" +$cimObject.InactiveThreshold = 0 +Set-CimInstance -CimInstance $cimObject +``` - 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). - - 2. Select **Devices** > **Windows** > **Configuration profiles** > **Create profile**. - - 3. Enter the following properties: +For more information, see [Using PowerShell scripting with the WMI Bridge Provider][WIN-5]. - - **Platform**: Select **Windows 10 and later**. - - **Profile**: Select **Templates** > **Shared multi-user device**. - - 4. Select **Create**. - - 5. In **Basics**, enter the following properties: - - - **Name**: Enter a descriptive name for the new profile. - - **Description**: Enter a description for the profile. This setting is optional, but recommended. - - 6. Select **Next**. - - 7. In **Configuration settings**, depending on the platform you chose, the settings you can configure are different. Choose your platform for detailed settings: - - 8. On the **Configuration settings** page, set the ‘Shared PC Mode’ value to **Enabled**. - - > [!div class="mx-imgBorder"] - > ![Shared PC mode in the Configuration settings page.](images/shared_pc_3.png) - - 11. From this point on, you can configure any additional settings you’d like to be part of this policy, and then follow the rest of the set-up flow to its completion by selecting **Create** after **Step 6**. - -- A provisioning package created with the Windows Configuration Designer: You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows client that's already in use. The provisioning package is created in Windows Configuration Designer. Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp), exposed in Windows Configuration Designer as **SharedPC**. - - ![Shared PC settings in ICD.](images/icd-adv-shared-pc.png) - -- WMI bridge: Environments that use Group Policy can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the [MDM_SharedPC class](/windows/win32/dmwmibridgeprov/mdm-sharedpc). For all device settings, the WMI Bridge client must be executed under local system user; for more information, see [Using PowerShell scripting with the WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). For example, open PowerShell as an administrator and enter the following: - - ```powershell - $sharedPC = Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName "MDM_SharedPC" - $sharedPC.EnableSharedPCMode = $True - $sharedPC.SetEduPolicies = $True - $sharedPC.SetPowerPolicies = $True - $sharedPC.MaintenanceStartTime = 0 - $sharedPC.SignInOnResume = $True - $sharedPC.SleepTimeout = 0 - $sharedPC.EnableAccountManager = $True - $sharedPC.AccountModel = 2 - $sharedPC.DeletionPolicy = 1 - $sharedPC.DiskLevelDeletion = 25 - $sharedPC.DiskLevelCaching = 50 - $sharedPC.RestrictLocalStorage = $False - $sharedPC.KioskModeAUMID = "" - $sharedPC.KioskModeUserTileDisplayText = "" - $sharedPC.InactiveThreshold = 0 - Set-CimInstance -CimInstance $sharedPC - Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName MDM_SharedPC - ``` - -### Create a provisioning package for shared use - -1. [Install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md) - -2. Open Windows Configuration Designer. -3. On the **Start page**, select **Advanced provisioning**. -4. Enter a name and (optionally) a description for the project, and click **Next**. -5. Select **All Windows desktop editions**, and click **Next**. -6. Click **Finish**. Your project opens in Windows Configuration Designer. -7. Go to **Runtime settings** > **SharedPC**. [Select the desired settings for shared PC mode.](#customization) -8. On the **File** menu, select **Save.** -9. On the **Export** menu, select **Provisioning package**. -10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** -11. Set a value for **Package Version**. - > [!TIP] - > You can make changes to existing packages and change the version number to update previously applied packages. - -12. (*Optional*) In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package. - - > [!IMPORTANT] - > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently. - -13. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows Configuration Designer uses the project folder as the output location. - Optionally, you can click **Browse** to change the default output location. -14. Click **Next**. -15. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status. - If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. -16. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. - If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. -17. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods: - - - Shared network folder - - - SharePoint site - - - Removable media (USB/SD) (select this option to apply to a PC during initial setup) - - -### Apply the provisioning package - -Provisioning packages can be applied to a device during initial setup (out-of-box experience or "OOBE") and after ("runtime"). For more information, see [Apply a provisioning package](./provisioning-packages/provisioning-apply-package.md). - -> [!NOTE] -> If you apply the setup file to a computer that has already been set up, existing accounts and data might be lost. +--- ## Guidance for accounts on shared PCs -* We recommend no local admin accounts on the PC to improve the reliability and security of the PC. +- When a device is configured in *shared PC mode* with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out. -* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign-out. -* On a Windows PC joined to Azure Active Directory: - * By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC. - * With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal. +- Local accounts that already exist on a PC won't be deleted when turning on shared PC mode. New local accounts that are created using **Settings > Accounts > Other people > Add someone else to this PC** after shared PC mode is turned on won't be deleted. However, any new guest accounts created by the **Guest** and **Kiosk** options on the sign-in screen (if enabled) will automatically be deleted at sign out. To set a general policy on all local accounts, you can configure the following local Group Policy setting: **Computer Configuration** > **Administrative Templates** > **System** > **User Profiles**: **Delete User Profiles Older Than A Specified Number Of Days On System Restart**. -* Local accounts that already exist on a PC won’t be deleted when turning on shared PC mode. New local accounts that are created using **Settings > Accounts > Other people > Add someone else to this PC** after shared PC mode is turned on won't be deleted. However, any new guest accounts created by the **Guest** and **Kiosk** options on the sign-in screen (if enabled) will automatically be deleted at sign-out. To set a general policy on all local accounts, you can configure the following local Group Policy setting: **Computer Configuration** > **Administrative Templates** > **System** > **User Profiles**: **Delete User Profiles Older Than A Specified Number Of Days On System Restart**. +- The account management service supports accounts that are exempt from deletion. An account can be marked exempt from deletion by adding the account SID to the registry key: `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\`. To add the account SID to the registry key using PowerShell, use the following example as a reference: -* If admin accounts are necessary on the PC - * Ensure the PC is joined to a domain that enables accounts to be signed on as admin, or - * Create admin accounts before setting up shared PC mode, or - * Create exempt accounts before signing out when turning shared pc mode on. + ```powershell + $adminName = "LocalAdmin" + $adminPass = 'Pa$$word123' + invoke-expression "net user /add $adminName $adminPass" + $user = New-Object System.Security.Principal.NTAccount($adminName) + $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]) + $sid = $sid.Value; + New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force + ``` -* The account management service supports accounts that are exempt from deletion. - * An account can be marked exempt from deletion by adding the account SID to the registry key: `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\`. - * To add the account SID to the registry key using PowerShell: +## Troubleshooting Shared PC - ```powershell - $adminName = "LocalAdmin" - $adminPass = 'Pa$$word123' - iex "net user /add $adminName $adminPass" - $user = New-Object System.Security.Principal.NTAccount($adminName) - $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]) - $sid = $sid.Value; - New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force - ``` +To troubleshoot Shared PC, you can use the following tools: +- Check the log `C:\Windows\SharedPCSetup.log` +- Check the registry keys under `HKLM\Software\Microsoft\Windows\CurrentVersion\SharedPC` + - `AccountManagement` key contains settings on how profiles are managed + - `NodeValues` contains what values are set for the features managed by Shared PC -## Policies set by shared PC mode +## Technical reference -Shared PC mode sets local group policies to configure the device. Some of these are configurable using the shared pc mode options. +- For a list of settings configured by the different options offered by Shared PC mode, see the [Shared PC technical reference](shared-pc-technical.md). +- For a list of settings exposed by the SharedPC configuration service provider, see [SharedPC CSP][WIN-3]. +- For a list of settings exposed by Windows Configuration Designer, see [SharedPC CSP][WIN-4]. -> [!IMPORTANT] -> It is not recommended to set additional policies on PCs configured for **Shared PC Mode**. The shared PC mode has been optimized to be fast and reliable over time with minimal to no manual maintenance required. +----------- -### Admin Templates > Control Panel > Personalization +[WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package +[WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package +[WIN-3]: /windows/client-management/mdm/sharedpc-csp +[WIN-4]: /windows/configuration/wcd/wcd-sharedpc +[WIN-5]: /windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider +[WIN-6]: /windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal +[WIN-7]: /previous-versions/windows/embedded/dn449300(v=winembedded.82) -|Policy Name| Value|When set?| -|--- |--- |--- | -|Prevent enabling lock screen slide show|Enabled|Always| -|Prevent changing lock screen and logon image|Enabled|Always| +[MEM-1]: /mem/intune/configuration/custom-settings-windows-10 +[MEM-2]: /mem/intune/configuration/settings-catalog -### Admin Templates > System > Power Management > Button Settings - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Select the Power button action (plugged in)|Sleep|SetPowerPolicies=True| -|Select the Power button action (on battery)|Sleep|SetPowerPolicies=True| -|Select the Sleep button action (plugged in)|Sleep|SetPowerPolicies=True| -|Select the lid switch action (plugged in)|Sleep|SetPowerPolicies=True| -|Select the lid switch action (on battery)|Sleep|SetPowerPolicies=True| - -### Admin Templates > System > Power Management > Sleep Settings - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Require a password when a computer wakes (plugged in)|Enabled|SignInOnResume=True| -|Require a password when a computer wakes (on battery)|Enabled|SignInOnResume=True| -|Specify the system sleep timeout (plugged in)|*SleepTimeout*|SetPowerPolicies=True| -|Specify the system sleep timeout (on battery)|*SleepTimeout*|SetPowerPolicies=True| -|Turn off hybrid sleep (plugged in)|Enabled|SetPowerPolicies=True| -|Turn off hybrid sleep (on battery)|Enabled|SetPowerPolicies=True| -|Specify the unattended sleep timeout (plugged in)|*SleepTimeout*|SetPowerPolicies=True| -|Specify the unattended sleep timeout (on battery)|*SleepTimeout*|SetPowerPolicies=True| -|Allow standby states (S1-S3) when sleeping (plugged in)|Enabled|SetPowerPolicies=True| -|Allow standby states (S1-S3) when sleeping (on battery)|Enabled |SetPowerPolicies=True| -|Specify the system hibernate timeout (plugged in)|Enabled, 0|SetPowerPolicies=True| -|Specify the system hibernate timeout (on battery)|Enabled, 0|SetPowerPolicies=True| - -### Admin Templates>System>Power Management>Video and Display Settings - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Turn off the display (plugged in)|*SleepTimeout*|SetPowerPolicies=True| -|Turn off the display (on battery|*SleepTimeout*|SetPowerPolicies=True| - -### Admin Templates>System>Power Management>Energy Saver Settings - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Energy Saver Battery Threshold (on battery)|70|SetPowerPolicies=True| - -### Admin Templates>System>Logon - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Show first sign-in animation|Disabled|Always| -|Hide entry points for Fast User Switching|Enabled|Always| -|Turn on convenience PIN sign-in|Disabled|Always| -|Turn off picture password sign-in|Enabled|Always| -|Turn off app notification on the lock screen|Enabled|Always| -|Allow users to select when a password is required when resuming from connected standby|Disabled|SignInOnResume=True| -|Block user from showing account details on sign-in|Enabled|Always| - -### Admin Templates>System>User Profiles - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Turn off the advertising ID|Enabled|SetEduPolicies=True| - -### Admin Templates>Windows Components - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Do not show Windows Tips |Enabled|SetEduPolicies=True| -|Turn off Microsoft consumer experiences |Enabled|SetEduPolicies=True| -|Microsoft Passport for Work|Disabled|Always| -|Prevent the usage of OneDrive for file storage|Enabled|Always| - -### Admin Templates>Windows Components>Biometrics - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Allow the use of biometrics|Disabled|Always| -|Allow users to log on using biometrics|Disabled|Always| -|Allow domain users to log on using biometrics|Disabled|Always| - -### Admin Templates>Windows Components>Data Collection and Preview Builds - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Toggle user control over Insider builds|Disabled|Always| -|Disable pre-release features or settings|Disabled|Always| -|Do not show feedback notifications|Enabled|Always| -|Allow Telemetry|Basic, 0|SetEduPolicies=True| - -### Admin Templates>Windows Components>File Explorer - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Show lock in the user tile menu|Disabled|Always| - -### Admin Templates>Windows Components>Maintenance Scheduler - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Automatic Maintenance Activation Boundary|*MaintenanceStartTime*|Always| -|Automatic Maintenance Random Delay|Enabled, 2 hours|Always| -|Automatic Maintenance WakeUp Policy|Enabled|Always| - -### Admin Templates>Windows Components>Windows Hello for Business - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Use phone sign-in|Disabled|Always| -|Use Windows Hello for Business|Disabled|Always| -|Use biometrics|Disabled|Always| - -### Admin Templates>Windows Components>OneDrive - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Prevent the usage of OneDrive for file storage|Enabled|Always| - -### Windows Settings>Security Settings>Local Policies>Security Options - -|Policy Name| Value|When set?| -|--- |--- |--- | -|Interactive logon: Do not display last user name|Enabled, Disabled when account model is only guest|Always| -|Interactive logon: Sign-in last interactive user automatically after a system-initiated restart|Disabled |Always| -|Shutdown: Allow system to be shut down without having to log on|Disabled|Always| -|User Account Control: Behavior of the elevation prompt for standard users|Auto deny|Always| +[UWP-1]: /uwp/api/windows.system.profile.sharedmodesettings +[UWP-2]: /uwp/api/windows.system.profile.educationsettings +[UWP-3]: /uwp/api/windows.system.profile.sharedmodesettings.shouldavoidlocalstorage \ No newline at end of file diff --git a/windows/configuration/shared-devices-concepts.md b/windows/configuration/shared-devices-concepts.md new file mode 100644 index 0000000000..7f041e6b09 --- /dev/null +++ b/windows/configuration/shared-devices-concepts.md @@ -0,0 +1,74 @@ +--- +title: Manage multi-user and guest Windows devices +description: options to optimize Windows devices used in shared scenarios, such touchdown spaces in an enterprise, temporary customer use in retail or shared devices in a school. +ms.date: 10/15/2022 +ms.prod: windows +ms.technology: windows +ms.topic: conceptual +ms.localizationpriority: medium +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: +manager: aaroncz +ms.collection: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Windows 11 SE +--- + +# Manage multi-user and guest Windows devices with Shared PC + +Windows allows multiple users to sign in and use the same device, which is useful in scenarios like touchdown spaces in an enterprise, temporary customer use in retail or shared devices in a school. +As more users access the same device, more resources on the devices are used. This can lead to performance issues and a degraded user experience. + +To optimize multi-user and guest devices, Windows provides options through a feature called *Shared PC*. These settings are designed to improve the experience for all users on the device, and to reduce the administrative overhead caused by the maintenance of multiple user profiles. + +This article describes the different options available in Shared PC. + +## Shared PC mode + +A Windows device enabled for *Shared PC mode* is designed to be maintenance-free with high reliability. Devices configured in Shared PC mode have different settings designed to improve the experience for all users accessing a shared device. + +## Account management + +When *Account management* is configured, user profiles are automatically deleted to free up disk space and resources. Account management is performed both at sign-out time and during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out, based on disk space thresholds, or based on inactivity thresholds. + +> [!IMPORTANT] +> Shared PC is designed to take advantage of maintenance time periods, which run while the device is not in use. Therefore, devices should be put to **sleep** instead of shut down, so that they can wake up to perform maintenance tasks. + +> [!TIP] +> While Shared PC does not configure the Windows Update client, it is recommended to configure Windows Update to automatically install updates and reboot during maintenance hours. This will help ensure the device is always up to date without interrupting users when the device is in use. + +### Account models + +Shared PC offers the possibility to enable a **Guest** option on the sign-in screen. The Guest option doesn't require any user credentials or authentication, and creates a new local account each time it's used with access to the desktop. A **Guest button** is shown on the sign-in screen that a user can select. + +:::image type="content" source="./images/sharedpc-guest-win11.png" alt-text="Windows 11 sign-in screen with Guest option enabled." border="True"::: + +Shared PC also offers a **Kiosk** mode, which automatically executes a specific application when the kiosk account signs-in. This is useful in scenarios where the device is accessed for a specific purpose, such as test taking in a school. + +:::image type="content" source="./images/sharedpc-kiosk-win11se.png" alt-text="Windows 11 sign-in screen with Guest and Kiosk options enabled." border="True"::: + +## Advanced customizations + +Shared PC offers advanced customizations for shared devices, such as specific settings for education devices, low end devices, and more. + +Shared devices require special considerations regarding power settings. Shared PC makes it easy to configure power settings for shared devices. The power settings are configured in the local group policy object (LGPO). + +> [!NOTE] +> For devices without Advanced Configuration and Power Interface (ACPI) wake alarms, Shared PC will override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods. + +## Additional information + +- To learn how to configure Shared PC, see [Set up a shared or guest Windows device](set-up-shared-or-guest-pc.md). +- For a list of settings configured by the different options offered by Shared PC, see the [Shared PC technical reference](shared-pc-technical.md). +- For a list of settings exposed by the SharedPC configuration service provider, see [SharedPC CSP][WIN-3]. +- For a list of settings exposed by Windows Configuration Designer, see [SharedPC CSP][WIN-4]. + +----------- + +[WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package +[WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package +[WIN-3]: /windows/client-management/mdm/sharedpc-csp +[WIN-4]: /windows/configuration/wcd/wcd-sharedpc \ No newline at end of file diff --git a/windows/configuration/shared-pc-technical.md b/windows/configuration/shared-pc-technical.md new file mode 100644 index 0000000000..2126265a32 --- /dev/null +++ b/windows/configuration/shared-pc-technical.md @@ -0,0 +1,130 @@ +--- +title: Shared PC technical reference +description: List of policies and settings applied by the Shared PC options. +ms.date: 10/15/2022 +ms.prod: windows +ms.technology: windows +ms.topic: reference +ms.localizationpriority: medium +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: +manager: aaroncz +ms.collection: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Windows 11 SE +--- + +# Shared PC technical reference + +This article details the settings configured by the different options of Shared PC. + +> [!IMPORTANT] +> The behavior of some options have changed over time. This article describes the current settings applied by Shared PC. + +## EnableSharedPCMode and EnableSharedPCModeWithOneDriveSync + +EnableSharedPCMode and EnableSharedPCModeWithOneDriveSync are the two policies that enable **Shared PC mode**. The only difference between the two is that EnableSharedPCModeWithOneDriveSync enables OneDrive synchronization, while EnableSharedPCMode disables it. + +When enabling Shared PC mode, the following settings in the local GPO are configured: + +| Policy setting | Status | +|--|--| +| Security Settings/Local Policies/Security Options/User Account Control: Behavior of elevation prompt for standard user | Automatically deny elevation requests | +| Security Settings/Local Policies/Security Options/Interactive logon: Don't display last signed-in | Enabled | +| Control Panel/Personalization/Prevent enabling lock screen slide show | Enabled | +| System/Logon/Block user from showing account details on sign-in | Enabled | +| System/Logon/Enumerate local users on domain-joined computers | Disabled | +| System/Logon/Hide entry points for Fast User Switching | Enabled | +| System/Logon/Show first sign-in animation | Disabled | +| System/Logon/Turn off app notifications on the lock screen | Enabled | +| System/Logon/Turn off picture password sign-in | Enabled | +| System/Logon/Turn on convenience PIN sign-in | Disabled | +| Windows Components/App Package Deployment/Allow a Windows app to share application data between users | Enabled | +| Windows Components/Biometrics/Allow the use of biometrics | Disabled | +| Windows Components/Biometrics/Allow users to log on using biometrics | Disabled | +| Windows Components/Biometrics/Allow domain users to log on using biometrics | Disabled | +| Windows Components/Data Collection and Preview Builds/Disable pre-release features or settings | Disabled (all experimentations are turned off) | +| Windows Components/Data Collection and Preview Builds/Do not show feedback notifications | Enabled | +| Windows Components/Data Collection and Preview Builds/Toggle user control over Insider builds | Disabled | +| Windows Components/File Explorer/Show lock in the user tile menu | Disabled | +| Windows Components/File History/Turn off File History | Enabled | +| Windows Components/OneDrive/Prevent the usage of OneDrive for file storage |**Enabled** if using EnableSharedPCMode

              **Disabled** is using EnableSharedPCModeWithOneDriveSync | +| Windows Components/Windows Hello for Business/Use biometrics | Disabled | +| Windows Components/Windows Hello for Business/Use Windows Hello for Business | Disabled | +| Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart | Disabled | + +| Extra registry setting | Status | +|-------------------------------------------------------------------------------------------------------------------|----------| +| Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) | 0 | +| Software\Policies\Microsoft\Windows\PreviewBuilds\AllowBuildPreview () | 0 | + +## SetEDUPolicy + +By enabling SetEDUPolicy, the following settings in the local GPO are configured: + +| Policy setting | Status | +|--|--| +| System/User Profiles/Turn off the advertising ID | Enabled | +| Windows Components/Cloud Content/Do not show Windows tips | Enabled | +| Windows Components/Cloud Content/Turn off Microsoft consumer experiences | Enabled | + +## SetPowerPolicies + +By enabling SetPowerPolicies, the following settings in the local GPO are configured: + +| Policy setting | Status| +|--|--| +| System/Power Management/Button Settings/Select the lid switch action (on battery) | Enabled > Sleep | +| System/Power Management/Button Settings/Select the lid switch action (plugged in) | Enabled > Sleep | +| System/Power Management/Button Settings/Select the Power button action (on battery) | Enabled > Sleep | +| System/Power Management/Button Settings/Select the Power button action (plugged in) | Enabled > Sleep | +| System/Power Management/Button Settings/Select the Sleep button action (on battery) | Enabled > Sleep | +| System/Power Management/Button Settings/Select the Sleep button action (plugged in) | Enabled > Sleep | +| System/Power Management/Energy Saver Settings/Energy Saver Battery Threshold (on battery) | Enabled > 70% | +| System/Power Management/Sleep Settings/Allow standby states (S1-S3) when sleeping (on battery) | Enabled | +| System/Power Management/Sleep Settings/Allow standby states (S1-S3) when sleeping (plugged in) | Enabled | +| System/Power Management/Sleep Settings/Specify the system hibernate timeout (on battery) | 0 (Hibernation disabled) | +| System/Power Management/Sleep Settings/Specify the system hibernate timeout (plugged in) | 0 (Hibernation disabled) | +| System/Power Management/Sleep Settings/Turn off hybrid sleep (on battery) | Enabled | +| System/Power Management/Sleep Settings/Turn off hybrid sleep (plugged in) | Enabled | + +## MaintenanceStartTime + +By enabling MaintenanceStartTime, the following settings in the local GPO are configured: + +| Policy setting | Status| +|--------------------------------------------------------------------------------------|--------------------------------| +| Windows Components/Maintenance Scheduler/Automatic Maintenance Activation Boundary | 2000-01-01T00:00:00 (midnight) | +| Windows Components/Maintenance Scheduler/Automatic Maintenance Random Delay | Enabled PT2H (2 hours) | +| Windows Components/Maintenance Scheduler/Automatic Maintenance WakeUp Policy | Enabled | + +## SignInOnResume + +By enabling SignInOnResume, the following settings in the local GPO are configured: + +| Policy setting | Status| +|--|--| +| System/Logon/Allow users to select when a password is required when resuming from connected standby | Disabled | +| System/Power Management/Sleep Settings/Require a password when a computer wakes (on battery) | Enabled | +| System/Power Management/Sleep Settings/Require a password when a computer wakes (plugged in) | Enabled | + +## EnableAccountManager + +By enabling Enableaccountmanager, the following schedule task is turned on: `\Microsoft\Windows\SharedPC\Account Cleanup`. + +## Shared PC APIs and app behavior + +Applications can take advantage of Shared PC mode with the following three APIs: + +- [**IsEnabled**][API-1] - This API informs applications when the device is configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences. +- [**ShouldAvoidLocalStorage**][API-2] - This API informs applications when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app. +- [**IsEducationEnvironment**][API-3] - This API informs applications when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality. + +----------- + +[API-1]: /uwp/api/windows.system.profile.sharedmodesettings.isenabled +[API-2]: /uwp/api/windows.system.profile.sharedmodesettings.shouldavoidlocalstorage +[API-3]: /uwp/api/windows.system.profile.educationsettings \ No newline at end of file diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md index f3035e6415..c132d4bdc1 100644 --- a/windows/configuration/wcd/wcd-sharedpc.md +++ b/windows/configuration/wcd/wcd-sharedpc.md @@ -1,6 +1,6 @@ --- -title: SharedPC (Windows 10) -description: This section describes the SharedPC settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. +title: SharedPC +description: This section describes the SharedPC settings that you can configure in provisioning packages for Windows using Windows Configuration Designer. ms.prod: w10 author: aczechowski ms.localizationpriority: medium @@ -13,8 +13,7 @@ manager: dougeby # SharedPC (Windows Configuration Designer reference) -Use SharedPC settings to optimize Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. - +Use SharedPC settings to optimize Windows devices for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. ## Applies to @@ -37,16 +36,18 @@ Use these settings to configure settings for accounts allowed on the shared PC. | KioskModeAUMID | String | Set an Application User Model ID (AUMID) to enable the kiosk account on the sign in screen. A new account will be created and will use assigned access to only run the app specified by the AUMID. The app must be installed on the PC. Set the name of the account using **KioskModeUserTileDisplayText**, or a default name will be used. [Find the Application User Model ID of an installed app](/previous-versions/windows/embedded/dn449300(v=winembedded.82)) | | KioskModeUserTileDisplayText | String | Sets the display text on the kiosk account if **KioskModeAUMID** has been set. | - ## EnableSharedPCMode -Set as **True**. When set to **False**, shared PC mode isn't turned on and none of the other settings apply. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings). +Set as **True** to enable **Shared PC Mode**. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings). + +## EnableSharedPCModeWithOneDriveSync + +Set as **True** to enable **Shared PC Mode**. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings). -Some of the remaining settings in SharedPC are optional, but we strongly recommend that you also set **EnableAccountManager** to **True**. ## PolicyCustomization -Use these settings to configure policies for shared PC mode. +Use these settings to configure additional Shared PC policies. | Setting | Value | Description | | --- | --- | --- | diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 902c4828e2..be27ffd69f 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -129,13 +129,13 @@ href: deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md - name: Subscription Activation items: - - name: Windows 10/11 Subscription Activation + - name: Windows subscription activation href: windows-10-subscription-activation.md - - name: Windows 10/11 Enterprise E3 in CSP + - name: Windows Enterprise E3 in CSP href: windows-10-enterprise-e3-overview.md - - name: Configure VDA for Subscription Activation + - name: Configure VDA for subscription activation href: vda-subscription-activation.md - - name: Deploy Windows 10/11 Enterprise licenses + - name: Deploy Windows Enterprise licenses href: deploy-enterprise-licenses.md - name: Deploy Windows client updates items: diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 0eb5352dfa..f06c1107d1 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -1,256 +1,296 @@ --- -title: Deploy Windows 10/11 Enterprise licenses -manager: dougeby -ms.author: aaroncz -description: Steps to deploy Windows 10 Enterprise or Windows 11 Enterprise licenses for Windows 10/11 Enterprise E3 or E5 Subscription Activation, or for Windows 10/11 Enterprise E3 in CSP -ms.prod: w10 -ms.localizationpriority: medium +title: Deploy Windows Enterprise licenses +description: Steps to deploy Windows 10 Enterprise or Windows 11 Enterprise licenses for Windows Enterprise E3 or E5 subscription activation, or for Windows Enterprise E3 in CSP. author: aczechowski -ms.topic: article +ms.author: aaroncz +manager: dougeby +ms.prod: windows-client +ms.technology: itpro-deploy +ms.localizationpriority: medium +ms.topic: how-to ms.collection: highpri +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- -# Deploy Windows 10/11 Enterprise licenses +# Deploy Windows Enterprise licenses -This topic describes how to deploy Windows 10 or Windows 11 Enterprise E3 or E5 licenses with [Windows 10/11 Enterprise Subscription Activation](windows-10-subscription-activation.md) or [Windows 10/11 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD). +This article describes how to deploy Windows 10 or Windows 11 Enterprise E3 or E5 licenses with [subscription activation](windows-10-subscription-activation.md) or [Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD). + +These activation features require a supported and licensed version of Windows 10 Pro or Windows 11 Pro: + +- Subscription activation with an enterprise agreement (EA) or a Microsoft Products & Services Agreement (MPSA). +- Enterprise E3 in CSP. +- Automatic, non-KMS activation also requires a device with a firmware-embedded activation key. +- Subscription activation requires Enterprise _per user_ licensing. It doesn't work with _per device_ licensing. + +## Enable subscription activation with an existing EA + +If you're an EA customer with an existing Microsoft 365 tenant, use the following steps to enable Windows subscription licenses on your existing tenant: + +1. Work with your reseller to place an order for one $0 SKU per user. As of October 1, 2022, there are three SKUs available, depending on your current Windows Enterprise SA license: + + | SKU | Description | + |---------|---------| + | **AAA-51069** | `Win OLS Activation User Alng Sub Add-on E3` | + | **AAA-51068** | `Win OLS Activation User Sub Add-on E5` | + | **VRM-00001** | `Win OLS Activation User GCC Sub Per User` | + + > [!NOTE] + > As of October 1, 2022, subscription activation is available for _commercial_ and _GCC_ tenants. It's currently not available on GCC High or DoD tenants. + +1. After an order is placed, the OLS admin on the agreement will receive a service activation email, which indicates the subscription licenses have been provisioned on the tenant. + +1. You can now assign subscription licenses to users. + +If you need to update contact information and resend the activation email, use the following process: + +1. Sign in to the [Microsoft Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). + +1. Select **Subscriptions**. + +1. Select **Online Services Agreement List**. + +1. Enter your agreement number, and then select **Search**. + +1. Select the **Service Name**. + +1. In the **Subscription Contact** section, select the name listed under **Last Name**. + +1. Update the contact information, then select **Update Contact Details**. This action will trigger a new email. + +## Preparing for deployment: reviewing requirements + +- Devices must be running a supported version of Windows 10 Pro or Windows 11 Pro +- Azure AD-joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure AD are also eligible. + +For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this article. + +### Active Directory synchronization with Azure AD + +If you have an on-premises Active Directory Domain Services (AD DS) domain, you need to synchronize the identities in the on-premises AD DS domain with Azure AD. This synchronization is required for users to have a _single identity_ that they can use to access their on-premises apps and cloud services that use Azure AD. An example of a cloud service is Windows Enterprise E3 or E5. + +**Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. Azure AD Connect is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure. + +:::image type="content" source="images/enterprise-e3-ad-connect.png" alt-text="Figure 1 illustrates the integration between the on-premises AD DS domain with Azure AD."::: + +Figure 1: On-premises AD DS integrated with Azure AD + +For more information about integrating on-premises AD DS domains with Azure AD, see the following resources: + +- [What is hybrid identity with Azure Active Directory?](/azure/active-directory/hybrid/whatis-hybrid-identity) +- [Azure AD Connect and Azure AD Connect Health installation roadmap](/azure/active-directory/hybrid/how-to-connect-install-roadmap) + +## Assigning licenses to users + +After you've ordered the Windows subscription (Windows 10 Business, E3 or E5), you'll receive an email with guidance on how to use Windows as an online service: + +:::image type="content" source="images/al01.png" alt-text="An example email from Microsoft to complete your profile after purchasing Online Services through Microsoft Volume Licensing."::: + +The following methods are available to assign licenses: + +- When you have the required Azure AD subscription, [group-based licensing](/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal) is the preferred method to assign Enterprise E3 or E5 licenses to users. + +- You can sign in to the Microsoft 365 admin center and manually assign licenses: + + :::image type="content" source="images/al02.png" alt-text="A screenshot of the admin center, showing assignment of the Windows 10 Enterprise E3 product license to a specific user."::: + +- You can assign licenses by uploading a spreadsheet. + +- [How to use PowerShell to automatically assign licenses to your Microsoft 365 users](https://social.technet.microsoft.com/wiki/contents/articles/15905.how-to-use-powershell-to-automatically-assign-licenses-to-your-office-365-users.aspx). + +> [!TIP] +> Other solutions may exist from the community. For example, a Microsoft MVP shared the following process: [Assign EMS licenses based on local Active Directory group membership](https://ronnydejong.com/2015/03/04/assign-ems-licenses-based-on-local-active-directory-group-membership/). + +## Explore the upgrade experience + +Now that you've established a subscription and assigned licenses to users, you can upgrade devices running supported versions of Windows 10 Pro or Windows 11 Pro to Enterprise edition. > [!NOTE] -> * Windows 10/11 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later. Windows 11 is considered "later" in this context. -> * Windows 10/11 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later. -> * Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key. -> * Windows 10/11 Enterprise Subscription Activation requires Windows 10/11 Enterprise per user licensing; it doesn't work on per device based licensing. +> The following experiences are specific to Windows 10. The general concepts also apply to Windows 11. + +### Step 1: Join Windows Pro devices to Azure AD + +You can join a Windows Pro device to Azure AD during setup, the first time the device starts. You can also join a device that's already set up. + +#### Join a device to Azure AD the first time the device is started + +1. During the initial setup, on the **Who owns this PC?** page, select **My organization**, and then select **Next**. + + :::image type="content" source="images/enterprise-e3-who-owns.png" alt-text="A screenshot of the 'Who owns this PC?' page in Windows 10 setup."::: + + Figure 2: The "Who owns this PC?" page in initial Windows 10 setup. + +1. On the **Choose how you'll connect** page, select **Join Azure AD**, and then select **Next**. + + :::image type="content" source="images/enterprise-e3-choose-how.png" alt-text="A screenshot of the 'Choose how you'll connect' page in Windows 10 setup."::: + + Figure 3: The "Choose how you'll connect" page in initial Windows 10 setup. + +1. On the **Let's get you signed in** page, enter your Azure AD credentials, and then select **Sign in**. + + :::image type="content" source="images/enterprise-e3-lets-get.png" alt-text="A screenshot of the 'Let's get you signed in' page in Windows 10 setup."::: + + Figure 4: The "Let's get you signed in" page in initial Windows 10 setup. + +Now the device is Azure AD-joined to the organization's subscription. + +#### Join a device to Azure AD when the device is already set up with Windows 10 Pro > [!IMPORTANT] -> An issue has been identified where devices can lose activation status or be blocked from upgrading to Windows Enterprise if the device isn't able to connect to Windows Update. A workaround is to ensure that devices do not have the REG_DWORD present HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations and set to 1. If this REG_DWORD is present, it must be set to 0. -> ->Also ensure that the Group Policy setting: Computer Configuration > Administrative Templates > Windows Components > Windows Update > "Do not connect to any Windows Update Internet locations" is set to "Disabled". +> Make sure that the user you're signing in with is _not_ the **BUILTIN/Administrator** account. That user can't use the `+ Connect` action to join a work or school account. -## Firmware-embedded activation key +1. Go to **Settings**, select **Accounts**, and select **Access work or school**. -To determine if the computer has a firmware-embedded activation key, type the following command at an elevated Windows PowerShell prompt: + :::image type="content" source="images/enterprise-e3-connect-to-work-or-school.png" alt-text="A screenshot of the 'Connect to work or school' settings page."::: + + Figure 5: "Connect to work or school" configuration in Settings. + +1. In **Set up a work or school account**, select **Join this device to Azure Active Directory**. + + :::image type="content" source="images/enterprise-e3-set-up-work-or-school.png" alt-text="A screenshot of the 'Set up a work or school account' wizard."::: + + Figure 6: Set up a work or school account. + +1. On the **Let's get you signed in** page, enter your Azure AD credentials, and then select **Sign in**. + + :::image type="content" source="images/enterprise-e3-lets-get-2.png" alt-text="A screenshot of the 'Let's get you signed in' window."::: + + Figure 7: The "Let's get you signed in" window. + +Now the device is Azure AD-joined to the organization's subscription. + +### Step 2: Pro edition activation + +If the device is running a supported version of Windows 10 or Windows 11, it automatically activates Windows Enterprise edition using the firmware-embedded activation key. + +### Step 3: Sign in using Azure AD account + +Once the device is joined to Azure AD, users will sign in with their Azure AD account, as illustrated in **Figure 8**. The Windows 10 Enterprise E3 or E5 license associated with the user will enable Windows 10 Enterprise edition capabilities on the device. + +:::image type="content" source="images/enterprise-e3-sign-in.png" alt-text="A screenshot of signing in to Windows 10 as an Azure AD user."::: + +Figure 8: Sign in to Windows 10 with an Azure AD account. + +### Step 4: Verify that Enterprise edition is enabled + +To verify the Windows Enterprise E3 or E5 subscription, go to **Settings**, select **Update & Security**, and select **Activation**. + +:::image type="content" source="images/enterprise-e3-win-10-activated-enterprise-subscription-active.png" alt-text="A screenshot of verifying Windows 10 Enterprise activation in Settings."::: + +Figure 9: Verify Windows 10 Enterprise subscription in Settings. + +If there are any problems with the Windows Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process. + +> [!NOTE] +> If you use the `slmgr /dli` or `slmgr /dlv` commands to get the activation information for the E3 or E5 license, the license information displayed will be similar to the following output: +> +> ```console +> Name: Windows(R), Professional edition +> Description: Windows(R) Operating System, RETAIL channel +> Partial Product Key: 3V66T +> ``` + +## Troubleshoot the user experience + +In some instances, users may experience problems with the Windows Enterprise E3 or E5 subscription. The most common problems that users may experience are the following issues: + +- The Windows 10/11 Enterprise E3 or E5 subscription has lapsed or has been removed. +- An earlier version of Windows 10 Pro isn't activated. For example, Windows 10, versions 1703 or 1709. + +### Troubleshoot common problems in the Activation pane + +Use the following figures to help you troubleshoot when users experience common problems: + +#### Device in healthy state + +The following image illustrates a device in a healthy state, where Windows 10 Pro is activated and the Windows 10 Enterprise subscription is active. + +:::image type="content" source="images/enterprise-e3-win-10-activated-enterprise-subscription-active.png" alt-text="A screenshot of Windows 10 Enterprise activation in Settings that's healthy and successfully activated."::: + +#### Device that's not activated with active subscription + +Figure 10 illustrates a device on which the Windows 10 Pro isn't activated, but the Windows 10 Enterprise subscription is active. + +:::image type="content" source="images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png" alt-text="A screenshot of Windows 10 Enterprise activation in Settings that isn't activated but the subscription is active."::: + +Figure 10: Windows 10 Pro, version 1703 edition not activated in Settings. + +It displays the following error: "We can't activate Windows on this device right now. You can try activating again later or go to the Store to buy genuine Windows. Error code: 0xC004F034." + +#### Device that's activated without an Enterprise subscription + +Figure 11 illustrates a device on which the Windows 10 Pro is activated, but the Windows 10 Enterprise subscription is lapsed or removed. + +:::image type="content" source="images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png" alt-text="A screenshot of Windows 10 Enterprise activation in Settings that's activated but the subscription isn't active."::: + +Figure 11: Windows 10 Enterprise subscription lapsed or removed in Settings. + +It displays the following error: "Windows 10 Enterprise subscription is not valid." + +#### Device that's not activated and without an Enterprise subscription + +Figure 12 illustrates a device on which the Windows 10 Pro license isn't activated and the Windows 10 Enterprise subscription is lapsed or removed. + +:::image type="content" source="images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png" alt-text="A screenshot of Windows 10 Enterprise activation in Settings that's not activated and the subscription isn't active."::: + +Figure 12: Windows 10 Pro, version 1703 edition not activated and Windows 10 Enterprise subscription lapsed or removed in Settings. + +It displays both of the previously mentioned error messages. + +### Review requirements on devices + +Devices must be running a supported version of Windows 10 Pro or Windows 11 Pro. Earlier versions of Windows 10, such as version 1703, don't support this feature. + +Devices must also be joined to Azure AD, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure AD are also eligible. + +Use the following procedures to review whether a particular device meets these requirements. + +#### Firmware-embedded activation key + +To determine if the computer has a firmware-embedded activation key, enter the following command at an elevated Windows PowerShell prompt: ```PowerShell -(Get-CimInstance -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey +(Get-CimInstance -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey ``` If the device has a firmware-embedded activation key, it will be displayed in the output. If the output is blank, the device doesn't have a firmware embedded activation key. Most OEM-provided devices designed to run Windows 8 or later will have a firmware-embedded key. -## Enabling Subscription Activation with an existing EA +#### Determine if a device is Azure AD-joined -If you're an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant: +1. Open a command prompt and enter `dsregcmd /status`. -1. Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license: +1. Review the output in the **Device State** section. If the **AzureAdJoined** value is **YES**, the device is joined to Azure AD. - - **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3 - - **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5 - -2. After an order is placed, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant. -3. The admin can now assign subscription licenses to users. +#### Determine the version of Windows -Use the following process if you need to update contact information and retrigger activation in order to resend the activation email: +1. Open a command prompt and enter `winver`. -1. Sign in to the [Microsoft Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). -2. Click **Subscriptions**. -3. Click **Online Services Agreement List**. -4. Enter your agreement number, and then click **Search**. -5. Click the **Service Name**. -6. In the **Subscription Contact** section, click the name listed under **Last Name**. -7. Update the contact information, then click **Update Contact Details**. This action will trigger a new email. +1. The **About Windows** window displays the OS version and build information. -Also in this article: -- [Explore the upgrade experience](#explore-the-upgrade-experience): How to upgrade devices using the deployed licenses. -- [Troubleshoot the user experience](#troubleshoot-the-user-experience): Examples of some license activation issues that can be encountered, and how to resolve them. +1. Compare this information again the Windows support lifecycle: -## Active Directory synchronization with Azure AD - -You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10/11 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD. - -You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10/11 Enterprise E3 or E5). This synchronization means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them. - -**Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](https://www.microsoft.com/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure. - -![Illustration of Azure Active Directory Connect.](images/enterprise-e3-ad-connect.png) - -**Figure 1. On-premises AD DS integrated with Azure AD** - -For more information about integrating on-premises AD DS domains with Azure AD, see the following resources: - -- [Integrating your on-premises identities with Azure Active Directory](/azure/active-directory/hybrid/whatis-hybrid-identity) -- [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/) + - [Windows 10 release information](/windows/release-health/release-information) + - [Windows 11 release information](/windows/release-health/windows11-release-information) > [!NOTE] -> If you're implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers. +> If a device is running a version of Windows 10 Pro prior to version 1703, it won't upgrade to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal. -## Preparing for deployment: reviewing requirements +### Delay in the activation of Enterprise license of Windows 10 -Devices must be running Windows 10 Pro, version 1703, or later and be Azure Active Directory-joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic. +This delay is by design. Windows 10 and Windows 11 include a built-in cache that's used when determining upgrade eligibility. This behavior includes processing responses that indicate that the device isn't eligible for an upgrade. It can take up to four days after a qualifying purchase before the upgrade eligibility is enabled and the cache expires. -## Assigning licenses to users +## Known issues -Upon acquisition of Windows 10/11 subscription has been completed (Windows 10 Business, E3 or E5), customers will receive an email that will provide guidance on how to use Windows as an online service: +If a device isn't able to connect to Windows Update, it can lose activation status or be blocked from upgrading to Windows Enterprise. To work around this issue: -> [!div class="mx-imgBorder"] -> ![profile.](images/al01.png) +- Make sure that the device doesn't have the following registry value: `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations = 1 (REG_DWORD)`. If this registry value exists, it must be set to `0`. -The following methods are available to assign licenses: - -1. When you have the required Azure AD subscription, [group-based licensing](/azure/active-directory/active-directory-licensing-whatis-azure-portal) is the preferred method to assign Enterprise E3 or E5 licenses to users. - -2. You can sign in to portal.office.com and manually assign licenses: - - ![portal.](images/al02.png) - -3. You can assign licenses by uploading a spreadsheet. - -4. A per-user [PowerShell scripted method](https://social.technet.microsoft.com/wiki/contents/articles/15905.how-to-use-powershell-to-automatically-assign-licenses-to-your-office-365-users.aspx) of assigning licenses is available. - -5. Organizations can use synchronized [AD groups](https://ronnydejong.com/2015/03/04/assign-ems-licenses-based-on-local-active-directory-group-membership/) to automatically assign licenses. - -## Explore the upgrade experience - -Now that your subscription has been established and Windows 10/11 Enterprise E3 or E5 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, (version 1703 or later) to Windows 10/11 Enterprise. What will the users experience? How will they upgrade their devices? - -### Step 1: Join Windows 10/11 Pro devices to Azure AD - -Users can join a Windows 10/11 Pro device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1703 or later. - -**To join a device to Azure AD the first time the device is started** - -1. During the initial setup, on the **Who owns this PC?** page, select **My organization**, and then click **Next**, as illustrated in **Figure 2**.

              - - Who owns this PC? page in Windows 10 setup - - **Figure 2. The “Who owns this PC?” page in initial Windows 10 setup** - -2. On the **Choose how you’ll connect** page, select **Join Azure AD**, and then click **Next**, as illustrated in **Figure 3**.

              - - Choose how you'll connect - page in Windows 10 setup - - **Figure 3. The “Choose how you’ll connect” page in initial Windows 10 setup** - -3. On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 4**.

              - - Let's get you signed in - page in Windows 10 setup - - **Figure 4. The “Let’s get you signed in” page in initial Windows 10 setup** - -Now the device is Azure AD–joined to the company’s subscription. - -**To join a device to Azure AD when the device already has Windows 10 Pro, version 1703 installed and set up** - ->[!IMPORTANT] ->Make sure that the user you're signing in with is **not** a BUILTIN/Administrator. That user cannot use the `+ Connect` button to join a work or school account. - -1. Go to **Settings > Accounts > Access work or school**, as illustrated in **Figure 5**.

              - - Connect to work or school configuration - - **Figure 5. Connect to work or school configuration in Settings** - -2. In **Set up a work or school account**, click **Join this device to Azure Active Directory**, as illustrated in **Figure 6**.

              - - Set up a work or school account - - **Figure 6. Set up a work or school account** - -3. On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 7**.

              - - Let's get you signed in - dialog box - - **Figure 7. The “Let’s get you signed in” dialog box** - -Now the device is Azure AD–joined to the company's subscription. - -### Step 2: Pro edition activation - -> [!IMPORTANT] -> If your device is running Windows 10, version 1803 or later, this step isn't needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key. -> If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings > Update & Security > Activation**, as illustrated in **Figure 7a**. - -
              -Windows 10 Pro activated -
              Figure 7a - Windows 10 Pro activation in Settings - -Windows 10/11 Pro activation is required before Enterprise E3 or E5 can be enabled (Windows 10, versions 1703 and 1709 only). - -### Step 3: Sign in using Azure AD account - -Once the device is joined to your Azure AD subscription, the users will sign in by using their Azure AD account, as illustrated in **Figure 8**. The Windows 10 Enterprise E3 or E5 license associated with the user will enable Windows 10 Enterprise edition capabilities on the device. - -
              Sign in, Windows 10 - -**Figure 8. Sign in by using Azure AD account** - -### Step 4: Verify that Enterprise edition is enabled - -You can verify the Windows 10/11 Enterprise E3 or E5 subscription in **Settings > Update & Security > Activation**, as illustrated in **Figure 9**. - -
              -Windows 10 activated and subscription active - -**Figure 9 - Windows 10 Enterprise subscription in Settings** - -If there are any problems with the Windows 10/11 Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process. - -> [!NOTE] -> If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following: -> Name: Windows(R), Professional edition -> Description: Windows(R) Operating System, RETAIL channel -> Partial Product Key: 3V66T +- Make sure that the following group policy setting is **disabled**: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not connect to any Windows Update Internet locations. ## Virtual Desktop Access (VDA) -Subscriptions to Windows 10/11 Enterprise are also available for virtualized clients. Windows 10/11 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [Qualified Multitenant Hoster](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf) (PDF download). - -Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Enterprise Subscription Activation](vda-subscription-activation.md). - -## Troubleshoot the user experience - -In some instances, users may experience problems with the Windows 10/11 Enterprise E3 or E5 subscription. The most common problems that users may experience are as follows: - -- The existing Windows 10 Pro, version 1703 or 1709 operating system isn't activated. This problem doesn't apply to Windows 10, version 1803 or later. -- The Windows 10/11 Enterprise E3 or E5 subscription has lapsed or has been removed. - -Use the following figures to help you troubleshoot when users experience these common problems: - -- [Figure 9](#win-10-activated-subscription-active) (see the section above) illustrates a device in a healthy state, where Windows 10 Pro is activated and the Windows 10 Enterprise subscription is active. - -- [Figure 10](#win-10-not-activated) (below) illustrates a device on which Windows 10 Pro isn't activated, but the Windows 10 Enterprise subscription is active. - -
              - Windows 10 not activated and subscription active -
              Figure 10 - Windows 10 Pro, version 1703 edition not activated in Settings - -- [Figure 11](#subscription-not-active) (below) illustrates a device on which Windows 10 Pro is activated, but the Windows 10 Enterprise subscription is lapsed or removed. - -
              - Windows 10 activated and subscription not active -
              Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings - -- [Figure 12](#win-10-not-activated-subscription-not-active) (below) illustrates a device on which Windows 10 Pro license isn't activated and the Windows 10 Enterprise subscription is lapsed or removed. - -
              - Windows 10 not activated and subscription not active -
              Figure 12 - Windows 10 Pro, version 1703 edition not activated and Windows 10 Enterprise subscription lapsed or removed in Settings - -### Review requirements on devices - -Devices must be running Windows 10 Pro, version 1703 (or later), and be Azure Active Directory-joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements. - -**To determine if a device is Azure Active Directory-joined:** - -1. Open a command prompt and type **dsregcmd /status**. -2. Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory-joined. - -**To determine the version of Windows 10:** - -At a command prompt, type: **winver** - -A popup window will display the Windows 10 version number and detailed OS build information. - -If a device is running a version of Windows 10 Pro prior to version 1703 (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal. - -### Delay in the activation of Enterprise License of Windows 10 - -This delay is by design. Windows 10 and Windows 11 include a built-in cache that is used when determining upgrade eligibility, including responses that indicate that the device isn't eligible for an upgrade. It can take up to four days after a qualifying purchase before the upgrade eligibility is enabled and the cache expires. +Subscriptions to Windows Enterprise are also available for virtualized clients. Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Azure or in another [qualified multitenant hoster](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf) (PDF download). +Virtual machines (VMs) must be configured to enable Windows Enterprise subscriptions for VDA. Active Directory-joined and Azure AD-joined clients are supported. For more information, see [Enable VDA for Enterprise subscription activation](vda-subscription-activation.md). diff --git a/windows/deployment/images/sa-pro-activation.png b/windows/deployment/images/sa-pro-activation.png deleted file mode 100644 index 4066c45dad..0000000000 Binary files a/windows/deployment/images/sa-pro-activation.png and /dev/null differ diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index acc9d2ff15..936f68a628 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -192,21 +192,28 @@ Copy-Item -Path $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim" -Destinatio Write-Output "$(Get-TS): Mounting WinRE" Mount-WindowsImage -ImagePath $WORKING_PATH"\winre.wim" -Index 1 -Path $WINRE_MOUNT -ErrorAction stop | Out-Null -# Add servicing stack update +# Add servicing stack update (Step 1 from the table) -# Note: If you are using a combined cumulative update, there may be a prerequisite servicing stack update required -# This is where you'd add the prerequisite SSU, before applying the latest combined cumulative update. +# Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack +# The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined +# cumulative update that includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and +# Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published seperately; the combined +# cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined +# cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the +# combined cumulative update can be installed. -# Note: If you are applying a combined cumulative update to a previously updated image (e.g. an image you updated last month) -# There is a known issue where the servicing stack update is installed, but the cumulative update will fail. -# This error should be caught and ignored, as the last step will be to apply the cumulative update -# (or in this case the combined cumulative update) and thus the image will be left with the correct packages installed. +# This is the code to handle the rare case that the SSU is published and required for the combined cumulative update +# Write-Output "$(Get-TS): Adding package $SSU_PATH" +# Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null -Write-Output "$(Get-TS): Adding package $SSU_PATH" +# Now, attempt the combined cumulative update. +# There is a known issue where the servicing stack update is installed, but the cumulative update will fail. This error should +# be caught and ignored, as the last step will be to apply the Safe OS update and thus the image will be left with the correct +# packages installed. try { - Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null + Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $LCU_PATH | Out-Null } Catch { @@ -221,6 +228,13 @@ Catch } } +# The second approach for Step 1 is for Windows releases that have not adopted the combined cumulative update +# but instead continue to have a seperate servicing stack update published. In this case, we'll install the SSU +# update. This second approach is commented out below. + +# Write-Output "$(Get-TS): Adding package $SSU_PATH" +# Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null + # # Optional: Add the language to recovery environment # @@ -301,27 +315,34 @@ Foreach ($IMAGE in $WINPE_IMAGES) { Write-Output "$(Get-TS): Mounting WinPE" Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\boot.wim" -Index $IMAGE.ImageIndex -Path $WINPE_MOUNT -ErrorAction stop | Out-Null - # Add SSU + # Add servicing stack update (Step 9 from the table) - # Note: If you are using a combined cumulative update, there may be a prerequisite servicing stack update required - # This is where you'd add the prerequisite SSU, before applying the latest combined cumulative update. + # Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack + # The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined + # cumulative update that includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and + # Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published seperately; the combined + # cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined + # cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the + # combined cumulative update can be installed. - # Note: If you are applying a combined cumulative update to a previously updated image (e.g. an image you updated last month) + # This is the code to handle the rare case that the SSU is published and required for the combined cumulative update + # Write-Output "$(Get-TS): Adding package $SSU_PATH" + # Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH | Out-Null + + # Now, attempt the combined cumulative update. # There is a known issue where the servicing stack update is installed, but the cumulative update will fail. # This error should be caught and ignored, as the last step will be to apply the cumulative update # (or in this case the combined cumulative update) and thus the image will be left with the correct packages installed. - Write-Output "$(Get-TS): Adding package $SSU_PATH" - try { - Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH | Out-Null + Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $LCU_PATH | Out-Null } Catch { $theError = $_ Write-Output "$(Get-TS): $theError" - + if ($theError.Exception -like "*0x8007007e*") { Write-Output "$(Get-TS): This failure is a known issue with combined cumulative update, we can ignore." } @@ -330,6 +351,13 @@ Foreach ($IMAGE in $WINPE_IMAGES) { } } + # The second approach for Step 9 is for Windows releases that have not adopted the combined cumulative update + # but instead continue to have a seperate servicing stack update published. In this case, we'll install the SSU + # update. This second approach is commented out below. + + # Write-Output "$(Get-TS): Adding package $SSU_PATH" + # Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH | Out-Null + # Install lp.cab cab Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH" Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null @@ -412,9 +440,29 @@ You can install Optional Components, along with the .NET feature, offline, but t # update Main OS # -# Add servicing stack update -Write-Output "$(Get-TS): Adding package $SSU_PATH" -Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH -ErrorAction stop | Out-Null +# Add servicing stack update (Step 18 from the table) + +# Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack +# The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined cumulative update that +# includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and Windows 11, version 22H2 are examples. In these +# cases, the servicing stack update is not published seperately; the combined cumulative update should be used for this step. However, in hopefully +# rare cases, there may breaking change in the combined cumulative update format, that requires a standalone servicing stack update to be published, +# and installed first before the combined cumulative update can be installed. + +# This is the code to handle the rare case that the SSU is published and required for the combined cumulative update +# Write-Output "$(Get-TS): Adding package $SSU_PATH" +# Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null + +# Now, attempt the combined cumulative update. Unlike WinRE and WinPE, we don't need to check for error 0x8007007e +Write-Output "$(Get-TS): Adding package $LCU_PATH" +Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH | Out-Null + +# The second approach for Step 18 is for Windows releases that have not adopted the combined cumulative update +# but instead continue to have a seperate servicing stack update published. In this case, we'll install the SSU +# update. This second approach is commented out below. + +# Write-Output "$(Get-TS): Adding package $SSU_PATH" +# Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null # Optional: Add language to main OS Write-Output "$(Get-TS): Adding package $OS_LP_PATH" diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md index a10b3e8bbf..b4fd53631f 100644 --- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md +++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md @@ -1,138 +1,42 @@ --- -title: Olympia Corp enrollment guidelines -description: Learn about the Olympia Corp enrollment and setting up an Azure Active Directory-REGISTERED Windows client device or an Azure Active Directory-JOINED Windows client device. -ms.author: aaroncz +title: Olympia Corp Retirement +description: Learn about the retirement of Olympia Corp and how to back up your data prior to October 31, 2022. +ms.author: lizlong ms.topic: article ms.prod: w10 -ms.technology: windows -author: aczechowski +author: lizgt2000 ms.reviewer: -manager: dougeby -ms.custom: seo-marvel-apr2020 +manager: aaroncz --- # Olympia Corp - + **Applies to** - Windows 10 - Windows 11 -## What is Windows Insider Lab for Enterprise and Olympia Corp? +## Retirement of Olympia Corp -Windows Insider Lab for Enterprise is intended for Windows Insiders who want to try new experimental and pre-release enterprise privacy and security features. To get the complete experience of these enterprise features, Olympia Corp, a virtual corporation has been set up to reflect the IT infrastructure of real world business. Selected customers are invited to join Olympia Corp and try these features. +Olympia Corp, a virtual corporation was set up to reflect the IT infrastructure of real world businesses.
              +Olympia will be formally retired on October 31, 2022.
              +We'll begin unassigning Olympia licenses and deleting the Olympia feedback path on Feedback Hub. Olympia Corp will no longer be a part of Windows Insider Lab for Enterprise. -As an Olympia user, you will have an opportunity to: +> [!WARNING] +> To prevent data loss, Olympia participants need to complete the following: +> - If you're using the provided Olympia licenses, make a back up of any data as you'll lose data once we unassign the licenses. +> - Please remove your device from Olympia before October 31, 2022. -- Use various enterprise features like Windows Information Protection (WIP), Microsoft Defender for Office 365, Windows Defender Application Guard (WDAG), and Application Virtualization (APP-V). -- Learn how Microsoft is preparing for GDPR, as well as enabling enterprise customers to prepare for their own readiness. -- Validate and test pre-release software in your environment. -- Provide feedback. -- Interact with engineering team members through a variety of communication channels. +To remove the account from Azure Active Directory, follow the steps below: ->[!Note] ->Enterprise features might have reduced or different security, privacy, accessibility, availability, and reliability standards relative to commercially provided services and software. We may change or discontinue any of the enterprise features at any time without notice. + 1. Open the **Settings** app. + 1. Go to **Accounts** > **Access work or school**. + 1. Select the connected account that you want to remove, then select **Disconnect**. + 1. To confirm device removal, select **Yes**. -For more information about Olympia Corp, see [https://olympia.windows.com/Info/FAQ](https://olympia.windows.com/Info/FAQ). +- After removing your account from Olympia, log in to your device using your local account. -To request an Olympia Corp account, fill out the survey at [https://aka.ms/RegisterOlympia](https://aka.ms/RegisterOlympia). - -## Enrollment guidelines - -Welcome to Olympia Corp. Here are the steps needed to enroll. - -As part of Windows Insider Lab for Enterprise, you can upgrade to Windows client Enterprise from Windows client Pro. This upgrade is optional. Since certain features such as Windows Defender Application Guard are only available on Windows client Enterprise, we recommend you to upgrade. - -Choose one of the following two enrollment options: - -- To set up an Azure Active Directory-registered device, [follow these steps](#enrollment-keep-current-edition). In this case, you log onto the device by using an existing (non-Olympia) account. - -- If you are running Windows client Pro, we recommend that you upgrade to Windows client Enterprise by following these steps to [set up an Azure Active Directory-joined device](#enrollment-upgrade-to-enterprise). In this case, you will be able to log on to the device with your Olympia account. - - - -### Set up an Azure Active Directory-REGISTERED Windows client device - -This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Azure AD register FAQ](/azure/active-directory/devices/faq) for additional information. - -1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/windows/create-a-local-user-or-administrator-account-in-windows-20de74e0-ac7f-3502-a866-32915af2a34d)). - - ![Settings -> Accounts.](images/1-1.png) - -2. If you are already connected to a domain, select the existing account and then select **Disconnect**. Select **Restart Later**. - -3. Select **Connect** and enter your **Olympia corporate account** (for example, username@olympia.windows.com). Select **Next**. - - ![Entering account information when setting up a work or school account.](images/1-3.png) - -4. Enter the temporary password that was sent to you. Select **Sign in**. Follow the instructions to set a new password. - - > [!NOTE] - > Passwords should contain 8-16 characters, including at least one special character or number. - - ![Update your password.](images/1-4.png) - -5. Read the **Terms and Conditions**. Select **Accept** to participate in the program. - -6. If this is the first time you are logging in, fill in the additional information to help you retrieve your account details. - -7. Create a PIN for signing into your Olympia corporate account. - -8. Go to **Start > Settings > Update & Security > Windows Insider Program**. Select on the current Windows Insider account, and select **Change**. Sign in with your **Olympia corporate account**. - - > [!NOTE] - > To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness). - -9. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**. - - - -### Set up Azure Active Directory-JOINED Windows client device - -- This method will upgrade your Windows client Pro license to Enterprise and create a new account. See [Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join) for more information. - - > [!NOTE] - > Make sure that you save your Pro license key before upgrading to the Enterprise edition. If the device gets disconnected from Olympia, you can use the Pro key to reactivate the license manually in the unlikely event that the license fails to downgrade back to Pro automatically. To reactivate manually, see [Upgrade by manually entering a product key](../../upgrade/windows-10-edition-upgrades.md#upgrade-by-manually-entering-a-product-key). - -1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/windows/create-a-local-user-or-administrator-account-in-windows-20de74e0-ac7f-3502-a866-32915af2a34d)). - - ![Settings -> Accounts.](images/1-1.png) - -2. If you are already connected to a domain, select the existing account and then select **Disconnect**. Select **Restart Later**. - -3. Select **Connect**, then select **Join this device to Azure Active Directory**. - - ![Joining device to Azure AD.](images/2-3.png) - -4. Enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Select **Next**. - - ![Set up a work or school account.](images/2-4.png) - -5. Enter the temporary password that was sent to you. Select **Sign in**. Follow the instructions to set a new password. - - > [!NOTE] - > Passwords should contain 8-16 characters, including at least one special character or number. - - ![Entering temporary password.](images/2-5.png) - -6. When asked to make sure this is your organization, verify that the information is correct. If so, select **Join**. - -7. If this is the first time you are signing in, fill in the additional information to help you retrieve your account details. - -8. Create a PIN for signing into your Olympia corporate account. - -9. When asked to make sure this is your organization, verify that the information is correct. If so, select **Join**. - -10. Restart your device. - -11. In the sign-in screen, choose **Other User** and sign in with your **Olympia corporate account**. Your device will upgrade to Windows client Enterprise. - -12. Go to **Start > Settings > Update & Security > Windows Insider Program**. Select on the current Windows Insider account, and select **Change**. Sign in with your **Olympia corporate account**. - - > [!NOTE] - > To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness). - -13. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**. - ->[!NOTE] -> Your Windows client Enterprise license won't be renewed if your device isn't connected to Olympia. +- If you're looking for another program to join, the program we recommend is the Windows Insider Program for Business. Follow the instructions below to register: +[Register for the Windows 10 Insider Program for Business](/windows-insider/business/register) + +Thank you for your participation in Olympia and email Windows Insider Lab for Enterprise [olympia@microsoft.com](mailto:olympia@microsoft.com) with any questions. diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 969e44b244..e59eefbb34 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -14,15 +14,13 @@ search.appverid: - MET150 ms.topic: conceptual ms.date: 07/12/2022 +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Windows subscription activation -Applies to: - -- Windows 10 -- Windows 11 - The subscription activation feature enables you to "step-up" from Windows Pro edition to Enterprise or Education editions. You can use this feature if you're subscribed to Windows Enterprise E3 or E5 licenses. Subscription activation also supports step-up from Windows Pro Education edition to Education edition. If you have devices that are licensed for earlier versions of Windows Professional, Microsoft 365 Business Premium provides an upgrade to Windows Pro edition, which is the prerequisite for deploying [Windows Business](/microsoft-365/business-premium/microsoft-365-business-faqs#what-is-windows-10-business). @@ -100,7 +98,7 @@ The following list illustrates how deploying Windows client has evolved with eac > The following requirements don't apply to general Windows client activation on Azure. Azure activation requires a connection to Azure KMS only. It supports workgroup, hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure virtual machines](/troubleshoot/azure/virtual-machines/troubleshoot-activation-problems). > [!IMPORTANT] -> Currently, subscription activation is only available on commercial tenants. It's currently not available on US GCC, GCC High, or DoD tenants. +> As of October 1, 2022, subscription activation is available for _commercial_ and _GCC_ tenants. It's currently not available on GCC High or DoD tenants. For more information, see [Enable subscription activation with an existing EA](deploy-enterprise-licenses.md#enable-subscription-activation-with-an-existing-ea). For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following requirements: @@ -218,7 +216,7 @@ $(Get-WmiObject SoftwareLicensingService).OA3xOriginalProductKey | foreach{ if ( If your organization has an Enterprise Agreement (EA) or Software Assurance (SA): -- Organizations with a traditional EA must order a $0 SKU, process e-mails sent to the license administrator for the company, and assign licenses using Azure AD. Ideally, you assign the licenses to groups using the Azure AD Premium feature for group assignment. For more information, see [Enable subscription activation with an existing EA](./deploy-enterprise-licenses.md#enabling-subscription-activation-with-an-existing-ea). +- Organizations with a traditional EA must order a $0 SKU, process e-mails sent to the license administrator for the company, and assign licenses using Azure AD. Ideally, you assign the licenses to groups using the Azure AD Premium feature for group assignment. For more information, see [Enable subscription activation with an existing EA](./deploy-enterprise-licenses.md#enable-subscription-activation-with-an-existing-ea). - The license administrator can assign seats to Azure AD users with the same process that's used for Microsoft 365 Apps. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md index 9fa7e60794..dc4f572c12 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md @@ -31,3 +31,18 @@ After you've completed enrollment in Windows Autopatch, some management settings ## Windows Autopatch configurations Windows Autopatch deploys, manages and maintains all configurations related to the operation of the service, as described in [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md). Don't make any changes to any of the Windows Autopatch configurations. + +## Windows Autopatch tenant actions + +The **Tenant management** blade can be found by navigating to Tenant administration > Windows Autopatch > **Tenant management**. + +> [!IMPORTANT] +> Starting October 12, 2022, Windows Autopatch will manage your tenant with our [first party enterprise applications](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). If your tenant is still using the [Windows Autopatch service accounts](../references/windows-autopatch-privacy.md#service-accounts), your Global admin must take action in the new Windows Autopatch Tenant management blade to approve the configuration change. To take action or see if you need to take action, visit the Tenant management blade in the Windows Autopatch portal. + +The type of banner that appears depends on the severity of the action. Currently, only critical actions are listed. + +### Tenant action severity types + +| Severity | Description | +| ----- | ----- | +| Critical | You must take action as soon as possible. If no action is taken, the Windows Autopatch service may be affected. | diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md index f4eab55834..783558abe7 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md @@ -1,5 +1,5 @@ --- -title: Windows quality update communications +title: Windows quality and feature update communications description: This article explains Windows quality update communications ms.date: 05/30/2022 ms.prod: w11 @@ -14,7 +14,7 @@ msreviewer: hathind # Windows quality update communications -There are three categories of communication that are sent out during a Windows quality update: +There are three categories of communication that are sent out during a Windows quality and feature update: - [Standard communications](#standard-communications) - [Communications during release](#communications-during-release) diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md index 698612aa82..d04beca815 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md @@ -52,7 +52,7 @@ Windows Autopatch creates an enterprise application in your tenant. This enterpr | Enterprise application name | Usage | Permissions | | ----- | ------ | ----- | -| Modern Workplace Management | This enterprise application is a limited first party enterprise application with elevated privileges. This account is used to manage the service, publish baseline configuration updates, and maintain overall service health. |
              • DeviceManagementApps.ReadWrite.All
              • DeviceManagementConfiguration.ReadWrite.All
              • DeviceManagementManagedDevices.PriviligedOperation.All
              • DeviceManagementManagedDevices.ReadWrite.All
              • DeviceManagementRBAC.ReadWrite.All
              • DeviceManagementServiceConfig.ReadWrite.All
              • Directory.Read.All
              • Group.Create
              • Policy.Read.All
              • WindowsUpdates.Read.Write.All
              | +| Modern Workplace Management | This enterprise application is a limited first party enterprise application with elevated privileges. This application is used to manage the service, publish baseline configuration updates, and maintain overall service health. |
              • DeviceManagementApps.ReadWrite.All
              • DeviceManagementConfiguration.ReadWrite.All
              • DeviceManagementManagedDevices.PriviligedOperation.All
              • DeviceManagementManagedDevices.ReadWrite.All
              • DeviceManagementRBAC.ReadWrite.All
              • DeviceManagementServiceConfig.ReadWrite.All
              • Directory.Read.All
              • Group.Create
              • Policy.Read.All
              • WindowsUpdates.Read.Write.All
              | > [!NOTE] > Enterprise application authentication is only available on tenants enrolled after July 9th, 2022. For tenants enrolled before this date, Enterprise Application authentication will be made available for enrollment soon. diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md index c90d19fae5..a1ada94b72 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md @@ -52,7 +52,7 @@ Windows Autopatch uses [Windows 10/11 Enhanced diagnostic data](/windows/privacy The enhanced diagnostic data setting includes more detailed information about the devices enrolled in Windows Autopatch and their settings, capabilities, and device health. When enhanced diagnostic data is selected, data, including required diagnostic data, are collected. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection) about the Windows 10 diagnostic data setting and data collection. -The diagnostic data terminology will change in future versions of Windows. Windows Autopatch is committed to processing only the data that the service needs. While this will mean the diagnostic level will change to **Optional**, Windows Autopatch will implement the limited diagnostic policies to fine-tune diagnostic data collection required for the service. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection). +The diagnostic data terminology will change in future versions of Windows. Windows Autopatch is committed to processing only the data that the service needs. The diagnostic level will change to **Optional**, but Windows Autopatch will implement the limited diagnostic policies to fine-tune diagnostic data collection required for the service. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection). Windows Autopatch only processes and stores system-level data from Windows 10 optional diagnostic data that originates from enrolled devices such as application and device reliability, and performance information. Windows Autopatch doesn't process and store customers' personal data such as chat and browser history, voice, text, or speech data. @@ -60,13 +60,24 @@ For more information about the diagnostic data collection of Microsoft Windows 1 ## Tenant access -Windows Autopatch creates and uses guest accounts leveraging just-in-time access functionality when signing into a customer tenant to manage the Windows Autopatch service. To provide additional locked down control, Windows Autopatch maintains a separate conditional access policy to restrict access to these accounts. +Windows Autopatch creates an enterprise application in your tenant. This enterprise application is a first party application used to run the Windows Autopatch service. + +| Enterprise application name | Usage | Permissions | +| ----- | ----- | ----- | +| Modern Workplace Management | This enterprise application is a limited first party enterprise application with elevated privileges. This application is used to manage the service, publish baseline configuration updates, and maintain overall service health. |
              • DeviceManagementApps.ReadWrite.All
              • DeviceManagementConfiguration.ReadWrite.All
              • DeviceManagementManagedDevices.PriviligedOperation.All
              • DeviceManagementManagedDevices.ReadWrite.All
              • DeviceManagementRBAC.ReadWrite.All
              • DeviceManagementServiceConfig.ReadWrite.All
              • Directory.Read.All
              • Group.Create
              • Policy.Read.All
              • WindowsUpdates.Read.Write.All
              | + +### Service accounts + +> [!IMPORTANT] +> Starting October 12, 2022, Windows Autopatch will manage your tenant with our [first party enterprise application](windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). If your tenant is still using the [Windows Autopatch service accounts](windows-autopatch-privacy.md#service-accounts), you must take action. To take action or see if you need to take action, visit the [Tenant management blade](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions) in the Windows Autopatch portal. + +Windows Autopatch creates and uses guest accounts using just-in-time access functionality when signing into a customer tenant to manage the Windows Autopatch service. To provide additional locked down control, Windows Autopatch maintains a separate conditional access policy to restrict access to these accounts. | Account name | Usage | Mitigating controls | | ----- | ----- | -----| -| MsAdmin@tenantDomain.onmicrosoft.com |
              • This is a limited-service account with administrator privileges. This account is used as an Intune and User administrator to define and configure the tenant for Windows Autopatch devices.
              • This account doesn't have interactive login permissions. The account performs operations only through the service.
              | Audited sign-ins | -| MsAdminInt@tenantDomain.onmicrosoft.com |
              • This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.
              • This account is used for interactive login to the customer’s tenant.
              • The use of this account is extremely limited as most operations are exclusively through MsAdmin (non-interactive) account.
              |
              • Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy
              • Audited sign-ins | -| MsTest@tenantDomain.onmicrosoft.com | This is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins | +| MsAdmin@tenantDomain.onmicrosoft.com |
                • This account is a limited-service account with administrator privileges. This account is used as an Intune and User administrator to define and configure the tenant for Windows Autopatch devices.
                • This account doesn't have interactive sign-in permissions. The account performs operations only through the service.
                | Audited sign-ins | +| MsAdminInt@tenantDomain.onmicrosoft.com |
                • This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.
                • This account is used for interactive login to the customer’s tenant.
                • The use of this account is limited as most operations are exclusively through MsAdmin (non-interactive) account.
                |
                • Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy
                • Audited sign-ins | +| MsTest@tenantDomain.onmicrosoft.com | This account is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins | ## Microsoft Windows Update for Business @@ -90,7 +101,7 @@ Microsoft 365 Apps for enterprise collects and shares data with Windows Autopatc Windows Autopatch follows a change control process as outlined in our service communication framework. -We notify customers through the Microsoft 365 message center, and the Windows Autopatch admin center of both security incidents and major changes to the service. +We notify customers through the Microsoft 365 message center, and the Windows Autopatch admin center about security incidents and major changes to the service. Changes to the types of data gathered and where it's stored are considered a material change. We'll provide a minimum of 30 days advanced notice of this change as it's standard practice for Microsoft 365 products and services. diff --git a/windows/hub/breadcrumb/toc.yml b/windows/hub/breadcrumb/toc.yml index 5d8cef9559..c63d6831df 100644 --- a/windows/hub/breadcrumb/toc.yml +++ b/windows/hub/breadcrumb/toc.yml @@ -27,7 +27,7 @@ items: tocHref: /windows/client-management/ topicHref: /windows/client-management/ items: - - name: Mobile Device Management + - name: CSP reference tocHref: /windows/client-management/mdm/ topicHref: /windows/client-management/mdm/ - name: Privacy @@ -54,4 +54,4 @@ items: topicHref: /windows/security/threat-protection/windows-defender-application-control/ - name: Windows Defender Firewall tocHref: /windows/security/threat-protection/windows-firewall/ - topicHref: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security + topicHref: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security diff --git a/windows/security/apps.md b/windows/security/apps.md index a2cd365e1b..9c11807c27 100644 --- a/windows/security/apps.md +++ b/windows/security/apps.md @@ -2,7 +2,7 @@ title: Windows application security description: Get an overview of application security in Windows 10 and Windows 11 ms.reviewer: -manager: dansimp +manager: aaroncz ms.author: dansimp author: dansimp ms.collection: M365-security-compliance diff --git a/windows/security/cloud.md b/windows/security/cloud.md index 980e361561..c3fb5965e9 100644 --- a/windows/security/cloud.md +++ b/windows/security/cloud.md @@ -2,9 +2,9 @@ title: Windows and cloud security description: Get an overview of cloud services supported in Windows 11 and Windows 10 ms.reviewer: -author: denisebmsft -ms.author: deniseb -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz ms.topic: conceptual ms.date: 09/20/2021 ms.localizationpriority: medium @@ -17,7 +17,7 @@ ms.technology: windows-sec # Windows and cloud security -Today’s workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased use of third-party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services. Windows and cloud services together help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads, and safeguard sensitive information while controlling access and mitigating threats. +Today's workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased use of third-party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services. Windows and cloud services together help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads, and safeguard sensitive information while controlling access and mitigating threats. Windows 11 includes the cloud services that are listed in the following table:

                  diff --git a/windows/security/cryptography-certificate-mgmt.md b/windows/security/cryptography-certificate-mgmt.md index c4062d7e7c..02c686cff3 100644 --- a/windows/security/cryptography-certificate-mgmt.md +++ b/windows/security/cryptography-certificate-mgmt.md @@ -2,9 +2,9 @@ title: Cryptography and Certificate Management description: Get an overview of cryptography and certificate management in Windows search.appverid: MET150 -author: denisebmsft -ms.author: deniseb -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz ms.topic: conceptual ms.date: 09/07/2021 ms.prod: m365-security diff --git a/windows/security/hardware.md b/windows/security/hardware.md index ffeb576881..a51334e3f1 100644 --- a/windows/security/hardware.md +++ b/windows/security/hardware.md @@ -2,9 +2,9 @@ title: Windows hardware security description: Get an overview of hardware security in Windows 11 and Windows 10 ms.reviewer: -manager: dansimp -ms.author: dansimp -author: dansimp +manager: aaroncz +ms.author: vinpa +author: vinaypamnani-msft ms.collection: M365-security-compliance ms.prod: m365-security ms.technology: windows-sec diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 319f5a8afd..c9216efadf 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -25,7 +25,7 @@ appliesto: ## Default Enablement -Starting with Windows 11 Enterprise 22H2, compatible systems have Windows Defender Credential Guard turned on by default. This changes the default state of the feature in Windows, though system administrators can still modify this enablement state. Windows Defender Credential Guard can still be manually [enabled](#enable-windows-defender-credential-guard) or [disabled](#disable-windows-defender-credential-guard) via the methods documented below. +Starting in **Windows 11 Enterprise, version 22H2** and **Windows 11 Education, version 22H2**, compatible systems have Windows Defender Credential Guard turned on by default. This changes the default state of the feature in Windows, though system administrators can still modify this enablement state. Windows Defender Credential Guard can still be manually [enabled](#enable-windows-defender-credential-guard) or [disabled](#disable-windows-defender-credential-guard) via the methods documented below. ### Requirements for automatic enablement @@ -33,18 +33,26 @@ Windows Defender Credential Guard will be enabled by default when a PC meets the |Component|Requirement| |---|---| -|Operating System|Windows 11 Enterprise 22H2| +|Operating System|**Windows 11 Enterprise, version 22H2** or **Windows 11 Education, version 22H2**| |Existing Windows Defender Credential Guard Requirements|Only devices which meet the [existing hardware and software requirements](credential-guard-requirements.md#hardware-and-software-requirements) to run Windows Defender Credential Guard will have it enabled by default.| -|Virtualization-based Security (VBS) Requirements|VBS must be enabled in order to run Windows Defender Credential Guard. Starting with Windows 11 Enterprise 22H2, devices that meet the requirements to run Windows Defender Credential Guard as well as the [minimum requirements to enable VBS](/windows-hardware/design/device-experiences/oem-vbs) will have both Windows Defender Credential Guard and VBS enabled by default. +|Virtualization-based Security (VBS) Requirements|VBS must be enabled in order to run Windows Defender Credential Guard. Starting with Windows 11 Enterprise 22H2 and Windows 11 Education 22H2, devices that meet the requirements to run Windows Defender Credential Guard as well as the [minimum requirements to enable VBS](/windows-hardware/design/device-experiences/oem-vbs) will have both Windows Defender Credential Guard and VBS enabled by default. > [!NOTE] > If Windows Defender Credential Guard or VBS has previously been explicitly disabled, default enablement will not overwrite this setting. +> [!NOTE] +> Devices running Windows 11 Pro 22H2 may have Virtualization-Based Security (VBS) and/or Windows Defender Credential Guard automaticaly enabled if they meet the other requirements for default enablement listed above and have previously run Windows Defender Credential Guard (for example if Windows Defender Credential Guard was running on an Enterprise device that later downgraded to Pro). +> +> To determine whether the Pro device is in this state, check if the registry key `IsolatedCredentialsRootSecret` is present in `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0`. In this scenario, if you wish to disable VBS and Windows Defender Credential Guard, follow the instructions for [disabling Virtualization-Based Security](#disabling-virtualization-based-security). If you wish to disable only Windows Defender Credential Guard without disabling Virtualization-Based Security, use the procedures for [disabling Windows Defender Credential Guard](#disable-windows-defender-credential-guard). + ## Enable Windows Defender Credential Guard Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-windows-defender-credential-guard-by-using-group-policy), the [registry](#enable-windows-defender-credential-guard-by-using-the-registry), or the [Hypervisor-Protected Code Integrity (HVCI) and Windows Defender Credential Guard hardware readiness tool](#enable-windows-defender-credential-guard-by-using-the-hvci-and-windows-defender-credential-guard-hardware-readiness-tool). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. The same set of procedures used to enable Windows Defender Credential Guard on physical machines applies also to virtual machines. +> [!NOTE] +> Credential Guard and Device Guard are not supported when using Azure Gen 1 VMs. These options are available with Gen 2 VMs only. + ### Enable Windows Defender Credential Guard by using Group Policy You can use Group Policy to enable Windows Defender Credential Guard. This will add and enable the virtualization-based security features for you if needed. @@ -230,24 +238,54 @@ DG_Readiness_Tool_v3.6.ps1 -Ready ## Disable Windows Defender Credential Guard -To disable Windows Defender Credential Guard, you can use the following set of procedures or the [HVCI and Windows Defender Credential Guard hardware readiness tool](#disable-windows-defender-credential-guard-by-using-the-hvci-and-windows-defender-credential-guard-hardware-readiness-tool). If Credential Guard was enabled with UEFI Lock then you must use the following procedure as the settings are persisted in EFI (firmware) variables and it will require physical presence at the machine to press a function key to accept the change. If Credential Guard was enabled without UEFI Lock then you can turn it off by using Group Policy. +Windows Defender Credential Guard can be disabled via several methods explained below, depending on how the feature was enabled. For devices that had Windows Defender Credential Guard automatically enabled in the 22H2 update and did not have it enabled prior to the update, it is sufficient to [disable via Group Policy](#disabling-windows-defender-credential-guard-using-group-policy). -1. If you used Group Policy, disable the Group Policy setting that you used to enable Windows Defender Credential Guard (**Computer Configuration** > **Administrative Templates** > **System** > **Device Guard** > **Turn on Virtualization Based Security**). +If Windows Defender Credential Guard was enabled with UEFI Lock, the procedure described in [Disabling Windows Defender Credential Guard with UEFI Lock](#disabling-windows-defender-credential-guard-with-uefi-lock) must be followed. Note that the default enablement change in eligible 22H2 devices does **not** use a UEFI Lock. -1. Delete the following registry settings: +If Windows Defender Credential Guard was enabled via Group Policy without UEFI Lock, Windows Defender Credential Guard should be [disabled via Group Policy](#disabling-windows-defender-credential-guard-using-group-policy). + +Otherwise, Windows Defender Credential Guard can be [disabled by changing registry keys](#disabling-windows-defender-credential-guard-using-registry-keys). + +Windows Defender Credential Guard running in a virtual machine can be [disabled by the host](#disable-windows-defender-credential-guard-for-a-virtual-machine). + +For information on disabling Virtualization-Based Security (VBS), see [Disabling Virtualization-Based Security](#disabling-virtualization-based-security). + +### Disabling Windows Defender Credential Guard using Group Policy + +If Windows Defender Credential Guard was enabled via Group Policy and without UEFI Lock, disabling the same Group Policy setting will disable Windows Defender Credential Guard. + +1. Disable the Group Policy setting that governs Windows Defender Credential Guard. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard** > **Turn on Virtualization Based Security**. In the "Credential Guard Configuration" section, set the dropdown value to "Disabled": + + :::image type="content" source="images/credguard-gp-disabled.png" alt-text="Windows Defender Credential Guard Group Policy set to Disabled."::: + +1. Restart the machine. + +### Disabling Windows Defender Credential Guard using Registry Keys + +If Windows Defender Credential Guard was enabled without UEFI Lock and without Group Policy, it is sufficient to edit the registry keys as described below to disable Windows Defender Credential Guard. + +1. Change the following registry settings to 0: - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LsaCfgFlags` - `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags` -1. If you also wish to disable virtualization-based security delete the following registry settings: + > [!NOTE] + > Deleting these registry settings may not disable Windows Defender Credential Guard. They must be set to a value of 0. - - `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity` +1. Restart the machine. - - `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures` +### Disabling Windows Defender Credential Guard with UEFI Lock - > [!IMPORTANT] - > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. +If Windows Defender Credential Guard was enabled with UEFI Lock enabled, then the following procedure must be followed since the settings are persisted in EFI (firmware) variables. This scenario will require physical presence at the machine to press a function key to accept the change. + +1. If Group Policy was used to enable Windows Defender Credential Guard, disable the relevant Group Policy setting. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard** > **Turn on Virtualization Based Security**. In the "Credential Guard Configuration" section, set the dropdown value to "Disabled". + +1. Change the following registry settings to 0: + + - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LsaCfgFlags` + + - `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags` 1. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands: @@ -262,37 +300,7 @@ To disable Windows Defender Credential Guard, you can use the following set of p mountvol X: /d ``` -1. Restart the PC. - -1. Accept the prompt to disable Windows Defender Credential Guard. - -1. Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard. - - > [!NOTE] - > The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit commands after turning off all virtualization-based security Group Policy and registry settings: - > - > ```cmd - > bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS - > bcdedit /set vsmlaunchtype off - > ``` - -For more info on virtualization-based security and HVCI, see [Enable virtualization-based protection of code integrity](../../threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md). - -> [!NOTE] -> Credential Guard and Device Guard are not supported when using Azure Gen 1 VMs. These options are available with Gen 2 VMs only. - -### Disable Windows Defender Credential Guard by using the HVCI and Windows Defender Credential Guard hardware readiness tool - -You can also disable Windows Defender Credential Guard by using the [HVCI and Windows Defender Credential Guard hardware readiness tool](dg-readiness-tool.md). - -```powershell -DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot -``` - -> [!IMPORTANT] -> When running the HVCI and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. -> -> This is a known issue. +1. Restart the PC. Before the OS boots, a prompt will appear notifying that UEFI was modified, and asking for confirmation. This prompt must be confirmed for the changes to persist. This step requires physical access to the machine. ### Disable Windows Defender Credential Guard for a virtual machine @@ -301,3 +309,31 @@ From the host, you can disable Windows Defender Credential Guard for a virtual m ```powershell Set-VMSecurity -VMName -VirtualizationBasedSecurityOptOut $true ``` + +## Disabling Virtualization-Based Security + +Instructions are given below for how to disable Virtualization-Based Security (VBS) entirely, rather than just Windows Defender Credential Guard. Disabling Virtualization-Based Security will automatically disable Windows Defender Credential Guard and other features that rely on VBS. + +> [!IMPORANT] +> Other security features in addition to Windows Defender Credential Guard rely on Virtualization-Based Security in order to run. Disabling Virtualization-Based Security may have unintended side effects. + +1. If Group Policy was used to enable Virtualization-Based Security, set the Group Policy setting that was used to enable it (**Computer Configuration** > **Administrative Templates** > **System** > **Device Guard** > **Turn on Virtualization Based Security**) to "Disabled". + +1. Delete the following registry settings: + + - `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity` + + - `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures` + + > [!IMPORTANT] + > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. + +1. If Windows Defender Credential Guard is running when disabling Virtualization-Based Security and either feature was enabled with UEFI Lock, the EFI (firmware) variables must be cleared using bcdedit. From an elevated command prompt, run the following bcdedit commands after turning off all Virtualization-Based Security Group Policy and registry settings as described in steps 1 and 2 above: + + > + > ```cmd + > bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS + > bcdedit /set vsmlaunchtype off + > ``` + +1. Restart the PC. diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index 5688ac38d1..562a265130 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -101,7 +101,7 @@ The following tables describe baseline protections, plus protections for improve |Hardware: **Trusted Platform Module (TPM)**|**Requirement**:
                  - TPM 1.2 or TPM 2.0, either discrete or firmware. [TPM recommendations](../../information-protection/tpm/tpm-recommendations.md)|A TPM provides protection for VBS encryption keys that are stored in the firmware. TPM helps protect against attacks involving a physically present user with BIOS access.| |Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot**|**Requirements**:
                  - See the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot|UEFI Secure Boot helps ensure that the device boots only authorized code, and can prevent boot kits and root kits from installing and persisting across reboots.| |Firmware: **Secure firmware update process**|**Requirements**:
                  - UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot.|UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed.| -|Software: Qualified **Windows operating system**|**Requirement**:
                  - At least Windows 10 Enterprise or Windows Server 2016.|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard.| +|Software: Qualified **Windows operating system**|**Requirement**:
                  - At least Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016.|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard.| > [!IMPORTANT] > The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Windows Defender Credential Guard can provide. diff --git a/windows/security/identity-protection/credential-guard/images/credguard-gp-disabled.png b/windows/security/identity-protection/credential-guard/images/credguard-gp-disabled.png new file mode 100644 index 0000000000..bfb042a49d Binary files /dev/null and b/windows/security/identity-protection/credential-guard/images/credguard-gp-disabled.png differ diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md index 7e64879acd..c208471c8b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md @@ -16,7 +16,7 @@ appliesto: - ✅ Hybrid deployment - ✅ Cloud Kerberos trust --- -# Hybrid Cloud Kerberos Trust Deployment (Preview) +# Hybrid Cloud Kerberos Trust Deployment Windows Hello for Business replaces username and password Windows sign-in with strong authentication using an asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid cloud Kerberos trust scenario. @@ -231,6 +231,30 @@ After a successful MFA, the provisioning flow asks the user to create and valida Once a user has set up a PIN with cloud Kerberos trust, it can be used immediately for sign-in. On a Hybrid Azure AD joined device, the first use of the PIN requires line of sight to a DC. Once the user has signed in or unlocked with the DC, cached logon can be used for subsequent unlocks without line of sight or network connectivity. +## Migrate from key trust deployment model to cloud Kerberos trust + +If you deployed WHFB using the **key trust** deployment model, and want to migrate to the **cloud Kerberos trust** deployment model, follow these steps: + +1. [Set up Azure AD Kerberos in your hybrid environment](#deploy-azure-ad-kerberos) +1. [Enable cloud Kerberos trust via Group Policy or Intune](#configure-windows-hello-for-business-policy) +1. For hybrid Azure AD joined devices, sign out and sign in the device using Windows Hello for Business with line of sight to a domain controller (DC). Without line of sight to DC, even when the policy is set to "UseCloudTrustForOnPremAuth", the system will fall back to key trust if cloud Kerberos trust login fails + +## Migrate from certificate trust deployment model to cloud Kerberos trust + +> [!IMPORTANT] +> There is no direct migration path from certificate trust deployment to cloud Kerberos trust deployment. + +If you have deployed WHFB using a **certificate trust** deployment model, and want to use **cloud Kerberos trust**, you will need to clean up the existing deployments and redeploy by following these steps: + +1. Disable the certificate trust policy +1. [Enable cloud Kerberos trust via Group Policy or Intune](#configure-windows-hello-for-business-policy) +1. Remove the certificate trust credential using the command `certutil -deletehellocontainer` from the user context +1. Reboot or sign out and sign back in +1. Provision Windows Hello for Business (Enroll PIN/Face/Fingerprint) + +> [!NOTE] +> For hybrid Azure AD joined devices, sign in with new credentials while having line of sight to a DC. + ## Troubleshooting If you encounter issues or want to share feedback about Windows Hello for Business cloud Kerberos trust, share via the Windows Feedback Hub app by following these steps: diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md index aaca362314..c5548809e1 100644 --- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md @@ -8,9 +8,9 @@ ms.author: paoloma ms.date: 10/16/2017 manager: aaroncz ms.topic: article -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 --- # How Windows Hello for Business works in Windows devices diff --git a/windows/security/identity.md b/windows/security/identity.md index 797f089f86..f9ccae6a49 100644 --- a/windows/security/identity.md +++ b/windows/security/identity.md @@ -2,9 +2,9 @@ title: Windows identity and user security description: Get an overview of identity security in Windows 11 and Windows 10 ms.reviewer: -manager: dansimp -ms.author: dansimp -author: dansimp +manager: aaroncz +ms.author: paoloma +author: paolomatarazzo ms.collection: M365-security-compliance ms.prod: m365-security ms.technology: windows-sec diff --git a/windows/security/includes/microsoft-defender.md b/windows/security/includes/microsoft-defender.md index 2bca659e04..0aade34b01 100644 --- a/windows/security/includes/microsoft-defender.md +++ b/windows/security/includes/microsoft-defender.md @@ -3,7 +3,7 @@ title: Microsoft 365 Defender important guidance description: A note in regard to important Microsoft 365 Defender guidance. ms.date: ms.reviewer: -manager: dansimp +manager: aaroncz author: paolomatarazzo ms.author: paoloma manager: aaroncz diff --git a/windows/security/index.yml b/windows/security/index.yml index c8868f61f1..bca2ee7b90 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -12,8 +12,8 @@ metadata: - m365-security-compliance - highpri ms.custom: intro-hub-or-landing - author: dansimp #Required; your GitHub user alias, with correct capitalization. - ms.author: dansimp #Required; microsoft alias of author; optional team alias. + author: paolomatarazzo + ms.author: paoloma ms.date: 09/20/2021 localization_priority: Priority diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index 6c6d9669a2..5419fe6df5 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml index 279702c109..5278e578b5 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml @@ -11,7 +11,7 @@ metadata: ms.localizationpriority: medium author: dansimp ms.author: dansimp - manager: dansimp + manager: aaroncz audience: ITPro ms.collection: - M365-security-compliance diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index f5a1fecb16..82a70a8e75 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 4f129193e8..9959b6f5bc 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml index 9ae7897062..2b9f32384a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml @@ -11,7 +11,7 @@ metadata: ms.localizationpriority: medium author: dansimp ms.author: dansimp - manager: dansimp + manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: faq diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md index 68c9d667d6..649c0a0e0f 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: lovina-saldanha ms.author: v-lsaldanha -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/20/2021 diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index e1d313bfbc..8156cd38ac 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml index db16f5e272..3f48006d72 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml @@ -11,7 +11,7 @@ metadata: ms.localizationpriority: medium author: dansimp ms.author: dansimp - manager: dansimp + manager: aaroncz audience: ITPro ms.collection: - M365-security-compliance diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 7f02986150..3a6b451bd5 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index c8b01291fb..1e211bd02d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index efdb32240c..98acd44af7 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml index 09d144f684..369d16d8e8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml @@ -11,7 +11,7 @@ metadata: ms.localizationpriority: medium author: dansimp ms.author: dansimp - manager: dansimp + manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: faq diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index faf5dfd19a..4d19e0ed71 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml index 92acc08a12..11fe756cf9 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml @@ -9,7 +9,7 @@ metadata: ms.localizationpriority: medium author: dansimp ms.author: dansimp - manager: dansimp + manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: faq diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml index df962a8ff5..46325ab4f4 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml @@ -11,7 +11,7 @@ metadata: ms.localizationpriority: medium author: dansimp ms.author: dansimp - manager: dansimp + manager: aaroncz audience: ITPro ms.collection: - M365-security-compliance diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md index 92b67559cf..72fd1ad190 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.prod: m365-security ms.localizationpriority: medium author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index 76782a084f..528ae87399 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: aczechowski ms.author: aaroncz -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml index 34a96db5ad..465a4c3d6d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml @@ -11,7 +11,7 @@ metadata: ms.localizationpriority: medium author: dansimp ms.author: dansimp - manager: dansimp + manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: faq diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml index 256644a535..e318b5ed29 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml @@ -11,7 +11,7 @@ metadata: ms.pagetype: security ms.localizationpriority: medium author: dansimp - manager: dansimp + manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: faq diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml index 05f79c3d7c..40fdb23d9d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml @@ -9,7 +9,7 @@ metadata: ms.localizationpriority: medium author: dansimp ms.author: dansimp - manager: dansimp + manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: faq diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index 15738e7ad1..b3cfe16c19 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md index dd79eb176a..b7850352da 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml index c79641be85..bb221372e1 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml @@ -11,7 +11,7 @@ metadata: ms.localizationpriority: medium author: dansimp ms.author: dansimp - manager: dansimp + manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: faq diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md index 4cda103d80..c557685cd4 100644 --- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md +++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index 1d51dfda83..0377355b20 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md index 6cf2060ecb..0d07d17289 100644 --- a/windows/security/information-protection/encrypted-hard-drive.md +++ b/windows/security/information-protection/encrypted-hard-drive.md @@ -2,7 +2,7 @@ title: Encrypted Hard Drive (Windows) description: Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. ms.reviewer: -manager: dansimp +manager: aaroncz ms.author: dansimp ms.prod: m365-security author: dulcemontemayor diff --git a/windows/security/information-protection/index.md b/windows/security/information-protection/index.md index cc9a1ce337..13d915e82d 100644 --- a/windows/security/information-protection/index.md +++ b/windows/security/information-protection/index.md @@ -4,7 +4,7 @@ description: Learn more about how to protect sensitive data across your organiza ms.prod: m365-security author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 10/10/2018 diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index 4460e09f34..f06d1f4810 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -4,7 +4,7 @@ description: Kernel DMA Protection protects PCs against drive-by Direct Memory A ms.prod: m365-security author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md index 6cbc6425b8..d74a5c0d8e 100644 --- a/windows/security/information-protection/secure-the-windows-10-boot-process.md +++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md @@ -4,7 +4,7 @@ description: This article describes how Windows security features help protect y ms.prod: m365-security ms.localizationpriority: medium author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md index 3ad6efecd1..d2cbee5a7b 100644 --- a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md +++ b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md @@ -5,7 +5,7 @@ ms.reviewer: ms.prod: m365-security author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/03/2021 diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md index 4337bd6dac..8120809195 100644 --- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md +++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md @@ -5,7 +5,7 @@ ms.reviewer: ms.prod: m365-security author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/18/2022 diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md index 9b2fa9a1f7..a65af80d65 100644 --- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md +++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md index b6e14ea7da..7a8a4c7a24 100644 --- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md +++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md @@ -5,7 +5,7 @@ ms.reviewer: ms.prod: m365-security author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/manage-tpm-commands.md b/windows/security/information-protection/tpm/manage-tpm-commands.md index 697fdc3840..07f6041666 100644 --- a/windows/security/information-protection/tpm/manage-tpm-commands.md +++ b/windows/security/information-protection/tpm/manage-tpm-commands.md @@ -4,7 +4,7 @@ description: This topic for the IT professional describes how to manage which Tr ms.author: dansimp ms.prod: m365-security author: dulcemontemayor -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/manage-tpm-lockout.md b/windows/security/information-protection/tpm/manage-tpm-lockout.md index a28ed8f612..395fdd425a 100644 --- a/windows/security/information-protection/tpm/manage-tpm-lockout.md +++ b/windows/security/information-protection/tpm/manage-tpm-lockout.md @@ -5,7 +5,7 @@ ms.reviewer: ms.author: dansimp ms.prod: m365-security author: dulcemontemayor -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md index 22a4d729b0..1bcb3e7ac1 100644 --- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md +++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md @@ -5,7 +5,7 @@ ms.reviewer: ms.prod: m365-security author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md index 391fb0e733..cd8329767b 100644 --- a/windows/security/information-protection/tpm/tpm-fundamentals.md +++ b/windows/security/information-protection/tpm/tpm-fundamentals.md @@ -5,7 +5,7 @@ ms.reviewer: ms.prod: m365-security author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md index 1790a62ef4..73c92bb7d8 100644 --- a/windows/security/information-protection/tpm/tpm-recommendations.md +++ b/windows/security/information-protection/tpm/tpm-recommendations.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 942d2ff588..00da150baf 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: high author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md index 5dadb45989..5f5f096da0 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md @@ -5,7 +5,7 @@ ms.reviewer: ms.prod: m365-security author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md index 85807ba447..bde22cbed5 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: - M365-security-compliance - highpri diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index 4d6e18a29e..4965160895 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md index 49dd0c2647..2caf5a1fae 100644 --- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md +++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md index de0d27d47c..a7284079c5 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md index d097f3b77a..58f2b96b0d 100644 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/05/2019 diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 021ea7ed44..83bd025c94 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/02/2019 diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md index df344aface..782848bd01 100644 --- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md +++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index 26beadd011..8ebb7f6719 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/25/2022 diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md index f60db36a4f..a2d8772636 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md index 9c4593f028..0b3a3ef773 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/11/2019 diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index 14f23ff7f7..352be0af55 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/25/2019 diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index 4f2fdaa90d..fd9719fcaf 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/05/2019 diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md index 78349eb5ab..6a4963ce99 100644 --- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md index 20d519622f..e19a7707c0 100644 --- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md index 305b40e22f..b97c053fd9 100644 --- a/windows/security/operating-system.md +++ b/windows/security/operating-system.md @@ -3,9 +3,9 @@ title: Windows operating system security description: Securing the operating system includes system security, encryption, network security, and threat protection. ms.reviewer: ms.topic: article -manager: dansimp -ms.author: deniseb -author: denisebmsft +manager: aaroncz +ms.author: paoloma +author: paolomatarazzo ms.collection: M365-security-compliance ms.prod: m365-security ms.technology: windows-sec diff --git a/windows/security/security-foundations.md b/windows/security/security-foundations.md index 1dc5324f16..907d545563 100644 --- a/windows/security/security-foundations.md +++ b/windows/security/security-foundations.md @@ -3,9 +3,9 @@ title: Windows security foundations description: Get an overview of security foundations, including the security development lifecycle, common criteria, and the bug bounty program. ms.reviewer: ms.topic: article -manager: dansimp -ms.author: deniseb -author: denisebmsft +manager: aaroncz +ms.author: paoloma +author: paolomatarazzo ms.collection: M365-security-compliance ms.prod: m365-security ms.technology: windows-sec diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index 076b555055..d4d91dca07 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -3,14 +3,14 @@ title: Advanced security audit policy settings (Windows 10) description: This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate. ms.assetid: 93b28b92-796f-4036-a53b-8b9e80f9f171 ms.reviewer: This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate. -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index 58035d8f4d..f7e415c185 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -7,7 +7,7 @@ metadata: ms.localizationpriority: none author: dansimp ms.author: dansimp - manager: dansimp + manager: aaroncz ms.reviewer: ms.collection: M365-security-compliance ms.topic: faq diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md index 0b3fae0f35..9bc1f821b8 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md @@ -3,14 +3,14 @@ title: Advanced security audit policies (Windows 10) description: Advanced security audit policy settings may appear to overlap with basic policies, but they are recorded and applied differently. Learn more about them here. ms.assetid: 6FE8AC10-F48E-4BBF-979B-43A5DFDC5DFC ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md index 258ea0a79b..b176620db8 100644 --- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md +++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index 7cc6b35da0..cd0cb7d36f 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -3,14 +3,14 @@ title: Apply a basic audit policy on a file or folder (Windows 10) description: Apply audit policies to individual files and folders on your computer by setting the permission type to record access attempts in the security log. ms.assetid: 565E7249-5CD0-4B2E-B2C0-B3A0793A51E2 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md index 2d936555a6..12b0ddc395 100644 --- a/windows/security/threat-protection/auditing/audit-account-lockout.md +++ b/windows/security/threat-protection/auditing/audit-account-lockout.md @@ -3,14 +3,14 @@ title: Audit Account Lockout (Windows 10) description: The policy setting, Audit Account Lockout, enables you to audit security events generated by a failed attempt to log on to an account that is locked out. ms.assetid: da68624b-a174-482c-9bc5-ddddab38e589 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md index f778de2af2..a6bb26f2b2 100644 --- a/windows/security/threat-protection/auditing/audit-application-generated.md +++ b/windows/security/threat-protection/auditing/audit-application-generated.md @@ -3,14 +3,14 @@ title: Audit Application Generated (Windows 10) description: The policy setting, Audit Application Generated, determines if audit events are generated when applications attempt to use the Windows Auditing APIs. ms.assetid: 6c58a365-b25b-42b8-98ab-819002e31871 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md index 3cb78ff1b1..40db38bfb4 100644 --- a/windows/security/threat-protection/auditing/audit-application-group-management.md +++ b/windows/security/threat-protection/auditing/audit-application-group-management.md @@ -3,14 +3,14 @@ title: Audit Application Group Management (Windows 10) description: The policy setting, Audit Application Group Management, determines if audit events are generated when application group management tasks are performed. ms.assetid: 1bcaa41e-5027-4a86-96b7-f04eaf1c0606 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md index ae75fb4fef..af01de791c 100644 --- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md @@ -3,14 +3,14 @@ title: Audit Audit Policy Change (Windows 10) description: The Advanced Security Audit policy setting, Audit Audit Policy Change, determines if audit events are generated when changes are made to audit policy. ms.assetid: 7153bf75-6978-4d7e-a821-59a699efb8a9 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md index 68c6747f77..1e4d381758 100644 --- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md @@ -3,14 +3,14 @@ title: Audit Authentication Policy Change (Windows 10) description: The Advanced Security Audit policy setting, Audit Authentication Policy Change, determines if audit events are generated when authentication policy is changed. ms.assetid: aa9cea7a-aadf-47b7-b704-ac253b8e79be ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md index 03111b60f9..fbf9267a82 100644 --- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md @@ -3,14 +3,14 @@ title: Audit Authorization Policy Change (Windows 10) description: The policy setting, Audit Authorization Policy Change, determines if audit events are generated when specific changes are made to the authorization policy. ms.assetid: ca0587a2-a2b3-4300-aa5d-48b4553c3b36 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md index a877583e94..0f9623bc2a 100644 --- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md +++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md @@ -3,14 +3,14 @@ title: Audit Central Access Policy Staging (Windows 10) description: The Advanced Security Audit policy setting, Audit Central Access Policy Staging, determines permissions on a Central Access Policy. ms.assetid: D9BB11CE-949A-4B48-82BF-30DC5E6FC67D ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-certification-services.md b/windows/security/threat-protection/auditing/audit-certification-services.md index 5c5e3cfccd..ab5dc1db6b 100644 --- a/windows/security/threat-protection/auditing/audit-certification-services.md +++ b/windows/security/threat-protection/auditing/audit-certification-services.md @@ -3,14 +3,14 @@ title: Audit Certification Services (Windows 10) description: The policy setting, Audit Certification Services, decides if events are generated when Active Directory Certificate Services (ADA CS) operations are performed. ms.assetid: cdefc34e-fb1f-4eff-b766-17713c5a1b03 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md index c544d87734..2fca8cb4ff 100644 --- a/windows/security/threat-protection/auditing/audit-computer-account-management.md +++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md @@ -3,14 +3,14 @@ title: Audit Computer Account Management (Windows 10) description: The policy setting, Audit Computer Account Management, determines if audit events are generated when a computer account is created, changed, or deleted. ms.assetid: 6c406693-57bf-4411-bb6c-ff83ce548991 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-credential-validation.md b/windows/security/threat-protection/auditing/audit-credential-validation.md index ad726d2c61..f09b2e6ceb 100644 --- a/windows/security/threat-protection/auditing/audit-credential-validation.md +++ b/windows/security/threat-protection/auditing/audit-credential-validation.md @@ -3,14 +3,14 @@ title: Audit Credential Validation (Windows 10) description: The policy setting, Audit Credential Validation, determines if audit events are generated when user account logon request credentials are submitted. ms.assetid: 6654b33a-922e-4a43-8223-ec5086dfc926 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md index 9af371fb40..9f83de62ed 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md @@ -3,14 +3,14 @@ title: Audit Detailed Directory Service Replication (Windows 10) description: The Audit Detailed Directory Service Replication setting decides if audit events contain detailed tracking info about data replicated between domain controllers ms.assetid: 1b89c8f5-bce7-4b20-8701-42585c7ab993 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md index 15e15c2540..cf232819c0 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md +++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md @@ -3,14 +3,14 @@ title: Audit Detailed File Share (Windows 10) description: The Advanced Security Audit policy setting, Audit Detailed File Share, allows you to audit attempts to access files and folders on a shared folder. ms.assetid: 60310104-b820-4033-a1cb-022a34f064ae ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md index 927eb3b00a..c6e8118ded 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md @@ -3,14 +3,14 @@ title: Audit Directory Service Access (Windows 10) description: The policy setting Audit Directory Service Access determines if audit events are generated when an Active Directory Domain Services (ADA DS) object is accessed. ms.assetid: ba2562ba-4282-4588-b87c-a3fcb771c7d0 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md index c012915713..caa1701475 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md @@ -3,14 +3,14 @@ title: Audit Directory Service Changes (Windows 10) description: The policy setting Audit Directory Service Changes determines if audit events are generated when objects in Active Directory Domain Services (AD DS) are changed ms.assetid: 9f7c0dd4-3977-47dd-a0fb-ec2f17cad05e ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md index f745f49759..5a424dae77 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md @@ -3,14 +3,14 @@ title: Audit Directory Service Replication (Windows 10) description: Audit Directory Service Replication is a policy setting that decides if audit events are created when replication between two domain controllers begins or ends. ms.assetid: b95d296c-7993-4e8d-8064-a8bbe284bd56 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md index 8317bd58a5..76eb29a0bc 100644 --- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md +++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md @@ -3,14 +3,14 @@ title: Audit Distribution Group Management (Windows 10) description: The policy setting, Audit Distribution Group Management, determines if audit events are generated for specific distribution-group management tasks. ms.assetid: d46693a4-5887-4a58-85db-2f6cba224a66 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md index ec0e0c8843..00a34ebb03 100644 --- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md +++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md @@ -3,14 +3,14 @@ title: Audit DPAPI Activity (Windows 10) description: The policy setting, Audit DPAPI Activity, decides if encryption/decryption calls to the data protection application interface (DPAPI) generate audit events. ms.assetid: be4d4c83-c857-4e3d-a84e-8bcc3f2c99cd ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-file-share.md b/windows/security/threat-protection/auditing/audit-file-share.md index 7d9f3c613e..29e1ca9570 100644 --- a/windows/security/threat-protection/auditing/audit-file-share.md +++ b/windows/security/threat-protection/auditing/audit-file-share.md @@ -3,14 +3,14 @@ title: Audit File Share (Windows 10) description: The Advanced Security Audit policy setting, Audit File Share, determines if the operating system generates audit events when a file share is accessed. ms.assetid: 9ea985f8-8936-4b79-abdb-35cbb7138f78 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md index 1d2aa49bd8..12885568e0 100644 --- a/windows/security/threat-protection/auditing/audit-file-system.md +++ b/windows/security/threat-protection/auditing/audit-file-system.md @@ -3,14 +3,14 @@ title: Audit File System (Windows 10) description: The Advanced Security Audit policy setting, Audit File System, determines if audit events are generated when users attempt to access file system objects. ms.assetid: 6a71f283-b8e5-41ac-b348-0b7ec6ea0b1f ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md index 16b00b3889..d7e01c186a 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md @@ -3,14 +3,14 @@ title: Audit Filtering Platform Connection (Windows 10) description: The policy setting, Audit Filtering Platform Connection, decides if audit events are generated when connections are allow/blocked by Windows Filtering Platform. ms.assetid: d72936e9-ff01-4d18-b864-a4958815df59 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md index 40a667e051..6f9481da89 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md @@ -3,14 +3,14 @@ title: Audit Filtering Platform Packet Drop (Windows 10) description: The policy setting, Audit Filtering Platform Packet Drop, determines if audit events are generated when packets are dropped by the Windows Filtering Platform. ms.assetid: 95457601-68d1-4385-af20-87916ddab906 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md index ffefdd58cb..ae7aca862f 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md @@ -3,14 +3,14 @@ title: Audit Filtering Platform Policy Change (Windows 10) description: The policy setting, Audit Filtering Platform Policy Change, determines if audit events are generated for certain IPsec and Windows Filtering Platform actions. ms.assetid: 0eaf1c56-672b-4ea9-825a-22dc03eb4041 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md index 97bb5b57e1..1ae73ba656 100644 --- a/windows/security/threat-protection/auditing/audit-group-membership.md +++ b/windows/security/threat-protection/auditing/audit-group-membership.md @@ -3,14 +3,14 @@ title: Audit Group Membership (Windows 10) description: Using the advanced security audit policy setting, Audit Group Membership, you can audit group memberships when they're enumerated on the client PC. ms.assetid: 1CD7B014-FBD9-44B9-9274-CC5715DE58B9 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-handle-manipulation.md b/windows/security/threat-protection/auditing/audit-handle-manipulation.md index b64ddae053..84d320a966 100644 --- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md +++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md @@ -3,14 +3,14 @@ title: Audit Handle Manipulation (Windows 10) description: The Advanced Security Audit policy setting, Audit Handle Manipulation, determines if audit events are generated when a handle to an object is opened or closed. ms.assetid: 1fbb004a-ccdc-4c80-b3da-a4aa7a9f4091 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md index 1cdb6f9140..a31f2e95b9 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md @@ -3,14 +3,14 @@ title: Audit IPsec Driver (Windows 10) description: The Advanced Security Audit policy setting, Audit IPsec Driver, determines if audit events are generated for the activities of the IPsec driver. ms.assetid: c8b8c02f-5ad0-4ee5-9123-ea8cdae356a5 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md index 7e372d5a0e..121c17cdf3 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md @@ -3,14 +3,14 @@ title: Audit IPsec Extended Mode (Windows 10) description: The setting, Audit IPsec Extended Mode, determines if audit events are generated for the results of IKE protocol and AuthIP during Extended Mode negotiations. ms.assetid: 2b4fee9e-482a-4181-88a8-6a79d8fc8049 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md index 675299ef05..e250004563 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md @@ -3,14 +3,14 @@ title: Audit IPsec Main Mode (Windows 10) description: Learn about the policy setting, Audit IPsec Main Mode, which determines if the results of certain protocols generate events during Main Mode negotiations. ms.assetid: 06ed26ec-3620-4ef4-a47a-c70df9c8827b ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md index 982e294c4c..412c2ed30e 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md @@ -3,14 +3,14 @@ title: Audit IPsec Quick Mode (Windows 10) description: The policy setting, Audit IPsec Quick Mode, decides if audit events are generated for the results of the IKE protocol and AuthIP during Quick Mode negotiations. ms.assetid: 7be67a15-c2ce-496a-9719-e25ac7699114 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md index c4245be658..cf603612e7 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md @@ -3,14 +3,14 @@ title: Audit Kerberos Authentication Service (Windows 10) description: The policy setting Audit Kerberos Authentication Service decides if audit events are generated for Kerberos authentication ticket-granting ticket (TGT) requests ms.assetid: 990dd6d9-1a1f-4cce-97ba-5d7e0a7db859 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md index 71f4e995c9..775390d2fd 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md @@ -3,14 +3,14 @@ title: Audit Kerberos Service Ticket Operations (Windows 10) description: The policy setting, Audit Kerberos Service Ticket Operations, determines if security audit events are generated for Kerberos service ticket requests. ms.assetid: ddc0abef-ac7f-4849-b90d-66700470ccd6 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-kernel-object.md b/windows/security/threat-protection/auditing/audit-kernel-object.md index 7262c46dd7..8d8700c72e 100644 --- a/windows/security/threat-protection/auditing/audit-kernel-object.md +++ b/windows/security/threat-protection/auditing/audit-kernel-object.md @@ -3,14 +3,14 @@ title: Audit Kernel Object (Windows 10) description: The policy setting, Audit Kernel Object, decides if user attempts to access the system kernel (which includes mutexes and semaphores) generate audit events. ms.assetid: 75619d8b-b1eb-445b-afc9-0f9053be97fb ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md index 92a4bed8a5..764e61eca5 100644 --- a/windows/security/threat-protection/auditing/audit-logoff.md +++ b/windows/security/threat-protection/auditing/audit-logoff.md @@ -3,14 +3,14 @@ title: Audit Logoff (Windows 10) description: The Advanced Security Audit policy setting, Audit Logoff, determines if audit events are generated when logon sessions are terminated. ms.assetid: 681e51f2-ba06-46f5-af8c-d9c48d515432 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-logon.md b/windows/security/threat-protection/auditing/audit-logon.md index f3450fc499..896c41e4c2 100644 --- a/windows/security/threat-protection/auditing/audit-logon.md +++ b/windows/security/threat-protection/auditing/audit-logon.md @@ -3,14 +3,14 @@ title: Audit Logon (Windows 10) description: The Advanced Security Audit policy setting, Audit Logon, determines if audit events are generated when a user attempts to log on to a computer. ms.assetid: ca968d03-7d52-48c4-ba0e-2bcd2937231b ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md index aac15f25fa..25553898cc 100644 --- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md @@ -3,14 +3,14 @@ title: Audit MPSSVC Rule-Level Policy Change (Windows 10) description: Audit MPSSVC Rule-Level Policy Change determines if audit events are generated when policy rules are altered for the Microsoft Protection Service (MPSSVC.exe). ms.assetid: 263461b3-c61c-4ec3-9dee-851164845019 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md index 97911ece3f..c141fc7bf1 100644 --- a/windows/security/threat-protection/auditing/audit-network-policy-server.md +++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md @@ -3,14 +3,14 @@ title: Audit Network Policy Server (Windows 10) description: The policy setting, Audit Network Policy Server, determines if audit events are generated for RADIUS (IAS) and NAP activity on user access requests. ms.assetid: 43b2aea4-26df-46da-b761-2b30f51a80f7 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md index 67ef50a903..ead439de46 100644 --- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md @@ -3,14 +3,14 @@ title: Audit Non-Sensitive Privilege Use (Windows 10) description: This article for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used. ms.assetid: 8fd74783-1059-443e-aa86-566d78606627 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md index fa4413dbb7..afeebd6098 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md @@ -3,14 +3,14 @@ title: Audit Other Account Logon Events (Windows 10) description: The policy setting, Audit Other Account Logon Events allows you to audit events when generated by responses to credential requests for certain kinds of user logons. ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md index dfa2678034..1f3ac84620 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md @@ -3,14 +3,14 @@ title: Audit Other Account Management Events (Windows 10) description: The Advanced Security Audit policy setting, Audit Other Account Management Events, determines if user account management audit events are generated. ms.assetid: 4ce22eeb-a96f-4cf9-a46d-6642961a31d5 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md index 9314db237d..cfadd950fa 100644 --- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md +++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md @@ -3,14 +3,14 @@ title: Audit Other Logon/Logoff Events (Windows 10) description: The Advanced Security Audit policy setting, Audit Other Logon/Logoff Events, determines if Windows generates audit events for other logon or logoff events. ms.assetid: 76d987cd-1917-4907-a739-dd642609a458 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-other-object-access-events.md b/windows/security/threat-protection/auditing/audit-other-object-access-events.md index 9131eff82e..287ef71e1d 100644 --- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md +++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md @@ -3,14 +3,14 @@ title: Audit Other Object Access Events (Windows 10) description: The policy setting, Audit Other Object Access Events, determines if audit events are generated for the management of Task Scheduler jobs or COM+ objects. ms.assetid: b9774595-595d-4199-b0c5-8dbc12b6c8b2 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md index 9119efbc58..2ebaf41f93 100644 --- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md +++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md @@ -3,14 +3,14 @@ title: Audit Other Policy Change Events (Windows 10) description: The policy setting, Audit Other Policy Change Events, determines if audit events are generated for security policy changes that are not otherwise audited. ms.assetid: 8618502e-c21c-41cc-8a49-3dc1eb359e60 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md index 46f053cae3..7ffd11fc64 100644 --- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md +++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md @@ -3,14 +3,14 @@ title: Audit Other Privilege Use Events (Windows 10) description: Learn about the audit other privilege use events, an auditing subcategory that should not have any events in it but enables generation of event 4985(S). ms.assetid: 5f7f5b25-42a6-499f-8aa2-01ac79a2a63c ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-other-system-events.md b/windows/security/threat-protection/auditing/audit-other-system-events.md index 5d7042e1dc..dd61dda8ea 100644 --- a/windows/security/threat-protection/auditing/audit-other-system-events.md +++ b/windows/security/threat-protection/auditing/audit-other-system-events.md @@ -3,14 +3,14 @@ title: Audit Other System Events (Windows 10) description: The Advanced Security Audit policy setting, Audit Other System Events, determines if the operating system audits various system events. ms.assetid: 2401e4cc-d94e-41ec-82a7-e10914295f8b ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md index fa29bfac6d..bae8fa6df6 100644 --- a/windows/security/threat-protection/auditing/audit-pnp-activity.md +++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md @@ -3,14 +3,14 @@ title: Audit PNP Activity (Windows 10) description: The advanced security audit policy setting, Audit PNP Activity, determines when plug and play detects an external device. ms.assetid: A3D87B3B-EBBE-442A-953B-9EB75A5F600E ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md index 538a1b7fa9..a2e6e0c9c6 100644 --- a/windows/security/threat-protection/auditing/audit-process-creation.md +++ b/windows/security/threat-protection/auditing/audit-process-creation.md @@ -3,14 +3,14 @@ title: Audit Process Creation (Windows 10) description: The Advanced Security Audit policy setting, Audit Process Creation, determines if audit events are generated when a process is created (starts). ms.assetid: 67e39fcd-ded6-45e8-b1b6-d411e4e93019 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 03/16/2022 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md index 72e92a74e0..584f8b8880 100644 --- a/windows/security/threat-protection/auditing/audit-process-termination.md +++ b/windows/security/threat-protection/auditing/audit-process-termination.md @@ -3,14 +3,14 @@ title: Audit Process Termination (Windows 10) description: The Advanced Security Audit policy setting, Audit Process Termination, determines if audit events are generated when an attempt is made to end a process. ms.assetid: 65d88e53-14aa-48a4-812b-557cebbf9e50 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index a9559b8677..13960b7b4c 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -3,14 +3,14 @@ title: Audit Registry (Windows 10) description: The Advanced Security Audit policy setting, Audit Registry, determines if audit events are generated when users attempt to access registry objects. ms.assetid: 02bcc23b-4823-46ac-b822-67beedf56b32 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 01/05/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md index 1b527f37be..eae70e36ee 100644 --- a/windows/security/threat-protection/auditing/audit-removable-storage.md +++ b/windows/security/threat-protection/auditing/audit-removable-storage.md @@ -3,14 +3,14 @@ title: Audit Removable Storage (Windows 10) description: The Advanced Security Audit policy setting, Audit Removable Storage, determines when there is a read or a write to a removable drive. ms.assetid: 1746F7B3-8B41-4661-87D8-12F734AFFB26 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md index 087ff6ed52..0b881d3f43 100644 --- a/windows/security/threat-protection/auditing/audit-rpc-events.md +++ b/windows/security/threat-protection/auditing/audit-rpc-events.md @@ -3,14 +3,14 @@ title: Audit RPC Events (Windows 10) description: Audit RPC Events is an audit policy setting that determines if audit events are generated when inbound remote procedure call (RPC) connections are made. ms.assetid: 868aec2d-93b4-4bc8-a150-941f88838ba6 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md index 93c399ae54..4297c79c86 100644 --- a/windows/security/threat-protection/auditing/audit-sam.md +++ b/windows/security/threat-protection/auditing/audit-sam.md @@ -3,14 +3,14 @@ title: Audit SAM (Windows 10) description: The Advanced Security Audit policy setting, Audit SAM, enables you to audit events generated by attempts to access Security Account Manager (SAM) objects. ms.assetid: 1d00f955-383d-4c95-bbd1-fab4a991a46e ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index db3bc5689b..5d21c7bd36 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -3,14 +3,14 @@ title: Audit Security Group Management (Windows 10) description: The policy setting, Audit Security Group Management, determines if audit events are generated when specific security group management tasks are performed. ms.assetid: ac2ee101-557b-4c84-b9fa-4fb23331f1aa ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md index 88a21e9a8b..7e25a9e858 100644 --- a/windows/security/threat-protection/auditing/audit-security-state-change.md +++ b/windows/security/threat-protection/auditing/audit-security-state-change.md @@ -3,14 +3,14 @@ title: Audit Security State Change (Windows 10) description: The policy setting, Audit Security State Change, which determines whether Windows generates audit events for changes in the security state of a system. ms.assetid: decb3218-a67d-4efa-afc0-337c79a89a2d ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md index 057d504bc1..f2a020e961 100644 --- a/windows/security/threat-protection/auditing/audit-security-system-extension.md +++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md @@ -3,14 +3,14 @@ title: Audit Security System Extension (Windows 10) description: The Advanced Security Audit policy setting, Audit Security System Extension, determines if audit events related to security system extensions are generated. ms.assetid: 9f3c6bde-42b2-4a0a-b353-ed3106ebc005 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md index e54927afd1..3b87a0810f 100644 --- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md @@ -3,14 +3,14 @@ title: Audit Sensitive Privilege Use (Windows 10) description: The policy setting, Audit Sensitive Privilege Use, determines if the operating system generates audit events when sensitive privileges (user rights) are used. ms.assetid: 915abf50-42d2-45f6-9fd1-e7bd201b193d ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md index 7cf389f177..ef4cf15494 100644 --- a/windows/security/threat-protection/auditing/audit-special-logon.md +++ b/windows/security/threat-protection/auditing/audit-special-logon.md @@ -3,14 +3,14 @@ title: Audit Special Logon (Windows 10) description: The Advanced Security Audit policy setting, Audit Special Logon, determines if audit events are generated under special sign in (or logon) circumstances. ms.assetid: e1501bac-1d09-4593-8ebb-f311231567d3 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md index e4b357fa00..59ddddcc56 100644 --- a/windows/security/threat-protection/auditing/audit-system-integrity.md +++ b/windows/security/threat-protection/auditing/audit-system-integrity.md @@ -3,14 +3,14 @@ title: Audit System Integrity (Windows 10) description: The policy setting, Audit System Integrity, determines if the operating system audits events that violate the integrity of the security subsystem. ms.assetid: 942a9a7f-fa31-4067-88c7-f73978bf2034 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md index 3d85c00f81..5eb81c872a 100644 --- a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md +++ b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md @@ -1,9 +1,9 @@ --- title: Audit Token Right Adjusted (Windows 10) description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Token Right Adjusted, which determines whether the operating system generates audit events when specific changes are made to the privileges of a token. -manager: dansimp -author: dansimp -ms.author: dansimp +manager: aaroncz +author: vinaypamnani-msft +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.technology: windows-sec diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md index e958273064..e1460e7aa6 100644 --- a/windows/security/threat-protection/auditing/audit-user-account-management.md +++ b/windows/security/threat-protection/auditing/audit-user-account-management.md @@ -3,14 +3,14 @@ title: Audit User Account Management (Windows 10) description: Audit User Account Management is an audit policy setting that determines if the operating system generates audit events when certain tasks are performed. ms.assetid: f7e72998-3858-4197-a443-19586ecc4bfb ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md index 9b92a3022e..adfe26b5d1 100644 --- a/windows/security/threat-protection/auditing/audit-user-device-claims.md +++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md @@ -3,14 +3,14 @@ title: Audit User/Device Claims (Windows 10) description: Audit User/Device Claims is an audit policy setting that enables you to audit security events that are generated by user and device claims. ms.assetid: D3D2BFAF-F2C0-462A-9377-673DB49D5486 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/06/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md index e8f37ef2fc..fd30c96538 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md @@ -3,14 +3,14 @@ title: Audit account logon events (Windows 10) description: Determines whether to audit each instance of a user logging on to or logging off from another device in which this device is used to validate the account. ms.assetid: 84B44181-E325-49A1-8398-AECC3CE0A516 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md index 1656e7f0eb..5198cd91e7 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-management.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md @@ -3,14 +3,14 @@ title: Audit account management (Windows 10) description: Determines whether to audit each event of account management on a device. ms.assetid: 369197E1-7E0E-45A4-89EA-16D91EF01689 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md index 37ea6c6cb7..6baff08ecd 100644 --- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md @@ -3,14 +3,14 @@ title: Basic audit directory service access (Windows 10) description: Determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified. ms.assetid: 52F02EED-3CFE-4307-8D06-CF1E27693D09 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md index c0be497365..414793c373 100644 --- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md @@ -3,14 +3,14 @@ title: Audit logon events (Windows 10) description: Determines whether to audit each instance of a user logging on to or logging off from a device. ms.assetid: 78B5AFCB-0BBD-4C38-9FE9-6B4571B94A35 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md index 713700f0c2..eea30b98ef 100644 --- a/windows/security/threat-protection/auditing/basic-audit-object-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md @@ -3,14 +3,14 @@ title: Audit object access (Windows 10) description: The policy setting, Audit object access, determines whether to audit the event generated when a user accesses an object that has its own SACL specified. ms.assetid: D15B6D67-7886-44C2-9972-3F192D5407EA ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md index ab4eb9ba52..b96ea7b99e 100644 --- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md @@ -3,14 +3,14 @@ title: Audit policy change (Windows 10) description: Determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies. ms.assetid: 1025A648-6B22-4C85-9F47-FE0897F1FA31 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md index 9949cfab8d..a0d131b788 100644 --- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md +++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md @@ -3,14 +3,14 @@ title: Audit privilege use (Windows 10) description: Determines whether to audit each instance of a user exercising a user right. ms.assetid: C5C6DAAF-8B58-4DFB-B1CE-F0675AE0E9F8 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md index a1234e42c5..e1e8ec83dc 100644 --- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md +++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md @@ -3,14 +3,14 @@ title: Audit process tracking (Windows 10) description: Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. ms.assetid: 91AC5C1E-F4DA-4B16-BEE2-C92D66E4CEEA ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md index 0f97e6acd1..0f47401092 100644 --- a/windows/security/threat-protection/auditing/basic-audit-system-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md @@ -3,14 +3,14 @@ title: Audit system events (Windows 10) description: Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. ms.assetid: BF27588C-2AA7-4365-A4BF-3BB377916447 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md index 252459caae..ba11dec1f1 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md @@ -3,14 +3,14 @@ title: Basic security audit policies (Windows 10) description: Learn about basic security audit policies that specify the categories of security-related events that you want to audit for the needs of your organization. ms.assetid: 3B678568-7AD7-4734-9BB4-53CF5E04E1D3 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md index 37f8dddc0f..306c7c8339 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md @@ -3,14 +3,14 @@ title: Basic security audit policy settings (Windows 10) description: Basic security audit policy settings are found under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy. ms.assetid: 31C2C453-2CFC-4D9E-BC88-8CE1C1A8F900 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md index 45befb2420..af627fc630 100644 --- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md +++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md @@ -3,14 +3,14 @@ title: Create a basic audit policy for an event category (Windows 10) description: By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization. ms.assetid: C9F52751-B40D-482E-BE9D-2C61098249D3 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md index 1a67e3d958..32ae7fc631 100644 --- a/windows/security/threat-protection/auditing/event-1100.md +++ b/windows/security/threat-protection/auditing/event-1100.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md index d21241558c..26db20429c 100644 --- a/windows/security/threat-protection/auditing/event-1102.md +++ b/windows/security/threat-protection/auditing/event-1102.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md index 53c67d234b..2dc26ce28a 100644 --- a/windows/security/threat-protection/auditing/event-1104.md +++ b/windows/security/threat-protection/auditing/event-1104.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md index ae939ee4ca..876b254fac 100644 --- a/windows/security/threat-protection/auditing/event-1105.md +++ b/windows/security/threat-protection/auditing/event-1105.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md index 7e9e4a1dd4..b29bdbea27 100644 --- a/windows/security/threat-protection/auditing/event-1108.md +++ b/windows/security/threat-protection/auditing/event-1108.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md index 955c45883a..e461d3a1f0 100644 --- a/windows/security/threat-protection/auditing/event-4608.md +++ b/windows/security/threat-protection/auditing/event-4608.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md index 4248720724..a9256d7167 100644 --- a/windows/security/threat-protection/auditing/event-4610.md +++ b/windows/security/threat-protection/auditing/event-4610.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md index 503c8d0da2..ddfd12cebd 100644 --- a/windows/security/threat-protection/auditing/event-4611.md +++ b/windows/security/threat-protection/auditing/event-4611.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md index 151c9f9d71..1894b7e87a 100644 --- a/windows/security/threat-protection/auditing/event-4612.md +++ b/windows/security/threat-protection/auditing/event-4612.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md index 9b4a55bf5e..00aa2bf61d 100644 --- a/windows/security/threat-protection/auditing/event-4614.md +++ b/windows/security/threat-protection/auditing/event-4614.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md index ffcc91a1f2..a71a72d981 100644 --- a/windows/security/threat-protection/auditing/event-4615.md +++ b/windows/security/threat-protection/auditing/event-4615.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md index 34c71e2c56..62f402ee6c 100644 --- a/windows/security/threat-protection/auditing/event-4616.md +++ b/windows/security/threat-protection/auditing/event-4616.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md index f67334d36a..52790766da 100644 --- a/windows/security/threat-protection/auditing/event-4618.md +++ b/windows/security/threat-protection/auditing/event-4618.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md index e4188be9df..145a52481e 100644 --- a/windows/security/threat-protection/auditing/event-4621.md +++ b/windows/security/threat-protection/auditing/event-4621.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md index 150ef448af..d71804453a 100644 --- a/windows/security/threat-protection/auditing/event-4622.md +++ b/windows/security/threat-protection/auditing/event-4622.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index 38faea78d6..af8492549e 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index 44603fc006..a8cf41f43c 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 01/03/2022 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md index cc5ab9874a..40dda4fb91 100644 --- a/windows/security/threat-protection/auditing/event-4626.md +++ b/windows/security/threat-protection/auditing/event-4626.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md index b050838a58..2ced3b38aa 100644 --- a/windows/security/threat-protection/auditing/event-4627.md +++ b/windows/security/threat-protection/auditing/event-4627.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md index 27f923aeaa..3c9d5b5fcb 100644 --- a/windows/security/threat-protection/auditing/event-4634.md +++ b/windows/security/threat-protection/auditing/event-4634.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md index eabd7698b9..75ebc4000b 100644 --- a/windows/security/threat-protection/auditing/event-4647.md +++ b/windows/security/threat-protection/auditing/event-4647.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md index 04e69119ac..38f6872968 100644 --- a/windows/security/threat-protection/auditing/event-4648.md +++ b/windows/security/threat-protection/auditing/event-4648.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md index f3b32117be..eb4add10ec 100644 --- a/windows/security/threat-protection/auditing/event-4649.md +++ b/windows/security/threat-protection/auditing/event-4649.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md index 7f9dd2557b..e00a414562 100644 --- a/windows/security/threat-protection/auditing/event-4656.md +++ b/windows/security/threat-protection/auditing/event-4656.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md index 7c8a7b6c54..5d5f2aa622 100644 --- a/windows/security/threat-protection/auditing/event-4657.md +++ b/windows/security/threat-protection/auditing/event-4657.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md index 957b595d7d..2529318f4c 100644 --- a/windows/security/threat-protection/auditing/event-4658.md +++ b/windows/security/threat-protection/auditing/event-4658.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md index 7fa92fc68e..78d23e5710 100644 --- a/windows/security/threat-protection/auditing/event-4660.md +++ b/windows/security/threat-protection/auditing/event-4660.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md index a254ab803c..21aab6e49b 100644 --- a/windows/security/threat-protection/auditing/event-4661.md +++ b/windows/security/threat-protection/auditing/event-4661.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md index ab5968f778..46ca1c34bf 100644 --- a/windows/security/threat-protection/auditing/event-4662.md +++ b/windows/security/threat-protection/auditing/event-4662.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md index ada40db01d..b407e338d2 100644 --- a/windows/security/threat-protection/auditing/event-4663.md +++ b/windows/security/threat-protection/auditing/event-4663.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md index b6a2a10e16..c3c06a1bff 100644 --- a/windows/security/threat-protection/auditing/event-4664.md +++ b/windows/security/threat-protection/auditing/event-4664.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md index e0477b2e16..3c34a477b3 100644 --- a/windows/security/threat-protection/auditing/event-4670.md +++ b/windows/security/threat-protection/auditing/event-4670.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md index c1374cae22..b3d70bd49a 100644 --- a/windows/security/threat-protection/auditing/event-4671.md +++ b/windows/security/threat-protection/auditing/event-4671.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md index 863cb342a4..b1dcd19a2f 100644 --- a/windows/security/threat-protection/auditing/event-4672.md +++ b/windows/security/threat-protection/auditing/event-4672.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md index 4ee65904e9..816f3243d3 100644 --- a/windows/security/threat-protection/auditing/event-4673.md +++ b/windows/security/threat-protection/auditing/event-4673.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md index 038e21fa18..4811afdc89 100644 --- a/windows/security/threat-protection/auditing/event-4674.md +++ b/windows/security/threat-protection/auditing/event-4674.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md index 47a81b9444..c39393eaeb 100644 --- a/windows/security/threat-protection/auditing/event-4675.md +++ b/windows/security/threat-protection/auditing/event-4675.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index 866d555375..9fb85668e9 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 01/24/2022 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md index 3d50a5e80d..4ce41a0a7f 100644 --- a/windows/security/threat-protection/auditing/event-4689.md +++ b/windows/security/threat-protection/auditing/event-4689.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md index 84686b24aa..d199963bc4 100644 --- a/windows/security/threat-protection/auditing/event-4690.md +++ b/windows/security/threat-protection/auditing/event-4690.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md index c8ce062789..c4cabb426e 100644 --- a/windows/security/threat-protection/auditing/event-4691.md +++ b/windows/security/threat-protection/auditing/event-4691.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md index 639cac22bf..b4655573c6 100644 --- a/windows/security/threat-protection/auditing/event-4692.md +++ b/windows/security/threat-protection/auditing/event-4692.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md index e816c4c45b..604b596451 100644 --- a/windows/security/threat-protection/auditing/event-4693.md +++ b/windows/security/threat-protection/auditing/event-4693.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md index 1f64dc3491..0282e7d3b4 100644 --- a/windows/security/threat-protection/auditing/event-4694.md +++ b/windows/security/threat-protection/auditing/event-4694.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md index f4c77584c7..0a1c8102df 100644 --- a/windows/security/threat-protection/auditing/event-4695.md +++ b/windows/security/threat-protection/auditing/event-4695.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md index dd8e59af94..503e8c18b5 100644 --- a/windows/security/threat-protection/auditing/event-4696.md +++ b/windows/security/threat-protection/auditing/event-4696.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md index 32489e2c4d..6ca2ffe88c 100644 --- a/windows/security/threat-protection/auditing/event-4697.md +++ b/windows/security/threat-protection/auditing/event-4697.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md index 32adfda2d6..0e8b5ef51d 100644 --- a/windows/security/threat-protection/auditing/event-4698.md +++ b/windows/security/threat-protection/auditing/event-4698.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md index 4e94788e1f..a9d14b8c99 100644 --- a/windows/security/threat-protection/auditing/event-4699.md +++ b/windows/security/threat-protection/auditing/event-4699.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md index 9fb16aefd8..9846182ff5 100644 --- a/windows/security/threat-protection/auditing/event-4700.md +++ b/windows/security/threat-protection/auditing/event-4700.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md index f6c37f2fde..8efade99fd 100644 --- a/windows/security/threat-protection/auditing/event-4701.md +++ b/windows/security/threat-protection/auditing/event-4701.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md index e42e4e116b..7be335c868 100644 --- a/windows/security/threat-protection/auditing/event-4702.md +++ b/windows/security/threat-protection/auditing/event-4702.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md index 692ef083f0..b96826a470 100644 --- a/windows/security/threat-protection/auditing/event-4703.md +++ b/windows/security/threat-protection/auditing/event-4703.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md index 824a755e4b..461a643a95 100644 --- a/windows/security/threat-protection/auditing/event-4704.md +++ b/windows/security/threat-protection/auditing/event-4704.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md index 6738fed5c9..70cfbfdc90 100644 --- a/windows/security/threat-protection/auditing/event-4705.md +++ b/windows/security/threat-protection/auditing/event-4705.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md index cf21247125..bdbee520fb 100644 --- a/windows/security/threat-protection/auditing/event-4706.md +++ b/windows/security/threat-protection/auditing/event-4706.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md index 46cc4912f4..6cd9f771d0 100644 --- a/windows/security/threat-protection/auditing/event-4707.md +++ b/windows/security/threat-protection/auditing/event-4707.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md index 040a4757be..9940e66d35 100644 --- a/windows/security/threat-protection/auditing/event-4713.md +++ b/windows/security/threat-protection/auditing/event-4713.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md index 6ff804511a..38aad24335 100644 --- a/windows/security/threat-protection/auditing/event-4714.md +++ b/windows/security/threat-protection/auditing/event-4714.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md index 484f51c5ca..129d5815bb 100644 --- a/windows/security/threat-protection/auditing/event-4715.md +++ b/windows/security/threat-protection/auditing/event-4715.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md index 212334d05a..cd10d369cb 100644 --- a/windows/security/threat-protection/auditing/event-4716.md +++ b/windows/security/threat-protection/auditing/event-4716.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md index 22a4ae6f99..7f78cff24b 100644 --- a/windows/security/threat-protection/auditing/event-4717.md +++ b/windows/security/threat-protection/auditing/event-4717.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md index a6b2d122b0..244c704a46 100644 --- a/windows/security/threat-protection/auditing/event-4718.md +++ b/windows/security/threat-protection/auditing/event-4718.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md index b059b70570..7573462403 100644 --- a/windows/security/threat-protection/auditing/event-4719.md +++ b/windows/security/threat-protection/auditing/event-4719.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md index f825fb7830..92f0e29689 100644 --- a/windows/security/threat-protection/auditing/event-4720.md +++ b/windows/security/threat-protection/auditing/event-4720.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md index 6f79a8db9d..4c4760577c 100644 --- a/windows/security/threat-protection/auditing/event-4722.md +++ b/windows/security/threat-protection/auditing/event-4722.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md index 9c7be0c550..8f28c2cd9e 100644 --- a/windows/security/threat-protection/auditing/event-4723.md +++ b/windows/security/threat-protection/auditing/event-4723.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md index f6d92798fe..86ee75c102 100644 --- a/windows/security/threat-protection/auditing/event-4724.md +++ b/windows/security/threat-protection/auditing/event-4724.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md index 90c3413e42..bb763a6d94 100644 --- a/windows/security/threat-protection/auditing/event-4725.md +++ b/windows/security/threat-protection/auditing/event-4725.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md index a1b3aab4c7..3b94a9d932 100644 --- a/windows/security/threat-protection/auditing/event-4726.md +++ b/windows/security/threat-protection/auditing/event-4726.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md index 22c1e6eb40..14024e54dc 100644 --- a/windows/security/threat-protection/auditing/event-4731.md +++ b/windows/security/threat-protection/auditing/event-4731.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md index aa5565f35a..e664066bea 100644 --- a/windows/security/threat-protection/auditing/event-4732.md +++ b/windows/security/threat-protection/auditing/event-4732.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md index 083f18464e..aecd37a11c 100644 --- a/windows/security/threat-protection/auditing/event-4733.md +++ b/windows/security/threat-protection/auditing/event-4733.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md index f4780d9ea8..4c58d09b59 100644 --- a/windows/security/threat-protection/auditing/event-4734.md +++ b/windows/security/threat-protection/auditing/event-4734.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md index 2362e16e9c..ce3d862ef1 100644 --- a/windows/security/threat-protection/auditing/event-4735.md +++ b/windows/security/threat-protection/auditing/event-4735.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index 39bbbe118d..0c8fb36711 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md index 096dddc311..5f10b369d3 100644 --- a/windows/security/threat-protection/auditing/event-4739.md +++ b/windows/security/threat-protection/auditing/event-4739.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md index 8caa677a6c..4d0b0d8df2 100644 --- a/windows/security/threat-protection/auditing/event-4740.md +++ b/windows/security/threat-protection/auditing/event-4740.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md index 9575553088..70b34fee70 100644 --- a/windows/security/threat-protection/auditing/event-4741.md +++ b/windows/security/threat-protection/auditing/event-4741.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md index 714672c0cb..da608ef607 100644 --- a/windows/security/threat-protection/auditing/event-4742.md +++ b/windows/security/threat-protection/auditing/event-4742.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md index 56741dbe0a..e439cd89ae 100644 --- a/windows/security/threat-protection/auditing/event-4743.md +++ b/windows/security/threat-protection/auditing/event-4743.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md index 6a802579be..fd2d5944a0 100644 --- a/windows/security/threat-protection/auditing/event-4749.md +++ b/windows/security/threat-protection/auditing/event-4749.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md index 167d266933..f44abd9c34 100644 --- a/windows/security/threat-protection/auditing/event-4750.md +++ b/windows/security/threat-protection/auditing/event-4750.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md index 1680966da8..1f8e570ad1 100644 --- a/windows/security/threat-protection/auditing/event-4751.md +++ b/windows/security/threat-protection/auditing/event-4751.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md index 33b9da3ea2..dfb6e1ca78 100644 --- a/windows/security/threat-protection/auditing/event-4752.md +++ b/windows/security/threat-protection/auditing/event-4752.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md index 747fcbd8b4..d058d6c67b 100644 --- a/windows/security/threat-protection/auditing/event-4753.md +++ b/windows/security/threat-protection/auditing/event-4753.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md index 1d1a505b4d..1d1c326b32 100644 --- a/windows/security/threat-protection/auditing/event-4764.md +++ b/windows/security/threat-protection/auditing/event-4764.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md index f171b29603..975ba6c6fd 100644 --- a/windows/security/threat-protection/auditing/event-4765.md +++ b/windows/security/threat-protection/auditing/event-4765.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md index 9b0d0db5fe..f4c4c72b08 100644 --- a/windows/security/threat-protection/auditing/event-4766.md +++ b/windows/security/threat-protection/auditing/event-4766.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md index 916ad26f9d..15cbfe61f0 100644 --- a/windows/security/threat-protection/auditing/event-4767.md +++ b/windows/security/threat-protection/auditing/event-4767.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index 6846561482..2504a29182 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 10/20/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md index c3ad787f9e..b6d214a0e6 100644 --- a/windows/security/threat-protection/auditing/event-4769.md +++ b/windows/security/threat-protection/auditing/event-4769.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md index 40f752135e..ad500f9438 100644 --- a/windows/security/threat-protection/auditing/event-4770.md +++ b/windows/security/threat-protection/auditing/event-4770.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md index e2b66d8905..2bf678cb5f 100644 --- a/windows/security/threat-protection/auditing/event-4771.md +++ b/windows/security/threat-protection/auditing/event-4771.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md index 384ea2a5e0..b47920e1a2 100644 --- a/windows/security/threat-protection/auditing/event-4772.md +++ b/windows/security/threat-protection/auditing/event-4772.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md index 35ad7f2c6e..64b64b2a7f 100644 --- a/windows/security/threat-protection/auditing/event-4773.md +++ b/windows/security/threat-protection/auditing/event-4773.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md index d7e73812a8..d90262ba63 100644 --- a/windows/security/threat-protection/auditing/event-4774.md +++ b/windows/security/threat-protection/auditing/event-4774.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4775.md b/windows/security/threat-protection/auditing/event-4775.md index b635329953..f3e9fe6fb3 100644 --- a/windows/security/threat-protection/auditing/event-4775.md +++ b/windows/security/threat-protection/auditing/event-4775.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md index aa6c83a26f..70a1ddd981 100644 --- a/windows/security/threat-protection/auditing/event-4776.md +++ b/windows/security/threat-protection/auditing/event-4776.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/13/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md index 74b68ee4d4..2c4d16c520 100644 --- a/windows/security/threat-protection/auditing/event-4777.md +++ b/windows/security/threat-protection/auditing/event-4777.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md index 4d71f59a24..f0f007b611 100644 --- a/windows/security/threat-protection/auditing/event-4778.md +++ b/windows/security/threat-protection/auditing/event-4778.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md index 8a034ed3af..6968f7112c 100644 --- a/windows/security/threat-protection/auditing/event-4779.md +++ b/windows/security/threat-protection/auditing/event-4779.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md index eb96a39284..4cdb52c09c 100644 --- a/windows/security/threat-protection/auditing/event-4780.md +++ b/windows/security/threat-protection/auditing/event-4780.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md index a152d41ede..f983f65ab6 100644 --- a/windows/security/threat-protection/auditing/event-4781.md +++ b/windows/security/threat-protection/auditing/event-4781.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md index 1079ddc301..f99d8cfc38 100644 --- a/windows/security/threat-protection/auditing/event-4782.md +++ b/windows/security/threat-protection/auditing/event-4782.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md index 570ace947f..f09632d7ae 100644 --- a/windows/security/threat-protection/auditing/event-4793.md +++ b/windows/security/threat-protection/auditing/event-4793.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md index 8f88976a35..bce1242646 100644 --- a/windows/security/threat-protection/auditing/event-4794.md +++ b/windows/security/threat-protection/auditing/event-4794.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md index 7eeafac41c..675ac8ae63 100644 --- a/windows/security/threat-protection/auditing/event-4798.md +++ b/windows/security/threat-protection/auditing/event-4798.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md index 01a317bd52..0f06aa7f65 100644 --- a/windows/security/threat-protection/auditing/event-4799.md +++ b/windows/security/threat-protection/auditing/event-4799.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md index 2b875cfd5d..d39ab6fe19 100644 --- a/windows/security/threat-protection/auditing/event-4800.md +++ b/windows/security/threat-protection/auditing/event-4800.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md index 35ef598149..c90c8fdea3 100644 --- a/windows/security/threat-protection/auditing/event-4801.md +++ b/windows/security/threat-protection/auditing/event-4801.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md index e372d5b282..4c84f2bd52 100644 --- a/windows/security/threat-protection/auditing/event-4802.md +++ b/windows/security/threat-protection/auditing/event-4802.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md index 3c3e80c86e..5f1894a8cf 100644 --- a/windows/security/threat-protection/auditing/event-4803.md +++ b/windows/security/threat-protection/auditing/event-4803.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md index 93576951c1..1d6ad4ae29 100644 --- a/windows/security/threat-protection/auditing/event-4816.md +++ b/windows/security/threat-protection/auditing/event-4816.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md index 68708166d7..26a781d5fa 100644 --- a/windows/security/threat-protection/auditing/event-4817.md +++ b/windows/security/threat-protection/auditing/event-4817.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md index c1bd31d8f9..baf2779455 100644 --- a/windows/security/threat-protection/auditing/event-4818.md +++ b/windows/security/threat-protection/auditing/event-4818.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md index af81133616..4cbfab1be0 100644 --- a/windows/security/threat-protection/auditing/event-4819.md +++ b/windows/security/threat-protection/auditing/event-4819.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md index a5fc916065..220ee7a580 100644 --- a/windows/security/threat-protection/auditing/event-4826.md +++ b/windows/security/threat-protection/auditing/event-4826.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md index ea84a736a0..61eb307968 100644 --- a/windows/security/threat-protection/auditing/event-4864.md +++ b/windows/security/threat-protection/auditing/event-4864.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md index 5bb092d7a4..bf45074afb 100644 --- a/windows/security/threat-protection/auditing/event-4865.md +++ b/windows/security/threat-protection/auditing/event-4865.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md index b588e61bbc..9386b9cba4 100644 --- a/windows/security/threat-protection/auditing/event-4866.md +++ b/windows/security/threat-protection/auditing/event-4866.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md index c080741dd9..6873600fc5 100644 --- a/windows/security/threat-protection/auditing/event-4867.md +++ b/windows/security/threat-protection/auditing/event-4867.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md index 89eeb36eb6..c95d24be90 100644 --- a/windows/security/threat-protection/auditing/event-4902.md +++ b/windows/security/threat-protection/auditing/event-4902.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md index 658f0b2f7e..a7554ed6c4 100644 --- a/windows/security/threat-protection/auditing/event-4904.md +++ b/windows/security/threat-protection/auditing/event-4904.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/07/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md index a7fdfa4dfa..11a3bf597b 100644 --- a/windows/security/threat-protection/auditing/event-4905.md +++ b/windows/security/threat-protection/auditing/event-4905.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md index 676c32fbcc..70848c2c2f 100644 --- a/windows/security/threat-protection/auditing/event-4906.md +++ b/windows/security/threat-protection/auditing/event-4906.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md index f6c5ebea92..64869d1958 100644 --- a/windows/security/threat-protection/auditing/event-4907.md +++ b/windows/security/threat-protection/auditing/event-4907.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index 5173543a28..62a8a1992e 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4909.md b/windows/security/threat-protection/auditing/event-4909.md index f85c02b5ec..f7e426beac 100644 --- a/windows/security/threat-protection/auditing/event-4909.md +++ b/windows/security/threat-protection/auditing/event-4909.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4910.md b/windows/security/threat-protection/auditing/event-4910.md index 0cdca35e3e..8d9fb6ca5d 100644 --- a/windows/security/threat-protection/auditing/event-4910.md +++ b/windows/security/threat-protection/auditing/event-4910.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md index 4a2e0e7e1f..5a07d7a28b 100644 --- a/windows/security/threat-protection/auditing/event-4911.md +++ b/windows/security/threat-protection/auditing/event-4911.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md index a9a2a1d9b0..e3f2374f99 100644 --- a/windows/security/threat-protection/auditing/event-4912.md +++ b/windows/security/threat-protection/auditing/event-4912.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md index dc79e60f50..dcaf7ca359 100644 --- a/windows/security/threat-protection/auditing/event-4913.md +++ b/windows/security/threat-protection/auditing/event-4913.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4928.md b/windows/security/threat-protection/auditing/event-4928.md index 64481ef466..346beb3c4b 100644 --- a/windows/security/threat-protection/auditing/event-4928.md +++ b/windows/security/threat-protection/auditing/event-4928.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4929.md b/windows/security/threat-protection/auditing/event-4929.md index bd67b19fac..f3fe7007a4 100644 --- a/windows/security/threat-protection/auditing/event-4929.md +++ b/windows/security/threat-protection/auditing/event-4929.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4930.md b/windows/security/threat-protection/auditing/event-4930.md index c63813a961..05746193a7 100644 --- a/windows/security/threat-protection/auditing/event-4930.md +++ b/windows/security/threat-protection/auditing/event-4930.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4931.md b/windows/security/threat-protection/auditing/event-4931.md index 46b91b742c..a90d55c58a 100644 --- a/windows/security/threat-protection/auditing/event-4931.md +++ b/windows/security/threat-protection/auditing/event-4931.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4932.md b/windows/security/threat-protection/auditing/event-4932.md index b686a7b13c..553b1554ab 100644 --- a/windows/security/threat-protection/auditing/event-4932.md +++ b/windows/security/threat-protection/auditing/event-4932.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4933.md b/windows/security/threat-protection/auditing/event-4933.md index 7fb4991241..11c18320c3 100644 --- a/windows/security/threat-protection/auditing/event-4933.md +++ b/windows/security/threat-protection/auditing/event-4933.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4934.md b/windows/security/threat-protection/auditing/event-4934.md index 65521bb868..b44747fd69 100644 --- a/windows/security/threat-protection/auditing/event-4934.md +++ b/windows/security/threat-protection/auditing/event-4934.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md index c939bc09ed..570b01e598 100644 --- a/windows/security/threat-protection/auditing/event-4935.md +++ b/windows/security/threat-protection/auditing/event-4935.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md index 37b1c8ca83..3a7945bdd8 100644 --- a/windows/security/threat-protection/auditing/event-4936.md +++ b/windows/security/threat-protection/auditing/event-4936.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md index 9bdef69aa8..058fa49bc8 100644 --- a/windows/security/threat-protection/auditing/event-4937.md +++ b/windows/security/threat-protection/auditing/event-4937.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4944.md b/windows/security/threat-protection/auditing/event-4944.md index 34ca3f9e47..54a708cbbe 100644 --- a/windows/security/threat-protection/auditing/event-4944.md +++ b/windows/security/threat-protection/auditing/event-4944.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4945.md b/windows/security/threat-protection/auditing/event-4945.md index cc7ffb2eec..b987b1c9a4 100644 --- a/windows/security/threat-protection/auditing/event-4945.md +++ b/windows/security/threat-protection/auditing/event-4945.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4946.md b/windows/security/threat-protection/auditing/event-4946.md index 5a3a44929a..05a92b02dd 100644 --- a/windows/security/threat-protection/auditing/event-4946.md +++ b/windows/security/threat-protection/auditing/event-4946.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md index 7d09cf4d23..2ba20c744c 100644 --- a/windows/security/threat-protection/auditing/event-4947.md +++ b/windows/security/threat-protection/auditing/event-4947.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4948.md b/windows/security/threat-protection/auditing/event-4948.md index ecc34d3112..49a277cb7b 100644 --- a/windows/security/threat-protection/auditing/event-4948.md +++ b/windows/security/threat-protection/auditing/event-4948.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4949.md b/windows/security/threat-protection/auditing/event-4949.md index 617b780983..83050f4469 100644 --- a/windows/security/threat-protection/auditing/event-4949.md +++ b/windows/security/threat-protection/auditing/event-4949.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4950.md b/windows/security/threat-protection/auditing/event-4950.md index 8c7148eb98..9b94938a6b 100644 --- a/windows/security/threat-protection/auditing/event-4950.md +++ b/windows/security/threat-protection/auditing/event-4950.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4951.md b/windows/security/threat-protection/auditing/event-4951.md index 6f7ede1970..220d2954a4 100644 --- a/windows/security/threat-protection/auditing/event-4951.md +++ b/windows/security/threat-protection/auditing/event-4951.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4952.md b/windows/security/threat-protection/auditing/event-4952.md index 3c9322ae26..988c2fcd99 100644 --- a/windows/security/threat-protection/auditing/event-4952.md +++ b/windows/security/threat-protection/auditing/event-4952.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md index c327d3a349..a69ce28acc 100644 --- a/windows/security/threat-protection/auditing/event-4953.md +++ b/windows/security/threat-protection/auditing/event-4953.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4954.md b/windows/security/threat-protection/auditing/event-4954.md index 67a7f024aa..c2dedeab3b 100644 --- a/windows/security/threat-protection/auditing/event-4954.md +++ b/windows/security/threat-protection/auditing/event-4954.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4956.md b/windows/security/threat-protection/auditing/event-4956.md index bc90d17945..1ae59f02ad 100644 --- a/windows/security/threat-protection/auditing/event-4956.md +++ b/windows/security/threat-protection/auditing/event-4956.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4957.md b/windows/security/threat-protection/auditing/event-4957.md index 5abad05870..bb642deb1b 100644 --- a/windows/security/threat-protection/auditing/event-4957.md +++ b/windows/security/threat-protection/auditing/event-4957.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4958.md b/windows/security/threat-protection/auditing/event-4958.md index 4bd2da3a99..eeeab9b126 100644 --- a/windows/security/threat-protection/auditing/event-4958.md +++ b/windows/security/threat-protection/auditing/event-4958.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md index 6e7bc52761..4066f73396 100644 --- a/windows/security/threat-protection/auditing/event-4964.md +++ b/windows/security/threat-protection/auditing/event-4964.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md index 2f0e374a30..225d1d08a8 100644 --- a/windows/security/threat-protection/auditing/event-4985.md +++ b/windows/security/threat-protection/auditing/event-4985.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5024.md b/windows/security/threat-protection/auditing/event-5024.md index 46c44da725..2c1c44e3fe 100644 --- a/windows/security/threat-protection/auditing/event-5024.md +++ b/windows/security/threat-protection/auditing/event-5024.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5025.md b/windows/security/threat-protection/auditing/event-5025.md index fbc702ac8e..e3fe8ec3be 100644 --- a/windows/security/threat-protection/auditing/event-5025.md +++ b/windows/security/threat-protection/auditing/event-5025.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md index 47a348cf77..1610a55ecb 100644 --- a/windows/security/threat-protection/auditing/event-5027.md +++ b/windows/security/threat-protection/auditing/event-5027.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5028.md b/windows/security/threat-protection/auditing/event-5028.md index 65d5204a98..6bafd59bdf 100644 --- a/windows/security/threat-protection/auditing/event-5028.md +++ b/windows/security/threat-protection/auditing/event-5028.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5029.md b/windows/security/threat-protection/auditing/event-5029.md index 89b6ca69bb..0374f795d3 100644 --- a/windows/security/threat-protection/auditing/event-5029.md +++ b/windows/security/threat-protection/auditing/event-5029.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5030.md b/windows/security/threat-protection/auditing/event-5030.md index 86502afb98..785312b335 100644 --- a/windows/security/threat-protection/auditing/event-5030.md +++ b/windows/security/threat-protection/auditing/event-5030.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md index 0e6d81e9ac..961e0a0e16 100644 --- a/windows/security/threat-protection/auditing/event-5031.md +++ b/windows/security/threat-protection/auditing/event-5031.md @@ -1,15 +1,15 @@ --- title: 5031(F) The Windows Firewall Service blocked an application from accepting incoming connections on the network. (Windows 10) ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa description: Describes security event 5031(F) The Windows Firewall Service blocked an application from accepting incoming connections on the network. ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5032.md b/windows/security/threat-protection/auditing/event-5032.md index c8b0bff151..810a8e3505 100644 --- a/windows/security/threat-protection/auditing/event-5032.md +++ b/windows/security/threat-protection/auditing/event-5032.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5033.md b/windows/security/threat-protection/auditing/event-5033.md index dfbbcae025..07c9814a3b 100644 --- a/windows/security/threat-protection/auditing/event-5033.md +++ b/windows/security/threat-protection/auditing/event-5033.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5034.md b/windows/security/threat-protection/auditing/event-5034.md index e0815c5bd1..24d743030c 100644 --- a/windows/security/threat-protection/auditing/event-5034.md +++ b/windows/security/threat-protection/auditing/event-5034.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5035.md b/windows/security/threat-protection/auditing/event-5035.md index c6a382c517..d7e93f5982 100644 --- a/windows/security/threat-protection/auditing/event-5035.md +++ b/windows/security/threat-protection/auditing/event-5035.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5037.md b/windows/security/threat-protection/auditing/event-5037.md index d3542cd1d7..4ab5e11cee 100644 --- a/windows/security/threat-protection/auditing/event-5037.md +++ b/windows/security/threat-protection/auditing/event-5037.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5038.md b/windows/security/threat-protection/auditing/event-5038.md index 60b2f51b2d..30c1790eb9 100644 --- a/windows/security/threat-protection/auditing/event-5038.md +++ b/windows/security/threat-protection/auditing/event-5038.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md index aec25c2291..accfc3ae8f 100644 --- a/windows/security/threat-protection/auditing/event-5039.md +++ b/windows/security/threat-protection/auditing/event-5039.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md index 530cebdbe3..bf06c3d611 100644 --- a/windows/security/threat-protection/auditing/event-5051.md +++ b/windows/security/threat-protection/auditing/event-5051.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md index b8d749b9fe..5059d50c64 100644 --- a/windows/security/threat-protection/auditing/event-5056.md +++ b/windows/security/threat-protection/auditing/event-5056.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5057.md b/windows/security/threat-protection/auditing/event-5057.md index 6f251535e5..04d22f10de 100644 --- a/windows/security/threat-protection/auditing/event-5057.md +++ b/windows/security/threat-protection/auditing/event-5057.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md index 42a31d7a3a..4d8c8989e1 100644 --- a/windows/security/threat-protection/auditing/event-5058.md +++ b/windows/security/threat-protection/auditing/event-5058.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md index 5beef1d24c..6c069ab814 100644 --- a/windows/security/threat-protection/auditing/event-5059.md +++ b/windows/security/threat-protection/auditing/event-5059.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md index b8f9fb0ef7..00c3fc26b4 100644 --- a/windows/security/threat-protection/auditing/event-5060.md +++ b/windows/security/threat-protection/auditing/event-5060.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md index 58bcd9848d..2b6cc4b64c 100644 --- a/windows/security/threat-protection/auditing/event-5061.md +++ b/windows/security/threat-protection/auditing/event-5061.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md index 3ac8412240..b038353b7d 100644 --- a/windows/security/threat-protection/auditing/event-5062.md +++ b/windows/security/threat-protection/auditing/event-5062.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md index ca597eccaf..52e68d3dbd 100644 --- a/windows/security/threat-protection/auditing/event-5063.md +++ b/windows/security/threat-protection/auditing/event-5063.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md index ae83f4488b..9dd6ca5e47 100644 --- a/windows/security/threat-protection/auditing/event-5064.md +++ b/windows/security/threat-protection/auditing/event-5064.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md index e382f07e2f..46772ff759 100644 --- a/windows/security/threat-protection/auditing/event-5065.md +++ b/windows/security/threat-protection/auditing/event-5065.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md index 6a40bb0b06..1a4dd7ae96 100644 --- a/windows/security/threat-protection/auditing/event-5066.md +++ b/windows/security/threat-protection/auditing/event-5066.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md index 02b76446df..01b6ce22cb 100644 --- a/windows/security/threat-protection/auditing/event-5067.md +++ b/windows/security/threat-protection/auditing/event-5067.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md index ed2e8582db..c365519a4c 100644 --- a/windows/security/threat-protection/auditing/event-5068.md +++ b/windows/security/threat-protection/auditing/event-5068.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md index fc14219958..68a9da47b3 100644 --- a/windows/security/threat-protection/auditing/event-5069.md +++ b/windows/security/threat-protection/auditing/event-5069.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md index f21b182de2..85ccd666f0 100644 --- a/windows/security/threat-protection/auditing/event-5070.md +++ b/windows/security/threat-protection/auditing/event-5070.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md index 26b6d241f5..d58033c0a7 100644 --- a/windows/security/threat-protection/auditing/event-5136.md +++ b/windows/security/threat-protection/auditing/event-5136.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md index 0a90a9f3a9..a0d084c4f8 100644 --- a/windows/security/threat-protection/auditing/event-5137.md +++ b/windows/security/threat-protection/auditing/event-5137.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md index 0757dcd92c..abb03c8027 100644 --- a/windows/security/threat-protection/auditing/event-5138.md +++ b/windows/security/threat-protection/auditing/event-5138.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md index eabd06efdf..ca0b1825f9 100644 --- a/windows/security/threat-protection/auditing/event-5139.md +++ b/windows/security/threat-protection/auditing/event-5139.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md index b5ae516ec7..ea890e4738 100644 --- a/windows/security/threat-protection/auditing/event-5140.md +++ b/windows/security/threat-protection/auditing/event-5140.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md index e63227b1ad..fbc9435158 100644 --- a/windows/security/threat-protection/auditing/event-5141.md +++ b/windows/security/threat-protection/auditing/event-5141.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md index 706a6ab1a0..74e31d363f 100644 --- a/windows/security/threat-protection/auditing/event-5142.md +++ b/windows/security/threat-protection/auditing/event-5142.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index e533127f2a..e485322da4 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md index c440efc29d..50f697a96f 100644 --- a/windows/security/threat-protection/auditing/event-5144.md +++ b/windows/security/threat-protection/auditing/event-5144.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index 1368fde95e..782cdb4911 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md index d8739009b8..109b4da544 100644 --- a/windows/security/threat-protection/auditing/event-5148.md +++ b/windows/security/threat-protection/auditing/event-5148.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md index 5cbafb7fe3..b94279645b 100644 --- a/windows/security/threat-protection/auditing/event-5149.md +++ b/windows/security/threat-protection/auditing/event-5149.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md index fd48f85788..23c35f76d7 100644 --- a/windows/security/threat-protection/auditing/event-5150.md +++ b/windows/security/threat-protection/auditing/event-5150.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md index ea0b6f1ba5..239d0556a2 100644 --- a/windows/security/threat-protection/auditing/event-5151.md +++ b/windows/security/threat-protection/auditing/event-5151.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md index 20bb33c8fc..7fd8072d96 100644 --- a/windows/security/threat-protection/auditing/event-5152.md +++ b/windows/security/threat-protection/auditing/event-5152.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md index f9e60da5a0..355b963812 100644 --- a/windows/security/threat-protection/auditing/event-5153.md +++ b/windows/security/threat-protection/auditing/event-5153.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md index 4b45c0c9cd..4ada326421 100644 --- a/windows/security/threat-protection/auditing/event-5154.md +++ b/windows/security/threat-protection/auditing/event-5154.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md index 06487ca949..b24e159daf 100644 --- a/windows/security/threat-protection/auditing/event-5155.md +++ b/windows/security/threat-protection/auditing/event-5155.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md index 4c668565fa..a22acae52c 100644 --- a/windows/security/threat-protection/auditing/event-5156.md +++ b/windows/security/threat-protection/auditing/event-5156.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md index 3569920d49..c555d5aa36 100644 --- a/windows/security/threat-protection/auditing/event-5157.md +++ b/windows/security/threat-protection/auditing/event-5157.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md index e2ecfbd040..1255e8d0bb 100644 --- a/windows/security/threat-protection/auditing/event-5158.md +++ b/windows/security/threat-protection/auditing/event-5158.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md index 61393ef168..bbd1141c71 100644 --- a/windows/security/threat-protection/auditing/event-5159.md +++ b/windows/security/threat-protection/auditing/event-5159.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md index 570974bec3..1b97127e7f 100644 --- a/windows/security/threat-protection/auditing/event-5168.md +++ b/windows/security/threat-protection/auditing/event-5168.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md index ef83094d63..eaa77a9e64 100644 --- a/windows/security/threat-protection/auditing/event-5376.md +++ b/windows/security/threat-protection/auditing/event-5376.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md index d6440e7a09..fd9c84db3a 100644 --- a/windows/security/threat-protection/auditing/event-5377.md +++ b/windows/security/threat-protection/auditing/event-5377.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md index e84e1932e0..d25246b249 100644 --- a/windows/security/threat-protection/auditing/event-5378.md +++ b/windows/security/threat-protection/auditing/event-5378.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md index e20265f6c6..801d206b0b 100644 --- a/windows/security/threat-protection/auditing/event-5447.md +++ b/windows/security/threat-protection/auditing/event-5447.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md index 7b2b12b6e5..d7765406fd 100644 --- a/windows/security/threat-protection/auditing/event-5632.md +++ b/windows/security/threat-protection/auditing/event-5632.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md index 773a459b03..e0591f9a05 100644 --- a/windows/security/threat-protection/auditing/event-5633.md +++ b/windows/security/threat-protection/auditing/event-5633.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md index f3b0737f54..dbafd70da3 100644 --- a/windows/security/threat-protection/auditing/event-5712.md +++ b/windows/security/threat-protection/auditing/event-5712.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md index 1f26806087..0ac72b6488 100644 --- a/windows/security/threat-protection/auditing/event-5888.md +++ b/windows/security/threat-protection/auditing/event-5888.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md index 5b2c268093..821162c968 100644 --- a/windows/security/threat-protection/auditing/event-5889.md +++ b/windows/security/threat-protection/auditing/event-5889.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md index e79e3d6362..a59fadc788 100644 --- a/windows/security/threat-protection/auditing/event-5890.md +++ b/windows/security/threat-protection/auditing/event-5890.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md index 0cc09756be..959f1b969c 100644 --- a/windows/security/threat-protection/auditing/event-6144.md +++ b/windows/security/threat-protection/auditing/event-6144.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md index 3a84f0746a..266a490fdd 100644 --- a/windows/security/threat-protection/auditing/event-6145.md +++ b/windows/security/threat-protection/auditing/event-6145.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/08/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md index 08849399ff..d6701e243e 100644 --- a/windows/security/threat-protection/auditing/event-6281.md +++ b/windows/security/threat-protection/auditing/event-6281.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md index 4579bf3a3f..f3cc62235d 100644 --- a/windows/security/threat-protection/auditing/event-6400.md +++ b/windows/security/threat-protection/auditing/event-6400.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md index b7e9be68fc..cdd2869db5 100644 --- a/windows/security/threat-protection/auditing/event-6401.md +++ b/windows/security/threat-protection/auditing/event-6401.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md index 43c3c34353..5c2a2775b2 100644 --- a/windows/security/threat-protection/auditing/event-6402.md +++ b/windows/security/threat-protection/auditing/event-6402.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md index d2fdd63838..3b5d284082 100644 --- a/windows/security/threat-protection/auditing/event-6403.md +++ b/windows/security/threat-protection/auditing/event-6403.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md index 8398476eb6..ff6b32947a 100644 --- a/windows/security/threat-protection/auditing/event-6404.md +++ b/windows/security/threat-protection/auditing/event-6404.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md index cd6d137b5a..f83340addb 100644 --- a/windows/security/threat-protection/auditing/event-6405.md +++ b/windows/security/threat-protection/auditing/event-6405.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md index 49d868e4de..d6109b695e 100644 --- a/windows/security/threat-protection/auditing/event-6406.md +++ b/windows/security/threat-protection/auditing/event-6406.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md index 791511b97c..ce5d5ebc3e 100644 --- a/windows/security/threat-protection/auditing/event-6407.md +++ b/windows/security/threat-protection/auditing/event-6407.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6408.md b/windows/security/threat-protection/auditing/event-6408.md index 24596eef2a..6d0c126230 100644 --- a/windows/security/threat-protection/auditing/event-6408.md +++ b/windows/security/threat-protection/auditing/event-6408.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md index 776b12553b..cae21e47a0 100644 --- a/windows/security/threat-protection/auditing/event-6409.md +++ b/windows/security/threat-protection/auditing/event-6409.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6410.md b/windows/security/threat-protection/auditing/event-6410.md index 36e66234e1..bc36888be7 100644 --- a/windows/security/threat-protection/auditing/event-6410.md +++ b/windows/security/threat-protection/auditing/event-6410.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6416.md b/windows/security/threat-protection/auditing/event-6416.md index 2fc25d6efc..b9f703c82a 100644 --- a/windows/security/threat-protection/auditing/event-6416.md +++ b/windows/security/threat-protection/auditing/event-6416.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6419.md b/windows/security/threat-protection/auditing/event-6419.md index 3af676c307..0ee6db7f7a 100644 --- a/windows/security/threat-protection/auditing/event-6419.md +++ b/windows/security/threat-protection/auditing/event-6419.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md index 62e0bb14da..b2f1f226a9 100644 --- a/windows/security/threat-protection/auditing/event-6420.md +++ b/windows/security/threat-protection/auditing/event-6420.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6421.md b/windows/security/threat-protection/auditing/event-6421.md index 4be9a3ae41..7d66ba817d 100644 --- a/windows/security/threat-protection/auditing/event-6421.md +++ b/windows/security/threat-protection/auditing/event-6421.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md index 1ef19e5f52..4c3fca7a7b 100644 --- a/windows/security/threat-protection/auditing/event-6422.md +++ b/windows/security/threat-protection/auditing/event-6422.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6423.md b/windows/security/threat-protection/auditing/event-6423.md index cb4e2566fb..a10965291f 100644 --- a/windows/security/threat-protection/auditing/event-6423.md +++ b/windows/security/threat-protection/auditing/event-6423.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/event-6424.md b/windows/security/threat-protection/auditing/event-6424.md index 13af19c639..fa6239dca4 100644 --- a/windows/security/threat-protection/auditing/event-6424.md +++ b/windows/security/threat-protection/auditing/event-6424.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md index 605274b0a5..3461e567d2 100644 --- a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md +++ b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md @@ -3,14 +3,14 @@ title: File System (Global Object Access Auditing) (Windows 10) description: The policy setting, File System (Global Object Access Auditing), enables you to configure a global system access control list (SACL) for an entire computer. ms.assetid: 4f215d61-0e23-46e4-9e58-08511105d25b ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md index b8cc2220c9..88c58add6a 100644 --- a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md +++ b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md @@ -6,11 +6,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md index 0d27bc3fda..5fbda0c290 100644 --- a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md +++ b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md @@ -3,14 +3,14 @@ title: Monitor central access policy and rule definitions (Windows 10) description: Learn how to use advanced security auditing options to monitor changes to central access policy and central access rule definitions. ms.assetid: 553f98a6-7606-4518-a3c5-347a33105130 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/monitor-claim-types.md b/windows/security/threat-protection/auditing/monitor-claim-types.md index 1a7fbfe2d2..7a1e32271c 100644 --- a/windows/security/threat-protection/auditing/monitor-claim-types.md +++ b/windows/security/threat-protection/auditing/monitor-claim-types.md @@ -3,14 +3,14 @@ title: Monitor claim types (Windows 10) description: Learn how to monitor changes to claim types that are associated with dynamic access control when you're using advanced security auditing options. ms.assetid: 426084da-4eef-44af-aeec-e7ab4d4e2439 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md index c9c75a970e..a0514b7589 100644 --- a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md +++ b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md @@ -3,14 +3,14 @@ title: Monitor resource attribute definitions (Windows 10) description: Learn how to monitor changes to resource attribute definitions when you're using advanced security auditing options to monitor dynamic access control objects. ms.assetid: aace34b0-123a-4b83-9e09-f269220e79de ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md index 83ab6f2561..03717667d5 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md @@ -3,14 +3,14 @@ title: Monitor central access policies for files or folders (Windows 10) description: Monitor changes to central access policies associated with files and folders, when using advanced security auditing options for dynamic access control objects. ms.assetid: 2ea8fc23-b3ac-432f-87b0-6a16506e8eed ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md index 15c31fb0d2..c811249554 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md @@ -3,14 +3,14 @@ title: Monitor central access policies on a file server (Windows 10) description: Learn how to monitor changes to the central access policies that apply to a file server when using advanced security auditing options. ms.assetid: 126b051e-c20d-41f1-b42f-6cff24dcf20c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md index 73427802a4..a27bd7e737 100644 --- a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md @@ -3,14 +3,14 @@ title: Monitor the resource attributes on files and folders (Windows 10) description: Learn how to use advanced security auditing options to monitor attempts to change settings on the resource attributes of files. ms.assetid: 4944097b-320f-44c7-88ed-bf55946a358b ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index 054bdf5247..9698df21c7 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -3,14 +3,14 @@ title: Monitor the use of removable storage devices (Windows 10) description: Learn how advanced security auditing options can be used to monitor attempts to use removable storage devices to access network resources. ms.assetid: b0a9e4a5-b7ff-41c6-96ff-0228d4ba5da8 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md index 759bc149b4..aecee98588 100644 --- a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md +++ b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md @@ -3,14 +3,14 @@ title: Monitor user and device claims during sign-in (Windows 10) description: Learn how to monitor user and device claims that are associated with a user’s security token. This advice assumes you have deployed Dynamic Access Control. ms.assetid: 71796ea9-5fe4-4183-8475-805c3c1f319f ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/other-events.md b/windows/security/threat-protection/auditing/other-events.md index 12044634fd..d9e2a09d85 100644 --- a/windows/security/threat-protection/auditing/other-events.md +++ b/windows/security/threat-protection/auditing/other-events.md @@ -6,11 +6,11 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium -author: dansimp +author: vinaypamnani-msft ms.date: 09/09/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md index 08a07d6718..1d3ced24bf 100644 --- a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md @@ -3,14 +3,14 @@ title: Plan and deploy advanced security audit policies (Windows 10) description: Learn to deploy an effective security audit policy in a network that includes advanced security audit policies. ms.assetid: 7428e1db-aba8-407b-a39e-509671e5a442 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md index cd2acc181e..eec3ad4eba 100644 --- a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md +++ b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md @@ -3,14 +3,14 @@ title: Registry (Global Object Access Auditing) (Windows 10) description: The Advanced Security Audit policy setting, Registry (Global Object Access Auditing), enables you to configure a global system access control list (SACL). ms.assetid: 953bb1c1-3f76-43be-ba17-4aed2304f578 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/security-auditing-overview.md b/windows/security/threat-protection/auditing/security-auditing-overview.md index 7d7e21c1f3..e24417cc1a 100644 --- a/windows/security/threat-protection/auditing/security-auditing-overview.md +++ b/windows/security/threat-protection/auditing/security-auditing-overview.md @@ -3,14 +3,14 @@ title: Security auditing (Windows 10) description: Learn about security auditing features in Windows, and how your organization can benefit from using them to make your network more secure and easily managed. ms.assetid: 2d9b8142-49bd-4a33-b246-3f0c2a5f32d4 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md index e91e703325..0ca7de41af 100644 --- a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md +++ b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md @@ -3,14 +3,14 @@ title: Using advanced security auditing options to monitor dynamic access contro description: Domain admins can set up advanced security audit options in Windows 10 to target specific users, or monitor potentially significant activity on multiple devices ms.assetid: 0d2c28ea-bdaf-47fd-bca2-a07dce5fed37 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/view-the-security-event-log.md b/windows/security/threat-protection/auditing/view-the-security-event-log.md index e934463906..78ec8301ba 100644 --- a/windows/security/threat-protection/auditing/view-the-security-event-log.md +++ b/windows/security/threat-protection/auditing/view-the-security-event-log.md @@ -3,14 +3,14 @@ title: View the security event log (Windows 10) description: The security log records each event as defined by the audit policies you set on each object. ms.assetid: 20DD2ACD-241A-45C5-A92F-4BE0D9F198B9 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md index b6c73ba668..90df2b5229 100644 --- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md +++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md @@ -3,14 +3,14 @@ title: Which editions of Windows support advanced audit policy configuration (Wi description: This reference topic for the IT professional describes which versions of the Windows operating systems support advanced security auditing policies. ms.assetid: 87c71cc5-522d-4771-ac78-34a2a0825f31 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md index 95aa186d93..e0e4b5e90d 100644 --- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md +++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md @@ -2,7 +2,7 @@ title: Block untrusted fonts in an enterprise (Windows 10) description: To help protect your company from attacks that may originate from untrusted or attacker controlled font files, we've created the Blocking Untrusted Fonts feature. ms.reviewer: -manager: dansimp +manager: aaroncz ms.prod: m365-security author: dansimp ms.author: dansimp diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 90770727f0..8a30b38b55 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -4,9 +4,9 @@ description: This article explains the steps to opt in to using HVCI on Windows ms.prod: m365-security ms.mktglfcycl: deploy ms.localizationpriority: medium -ms.author: dansimp -author: dansimp -manager: dansimp +ms.author: vinpa +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md index 7e6029430c..15d041a084 100644 --- a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md @@ -3,10 +3,10 @@ title: Windows Defender Application Control and virtualization-based code integr description: Hardware and software system integrity-hardening capabilities that can be deployed separately or in combination with Windows Defender Application Control (WDAC). ms.prod: m365-security ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb +author: vinaypamnani-msft +ms.author: vinpa ms.reviewer: -manager: dansimp +manager: aaroncz ms.custom: asr ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md index 7a99baa345..7115e2659a 100644 --- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md @@ -5,14 +5,14 @@ keywords: virtualization, security, malware ms.prod: m365-security ms.mktglfcycl: deploy ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 10/20/2017 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index 68328931ed..0070710577 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -4,7 +4,7 @@ description: Learn how Microsoft products and cryptographic modules follow the U ms.prod: m365-security author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md index 156cb74287..60f033276b 100644 --- a/windows/security/threat-protection/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/get-support-for-security-baselines.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium ms.author: dansimp author: dulcemontemayor -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/25/2018 diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 02f00be3f6..52a5ae4951 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -6,7 +6,7 @@ ms.prod: m365-security ms.author: dansimp author: dansimp ms.localizationpriority: medium -manager: dansimp +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.technology: windows-sec diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md index b38ebe2069..92da921c12 100644 --- a/windows/security/threat-protection/mbsa-removal-and-guidance.md +++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.author: dansimp author: dansimp ms.reviewer: -manager: dansimp +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md index 382528bfa0..5f58f733a3 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md @@ -6,11 +6,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb +author: vinaypamnani-msft +ms.author: vinpa ms.date: 08/22/2022 ms.reviewer: -manager: dansimp +manager: aaroncz ms.custom: sasr ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml index 603c2014c5..7118a806da 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml @@ -10,7 +10,7 @@ metadata: author: denisebmsft ms.author: deniseb ms.reviewer: - manager: dansimp + manager: aaroncz ms.custom: asr ms.technology: windows-sec ms.topic: faq diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index 2994f3ab96..d2301744c2 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -6,11 +6,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb +author: vinaypamnani-msft +ms.author: vinpa ms.date: 09/09/2021 ms.reviewer: -manager: dansimp +manager: aaroncz ms.custom: asr ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md index ffd97aa5cd..3b7bfa1c85 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md @@ -3,11 +3,11 @@ title: Microsoft Defender Application Guard Extension description: Learn about the Microsoft Defender Application Guard browser extension, which extends Application Guard's protection to more web browsers. ms.prod: m365-security ms.localizationpriority: medium -author: aczechowski -ms.author: aaroncz +author: vinaypamnani-msft +ms.author: vinpa ms.date: 09/09/2021 ms.reviewer: -manager: dansimp +manager: aaroncz ms.custom: asr ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 879c15353b..67ec813080 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -6,11 +6,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: denisebmsft -ms.author: deniseb +author: vinaypamnani-msft +ms.author: vinpa ms.date: 09/09/2021 ms.reviewer: -manager: dansimp +manager: aaroncz ms.custom: asr ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md index e02cee6ffc..e7ea108193 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md @@ -1,5 +1,5 @@ --- -title: System requirements for Microsoft Defender Application Guard +title: System requirements for Microsoft Defender Application Guard description: Learn about the system requirements for installing and running Microsoft Defender Application Guard. ms.prod: windows-client ms.technology: itpro-security diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/accessibility.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/accessibility.svg new file mode 100644 index 0000000000..21a6b4f235 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/accessibility.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg new file mode 100644 index 0000000000..ace95add6b --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg new file mode 100644 index 0000000000..6e0d938aed --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + + + Icon-intune-329 + + + + + + + + \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/powershell.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/powershell.svg new file mode 100644 index 0000000000..ab2d5152ca --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/powershell.svg @@ -0,0 +1,20 @@ + + + + + + + + + + MsPortalFx.base.images-10 + + + + + + + + + + \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/provisioning-package.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/provisioning-package.svg new file mode 100644 index 0000000000..dbbad7d780 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/provisioning-package.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/registry.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/registry.svg new file mode 100644 index 0000000000..06ab4c09d7 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/registry.svg @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + + + + Icon-general-18 + + + \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg new file mode 100644 index 0000000000..da64baf975 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md index 39945ec254..7fb31c6a05 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md @@ -5,12 +5,12 @@ ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: dansimp +author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 09/28/2020 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- # Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md index 59695ee06d..13b14919d3 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md @@ -2,11 +2,11 @@ title: Microsoft Defender SmartScreen overview description: Learn how Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. ms.prod: m365-security -author: dansimp -ms.author: dansimp +author: vinaypamnani-msft +ms.author: vinpa ms.localizationpriority: high ms.reviewer: -manager: dansimp +manager: aaroncz ms.technology: windows-sec adobe-target: true --- diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md index a73abf03ff..3a941e8767 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md @@ -5,12 +5,12 @@ ms.prod: m365-security ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: mjcaparas +author: vinaypamnani-msft ms.localizationpriority: medium ms.date: 10/13/2017 ms.reviewer: -manager: dansimp -ms.author: macapara +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md index 6fe565bf48..db57203dd5 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md @@ -1,17 +1,17 @@ --- -title: Enhanced Phishing Protection in Microsoft Defender SmartScreen +title: Enhanced Phishing Protection in Microsoft Defender SmartScreen description: Learn how Enhanced Phishing Protection for Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps. ms.prod: windows-client ms.technology: itpro-security -author: v-mathavale -ms.author: v-mathavale +author: vinaypamnani-msft +ms.author: vinpa ms.reviewer: paoloma manager: aaroncz ms.localizationpriority: medium -ms.date: 06/21/2022 +ms.date: 10/07/2022 adobe-target: true -appliesto: -- ✅ Windows 11, version 22H2 +appliesto: + - ✅ Windows 11, version 22H2 --- # Enhanced Phishing Protection in Microsoft Defender SmartScreen @@ -40,22 +40,36 @@ Enhanced Phishing Protection provides robust phishing protections for work or sc ## Configure Enhanced Phishing Protection for your organization -Enhanced Phishing Protection can be configured via Group Policy Objects (GPO) or Configuration Service Providers (CSP) with an MDM service like Microsoft Intune. Follow the instructions below to configure your devices using either GPO or CSP. +Enhanced Phishing Protection can be configured via Microsoft Intune, Group Policy Objects (GPO) or Configuration Service Providers (CSP) with an MDM service. Follow the instructions below to configure your devices using either Microsoft Intune, GPO or CSP. -#### [✅ **GPO**](#tab/gpo) +#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune) + +To configure devices using Microsoft Intune, create a [**Settings catalog** policy][MEM-2], and use the settings listed under the category **`SmartScreen > Enhanced Phishing Protection`**: + +|Setting|Description| +|---------|---------| +|Service Enabled |This policy setting determines whether Enhanced Phishing Protection is in audit mode or off. Users don't see any notifications for any protection scenarios when Enhanced Phishing Protection is in audit mode. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender.
                • If you enable or don't configure this setting, Enhanced Phishing Protection is enabled in audit mode, preventing users to turn it off.
                • If you disable this policy setting, Enhanced Phishing Protection is off. When off, Enhanced Phishing Protection doesn't capture events, send data, or notify users. Additionally, your users are unable to turn it on.
                  • | +|Notify Malicious|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a sign-in URL with an invalid certificate, or into an application connecting to either a reported phishing site or a sign-in URL with an invalid certificate
                • If you enable this policy setting, Enhanced Phishing Protection warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password.
                • If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn your users if they type their work or school password into one of the malicious scenarios described above.| +|Notify Password Reuse |This policy setting determines whether Enhanced Phishing Protection warns your users if they reuse their work or school password.
                • If you enable this policy setting, Enhanced Phishing Protection warns users if they reuse their work or school password and encourages them to change it.
                • If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they reuse their work or school password.| +|Notify Unsafe App|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school passwords in Notepad or Microsoft 365 Office Apps.
                • If you enable this policy setting, Enhanced Phishing Protection warns your users if they store their password in Notepad or Microsoft 365 Office Apps.
                • If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they store their password in Notepad or Microsoft 365 Office Apps.| + + +Assign the policy to a security group that contains as members the devices or users that you want to configure. + +#### [:::image type="icon" source="images/icons/group-policy.svg"::: **GPO**](#tab/gpo) Enhanced Phishing Protection can be configured using the following Administrative Templates policy settings: |Setting|Description| |---------|---------| -|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Service Enabled |This policy setting determines whether Enhanced Phishing Protection is in audit mode or off. Users don't see any notifications for any protection scenarios when Enhanced Phishing Protection is in audit mode. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender.

                  If you enable or don't configure this setting, Enhanced Phishing Protection is enabled in audit mode, preventing users to turn it off.

                  If you disable this policy setting, Enhanced Phishing Protection is off. When off, Enhanced Phishing Protection doesn't capture events, send data, or notify users. Additionally, your users are unable to turn it on.| -|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Malicious|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a sign-in URL with an invalid certificate, or into an application connecting to either a reported phishing site or a sign-in URL with an invalid certificate.

                  If you enable this policy setting, Enhanced Phishing Protection warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password.

                  If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn your users if they type their work or school password into one of the malicious scenarios described above.| -|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Password Reuse |This policy setting determines whether Enhanced Phishing Protection warns your users if they reuse their work or school password.

                  If you enable this policy setting, Enhanced Phishing Protection warns users if they reuse their work or school password and encourages them to change it.

                  If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they reuse their work or school password.| -|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Unsafe App|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school passwords in Notepad or Microsoft 365 Office Apps.

                  If you enable this policy setting, Enhanced Phishing Protection warns your users if they store their password in Notepad or Microsoft 365 Office Apps.

                  If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they store their password in Notepad or Microsoft 365 Office Apps.| +|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Service Enabled |This policy setting determines whether Enhanced Phishing Protection is in audit mode or off. Users don't see any notifications for any protection scenarios when Enhanced Phishing Protection is in audit mode. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender.
                • If you enable or don't configure this setting, Enhanced Phishing Protection is enabled in audit mode, preventing users to turn it off.
                • If you disable this policy setting, Enhanced Phishing Protection is off. When off, Enhanced Phishing Protection doesn't capture events, send data, or notify users. Additionally, your users are unable to turn it on.
                  • | +|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Malicious|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a sign-in URL with an invalid certificate, or into an application connecting to either a reported phishing site or a sign-in URL with an invalid certificate
                • If you enable this policy setting, Enhanced Phishing Protection warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password.
                • If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn your users if they type their work or school password into one of the malicious scenarios described above.| +|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Password Reuse |This policy setting determines whether Enhanced Phishing Protection warns your users if they reuse their work or school password.
                • If you enable this policy setting, Enhanced Phishing Protection warns users if they reuse their work or school password and encourages them to change it.
                • If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they reuse their work or school password.| +|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Unsafe App|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school passwords in Notepad or Microsoft 365 Office Apps.
                • If you enable this policy setting, Enhanced Phishing Protection warns your users if they store their password in Notepad or Microsoft 365 Office Apps.
                • If you disable or don't configure this policy setting, Enhanced Phishing Protection won't warn users if they store their password in Notepad or Microsoft 365 Office Apps.| -#### [✅ **CSP**](#tab/csp) +#### [:::image type="icon" source="images/icons/windows-os.svg"::: **CSP**](#tab/csp) -Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP](/windows/client-management/mdm/policy-csp-webthreatdefense). +Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP][WIN-1]. | Setting | OMA-URI | Data type | |-------------------------|---------------------------------------------------------------------------|-----------| @@ -70,9 +84,18 @@ Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP]( By default, Enhanced Phishing Protection is deployed in audit mode, preventing notifications to the users for any protection scenarios. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender. Users aren't warned if they enter their work or school password into a phishing site, if they reuse their password, or if they unsafely store their password in applications. Because of this possibility, it's recommended that you configure Enhanced Phishing Protection to warn users during all protection scenarios. -To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen Group Policy and MDM settings. +To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen settings. -#### [✅ **GPO**](#tab/gpo) +#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune) + +|Settings catalog element|Recommendation| +|---------|---------| +|Service Enabled|**Enable**: Turns on Enhanced Phishing Protection in audit mode, which captures work or school password entry events and sends diagnostic data but doesn't show any notifications to your users.| +|Notify Malicious|**Enable**: Turns on Enhanced Phishing Protection notifications when users type their work or school password into one of the previously described malicious scenarios and encourages them to change their password.| +|Notify Password Reuse|**Enable**: Turns on Enhanced Phishing Protection notifications when users reuse their work or school password and encourages them to change their password.| +|Notify Unsafe App|**Enable**: Turns on Enhanced Phishing Protection notifications when users type their work or school passwords in Notepad and Microsoft 365 Office Apps.| + +#### [:::image type="icon" source="images/icons/group-policy.svg"::: **GPO**](#tab/gpo) |Group Policy setting|Recommendation| |---------|---------| @@ -81,7 +104,7 @@ To better help you protect your organization, we recommend turning on and using |Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Password Reuse|**Enable**: Enhanced Phishing Protection warns users if they reuse their work or school password and encourages them to change it.| |Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Unsafe App|**Enable**: Enhanced Phishing Protection warns users if they store their password in Notepad and Microsoft 365 Office Apps.| -#### [✅ **CSP**](#tab/csp) +#### [:::image type="icon" source="images/icons/windows-os.svg"::: **CSP**](#tab/csp) |MDM setting|Recommendation| |---------|---------| @@ -99,3 +122,9 @@ To better help you protect your organization, we recommend turning on and using - [Threat protection](../index.md) - [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md) - [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference) + +------------ + +[WIN-1]: /windows/client-management/mdm/policy-csp-webthreatdefense + +[MEM-2]: /mem/intune/configuration/settings-catalog \ No newline at end of file diff --git a/windows/security/threat-protection/msft-security-dev-lifecycle.md b/windows/security/threat-protection/msft-security-dev-lifecycle.md index e6403fafa5..c15e7110b2 100644 --- a/windows/security/threat-protection/msft-security-dev-lifecycle.md +++ b/windows/security/threat-protection/msft-security-dev-lifecycle.md @@ -4,7 +4,7 @@ description: Download the Microsoft Security Development Lifecycle white paper t ms.prod: m365-security author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium diff --git a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md index c19f67e476..83dcf3036f 100644 --- a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md +++ b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md @@ -1,5 +1,5 @@ --- -manager: dansimp +manager: aaroncz ms.author: dansimp title: Override Process Mitigation Options (Windows 10) description: How to use Group Policy to override individual Process Mitigation Options settings and to help enforce specific app-related security policies. diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index d9a47da3b6..551bdb2981 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -5,7 +5,7 @@ ms.prod: m365-security ms.localizationpriority: medium author: dansimp ms.reviewer: -manager: dansimp +manager: aaroncz ms.author: dansimp ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md index 36714ba7df..d4d3315a51 100644 --- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md +++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md @@ -2,7 +2,7 @@ title: Control the health of Windows 10-based devices (Windows 10) description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows 10-based devices. ms.reviewer: -manager: dansimp +manager: aaroncz ms.author: dansimp ms.prod: m365-security author: dulcemontemayor diff --git a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md index 3cf960a19f..6ea43e8325 100644 --- a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md +++ b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md @@ -3,14 +3,14 @@ title: Access Credential Manager as a trusted caller (Windows 10) description: Describes best practices, security considerations, and more for the security policy setting, Access Credential Manager as a trusted caller. ms.assetid: a51820d2-ca5b-47dd-8e9b-d7008603db88 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md index 1948922041..0fac123d6f 100644 --- a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md +++ b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md @@ -3,14 +3,14 @@ title: Access this computer from the network - security policy setting (Windows description: Describes the best practices, location, values, policy management, and security considerations for the Access this computer from the network security policy setting. ms.assetid: f6767bc2-83d1-45f1-847c-54f5362db022 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md index 3aff3ac62f..dbd6162ac2 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md @@ -3,14 +3,14 @@ title: Account lockout duration (Windows 10) description: Describes the best practices, location, values, and security considerations for the Account lockout duration security policy setting. ms.assetid: a4167bf4-27c3-4a9b-8ef0-04e3c6ec3aa4 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md index 4832fd093b..c0350d3075 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md @@ -3,14 +3,14 @@ title: Account Lockout Policy (Windows 10) description: Describes the Account Lockout Policy settings and links to information about each policy setting. ms.assetid: eb968c28-17c5-405f-b413-50728cb7b724 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md index 7140cd3752..bd241b8876 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md @@ -3,14 +3,14 @@ title: Account lockout threshold (Windows 10) description: Describes the best practices, location, values, and security considerations for the Account lockout threshold security policy setting. ms.assetid: 4904bb40-a2bd-4fef-a102-260ba8d74e30 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/account-policies.md b/windows/security/threat-protection/security-policy-settings/account-policies.md index 6fe7c4fe77..0d1cd92673 100644 --- a/windows/security/threat-protection/security-policy-settings/account-policies.md +++ b/windows/security/threat-protection/security-policy-settings/account-policies.md @@ -3,14 +3,14 @@ title: Account Policies (Windows 10) description: An overview of account policies in Windows and provides links to policy descriptions. ms.assetid: 711b3797-b87a-4cd9-a2e3-1f8ef18688fb ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md index 09a0d041d9..3e08153f37 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md @@ -3,14 +3,14 @@ title: Accounts Administrator account status (Windows 10) description: Describes the best practices, location, values, and security considerations for the Accounts Administrator account status security policy setting. ms.assetid: 71a3bd48-1014-49e0-a936-bfe9433af23e ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md index 0712c6d50d..0abc2a1a06 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md @@ -3,14 +3,14 @@ title: Accounts Block Microsoft accounts (Windows 10) description: Describes the best practices, location, values, management, and security considerations for the Accounts Block Microsoft accounts security policy setting. ms.assetid: 94c76f45-057c-4d80-8d01-033cf28ef2f7 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md index a08a78b36e..e64ce6491b 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md @@ -3,14 +3,14 @@ title: Accounts Guest account status - security policy setting (Windows 10) description: Describes the best practices, location, values, and security considerations for the Accounts Guest account status security policy setting. ms.assetid: 07e53fc5-b495-4d02-ab42-5b245d10d0ce ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md index cde8f45d22..fca9fe1be6 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md @@ -3,14 +3,14 @@ title: Accounts Limit local account use of blank passwords (Windows 10) description: Learn best practices, security considerations, and more for the policy setting, Accounts Limit local account use of blank passwords to console logon only. ms.assetid: a1bfb58b-1ae8-4de9-832b-aa889a6e64bd ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md b/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md index 4c849e7de5..2210355f3f 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md @@ -3,14 +3,14 @@ title: Accounts Rename administrator account (Windows 10) description: This security policy reference topic for the IT professional describes the best practices, location, values, and security considerations for this policy setting. ms.assetid: d21308eb-7c60-4e48-8747-62b8109844f9 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md b/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md index 1162ff5210..0c34f2de74 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md @@ -3,14 +3,14 @@ title: Accounts Rename guest account - security policy setting (Windows 10) description: Describes the best practices, location, values, and security considerations for the Accounts Rename guest account security policy setting. ms.assetid: 9b8052b4-bbb9-4cc1-bfee-ce25390db707 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md index 5850036933..a109715f3f 100644 --- a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md +++ b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md @@ -3,14 +3,14 @@ title: Act as part of the operating system (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Act as part of the operating system security policy setting. ms.assetid: c1b7e084-a9f7-4377-b678-07cc913c8b0c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md index 471d8a40ba..b0dd822377 100644 --- a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md +++ b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md @@ -3,14 +3,14 @@ title: Add workstations to domain (Windows 10) description: Describes the best practices, location, values, policy management and security considerations for the Add workstations to domain security policy setting. ms.assetid: b0c21af4-c928-4344-b1f1-58ef162ad0b3 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md index c780868505..4a35f8c240 100644 --- a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md +++ b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md @@ -3,14 +3,14 @@ title: Adjust memory quotas for a process (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Adjust memory quotas for a process security policy setting. ms.assetid: 6754a2c8-6d07-4567-9af3-335fd8dd7626 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md index f60583b08c..bf9dbc55ca 100644 --- a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md @@ -3,14 +3,14 @@ title: Administer security policy settings (Windows 10) description: This article discusses different methods to administer security policy settings on a local device or throughout a small- or medium-sized organization. ms.assetid: 7617d885-9d28-437a-9371-171197407599 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md index 62863b9009..7e3064675c 100644 --- a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md +++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md @@ -3,14 +3,14 @@ title: Allow log on locally - security policy setting (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Allow log on locally security policy setting. ms.assetid: d9e5e1f3-3bff-4da7-a9a2-4bb3e0c79055 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md index 595d9b29e8..d81c9b1da9 100644 --- a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md +++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md @@ -3,14 +3,14 @@ title: Allow log on through Remote Desktop Services (Windows 10) description: Best practices, location, values, policy management, and security considerations for the security policy setting. Allow a sign-in through Remote Desktop Services. ms.assetid: 6267c376-8199-4f2b-ae56-9c5424e76798 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md index 912d844e7c..2a6e1051f4 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md +++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md @@ -3,14 +3,14 @@ title: Audit the access of global system objects (Windows 10) description: Describes the best practices, location, values, and security considerations for the audit of the access to global system objects security policy setting. ms.assetid: 20d40a79-ce89-45e6-9bb4-148f83958460 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md index 6b5311ba25..4f266893ba 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md +++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md @@ -3,14 +3,14 @@ title: "Audit: Audit the use of Backup and Restore privilege (Windows 10)" description: "Describes the best practices, location, values, and security considerations for the 'Audit: Audit the use of Backup and Restore privilege' security policy setting." ms.assetid: f656a2bb-e8d6-447b-8902-53df3a7756c5 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md b/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md index d4f0fd8113..90948e1b26 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md +++ b/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md @@ -3,14 +3,14 @@ title: Audit Force audit policy subcategory settings (Windows Vista or later) to description: Learn more about the security policy setting, Audit Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings. ms.assetid: 8ddc06bc-b6d6-4bac-9051-e0d77035bd4e ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/audit-policy.md b/windows/security/threat-protection/security-policy-settings/audit-policy.md index 294edc4242..a3ff1d79b6 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-policy.md +++ b/windows/security/threat-protection/security-policy-settings/audit-policy.md @@ -3,14 +3,14 @@ title: Audit Policy (Windows 10) description: Provides information about basic audit policies that are available in Windows and links to information about each setting. ms.assetid: 2e8ea400-e555-43e5-89d6-0898cb89da90 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md index 867e169424..eda6402b3d 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md +++ b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md @@ -3,14 +3,14 @@ title: Audit Shut down system immediately if unable to log security audits (Wind description: Best practices, security considerations, and more for the security policy setting, Audit Shut down system immediately if unable to log security audits. ms.assetid: 2cd23cd9-0e44-4d0b-a1f1-39fc29303826 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md index 2ecdea12d2..66717c1da1 100644 --- a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md +++ b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md @@ -3,14 +3,14 @@ title: Back up files and directories - security policy setting (Windows 10) description: Describes the recommended practices, location, values, policy management, and security considerations for the Back up files and directories security policy setting. ms.assetid: 1cd6bdd5-1501-41f4-98b9-acf29ac173ae ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md index f41f877de5..586c03b891 100644 --- a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md +++ b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md @@ -3,14 +3,14 @@ title: Bypass traverse checking (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Bypass traverse checking security policy setting. ms.assetid: 1c828655-68d3-4140-aa0f-caa903a7087e ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md index bd9df622f1..0a7342185d 100644 --- a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md +++ b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md @@ -3,14 +3,14 @@ title: Change the system time - security policy setting (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Change the system time security policy setting. ms.assetid: f2f6637d-acbc-4352-8ca3-ec563f918e65 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md index ac2ad49a7c..d261e8a189 100644 --- a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md +++ b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md @@ -3,14 +3,14 @@ title: Change the time zone - security policy setting (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Change the time zone security policy setting. ms.assetid: 3b1afae4-68bb-472f-a43e-49e300d73e50 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md index a5669229ef..1b893ba02e 100644 --- a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md +++ b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md @@ -3,14 +3,14 @@ title: Create a pagefile - security policy setting (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Create a pagefile security policy setting. ms.assetid: dc087897-459d-414b-abe0-cd86c8dccdea ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md index 718a99a7bd..f4bfd202d5 100644 --- a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md +++ b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md @@ -3,14 +3,14 @@ title: Create a token object (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Create a token object security policy setting. ms.assetid: bfbf52fc-6ba4-442a-9df7-bd277e55729c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/create-global-objects.md b/windows/security/threat-protection/security-policy-settings/create-global-objects.md index b4f0048aa0..c64126850b 100644 --- a/windows/security/threat-protection/security-policy-settings/create-global-objects.md +++ b/windows/security/threat-protection/security-policy-settings/create-global-objects.md @@ -3,14 +3,14 @@ title: Create global objects (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Create global objects security policy setting. ms.assetid: 9cb6247b-44fc-4815-86f2-cb59b6f0221e ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md index a38990fd17..ef343b6609 100644 --- a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md +++ b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md @@ -3,14 +3,14 @@ title: Create permanent shared objects (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Create permanent shared objects security policy setting. ms.assetid: 6a58438d-65ca-4c4a-a584-450eed976649 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md index 3302b6c613..140150a1d6 100644 --- a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md +++ b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md @@ -3,14 +3,14 @@ title: Create symbolic links (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Create symbolic links security policy setting. ms.assetid: 882922b9-0ff8-4ee9-8afc-4475515ee3fd ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md index 22eda320a1..fe07eefc98 100644 --- a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md +++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md @@ -3,14 +3,14 @@ title: DCOM Machine Access Restrictions in Security Descriptor Definition Langua description: Learn about best practices and more for the syntax policy setting, DCOM Machine Access Restrictions in Security Descriptor Definition Language (SDDL). ms.assetid: 0fe3521a-5252-44df-8a47-8d92cf936e7c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md index e5bb3b3aec..f7385a700c 100644 --- a/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md +++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md @@ -3,14 +3,14 @@ title: DCOM Machine Launch Restrictions in Security Descriptor Definition Langua description: Best practices and more for the security policy setting, DCOM Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax. ms.assetid: 4b95d45f-dd62-4c34-ba32-43954528dabe ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/debug-programs.md b/windows/security/threat-protection/security-policy-settings/debug-programs.md index 0e70455139..b78f2f99b9 100644 --- a/windows/security/threat-protection/security-policy-settings/debug-programs.md +++ b/windows/security/threat-protection/security-policy-settings/debug-programs.md @@ -3,14 +3,14 @@ title: Debug programs (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Debug programs security policy setting. ms.assetid: 594d9f2c-8ffc-444b-9522-75615ec87786 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md index 4b02ab14cd..633559d07a 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md +++ b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md @@ -3,14 +3,14 @@ title: Deny access to this computer from the network (Windows 10) description: Best practices, location, values, policy management, and security considerations for the Deny access to this computer from the network security policy setting. ms.assetid: 935e9f89-951b-4163-b186-fc325682bb0b ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md index a1f85a8494..83b9ffcc3e 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md @@ -3,14 +3,14 @@ title: Deny log on as a batch job (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Deny log on as a batch job security policy setting. ms.assetid: 0ac36ebd-5e28-4b6a-9b4e-8924c6ecf44b ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md index 6085f264bd..04e7592155 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md @@ -3,14 +3,14 @@ title: Deny log on as a service (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Deny log on as a service security policy setting. ms.assetid: f1114964-df86-4278-9b11-e35c66949794 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md index 7363da3bbc..232866497f 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md @@ -3,14 +3,14 @@ title: Deny log on locally (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Deny log on locally security policy setting. ms.assetid: 00150e88-ec9c-43e1-a70d-33bfe10434db ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md index 288922a996..5f691c1bb7 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md @@ -3,14 +3,14 @@ title: Deny log on through Remote Desktop Services (Windows 10) description: Best practices, location, values, policy management, and security considerations for the security policy setting, Deny log on through Remote Desktop Services. ms.assetid: 84bbb807-287c-4acc-a094-cf0ffdcbca67 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md index c0aaf647df..820ca786ef 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md @@ -3,14 +3,14 @@ title: Devices Allow undock without having to log on (Windows 10) description: Describes the best practices, location, values, and security considerations for the Devices Allow undock without having to sign in security policy setting. ms.assetid: 1d403f5d-ad41-4bb4-9f4a-0779c1c14b8c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md b/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md index 3acbde1af2..82450c1aff 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md +++ b/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md @@ -3,14 +3,14 @@ title: Devices Allowed to format and eject removable media (Windows 10) description: Describes the best practices, location, values, and security considerations for the Devices Allowed to format and eject removable media security policy setting. ms.assetid: d1b42425-7244-4ab1-9d46-d68de823459c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md b/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md index baf3de195a..71ddf06e88 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md +++ b/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md @@ -3,14 +3,14 @@ title: Devices Prevent users from installing printer drivers (Windows 10) description: Describes the best practices, location, values, and security considerations for the Devices Prevent users from installing printer drivers security policy setting. ms.assetid: ab70a122-f7f9-47e0-ad8c-541f30a27ec3 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md b/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md index 18e750e462..1199db8f73 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md +++ b/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md @@ -3,14 +3,14 @@ title: Restrict CD-ROM access to locally logged-on user (Windows 10) description: Describes the best practices, location, values, and security considerations for the Devices Restrict CD-ROM access to locally logged-on user only security policy setting. ms.assetid: 8b8f44bb-84ce-4f18-af30-ab89910e234d ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md b/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md index cd1c68ffef..e094e004be 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md +++ b/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md @@ -3,14 +3,14 @@ title: Devices Restrict floppy access to locally logged-on user only (Windows 10 description: Describes the best practices, location, values, and security considerations for the Devices Restrict floppy access to locally logged-on user only security policy setting. ms.assetid: 92997910-da95-4c03-ae6f-832915423898 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md index e3159ed429..0b9b2e86d8 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md @@ -3,14 +3,14 @@ title: Domain controller Allow server operators to schedule tasks (Windows 10) description: Describes the best practices, location, values, and security considerations for the Domain controller Allow server operators to schedule tasks security policy setting. ms.assetid: 198b12a4-8a5d-48e8-a752-2073b8a2cb0d ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md index d9e51b120c..a402b89f29 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md @@ -3,14 +3,14 @@ title: Domain controller LDAP server signing requirements (Windows 10) description: Describes the best practices, location, values, and security considerations for the Domain controller LDAP server signing requirements security policy setting. ms.assetid: fe122179-7571-465b-98d0-b8ce0f224390 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md index 4b6f851944..4988913c80 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md @@ -3,14 +3,14 @@ title: Refuse machine account password changes policy (Windows 10) description: Describes the best practices, location, values, and security considerations for the Domain controller Refuse machine account password changes security policy setting. ms.assetid: 5a7fa2e2-e1a8-4833-90f7-aa83e3b456a9 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md index f5fe43b200..7ab59f90c7 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md @@ -3,14 +3,14 @@ title: Domain member Digitally encrypt or sign secure channel data (always) (Win description: Best practices, location, values, and security considerations for the policy setting, Domain member Digitally encrypt or sign secure channel data (always). ms.assetid: 4480c7cb-adca-4f29-b4b8-06eb68d272bf ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md index 920aba71a4..a5deb16dfa 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md @@ -3,14 +3,14 @@ title: Domain member Digitally encrypt secure channel data (when possible) (Wind description: Best practices, security considerations, and more for the security policy setting, Domain member Digitally encrypt secure channel data (when possible). ms.assetid: 73e6023e-0af3-4531-8238-82f0f0e4965b ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md index 2083e899a8..9f0484903a 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md @@ -3,14 +3,14 @@ title: Domain member Digitally sign secure channel data (when possible) (Windows description: Best practices, location, values, and security considerations for the security policy setting, Domain member Digitally sign secure channel data (when possible). ms.assetid: a643e491-4f45-40ea-b12c-4dbe47e54f34 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md index 6127a9b87f..ff3d7fc58d 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md @@ -3,14 +3,14 @@ title: Domain member Disable machine account password changes (Windows 10) description: Describes the best practices, location, values, and security considerations for the Domain member Disable machine account password changes security policy setting. ms.assetid: 1f660300-a07a-4243-a09f-140aa1ab8867 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md index 7eb431cb17..1fb5013c59 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md @@ -3,14 +3,14 @@ title: Domain member Maximum machine account password age (Windows 10) description: Describes the best practices, location, values, and security considerations for the Domain member Maximum machine account password age security policy setting. ms.assetid: 0ec6f7c1-4d82-4339-94c0-debb2d1ac109 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md index 1d7f2049d2..826cd1491a 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md @@ -3,14 +3,14 @@ title: Domain member Require strong (Windows 2000 or later) session key (Windows description: Best practices, location, values, and security considerations for the security policy setting, Domain member Require strong (Windows 2000 or later) session key. ms.assetid: 5ab8993c-5086-4f09-bc88-1b27454526bd ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md index 464033d694..409c82789e 100644 --- a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md +++ b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md @@ -3,14 +3,14 @@ title: Trust computer and user accounts for delegation (Windows 10) description: Learn about best practices, security considerations and more for the security policy setting, Enable computer and user accounts to be trusted for delegation. ms.assetid: 524062d4-1595-41f3-8ce1-9c85fd21497b ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md index 97d3791815..3b83ba4ce9 100644 --- a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md +++ b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md @@ -3,14 +3,14 @@ title: Enforce password history (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Enforce password history security policy setting. ms.assetid: 8b2ab871-3e52-4dd1-9776-68bb1e935442 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md b/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md index 5198399434..08549dca66 100644 --- a/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md +++ b/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md @@ -3,14 +3,14 @@ title: Enforce user logon restrictions (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Enforce user logon restrictions security policy setting. ms.assetid: 5891cb73-f1ec-48b9-b703-39249e48a29f ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md index ed338300e8..7112c5f8f6 100644 --- a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md +++ b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md @@ -3,14 +3,14 @@ title: Force shutdown from a remote system (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Force shutdown from a remote system security policy setting. ms.assetid: 63129243-31ea-42a4-a598-c7064f48a3df ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md index 4f81ddbe37..4ddfaade25 100644 --- a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md +++ b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md @@ -3,14 +3,14 @@ title: Generate security audits (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Generate security audits security policy setting. ms.assetid: c0e1cd80-840e-4c74-917c-5c2349de885f ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md index 548dfc7385..32b837ab80 100644 --- a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md @@ -3,14 +3,14 @@ title: Configure security policy settings (Windows 10) description: Describes steps to configure a security policy setting on the local device, on a domain-joined device, and on a domain controller. ms.assetid: 63b0967b-a9fe-4d92-90af-67469ee20320 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md index b7503031b7..6fc793095f 100644 --- a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md @@ -3,14 +3,14 @@ title: Impersonate a client after authentication (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Impersonate a client after authentication security policy setting. ms.assetid: 4cd241e2-c680-4b43-8ed0-3b391925cec5 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/includes/smb1-perf-note.md b/windows/security/threat-protection/security-policy-settings/includes/smb1-perf-note.md index c85aa9183c..f0dbde13f1 100644 --- a/windows/security/threat-protection/security-policy-settings/includes/smb1-perf-note.md +++ b/windows/security/threat-protection/security-policy-settings/includes/smb1-perf-note.md @@ -3,7 +3,7 @@ author: dansimp ms.author: dansimp ms.date: 1/4/2019 ms.reviewer: -manager: dansimp +manager: aaroncz ms.topic: include ms.prod: m365-security --- diff --git a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md index c9c6d11852..884e8527c5 100644 --- a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md +++ b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md @@ -3,14 +3,14 @@ title: Increase a process working set (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Increase a process working set security policy setting. ms.assetid: b742ad96-37f3-4686-b8f7-f2b48367105b ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md index e2e776a8be..d8ef40c099 100644 --- a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md +++ b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md @@ -3,14 +3,14 @@ title: Increase scheduling priority (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Increase scheduling priority security policy setting. ms.assetid: fbec5973-d35e-4797-9626-d0d56061527f ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md index a54c5e93d9..10adda3ec6 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md @@ -3,14 +3,14 @@ title: Interactive logon Display user information when the session is locked (Wi description: Best practices, security considerations, and more for the security policy setting, Interactive logon Display user information when the session is locked. ms.assetid: 9146aa3d-9b2f-47ba-ac03-ff43efb10530 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md index 47bac4e4cc..f3e3631149 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md @@ -6,14 +6,14 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md index 0284f2bb14..9336ed0760 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md @@ -3,14 +3,14 @@ title: Interactive logon Do not require CTRL+ALT+DEL (Windows 10) description: Describes the best practices, location, values, and security considerations for the Interactive logon Do not require CTRL+ALT+DEL security policy setting. ms.assetid: 04e2c000-2eb2-4d4b-8179-1e2cb4793e18 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md index 2fd2510de4..36113ea64a 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md @@ -3,14 +3,14 @@ title: Interactive logon Don't display username at sign-in (Windows 10) description: Describes the best practices, location, values, and security considerations for the Interactive logon Don't display username at sign-in security policy setting. ms.assetid: 98b24b03-95fe-4edc-8e97-cbdaa8e314fd ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md index 148956b0f3..2211994906 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md @@ -3,14 +3,14 @@ title: Interactive logon Machine account lockout threshold (Windows 10) description: Best practices, location, values, management, and security considerations for the security policy setting, Interactive logon Machine account lockout threshold. ms.assetid: ebbd8e22-2611-4ebe-9db9-d49344e631e4 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md index 01524c765c..b22b295c3c 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md @@ -3,14 +3,14 @@ title: Interactive logon Machine inactivity limit (Windows 10) description: Describes the best practices, location, values, management, and security considerations for the Interactive logon Machine inactivity limit security policy setting. ms.assetid: 7065b4a9-0d52-41d5-afc4-5aedfc4162b5 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md index 09e60e2f2b..22f4339e23 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md @@ -2,15 +2,15 @@ title: Interactive Logon Message text (Windows 10) description: Learn about best practices, security considerations and more for the security policy setting, Interactive logon Message text for users attempting to log on. ms.assetid: fcfe8a6d-ca65-4403-b9e6-2fa017a31c2e -ms.reviewer: -ms.author: dansimp +ms.reviewer: +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md index b16fd3bff2..914b8c2c25 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md @@ -2,15 +2,15 @@ title: Interactive logon Message title for users attempting to log on (Windows 10) description: Best practices, security considerations, and more for the security policy setting, Interactive logon Message title for users attempting to log on. ms.assetid: f2596470-4cc0-4ef1-849c-bef9dc3533c6 -ms.reviewer: -ms.author: dansimp +ms.reviewer: +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md index 966a3f3c4e..5473abc9a3 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md @@ -3,14 +3,14 @@ title: Interactive logon Number of previous logons to cache (in case domain cont description: Best practices and more for the security policy setting, Interactive logon Number of previous logons to cache (in case domain controller is not available). ms.assetid: 660e925e-cc3e-4098-a41e-eb8db8062d8d ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md index 0194532533..3d028142ce 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md @@ -3,14 +3,14 @@ title: Interactive log-on prompt user to change password before expiration (Wind description: Best practices and security considerations for an interactive log-on prompt for users to change passwords before expiration. ms.assetid: 8fe94781-40f7-4fbe-8cfd-5e116e6833e9 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md index be5146c636..42800dc037 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md @@ -3,14 +3,14 @@ title: Interactive logon Require Domain Controller authentication to unlock work description: Best practices security considerations, and more for the policy setting, Interactive logon Require Domain Controller authentication to unlock workstation. ms.assetid: 97618ed3-e946-47db-a212-b5e7a4fc6ffc ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md index 1ef1627762..1529d73e80 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md @@ -3,14 +3,14 @@ title: Interactive logon Require smart card - security policy setting (Windows 1 description: Describes the best practices, location, values, policy management, and security considerations for the Interactive logon Require smart card security policy setting. ms.assetid: c6a8c040-cbc7-472d-8bc5-579ddf3cbd6c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md index 8b8a23f14d..961726b4de 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md @@ -3,14 +3,14 @@ title: Interactive logon Smart card removal behavior (Windows 10) description: Best practices, location, values, policy management, and security considerations for the security policy setting, Interactive logon Smart card removal behavior. ms.assetid: 61487820-9d49-4979-b15d-c7e735999460 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/kerberos-policy.md b/windows/security/threat-protection/security-policy-settings/kerberos-policy.md index 959ced7fdc..f6c04fca1b 100644 --- a/windows/security/threat-protection/security-policy-settings/kerberos-policy.md +++ b/windows/security/threat-protection/security-policy-settings/kerberos-policy.md @@ -3,14 +3,14 @@ title: Kerberos Policy (Windows 10) description: Describes the Kerberos Policy settings and provides links to policy setting descriptions. ms.assetid: 94017dd9-b1a3-4624-af9f-b29161b4bf38 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md index 9a7f5f87d4..97d055cf55 100644 --- a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md +++ b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md @@ -3,14 +3,14 @@ title: Load and unload device drivers (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Load and unload device drivers security policy setting. ms.assetid: 66262532-c610-470c-9792-35ff4389430f ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md index 5aae309524..92592faa9d 100644 --- a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md +++ b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md @@ -3,14 +3,14 @@ title: Lock pages in memory (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Lock pages in memory security policy setting. ms.assetid: cc724979-aec0-496d-be4e-7009aef660a3 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md index 39c6bc3b10..59bb347d10 100644 --- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md +++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md @@ -3,14 +3,14 @@ title: Log on as a batch job (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Log on as a batch job security policy setting. ms.assetid: 4eaddb51-0a18-470e-9d3d-5e7cd7970b41 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md index dbcb0f1907..fd8652edec 100644 --- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md +++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md @@ -3,14 +3,14 @@ title: Log on as a service (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Log on as a service security policy setting. ms.assetid: acc9a9e0-fd88-4cda-ab54-503120ba1f42 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md index 4566dfbf15..ae381f1c5c 100644 --- a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md +++ b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md @@ -3,14 +3,14 @@ title: Manage auditing and security log (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Manage auditing and security log security policy setting. ms.assetid: 4b946c0d-f904-43db-b2d5-7f0917575347 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md index 3dbb0c258d..e5e93da398 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md @@ -3,14 +3,14 @@ title: Maximum lifetime for service ticket (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Maximum lifetime for service ticket security policy setting. ms.assetid: 484bf05a-3858-47fc-bc02-6599ca860247 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md index 4807321a05..b54ebe667a 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md @@ -3,14 +3,14 @@ title: Maximum lifetime for user ticket renewal (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Maximum lifetime for user ticket renewal security policy setting. ms.assetid: f88cd819-3dd1-4e38-b560-13fe6881b609 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md index 53e36fa838..671cbcf232 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md @@ -3,14 +3,14 @@ title: Maximum lifetime for user ticket (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Maximum lifetime for user ticket policy setting. ms.assetid: bcb4ff59-334d-4c2f-99af-eca2b64011dc ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md index e63f28edde..4b00614234 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md @@ -3,14 +3,14 @@ title: Maximum password age (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Maximum password age security policy setting. ms.assetid: 2d6e70e7-c8b0-44fb-8113-870c6120871d ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md b/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md index e010602641..44ff70c70f 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md @@ -3,14 +3,14 @@ title: Maximum tolerance for computer clock synchronization (Windows 10) description: Best practices, location, values, policy management, and security considerations for the policy setting, Maximum tolerance for computer clock synchronization. ms.assetid: ba2cf59e-d69d-469e-95e3-8e6a0ba643af ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md index d6c198624a..b8faf7de34 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md @@ -3,14 +3,14 @@ title: Microsoft network client Digitally sign communications (always) (Windows description: Best practices and security considerations for the Microsoft network client Digitally sign communications (always) security policy setting. ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp +author: vinaypamnani-msft ms.date: 06/28/2018 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md index c17a0e599f..317774daa8 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md @@ -3,14 +3,14 @@ title: Microsoft network client Send unencrypted password (Windows 10) description: Learn about best practices and more for the security policy setting, Microsoft network client Send unencrypted password to third-party SMB servers. ms.assetid: 97a76b93-afa7-4dd9-bb52-7c9e289b6017 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md index 5a14605d54..631e005c89 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md @@ -3,14 +3,14 @@ title: Microsoft network server Amount of idle time required before suspending s description: Best practices, security considerations, and more for the policy setting, Microsoft network server Amount of idle time required before suspending session. ms.assetid: 8227842a-569d-480f-b43c-43450bbaa722 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md index f4ddaa9d5a..1d42ace022 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md @@ -3,14 +3,14 @@ title: Microsoft network server Attempt S4U2Self (Windows 10) description: Learn about the security policy setting, Microsoft network server Attempt S4U2Self to obtain claim information. ms.assetid: e4508387-35ed-4a3f-a47c-27f8396adbba ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md index 080f186f03..aea5f5263c 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md @@ -3,14 +3,14 @@ title: Microsoft network server Digitally sign communications (always) (Windows description: Best practices, security considerations, and more for the security policy setting, Microsoft network server Digitally sign communications (always). ms.assetid: 2007b622-7bc2-44e8-9cf1-d34b62117ea8 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md index 6b528db190..591bb159e2 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md @@ -3,14 +3,14 @@ title: Microsoft network server Disconnect clients when sign-in hours expire (Wi description: Best practices, location, values, and security considerations for the policy setting, Microsoft network server Disconnect clients when sign-in hours expire. ms.assetid: 48b5c424-9ba8-416d-be7d-ccaabb3f49af ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md index a403cf9029..b118a7eeec 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md @@ -3,14 +3,14 @@ title: Microsoft network server Server SPN target name validation level (Windows description: Best practices, security considerations, and more for the security policy setting, Microsoft network server Server SPN target name validation level. ms.assetid: 18337f78-eb45-42fd-bdbd-f8cd02c3e154 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md index 97ae441bb7..6940cef652 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md @@ -3,14 +3,14 @@ title: Minimum password age (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Minimum password age security policy setting. ms.assetid: 91915cb2-1b3f-4fb7-afa0-d03df95e8161 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp +author: vinaypamnani-msft ms.date: 11/13/2018 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md index 79aad414c3..c3dbc74508 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md @@ -3,14 +3,14 @@ title: Minimum password length (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Minimum password length security policy setting. ms.assetid: 3d22eb9a-859a-4b6f-82f5-c270c427e17e ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md index 373887c79e..64c9cfb91b 100644 --- a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md +++ b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md @@ -3,14 +3,14 @@ title: Modify an object label (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Modify an object label security policy setting. ms.assetid: 3e5a97dd-d363-43a8-ae80-452e866ebfd5 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md index 8d28849453..b319cb227f 100644 --- a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md +++ b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md @@ -3,14 +3,14 @@ title: Modify firmware environment values (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Modify firmware environment values security policy setting. ms.assetid: 80bad5c4-d9eb-4e3a-a5dc-dcb742b83fca ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md index 3749e86521..9acd59baf4 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md @@ -3,14 +3,14 @@ title: Network access Allow anonymous SID/Name translation (Windows 10) description: Best practices, location, values, policy management and security considerations for the policy setting, Network access Allow anonymous SID/Name translation. ms.assetid: 0144477f-22a6-4d06-b70a-9c9c2196e99e ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md index 6bad2976ca..f8d6d03178 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md @@ -3,14 +3,14 @@ title: Network access Do not allow anonymous enumeration (Windows 10) description: Learn about best practices and more for the security policy setting, Network access Do not allow anonymous enumeration of SAM accounts and shares. ms.assetid: 3686788d-4cc7-4222-9163-cbc7c3362d73 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md index a6c761b102..8737293037 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md @@ -3,14 +3,14 @@ title: Network access Do not allow anonymous enumeration of SAM accounts (Window description: Describes the best practices, location, values, and security considerations for the Network access Do not allow anonymous enumeration of SAM accounts security policy setting. ms.assetid: 6ee25b33-ad43-4097-b031-7be680f64c7c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md index 51152ae5b7..ee94547a38 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md @@ -3,14 +3,14 @@ title: Network access Do not allow storage of passwords and credentials for netw description: Learn about best practices and more for the security policy setting, Network access Do not allow storage of passwords and credentials for network authentication ms.assetid: b9b64360-36ea-40fa-b795-2d6558c46563 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md index 5984f7aa39..8930ccddc2 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md @@ -3,14 +3,14 @@ title: Let Everyone permissions apply to anonymous users (Windows 10) description: Learn about best practices, security considerations and more for the security policy setting, Network access Let Everyone permissions apply to anonymous users. ms.assetid: cdbc5159-9173-497e-b46b-7325f4256353 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md index ee23e0432c..e316bde487 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md @@ -3,14 +3,14 @@ title: Network access Named Pipes that can be accessed anonymously (Windows 10) description: Describes best practices, security considerations and more for the security policy setting, Network access Named Pipes that can be accessed anonymously. ms.assetid: 8897d2a4-813e-4d2b-8518-fcee71e1cf2c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md index 7a130c03eb..9710006303 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md @@ -3,14 +3,14 @@ title: Network access Remotely accessible registry paths and subpaths (Windows 1 description: Describes best practices, location, values, and security considerations for the policy setting, Network access Remotely accessible registry paths and subpaths. ms.assetid: 3fcbbf70-a002-4f85-8e86-8dabad21928e ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md index 746ada8c10..190f14dfa2 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md @@ -3,14 +3,14 @@ title: Network access Remotely accessible registry paths (Windows 10) description: Best practices, location, values, policy management and security considerations for the policy setting, Network access Remotely accessible registry paths. ms.assetid: 977f86ea-864f-4f1b-9756-22220efce0bd ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md index 9bc2a12af5..283e9519f7 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md @@ -3,14 +3,14 @@ title: Network access Restrict anonymous access to Named Pipes and Shares (Windo description: Best practices, security considerations, and more for the security policy setting, Network access Restrict anonymous access to Named Pipes and Shares. ms.assetid: e66cd708-7322-4d49-9b57-1bf8ec7a4c10 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md index 9e277a9551..17b298bf43 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md @@ -5,10 +5,10 @@ ms.prod: m365-security ms.technology: windows-sec ms.localizationpriority: medium ms.date: 09/17/2018 -author: dansimp -ms.author: dansimp +author: vinaypamnani-msft +ms.author: vinpa ms.reviewer: -manager: dansimp +manager: aaroncz --- # Network access: Restrict clients allowed to make remote calls to SAM diff --git a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md index 8886a5ba0a..341a3da763 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md @@ -3,14 +3,14 @@ title: Network access Shares that can be accessed anonymously (Windows 10) description: Learn about best practices, security considerations, and more for the security policy setting, Network access Shares that can be accessed anonymously. ms.assetid: f3e4b919-8279-4972-b415-5f815e2f0a1a ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md index c13b8ecea9..1e23f27004 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md @@ -3,14 +3,14 @@ title: Network access Sharing and security model for local accounts (Windows 10) description: Best practices, security considerations, and more for the security policy setting, Network access Sharing and security model for local accounts. ms.assetid: 0b3d703c-ea27-488f-8f59-b345af75b994 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md index 619b009548..95477f334c 100644 --- a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md +++ b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md @@ -3,14 +3,14 @@ title: Network List Manager policies (Windows 10) description: Network List Manager policies are security settings that configure different aspects of how networks are listed and displayed on one device or on many devices. ms.assetid: bd8109d4-b07c-4beb-a9a6-affae2ba2fda ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md index 2b7a73365a..050b097f0d 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md @@ -3,14 +3,14 @@ title: "Network security: Allow Local System to use computer identity for NTLM ( description: Location, values, policy management, and security considerations for the policy setting, Network security Allow Local System to use computer identity for NTLM. ms.assetid: c46a658d-b7a4-4139-b7ea-b9268c240053 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md index 271d990f14..1ed0dc313e 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md @@ -3,14 +3,14 @@ title: Network security Allow LocalSystem NULL session fallback (Windows 10) description: Describes the best practices, location, values, and security considerations for the Network security Allow LocalSystem NULL session fallback security policy setting. ms.assetid: 5b72edaa-bec7-4572-b6f0-648fc38f5395 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md index 093d8db29f..32d31c4fd9 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md @@ -3,14 +3,14 @@ title: Network security Allow PKU2U authentication requests to this computer to description: Best practices for the Network Security Allow PKU2U authentication requests to this computer to use online identities security setting. ms.assetid: e04a854e-d94d-4306-9fb3-56e9bd7bb926 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md index afe9be35da..52e8eb78fa 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md @@ -3,14 +3,14 @@ title: Network security Configure encryption types allowed for Kerberos description: Best practices, location, values and security considerations for the policy setting, Network security Configure encryption types allowed for Kerberos Win7 only. ms.assetid: 303d32cc-415b-44ba-96c0-133934046ece ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md index e0ecaddc05..017c6efed4 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md @@ -3,14 +3,14 @@ title: Network security Do not store LAN Manager hash value on next password cha description: Best practices, security considerations, and more for the security policy setting, Network security Do not store LAN Manager hash value on next password change. ms.assetid: 6452b268-e5ba-4889-9d38-db28f919af51 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md index 3bc3ec584c..8a8e65589d 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md @@ -3,14 +3,14 @@ title: Network security Force logoff when logon hours expire (Windows 10) description: Best practices, location, values, policy management, and security considerations for the policy setting, Network security Force logoff when logon hours expire. ms.assetid: 64d5dde4-58e4-4217-b2c4-73bd554ec926 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md index 1841669403..290d68e275 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md @@ -3,14 +3,14 @@ title: Network security LAN Manager authentication level (Windows 10) description: Best practices, location, values, policy management and security considerations for the policy setting, Network security LAN Manager authentication level. ms.assetid: bbe1a98c-420a-41e7-9d3c-3a2fe0f1843e ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md index 1f59bd9111..649f86484d 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md @@ -3,14 +3,14 @@ title: Network security LDAP client signing requirements (Windows 10) description: Best practices, location, values, policy management and security considerations for the policy setting, Network security LDAP client signing requirements. ms.assetid: 38b35489-eb5b-4035-bc87-df63de50509c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md index 1ab941f6ae..499f48df37 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md @@ -3,14 +3,14 @@ title: Network security Minimum session security for NTLM SSP based (including s description: Best practices and more for the security policy setting, Network security Minimum session security for NTLM SSP based (including secure RPC) clients. ms.assetid: 89903de8-23d0-4e0f-9bef-c00cb7aebf00 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md index 026f314358..fc3ecf9874 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md @@ -3,14 +3,14 @@ title: Network security Minimum session security for NTLM SSP based (including s description: Best practices and security considerations for the policy setting, Network security Minimum session security for NTLM SSP based (including secure RPC) servers. ms.assetid: c6a60c1b-bc8d-4d02-9481-f847a411b4fc ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md index 828f91f36b..af088813c3 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md @@ -3,14 +3,14 @@ title: Network security Restrict NTLM Add remote server exceptions for NTLM auth description: Best practices, security considerations, and more for the policy setting, Network security Restrict NTLM Add remote server exceptions for NTLM authentication. ms.assetid: 9b017399-0a54-4580-bfae-614c2beda3a1 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md index 41ca2e0bee..3da17e661a 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md @@ -3,14 +3,14 @@ title: Network security Restrict NTLM Add server exceptions in this domain (Wind description: Best practices, security considerations, and more for the security policy setting, Network security Restrict NTLM Add server exceptions in this domain. ms.assetid: 2f981b68-6aa7-4dd9-b53d-d88551277cc0 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md index d1310a007d..121bd4e52c 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md @@ -3,14 +3,14 @@ title: Network security Restrict NTLM Audit incoming NTLM traffic (Windows 10) description: Best practices, security considerations and more for the security policy setting, Network Security Restrict NTLM Audit incoming NTLM traffic. ms.assetid: 37e380c2-22e1-44cd-9993-e12815b845cf ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md index 9132d60c97..f616cf866d 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md @@ -3,14 +3,14 @@ title: Network security Restrict NTLM Audit NTLM authentication in this domain ( description: Best practices, security considerations, and more for the security policy setting, Network Security Restrict NTLM Audit NTLM authentication in this domain. ms.assetid: 33183ef9-53b5-4258-8605-73dc46335e6e ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md index 2bb128f669..cd6e29ccca 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md @@ -3,14 +3,14 @@ title: Network security Restrict NTLM Incoming NTLM traffic (Windows 10) description: Best practices, security considerations, and more for the security policy setting, Network Security Restrict NTLM Incoming NTLM traffic. ms.assetid: c0eff7d3-ed59-4004-908a-2205295fefb8 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md index 2589d1f95d..ec2ca5785a 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md @@ -3,14 +3,14 @@ title: Network security Restrict NTLM in this domain (Windows 10) description: Learn about best practices, security considerations and more for the security policy setting, Network Security Restrict NTLM NTLM authentication in this domain. ms.assetid: 4c7884e9-cc11-4402-96b6-89c77dc908f8 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md index 57d8b13de1..f63a2f7737 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md @@ -3,14 +3,14 @@ title: Network security Restrict NTLM Outgoing traffic (Windows 10) description: Learn about best practices, security considerations and more for the policy setting, Network Security Restrict NTLM Outgoing NTLM traffic to remote servers. ms.assetid: 63437a90-764b-4f06-aed8-a4a26cf81bd1 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md index 5bcf16ede3..b5e775ba1a 100644 --- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md @@ -3,14 +3,14 @@ title: Password must meet complexity requirements (Windows 10) description: Describes the best practices, location, values, and security considerations for the Password must meet complexity requirements security policy setting. ms.assetid: 94482ae3-9dda-42df-9782-2f66196e6afe ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md index 11d69785c6..aa39b49609 100644 --- a/windows/security/threat-protection/security-policy-settings/password-policy.md +++ b/windows/security/threat-protection/security-policy-settings/password-policy.md @@ -3,14 +3,14 @@ title: Password Policy (Windows 10) description: An overview of password policies for Windows and links to information for each policy setting. ms.assetid: aec1220d-a875-4575-9050-f02f9c54a3b6 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md index fb0e337c6b..e393a2ba86 100644 --- a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md +++ b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md @@ -3,14 +3,14 @@ title: Perform volume maintenance tasks (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Perform volume maintenance tasks security policy setting. ms.assetid: b6990813-3898-43e2-8221-c9c06d893244 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/profile-single-process.md b/windows/security/threat-protection/security-policy-settings/profile-single-process.md index c0fb47def4..628658209d 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-single-process.md +++ b/windows/security/threat-protection/security-policy-settings/profile-single-process.md @@ -3,14 +3,14 @@ title: Profile single process (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Profile single process security policy setting. ms.assetid: c0963de4-4f5e-430e-bfcd-dfd68e66a075 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md index 8eeabdcf30..9f76b3d698 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md +++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md @@ -3,14 +3,14 @@ title: Profile system performance (Windows 10) description: Best practices, location, values, policy management, and security considerations for the security policy setting, Profile system performance. ms.assetid: ffabc3c5-9206-4105-94ea-84f597a54b2e ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md index ce9ada3153..a1e2ab6949 100644 --- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md +++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md @@ -3,14 +3,14 @@ title: Recovery console Allow automatic administrative logon (Windows 10) description: Best practices, location, values, policy management, and security considerations for the policy setting, Recovery console Allow automatic administrative logon. ms.assetid: be2498fc-48f4-43f3-ad09-74664e45e596 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md index 9c9c56c5db..8e34bd2995 100644 --- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md +++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md @@ -3,14 +3,14 @@ title: Recovery console Allow floppy copy and access to all drives and folders ( description: Best practices, security considerations, and more for the policy setting, Recovery console Allow floppy copy and access to all drives and folders. ms.assetid: a5b4ac0c-f33d-42b5-a866-72afa7cbd0bd ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md index b42bad16dd..dafe4d5d59 100644 --- a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md +++ b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md @@ -3,14 +3,14 @@ title: Remove computer from docking station - security policy setting (Windows 1 description: Describes the best practices, location, values, policy management, and security considerations for the Remove computer from docking station security policy setting. ms.assetid: 229a385a-a862-4973-899a-413b1b5b6c30 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md index dd1696b067..c40121b387 100644 --- a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md +++ b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md @@ -3,14 +3,14 @@ title: Replace a process level token (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Replace a process level token security policy setting. ms.assetid: 5add02db-6339-489e-ba21-ccc3ccbe8745 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md index 51f96f1875..e2f943cd55 100644 --- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md +++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md @@ -3,14 +3,14 @@ title: Reset account lockout counter after (Windows 10) description: Describes the best practices, location, values, and security considerations for the Reset account lockout counter after security policy setting. ms.assetid: d5ccf6dd-5ba7-44a9-8e0b-c478d8b1442c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md index 08c30303cf..5e3f6b9386 100644 --- a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md +++ b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md @@ -3,14 +3,14 @@ title: Restore files and directories - security policy setting (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Restore files and directories security policy setting. ms.assetid: c673c0fa-6f49-4edd-8c1f-c5e8513f701d ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md index 9d439eb3b6..7dc532fd31 100644 --- a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md @@ -3,14 +3,14 @@ title: Advanced security audit policy settings in brief (Windows 10) description: Provides information about the advanced security audit policy settings that are available in Windows and the audit events that they generate. ms.assetid: 6BF9A642-DBC3-4101-94A3-B2316C553CE3 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/security-options.md b/windows/security/threat-protection/security-policy-settings/security-options.md index f7a90a01c0..00441e06c4 100644 --- a/windows/security/threat-protection/security-policy-settings/security-options.md +++ b/windows/security/threat-protection/security-policy-settings/security-options.md @@ -3,14 +3,14 @@ title: Security Options (Windows 10) description: Introduction to the Security Options settings of the local security policies plus links to more information. ms.assetid: 405ea253-8116-4e57-b08e-14a8dcdca92b ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp +author: vinaypamnani-msft ms.date: 06/28/2018 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md index 012a47736e..bfca76513d 100644 --- a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md +++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md @@ -3,14 +3,14 @@ title: Security policy settings reference (Windows 10) description: This reference of security settings provides information about how to implement and manage security policies, including setting options and security considerations. ms.assetid: ef5a4579-15a8-4507-9a43-b7ccddcb0ed1 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md index b7c8b59b5f..e694d0e097 100644 --- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md @@ -3,14 +3,14 @@ title: Security policy settings (Windows 10) description: This reference topic describes the common scenarios, architecture, and processes for security settings. ms.assetid: e7ac5204-7f6c-4708-a9f6-6af712ca43b9 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md index 597fe3f069..465e04c8e5 100644 --- a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md +++ b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md @@ -3,14 +3,14 @@ title: Shut down the system - security policy setting (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Shut down the system security policy setting. ms.assetid: c8e8f890-153a-401e-a957-ba6a130304bf ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md index f80dd3b8cf..06fb947134 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md @@ -3,14 +3,14 @@ title: Shutdown Allow system to be shut down without having to log on (Windows 1 description: Best practices, security considerations, and more for the security policy setting Shutdown Allow system to be shut down without having to log on. ms.assetid: f3964767-5377-4416-8eb3-e14d553a7315 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md index 185bbf975e..188c435f4f 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md @@ -3,14 +3,14 @@ title: Shutdown Clear virtual memory pagefile (Windows 10) description: Describes the best practices, location, values, policy management and security considerations for the Shutdown Clear virtual memory pagefile security policy setting. ms.assetid: 31400078-6c56-4891-a6df-6dfb403c4bc9 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md index b720770fd9..460941fd81 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md @@ -3,14 +3,14 @@ title: Always sign SMBv1 network client communications (Windows 10) description: Learn about best practices, security considerations and more for the security policy setting, Microsoft network client Digitally sign communications (always). ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md index b912861503..6125397053 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md @@ -3,14 +3,14 @@ title: SMBv1 Microsoft network client Digitally sign communications (if server a description: Best practices, location, values, and security considerations for the policy setting, Microsoft network client Digitally sign communications (if server agrees). ms.assetid: e553f700-aae5-425c-8650-f251c90ba5dd ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md index 49782f3f58..b261da96b1 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md @@ -3,14 +3,14 @@ title: SMB v1 Microsoft network server Digitally sign communications (always) (W description: Best practices, security considerations, and more for the security policy setting, Microsoft network server Digitally sign communications (always). ms.assetid: 2007b622-7bc2-44e8-9cf1-d34b62117ea8 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md index 75a325c3b4..d10e1c5531 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md @@ -3,14 +3,14 @@ title: SMBv1 Microsoft network server Digitally sign communications (if client a description: Best practices, security considerations and more for the security policy setting, Microsoft network server Digitally sign communications (if client agrees). ms.assetid: c92b2e3d-1dbf-4337-a145-b17a585f4fc1 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md index 316d4868dd..207e07ea6f 100644 --- a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md +++ b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md @@ -3,14 +3,14 @@ title: Store passwords using reversible encryption (Windows 10) description: Describes the best practices, location, values, and security considerations for the Store passwords using reversible encryption security policy setting. ms.assetid: 57f958c2-f1e9-48bf-871b-0a9b3299e238 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md index e6e95159e1..75c07aa23f 100644 --- a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md +++ b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md @@ -3,14 +3,14 @@ title: Synchronize directory service data (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Synchronize directory service data security policy setting. ms.assetid: 97b0aaa4-674f-40f4-8974-b4bfb12c232c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md index 7e0e17cc6d..8e7bbc95a5 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md @@ -3,14 +3,14 @@ title: System cryptography Force strong key protection for user keys stored on t description: Best practices, security considerations, and more for the policy setting, System cryptography Force strong key protection for user keys stored on the computer. ms.assetid: 8cbff267-881e-4bf6-920d-b583a5ff7de0 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md index e38443c02b..384b7464ec 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md @@ -3,14 +3,14 @@ title: System cryptography Use FIPS compliant algorithms for encryption, hashing description: Best practices, security considerations, and more for the policy setting System cryptography Use FIPS compliant algorithms for encryption, hashing, and signing ms.assetid: 83988865-dc0f-45eb-90d1-ee33495eb045 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md index 9c7c2c4433..9c4cd9c338 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md @@ -3,14 +3,14 @@ title: System objects Require case insensitivity for non-Windows subsystems (Win description: Best practices, security considerations and more for the security policy setting, System objects Require case insensitivity for non-Windows subsystems. ms.assetid: 340d6769-8f33-4067-8470-1458978d1522 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md index 71e2fa8221..bba4ab0d9b 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md @@ -3,14 +3,14 @@ title: System objects Strengthen default permissions of internal system objects description: Best practices and more for the security policy setting, System objects Strengthen default permissions of internal system objects (for example, Symbolic Links). ms.assetid: 3a592097-9cf5-4fd0-a504-7cbfab050bb6 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md index 8db727008d..a36f304e17 100644 --- a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md @@ -3,14 +3,14 @@ title: System settings Optional subsystems (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the System settings Optional subsystems security policy setting. ms.assetid: 5cb6519a-4f84-4b45-8072-e2aa8a72fb78 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md index e58a8d0925..6e85e42483 100644 --- a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md +++ b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md @@ -3,14 +3,14 @@ title: System settings Use certificate rules on Windows executables for Software description: Best practices and more for the security policy setting, System settings Use certificate rules on Windows executables for Software Restriction Policies. ms.assetid: 2380d93b-b553-4e56-a0c0-d1ef740d089c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md index b3272708b2..e2f1047e2a 100644 --- a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md +++ b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md @@ -3,14 +3,14 @@ title: Take ownership of files or other objects (Windows 10) description: Describes the best practices, location, values, policy management, and security considerations for the Take ownership of files or other objects security policy setting. ms.assetid: cb8595d1-74cc-4176-bb15-d97663eebb2d ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md index d6d32d8a08..01a701fa23 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md @@ -3,14 +3,14 @@ title: User Account Control Admin Approval Mode for the Built-in Administrator a description: Best practices, security considerations, and more for the policy setting, User Account Control Admin Approval Mode for the Built-in Administrator account. ms.assetid: d465fc27-1cd2-498b-9cf6-7ad2276e5998 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md index 4ade31f9ed..3c9892061b 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md @@ -3,14 +3,14 @@ title: User Account Control Allow UIAccess applications to prompt for elevation description: Best practices and more for the policy setting, User Account Control Allow UIAccess applications to prompt for elevation without using the secure desktop. ms.assetid: fce20472-3c93-449d-b520-13c4c74a9892 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md index 06252b3d4a..b72a730982 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md @@ -3,14 +3,14 @@ title: User Account Control Behavior of the elevation prompt for administrators description: Best practices and more for the security policy setting, User Account Control Behavior of the elevation prompt for administrators in Admin Approval Mode. ms.assetid: 46a3c3a2-1d2e-4a6f-b5e6-29f9592f535d ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md index dcc2829197..4e9e8b0579 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md @@ -3,14 +3,14 @@ title: Behavior of the elevation prompt for standard users (Windows 10) description: Learn about best practices, security considerations, and more for the policy setting, User Account Control Behavior of the elevation prompt for standard users. ms.assetid: 1eae7def-8f6c-43b6-9474-23911fdc01ba ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md index 53b87039e9..516b0424de 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md @@ -3,14 +3,14 @@ title: User Account Control Detect application installations and prompt for elev description: Learn about best practices and more for the security policy setting, User Account Control Detect application installations and prompt for elevation. ms.assetid: 3f8cb170-ba77-4c9f-abb3-c3ed1ef264fc ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md index 0f83be229f..25867ee997 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md @@ -3,14 +3,14 @@ title: User Account Control Only elevate executables that are signed and validat description: Best practices, security considerations, and more for the security policy setting, User Account Control Only elevate executables that are signed and validated. ms.assetid: 64950a95-6985-4db6-9905-1db18557352d ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md index 2c36882505..6ac53e9a3c 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md @@ -3,14 +3,14 @@ title: Only elevate UIAccess app installed in secure location (Windows 10) description: Learn about best practices and more for the policy setting, User Account Control Only elevate UIAccess applications that are installed in secure locations. ms.assetid: 4333409e-a5be-4f2f-8808-618f53abd22c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md index 3d53a0a2f4..23869703bb 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md @@ -3,14 +3,14 @@ title: UAC Run all administrators in Admin Approval Mode (Windows 10) description: Learn about best practices, security considerations and more for the security policy setting, User Account Control Run all administrators in Admin Approval Mode. ms.assetid: b838c561-7bfc-41ef-a7a5-55857259c7bf ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md index 15ef6860e1..ebfed79966 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md @@ -3,14 +3,14 @@ title: User Account Control Switch to the secure desktop when prompting for elev description: Best practices, security considerations, and more for the policy setting, User Account Control Switch to the secure desktop when prompting for elevation. ms.assetid: 77a067db-c70d-4b02-9861-027503311b8b ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md index 97de8498ea..20f35bb912 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md @@ -3,14 +3,14 @@ title: User Account Control Virtualize file and registry write failures to per-u description: Best practices, security considerations and more for the policy setting, User Account Control Virtualize file and registry write failures to per-user locations. ms.assetid: a7b47420-cc41-4b1c-b03e-f67a05221261 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md index e2a05656b9..db266406f6 100644 --- a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md +++ b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md @@ -3,14 +3,14 @@ title: User Rights Assignment (Windows 10) description: Provides an overview and links to information about the User Rights Assignment security policy settings user rights that are available in Windows. ms.assetid: 99340252-60be-4c79-b0a5-56fbe1a9b0c5 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index 8eabd03b34..f4ddfe874d 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -2,7 +2,7 @@ title: Use Windows Event Forwarding to help with intrusion detection (Windows 10) description: Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. ms.reviewer: -manager: dansimp +manager: aaroncz ms.author: dansimp ms.prod: m365-security author: dulcemontemayor diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md index 7b909e6fb0..cdf0f0ff3b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jgeurten ms.reviewer: jsuther1974 -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 04/29/2022 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md index 90233a51ac..e248c9e0b0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md @@ -6,8 +6,8 @@ ms.localizationpriority: medium ms.collection: M365-security-compliance author: jgeurten ms.reviewer: jsuther1974 -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 04/29/2022 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md index f89802b9f4..d6009f347f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jgeurten ms.reviewer: jsuther1974 -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 04/29/2022 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md index 3dca939ef9..2e2b7b42ff 100644 --- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jgeurten ms.reviewer: jsuther1974 -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 04/27/2022 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md index fe15669214..51c7297d9b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md +++ b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 10/30/2019 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index dcad6a2586..0eee8eff2c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -85,6 +85,8 @@ href: merge-windows-defender-application-control-policies.md - name: Enforce WDAC policies href: enforce-windows-defender-application-control-policies.md + - name: Managing WDAC Policies with CI Tool + href: citool-commands.md - name: Use code signing to simplify application control for classic Windows applications href: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md items: diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md index 11e582e4d8..ea7572399f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md @@ -10,10 +10,10 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: dansimp +author: vinaypamnani-msft ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md index 5a985252e9..6c0f8cb8ce 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md @@ -3,14 +3,14 @@ title: Add rules for packaged apps to existing AppLocker rule-set (Windows) description: This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT). ms.assetid: 758c2a9f-c2a3-418c-83bc-fd335a94097f ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md index 3c1120b48b..b9b2bad633 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md @@ -3,14 +3,14 @@ title: Administer AppLocker (Windows) description: This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies. ms.assetid: 511a3b6a-175f-4d6d-a6e0-c1780c02e818 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md index 6dbbe7b0fe..7e986fb781 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md @@ -3,14 +3,14 @@ title: AppLocker architecture and components (Windows) description: This topic for IT professional describes AppLocker’s basic architecture and its major components. ms.assetid: efdd8494-553c-443f-bd5f-c8976535135a ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md index aa517a5505..1b538c2c51 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md @@ -3,14 +3,14 @@ title: AppLocker functions (Windows) description: This article for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features. ms.assetid: bf704198-9e74-4731-8c5a-ee0512df34d2 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md index 4e4e13c016..4f3cd306be 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md @@ -3,14 +3,14 @@ title: AppLocker (Windows) description: This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. ms.assetid: 94b57864-2112-43b6-96fb-2863c985dc9a ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md index a7af9ef942..34ee97d75b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md @@ -3,14 +3,14 @@ title: AppLocker deployment guide (Windows) description: This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies. ms.assetid: 38632795-be13-46b0-a7af-487a4340bea1 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md index 2c023e6bc0..6a92928800 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md @@ -3,14 +3,14 @@ title: AppLocker design guide (Windows) description: This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker. ms.assetid: 1c8e4a7b-3164-4eb4-9277-11b1d5a09c7b ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md index 77d166aedc..f5868aae15 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md @@ -3,14 +3,14 @@ title: AppLocker policy use scenarios (Windows) description: This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented. ms.assetid: 33f71578-89f0-4063-ac04-cf4f4ca5c31f ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md index 34ff057457..7836f6cb61 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md @@ -3,14 +3,14 @@ title: AppLocker processes and interactions (Windows) description: This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules. ms.assetid: 0beec616-6040-4be7-8703-b6c919755d8e ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md index 85ecf639ea..2b4b803773 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md @@ -3,14 +3,14 @@ title: AppLocker settings (Windows) description: This topic for the IT professional lists the settings used by AppLocker. ms.assetid: 9cb4aa19-77c0-4415-9968-bd07dab86839 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md index 7dc333ae22..c437de9b47 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md @@ -3,14 +3,14 @@ title: AppLocker technical reference (Windows) description: This overview topic for IT professionals provides links to the topics in the technical reference. ms.assetid: 2b2678f8-c46b-4e1d-b8c5-037c0be255ab ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md index 8dbd16c51c..43bf3a0b1b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md @@ -3,14 +3,14 @@ title: Configure an AppLocker policy for audit only (Windows) description: This topic for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker. ms.assetid: 10bc87d5-cc7f-4500-b7b3-9006e50afa50 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md index 81a1e43bb4..1190773b0d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md @@ -3,14 +3,14 @@ title: Configure an AppLocker policy for enforce rules (Windows) description: This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting. ms.assetid: 5dbbb290-a5ae-4f88-82b3-21e95972e66c ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md index 1eba7b9033..a4175fe3fb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md @@ -3,14 +3,14 @@ title: Add exceptions for an AppLocker rule (Windows) description: This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule. ms.assetid: d15c9d84-c14b-488d-9f48-bf31ff7ff0c5 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md index 1f7b314f14..fa0f8111b2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md @@ -3,14 +3,14 @@ title: Configure the AppLocker reference device (Windows) description: This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer. ms.assetid: 034bd367-146d-4956-873c-e1e09e6fefee ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md index 4db27c8710..f2281e9d24 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md @@ -3,14 +3,14 @@ title: Configure the Application Identity service (Windows) description: This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually. ms.assetid: dc469599-37fd-448b-b23e-5b8e4f17e561 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md index 3bc3d41f7e..5ac6b88d03 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md @@ -3,14 +3,14 @@ title: Create a rule for packaged apps (Windows) description: This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition. ms.assetid: e4ffd400-7860-47b3-9118-0e6853c3dfa0 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md index 0f78585339..0c5c51431d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md @@ -3,14 +3,14 @@ title: Create a rule that uses a file hash condition (Windows) description: This topic for IT professionals shows how to create an AppLocker rule with a file hash condition. ms.assetid: eb3b3524-1b3b-4979-ba5a-0a0b1280c5c7 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md index f935341e92..f594af17a2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md @@ -3,14 +3,14 @@ title: Create a rule that uses a path condition (Windows) description: This topic for IT professionals shows how to create an AppLocker rule with a path condition. ms.assetid: 9b2093f5-5976-45fa-90c3-da1e0e845d95 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md index 60623baeae..f94bd92046 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md @@ -3,14 +3,14 @@ title: Create a rule that uses a publisher condition (Windows) description: This topic for IT professionals shows how to create an AppLocker rule with a publisher condition. ms.assetid: 345ad45f-2bc1-4c4c-946f-17804e29f55b ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md index d130fe7233..b5ec324e43 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md @@ -3,14 +3,14 @@ title: Create AppLocker default rules (Windows) description: This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run. ms.assetid: 21e9dc68-a6f4-4ebe-ac28-4c66a7ab6e18 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md index 4b22dedc36..fd7ef676ab 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md @@ -3,14 +3,14 @@ title: Create a list of apps deployed to each business group (Windows) description: This topic describes the process of gathering app usage requirements from each business group to implement application control policies by using AppLocker. ms.assetid: d713aa07-d732-4bdc-8656-ba616d779321 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md index 8a5e46aee1..e54769e466 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md @@ -3,14 +3,14 @@ title: Create Your AppLocker policies (Windows) description: This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment. ms.assetid: d339dee2-4da2-4d4a-b46e-f1dfb7cb4bf0 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md index 8efbf0415b..40fd630f9e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md @@ -3,14 +3,14 @@ title: Create Your AppLocker rules (Windows) description: This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules. ms.assetid: b684a3a5-929c-4f70-8742-04088022f232 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md index 6247e45693..93b5bfcce1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md @@ -3,14 +3,14 @@ title: Delete an AppLocker rule (Windows) description: This article for IT professionals describes the steps to delete an AppLocker rule. ms.assetid: 382b4be3-0df9-4308-89b2-dcf9df351eb5 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md index fc69f58037..d110f3dbab 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md @@ -3,14 +3,14 @@ title: Deploy AppLocker policies by using the enforce rules setting (Windows) description: This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method. ms.assetid: fd3a3d25-ff3b-4060-8390-6262a90749ba ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md index 3c3692819b..374248651d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md @@ -3,14 +3,14 @@ title: Deploy the AppLocker policy into production (Windows) description: This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings. ms.assetid: ebbb1907-92dc-499e-8cee-8e637483c9ae ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md index 13836e63df..f45c9348b4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md @@ -3,14 +3,14 @@ title: Determine the Group Policy structure and rule enforcement (Windows) description: This overview topic describes the process to follow when you're planning to deploy AppLocker rules. ms.assetid: f435fcbe-c7ac-4ef0-9702-729aab64163f ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md index e8313de0e1..becadb7f0a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md @@ -3,14 +3,14 @@ title: Find digitally signed apps on a reference device (Windows) description: This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed. ms.assetid: 24609a6b-fdcb-4083-b234-73e23ff8bcb8 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md index 1136c55fd2..ab778e7e27 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md @@ -3,14 +3,14 @@ title: Determine your application control objectives (Windows) description: Determine which applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker. ms.assetid: 0e84003e-6095-46fb-8c4e-2065869bb53b ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md index 542a15ced2..ed21869880 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md @@ -3,14 +3,14 @@ title: Display a custom URL message when users try to run a blocked app (Windows description: This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app. ms.assetid: 9a2534a5-d1fa-48a9-93c6-989d4857cf85 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.pagetype: security ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md index 6921eeb8f7..87c6472d4b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md @@ -3,14 +3,14 @@ title: DLL rules in AppLocker (Windows) description: This topic describes the file formats and available default rules for the DLL rule collection. ms.assetid: a083fd08-c07e-4534-b0e7-1e15d932ce8f ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md index 24d9b339a4..076ca5099e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md @@ -3,13 +3,13 @@ title: Document Group Policy structure & AppLocker rule enforcement (Windows) description: This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker. ms.assetid: 389ffa8e-11fc-49ff-b0b1-89553e6fb6e5 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md index 5f360731db..313d459533 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md @@ -3,14 +3,14 @@ title: Document your app list (Windows) description: This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies. ms.assetid: b155284b-f75d-4405-aecf-b74221622dc0 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md index 151e00dc31..8108aba233 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md @@ -3,14 +3,14 @@ title: Document your AppLocker rules (Windows) description: Learn how to document your AppLocker rules and associate rule conditions with files, permissions, rule source, and implementation. ms.assetid: 91a198ce-104a-45ff-b49b-487fb40cd2dd ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md index d23ab33e4b..cbee3198d1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md @@ -3,14 +3,14 @@ title: Edit an AppLocker policy (Windows) description: This topic for IT professionals describes the steps required to modify an AppLocker policy. ms.assetid: dbc72d1f-3fe0-46c2-aeeb-96621fce7637 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md index 742bb76aa9..012250699e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md @@ -3,14 +3,14 @@ title: Edit AppLocker rules (Windows) description: This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker. ms.assetid: 80016cda-b915-46a0-83c6-5e6b0b958e32 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md index 81877d328c..342ef58154 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md @@ -3,14 +3,14 @@ title: Enable the DLL rule collection (Windows) description: This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker. ms.assetid: 88ef9561-6eb2-491a-803a-b8cdbfebae27 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md index 67fa92f12c..2d5dcfa991 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md @@ -3,14 +3,14 @@ title: Enforce AppLocker rules (Windows) description: This topic for IT professionals describes how to enforce application control rules by using AppLocker. ms.assetid: e1528b7b-77f2-4419-8e27-c9cc3721d96d ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md index b8a51feeed..e693b917b0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md @@ -3,14 +3,14 @@ title: Executable rules in AppLocker (Windows) description: This topic describes the file formats and available default rules for the executable rule collection. ms.assetid: 65e62f90-6caa-48f8-836a-91f8ac9018ee ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md index aa08b6fce3..1a8ecaf384 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md @@ -3,14 +3,14 @@ title: Export an AppLocker policy from a GPO (Windows) description: This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified. ms.assetid: 7db59719-a8be-418b-bbfd-22cf2176c9c0 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md index 25c099d3c3..b6f0fcba38 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md @@ -3,14 +3,14 @@ title: Export an AppLocker policy to an XML file (Windows) description: This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing. ms.assetid: 979bd23f-6815-478b-a6a4-a25239cb1080 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md index bcccdec697..5852b201e6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md @@ -3,14 +3,14 @@ title: How AppLocker works (Windows) description: This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies. ms.assetid: 24bb1d73-0ff5-4af7-8b8a-2fa44d4ddbcd ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md index 5901726822..afedd848c3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md @@ -3,14 +3,14 @@ title: Import an AppLocker policy from another computer (Windows) description: This topic for IT professionals describes how to import an AppLocker policy. ms.assetid: b48cb2b2-8ef8-4cc0-89bd-309d0b1832f6 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md index 9853f4b41f..d215c84407 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md @@ -3,14 +3,14 @@ title: Import an AppLocker policy into a GPO (Windows) description: This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO). ms.assetid: 0629ce44-f5e2-48a8-ba47-06544c73261f ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md index 97c6d66e6c..2e3059c857 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md @@ -3,14 +3,14 @@ title: Maintain AppLocker policies (Windows) description: Learn how to maintain rules within AppLocker policies. View common AppLocker maintenance scenarios and see the methods to use to maintain AppLocker policies. ms.assetid: b4fbfdfe-ef3d-49e0-a390-f2dfe74602bc ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md index 477f41380a..04206c6d54 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md @@ -3,14 +3,14 @@ title: Manage packaged apps with AppLocker (Windows) description: Learn concepts and lists procedures to help you manage packaged apps with AppLocker as part of your overall application control strategy. ms.assetid: 6d0c99e7-0284-4547-a30a-0685a9916650 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md index 6d553816d9..85cc225094 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md @@ -3,14 +3,14 @@ title: Merge AppLocker policies by using Set-ApplockerPolicy (Windows) description: This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell. ms.assetid: f1c7d5c0-463e-4fe2-a410-844a404f18d0 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md index de6eab6cab..fd45a8a42c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md @@ -3,14 +3,14 @@ title: Merge AppLocker policies manually (Windows) description: This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO). ms.assetid: 3605f293-e5f2-481d-8efd-775f9f23c30f ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md index 2a7f113724..a9092f169c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md @@ -3,14 +3,14 @@ title: Monitor app usage with AppLocker (Windows) description: This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied. ms.assetid: 0516da6e-ebe4-45b4-a97b-31daba96d1cf ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md index e1bfa2e4a6..f481f86ce2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md @@ -3,14 +3,14 @@ title: Optimize AppLocker performance (Windows) description: This topic for IT professionals describes how to optimize AppLocker policy enforcement. ms.assetid: a20efa20-bc98-40fe-bd81-28ec4905e0f6 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md index 0ee1ed1988..25c01eb30d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md @@ -3,14 +3,14 @@ title: Packaged apps and packaged app installer rules in AppLocker (Windows) description: This topic explains the AppLocker rule collection for packaged app installers and packaged apps. ms.assetid: 8fd44d08-a0c2-4c5b-a91f-5cb9989f971d ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md index 65214802ff..3106e7eb8c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md @@ -3,14 +3,14 @@ title: Plan for AppLocker policy management (Windows) description: This topic describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies. ms.assetid: dccc196f-6ae0-4ae4-853a-a3312b18751b ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md index 9d554232ef..a0be9442c5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md @@ -3,14 +3,14 @@ title: Refresh an AppLocker policy (Windows) description: This topic for IT professionals describes the steps to force an update for an AppLocker policy. ms.assetid: 3f24fcbc-3926-46b9-a1a2-dd036edab8a9 ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md index 4b22f44415..c3de7dcc3e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md @@ -3,14 +3,14 @@ title: Requirements for deploying AppLocker policies (Windows) description: This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies. ms.assetid: 3e55bda2-3cd7-42c7-bad3-c7dfbe193d48 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md index 023753c944..2053dc727e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md @@ -3,14 +3,14 @@ title: Requirements to use AppLocker (Windows) description: This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems. ms.assetid: dc380535-071e-4794-8f9d-e5d1858156f0 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md index 807313b37d..6fd6a3a17a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md @@ -3,14 +3,14 @@ title: Run the Automatically Generate Rules wizard (Windows) description: This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device. ms.assetid: 8cad1e14-d5b2-437c-8f88-70cffd7b3d8e ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md index b7d7521a48..f73f481981 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md @@ -3,14 +3,14 @@ title: Script rules in AppLocker (Windows) description: This article describes the file formats and available default rules for the script rule collection. ms.assetid: fee24ca4-935a-4c5e-8a92-8cf1d134d35f ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md index 8aebe54030..4ac9ca4172 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md @@ -3,14 +3,14 @@ title: Security considerations for AppLocker (Windows) description: This topic for the IT professional describes the security considerations you need to address when implementing AppLocker. ms.assetid: 354a5abb-7b31-4bea-a442-aa9666117625 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md index a8f29966da..93a5f15fbe 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md @@ -3,14 +3,14 @@ title: Select the types of rules to create (Windows) description: This topic lists resources you can use when selecting your application control policy rules by using AppLocker. ms.assetid: 14751169-0ed1-47cc-822c-8c01a7477784 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md index af4f2f86cc..c253a8cd0d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md @@ -3,14 +3,14 @@ title: Test an AppLocker policy by using Test-AppLockerPolicy (Windows) description: This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer. ms.assetid: 048bfa38-6825-4a9a-ab20-776cf79f402a ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md index 7767e8d4db..20c8807049 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md @@ -3,14 +3,14 @@ title: Test and update an AppLocker policy (Windows) description: This topic discusses the steps required to test an AppLocker policy prior to deployment. ms.assetid: 7d53cbef-078c-4d20-8b00-e821e33b6ea1 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md index fd88f08362..26aa252ce6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md @@ -3,14 +3,14 @@ title: Tools to use with AppLocker (Windows) description: This topic for the IT professional describes the tools available to create and administer AppLocker policies. ms.assetid: db2b7cb3-7643-4be5-84eb-46ba551e1ad1 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md index 005c1ddcc2..34a4113aa1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md @@ -3,14 +3,14 @@ title: Understand AppLocker enforcement settings (Windows) description: This topic describes the AppLocker enforcement settings for rule collections. ms.assetid: 48773007-a343-40bf-8961-b3ff0a450d7e ms.reviewer: -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md index fb22ebb52e..b9bd16f418 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md @@ -3,14 +3,14 @@ title: Understand AppLocker policy design decisions (Windows) description: Review some common considerations while you're planning to use AppLocker to deploy application control policies within a Windows environment. ms.assetid: 3475def8-949a-4b51-b480-dc88b5c1e6e6 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md index e7a565430e..3604d9fa73 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md @@ -3,14 +3,14 @@ title: Understand AppLocker rules and enforcement setting inheritance in Group P description: This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy. ms.assetid: c1c5a3d3-540a-4698-83b5-0dab5d27d871 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md index b0c0834967..2f4ad091be 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md @@ -3,14 +3,14 @@ title: Understand the AppLocker policy deployment process (Windows) description: This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies. ms.assetid: 4cfd95c1-fbd3-41fa-8efc-d23c1ea6fb16 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md index 3fe3cbccdc..8cb3dbb534 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md @@ -3,14 +3,14 @@ title: Understanding AppLocker allow and deny actions on rules (Windows) description: This topic explains the differences between allow and deny actions on AppLocker rules. ms.assetid: ea0370fa-2086-46b5-a0a4-4a7ead8cbed9 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md index 8c640a6c94..ba9d28442d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md @@ -3,14 +3,14 @@ title: Understanding AppLocker default rules (Windows) description: This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied. ms.assetid: bdb03d71-05b7-41fb-96e3-a289ce1866e1 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md index 5afe6be646..9aa30d5871 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md @@ -3,14 +3,14 @@ title: Understanding AppLocker rule behavior (Windows) description: This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker. ms.assetid: 3e2738a3-8041-4095-8a84-45c1894c97d0 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md index 23dd648c32..41c8ce1282 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md @@ -3,14 +3,14 @@ title: Understanding AppLocker rule collections (Windows) description: This topic explains the five different types of AppLocker rules used to enforce AppLocker policies. ms.assetid: 03c05466-4fb3-4880-8d3c-0f6f59fc5579 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md index b56ba6c88d..f6ad12a085 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md @@ -3,14 +3,14 @@ title: Understanding AppLocker rule condition types (Windows) description: This topic for the IT professional describes the three types of AppLocker rule conditions. ms.assetid: c21af67f-60a1-4f7d-952c-a6f769c74729 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md index d4eab6bcf6..08ec6175fd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md @@ -3,14 +3,14 @@ title: Understanding AppLocker rule exceptions (Windows) description: This topic describes the result of applying AppLocker rule exceptions to rule collections. ms.assetid: e6bb349f-ee60-4c8d-91cd-6442f2d0eb9c ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md index 9e63783239..309413ceee 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md @@ -3,14 +3,14 @@ title: Understanding the file hash rule condition in AppLocker (Windows) description: This topic explains the AppLocker file hash rule condition, the advantages and disadvantages, and how it's applied. ms.assetid: 4c6d9af4-2b1a-40f4-8758-1a6f9f147756 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md index e47540ebc1..12c2b4fe3a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md @@ -3,14 +3,14 @@ title: Understanding the path rule condition in AppLocker (Windows) description: This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it's applied. ms.assetid: 3fa54ded-4466-4f72-bea4-2612031cad43 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md index 22ab048b3b..a9ded601fa 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md @@ -3,14 +3,14 @@ title: Understanding the publisher rule condition in AppLocker (Windows) description: This topic explains the AppLocker publisher rule condition, what controls are available, and how it's applied. ms.assetid: df61ed8f-a97e-4644-9d0a-2169f18c1c4f ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md index a5ef9054dc..0c36d76a1f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md @@ -2,14 +2,14 @@ title: Use a reference device to create and maintain AppLocker policies (Windows) description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer. ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6 -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md index 37a691a28f..33fd27fc50 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md @@ -3,14 +3,14 @@ title: Use AppLocker and Software Restriction Policies in the same domain (Windo description: This topic for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker. ms.assetid: 2b7e0cec-df62-49d6-a2b7-6b8e30180943 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md index 2751109b02..89de902770 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md @@ -3,14 +3,14 @@ title: Use the AppLocker Windows PowerShell cmdlets (Windows) description: This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies. ms.assetid: 374e029c-5c0a-44ab-a57a-2a9dd17dc57d ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md index 59111cd93d..19458879ae 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md @@ -3,14 +3,14 @@ title: Using Event Viewer with AppLocker (Windows) description: This topic lists AppLocker events and describes how to use Event Viewer with AppLocker. ms.assetid: 109abb10-78b1-4c29-a576-e5a17dfeb916 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md index 96c1644d3a..e066f48a28 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md @@ -3,14 +3,14 @@ title: Use Software Restriction Policies and AppLocker policies (Windows) description: This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment. ms.assetid: c3366be7-e632-4add-bd10-9df088f74c6d ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md index dc46fa241d..32770dbace 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md @@ -3,14 +3,14 @@ title: What Is AppLocker (Windows) description: This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies. ms.assetid: 44a8a2bb-0f83-4f95-828e-1f364fb65869 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md index fcc0f3b253..38655935cf 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md @@ -3,14 +3,14 @@ title: Windows Installer rules in AppLocker (Windows) description: This topic describes the file formats and available default rules for the Windows Installer rule collection. ms.assetid: 3fecde5b-88b3-4040-81fa-a2d36d052ec9 ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md index 211cdb2e62..79ed0dd7e7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md @@ -3,14 +3,14 @@ title: Working with AppLocker policies (Windows) description: This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies. ms.assetid: 7062d2e0-9cbb-4cb8-aa8c-b24945c3771d ms.reviewer: -ms.author: macapara +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: mjcaparas -manager: dansimp +author: vinaypamnani-msft +manager: aaroncz audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md index 4ad45cf9e0..d7a8d5162f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md @@ -3,13 +3,13 @@ title: Working with AppLocker rules (Windows) description: This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies. ms.assetid: 3966b35b-f2da-4371-8b5f-aec031db6bc9 ms.reviewer: -manager: dansimp -ms.author: macapara +manager: aaroncz +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: dansimp +author: vinaypamnani-msft ms.localizationpriority: medium msauthor: v-anbic ms.date: 08/27/2018 diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md index cc3b1b631b..4e2278d047 100644 --- a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jogeurte -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 05/03/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md index ca600a98a7..5af247add0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jogeurte -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 05/03/2018 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md new file mode 100644 index 0000000000..5a2d7b7e72 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md @@ -0,0 +1,105 @@ +--- +title: Managing CI Policies and Tokens with CiTool +description: Learn how to use Policy Commands, Token Commands, and Miscellaneous Commands in CiTool +author: valemieux +ms.author: jogeurte +ms.service: security +ms.reviewer: jogeurte +ms.topic: how-to +ms.date: 08/07/2022 +ms.custom: template-how-to +--- + +# Manage Windows Defender Application Control (WDAC) Policies with CI Tool + +CI Tool makes Windows Defender Application Control (WDAC) policy management easier for IT admins. CI Tool can be used to manage Windows Defender Application Control policies and CI Tokens. This article describes how to use CI Tool to update and manage policies. CI Tool is currently included in Windows 11, version 22H2. + +## Policy Commands + +| Command | Description | Alias | +|--------|---------|---------| +| --update-policy `` | Add or update a policy on the current system | -up | +| --remove-policy `` | Remove a policy indicated by PolicyGUID from the system | -rp | +| --list-policies | Dump information about all policies on the system, whether they are active or not | -lp | + +## Token Commands + +| Command | Description | Alias | +|--------|---------|---------| +| --add-token `` <--token-id ID> | Deploy a token onto the current system, with an optional specific ID. | -at | +| --remove-token `` | Remove a Token indicated by ID from the system. | -rt | +| --list-tokens | Dump information about all tokens on the system | -lt | + +> [!NOTE] +> Regarding --add-token, if `` is specified, a pre-existing token with `` should not exist. + +## Miscellaneous Commands + +| Command | Description | Alias | +|--------|---------|---------| +| --device-id | Dump the Code Integrity Device ID | -id | +| --refresh | Attempt to Refresh WDAC Policies | -r | +| --help | Display the tool's help menu | -h | + +## Examples + +1. Deploy a WDAC policy onto the system + + ```powershell + PS C:\Users\ CITool --update-policy "\Windows\Temp\{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}.cip" + Operation Successful + Press Enter to Continue + ``` + +2. Refresh the WDAC policies + + ```powershell + PS C:\Users\ CITool --refresh + Operation Successful + ``` + +3. Remove a specific WDAC policy by its policy ID + + ```powershell + PS C:\Users\ CiTool --remove-policy "{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}" + Operation Successful + Press Enter to Continue + ``` + +4. Display the help menu + + ```powershell + PS C:\Users\ CITool -h + + ----------------------------- Policy Commands --------------------------------- + --update-policy /Path/To/Policy/File + Add or update a policy on the current system + aliases: -up + --remove-policy PolicyGUID + Remove a policy indicated by PolicyGUID from the system + aliases: -rp + --list-policies + Dump information about all policies on the system, whether they be active or not + aliases: -lp + ----------------------------- Token Commands --------------------------------- + --add-token Path/To/Token/File <--token-id ID> + Deploy a token onto the current system, with an optional specific ID + If is specified, a pre-existing token with should not exist. + aliases:-at + --remove-token ID + Remove a Token indicated by ID from the system. + aliases: -rt + --list-tokens + Dump information about all tokens on the system + aliases: -lt + ----------------------------- Misc Commands --------------------------------- + --device-id + Dump the Code Integrity Device Id + aliases: -id + --refresh + Attempt to Refresh CI Policies + aliases: -r + --help + Display this message + aliases: -h + ``` diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md index cb5391c9a3..01ab300700 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jogeurte -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 08/26/2022 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md index 63d3ee3fe4..f3f83d27d4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 08/14/2020 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md index 024c53413c..4e4f1658bb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 02/28/2018 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md index f9b070ff3b..eefa0fddb5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jogeurte -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 08/08/2022 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index b81414e10f..914f3e69f5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jgeurten ms.reviewer: jsuther1974 -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md index baee8a7e94..9871b7cbf5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md @@ -13,8 +13,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 11/20/2019 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md index cfea5dc30f..f6314a8424 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jgeurten -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 02/28/2018 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md index b3cffd3fb8..d4dc55b27e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jogeurte -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 07/19/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md index 287aba1869..feb0895f8a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md @@ -7,7 +7,7 @@ ms.collection: M365-security-compliance author: jgeurten ms.reviewer: aaroncz ms.author: jogeurte -manager: jsuther +manager: aaroncz ms.date: 06/27/2022 ms.topic: how-to ms.localizationpriority: medium diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index 28a74c5e9f..369149227c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -6,11 +6,11 @@ ms.prod: m365-security audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: jogeurte +ms.reviewer: aaroncz ms.author: jogeurte ms.manager: jsuther -manager: dansimp -ms.date: 03/08/2022 +manager: aaroncz +ms.date: 10/06/2022 ms.technology: windows-sec ms.topic: article ms.localizationpriority: medium @@ -27,13 +27,15 @@ ms.localizationpriority: medium >[!NOTE] >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). -This topic describes how to deploy Windows Defender Application Control (WDAC) policies using script. The instructions below use PowerShell but can work with any scripting host. +This article describes how to deploy Windows Defender Application Control (WDAC) policies using script. The instructions below use PowerShell but can work with any scripting host. > [!NOTE] > To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool. ## Deploying policies for Windows 10 version 1903 and above +You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). + 1. Initialize the variables to be used by the script. ```powershell @@ -49,7 +51,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p Copy-Item -Path $PolicyBinary -Destination $DestinationFolder -Force ``` -3. Repeat steps 1-2 as appropriate to deploy additional WDAC policies. +3. Repeat steps 1-2 as appropriate to deploy more WDAC policies. 4. Run RefreshPolicy.exe to activate and refresh all WDAC policies on the managed endpoint. ```powershell @@ -82,7 +84,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [Microsoft Endpoint Manager](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically. -1. Mount the EFI volume and make the directory, if it does not exist, in an elevated PowerShell prompt: +1. Mount the EFI volume and make the directory, if it doesn't exist, in an elevated PowerShell prompt: ```powershell $MountPoint = 'C:\EFIMount' diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md index 5fd44350ee..48ebdd4db4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md @@ -12,9 +12,9 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jogeurte -ms.author: dansimp -manager: dansimp -ms.date: 06/27/2022 +ms.author: vinpa +manager: aaroncz +ms.date: 10/06/2022 ms.technology: windows-sec --- @@ -31,13 +31,17 @@ ms.technology: windows-sec > > Group Policy-based deployment of Windows Defender Application Control policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for policy deployment. -Single-policy format Windows Defender Application Control policies (pre-1903 policy schema) can be easily deployed and managed with Group Policy. The following procedure walks you through how to deploy a WDAC policy called **ContosoPolicy.bin** to a test OU called *WDAC Enabled PCs* by using a GPO called **Contoso GPO Test**. +Single-policy format Windows Defender Application Control policies (pre-1903 policy schema) can be easily deployed and managed with Group Policy. + +You should now have a WDAC policy converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). + +The following procedure walks you through how to deploy a WDAC policy called **SiPolicy.p7b** to a test OU called *WDAC Enabled PCs* by using a GPO called **Contoso GPO Test**. To deploy and manage a Windows Defender Application Control policy with Group Policy: 1. On a client computer on which RSAT is installed, open the GPMC by running **GPMC.MSC** -2. Create a new GPO: right-click an OU and then click **Create a GPO in this domain, and Link it here**. +2. Create a new GPO: right-click an OU and then select **Create a GPO in this domain, and Link it here**. > [!NOTE] > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../plan-windows-defender-application-control-management.md). @@ -46,15 +50,15 @@ To deploy and manage a Windows Defender Application Control policy with Group Po 3. Name the new GPO. You can choose any name. -4. Open the Group Policy Management Editor: right-click the new GPO, and then click **Edit**. +4. Open the Group Policy Management Editor: right-click the new GPO, and then select **Edit**. -5. In the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Deploy Windows Defender Application Control** and then click **Edit**. +5. In the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Deploy Windows Defender Application Control** and then select **Edit**. ![Edit the Group Policy for Windows Defender Application Control.](../images/wdac-edit-gp.png) 6. In the **Deploy Windows Defender Application Control** dialog box, select the **Enabled** option, and then specify the WDAC policy deployment path. - In this policy setting, you specify either the local path in which the policy will exist on the client computer or a Universal Naming Convention (UNC) path that the client computers will look to retrieve the latest version of the policy. For example, with ContosoPolicy.bin on the test computer, the example file path would be C:\\Windows\\System32\\CodeIntegrity\\ContosoPolicy.bin. + In this policy setting, you specify either the local path where the policy will exist on each client computer or a Universal Naming Convention (UNC) path that the client computers will look to retrieve the latest version of the policy. For example, the path to SiPolicy.p7b using the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) would be %USERPROFILE%\Desktop\SiPolicy.p7b. > [!NOTE] > This policy file does not need to be copied to every computer. You can instead copy the WDAC policies to a file share to which all computer accounts have access. Any policy selected here is converted to SIPolicy.p7b when it is deployed to the individual client computers. @@ -62,6 +66,6 @@ To deploy and manage a Windows Defender Application Control policy with Group Po ![Group Policy called Deploy Windows Defender Application Control.](../images/dg-fig26-enablecode.png) > [!NOTE] - > You may have noticed that the GPO setting references a .p7b file and this example uses a .bin file for the policy. Regardless of the type of policy you deploy (.bin, .p7b, or .p7), they are all converted to SIPolicy.p7b when dropped on the client computer running Windows 10. Give your WDAC policies friendly names and allow the system to convert the policy names for you to ensure that the policies are easily distinguishable when viewed in a share or any other central repository. + > You may have noticed that the GPO setting references a .p7b file, but the file extension and name of the policy binary do not matter. Regardless of what you name your policy binary, they are all converted to SIPolicy.p7b when applied to the client computers running Windows 10. If you are deploying different WDAC policies to different sets of devices, you may want to give each of your WDAC policies a friendly name and allow the system to convert the policy names for you to ensure that the policies are easily distinguishable when viewed in a share or any other central repository. 7. Close the Group Policy Management Editor, and then restart the Windows test computer. Restarting the computer updates the WDAC policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md index 9db5920c58..f155922fc3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md @@ -6,10 +6,10 @@ ms.technology: itpro-security ms.localizationpriority: medium ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: isbrahm +ms.reviewer: jogeurte ms.author: vinpa manager: aaroncz -ms.date: 06/27/2022 +ms.date: 10/06/2022 ms.topic: how-to --- @@ -48,19 +48,17 @@ To use Intune's built-in WDAC policies, configure [Endpoint Protection for Windo > [!NOTE] > Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../deploy-multiple-windows-defender-application-control-policies.md) which allow more granular policy. +You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). + ### Deploy custom WDAC policies on Windows 10 1903+ Beginning with Windows 10 1903, custom OMA-URI policy deployment can use the [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies. The steps to use Intune's custom OMA-URI functionality are: -1. Know a generated policy's GUID, which can be found in the policy xml as `` +1. Open the Microsoft Intune portal and [create a profile with custom settings](/mem/intune/configuration/custom-settings-windows-10). -2. Convert the policy XML to binary format using the [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) cmdlet in order to be deployed. The binary policy may be signed or unsigned. - -3. Open the Microsoft Intune portal and [create a profile with custom settings](/mem/intune/configuration/custom-settings-windows-10). - -4. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings: +2. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings: - **OMA-URI**: `./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy` - **Data type**: Base64 (file) - **Certificate file**: upload your binary format policy file. You don't need to upload a Base64 file, as Intune will convert the uploaded .bin file to Base64 on your behalf. diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md index 0c7726f27d..fc09a71c05 100644 --- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 05/03/2018 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md index 1628e2a60c..da83fa7b8e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md @@ -9,7 +9,7 @@ author: jsuther1974 ms.reviewer: jogeurte ms.author: jogeurte ms.manager: jsuther -manager: dansimp +manager: aaroncz ms.date: 04/22/2021 ms.technology: windows-sec ms.topic: article diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md index ef245ab5bf..f4a34af223 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md @@ -7,8 +7,8 @@ ms.localizationpriority: medium ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jogeurte -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 06/27/2022 ms.topic: reference --- diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md index c20f083f00..c14d69350c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 07/13/2021 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md index cd504ed4ee..f5d4aaa3cd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md @@ -13,8 +13,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jogeurte -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 08/05/2022 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md index 751028a760..06470901cd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md +++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md @@ -1,5 +1,5 @@ --- -title: Windows Defender Application Control feature availability +title: Windows Defender Application Control feature availability description: Compare Windows Defender Application Control (WDAC) and AppLocker feature availability. ms.prod: m365-security ms.technology: windows-sec @@ -8,7 +8,7 @@ ms.collection: M365-security-compliance author: jgeurten ms.reviewer: aaroncz ms.author: jogeurte -manager: jsuther +manager: aaroncz ms.date: 06/27/2022 ms.custom: asr ms.topic: overview diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md index c309371277..72d6dc93df 100644 --- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 05/29/2020 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md index 3c6789e089..f31db0823f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md @@ -1,6 +1,6 @@ --- title: Merge Windows Defender Application Control policies (WDAC) (Windows) -description: Learn how to merge WDAC policies as part of your policy lifecycle management. +description: Learn how to merge WDAC policies as part of your policy lifecycle management. keywords: security, malware ms.prod: m365-security audience: ITPro @@ -9,7 +9,7 @@ author: jsuther1974 ms.reviewer: jogeurte ms.author: jogeurte ms.manager: jsuther -manager: dansimp +manager: aaroncz ms.date: 04/22/2021 ms.technology: windows-sec ms.topic: article diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index 6382926723..18954c0597 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -1,7 +1,7 @@ --- title: Microsoft recommended driver block rules (Windows) description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community. -keywords: security, malware, kernel mode, driver +keywords: security, malware, kernel mode, driver ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: m365-security ms.mktglfcycl: deploy @@ -12,8 +12,9 @@ audience: ITPro ms.collection: M365-security-compliance author: jgeurten ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz +ms.date: 10/07/2022 --- # Microsoft recommended driver block rules @@ -25,36 +26,32 @@ manager: dansimp - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). -Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're quickly patched and rolled out to the ecosystem. The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes: +Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers. When vulnerabilities in drivers are found, we work with our partners to ensure they're quickly patched and rolled out to the ecosystem. The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes: - Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel - Malicious behaviors (malware) or certificates used to sign malware - Behaviors that aren't malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel -Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). For more information about driver submission, see [Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center -](https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/). To report an issue or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/wdsi) or submit feedback on this article. +Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). For more information about driver submission, see [Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center](https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/). To report an issue or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/wdsi) or submit feedback on this article. ## Microsoft vulnerable driver blocklist -Microsoft adds the vulnerable versions of the drivers to our vulnerable driver blocklist, which is automatically enabled on devices when any of the listed conditions are met: - -| Condition | Windows 10 or 11 | Windows 11 22H2 or later | -|--|:--:|:--:| -| Device has [Hypervisor-protected code integrity (HVCI)](../device-guard/enable-virtualization-based-protection-of-code-integrity.md) enabled | :heavy_check_mark: | :heavy_check_mark: | -| Device is in [S mode](https://support.microsoft.com/windows/windows-10-and-windows-11-in-s-mode-faq-851057d6-1ee9-b9e5-c30b-93baebeebc85#WindowsVersion=Windows_11) | :heavy_check_mark: | :heavy_check_mark: | -| Device has [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) enabled | :x: | :heavy_check_mark: | -| Clean install of Windows | :x: | :heavy_check_mark: | +With Windows 11 2022 update, the vulnerable driver blocklist is enabled by default for all devices, and can be turned on or off via the [Windows Security](https://support.microsoft.com/windows/device-protection-in-windows-security-afa11526-de57-b1c5-599f-3a4c6a61c5e2) app. The vulnerable driver blocklist is also enforced when either memory integrity (also known as hypervisor-protected code integrity or HVCI), Smart App Control, or S mode is active. Users can opt in to HVCI using the Windows Security app, and HVCI is on by-default for most new Windows 11 devices. > [!NOTE] -> Microsoft vulnerable driver blocklist can also be enabled using [Windows Security](https://support.microsoft.com/windows/device-protection-in-windows-security-afa11526-de57-b1c5-599f-3a4c6a61c5e2), but the option to disable it is grayed out when HVCI or Smart App Control is enabled, or when the device is in S mode. You must disable HVCI or Smart App Control, or switch the device out of S mode, and restart the device before you can disable Microsoft vulnerable driver blocklist. +> The option to turn Microsoft's vulnerable driver blocklist on or off using the [Windows Security](https://support.microsoft.com/windows/device-protection-in-windows-security-afa11526-de57-b1c5-599f-3a4c6a61c5e2) app is grayed out when HVCI, Smart App Control, or S mode is enabled. You must disable HVCI or Smart App Control, or switch the device out of S mode, and restart the device before you can turn off the Microsoft vulnerable driver blocklist. + +The blocklist is updated with each new major release of Windows. We plan to update the current blocklist for non-Windows 11 customers in an upcoming servicing release and will occasionally publish future updates through regular Windows servicing. + +Customers who always want the most up-to-date driver blocklist can also use Windows Defender Application Control (WDAC) to apply the latest recommended driver blocklist contained in this article. For your convenience, we've provided a download of the most up-to-date vulnerable driver blocklist along with instructions to apply it on your computer at the end of this article. Otherwise, you can use the XML provided below to create your own custom WDAC policies. ## Blocking vulnerable drivers using WDAC -Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events. +Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) and review the audit block events. > [!IMPORTANT] > Microsoft also recommends enabling Attack Surface Reduction (ASR) rule [**Block abuse of exploited vulnerable signed drivers**](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-abuse-of-exploited-vulnerable-signed-drivers) to prevent an application from writing a vulnerable signed driver to disk. The ASR rule doesn't block a driver already existing on the system from being loaded, however enabling **Microsoft vulnerable driver blocklist** or applying this WDAC policy prevents the existing driver from being loaded. @@ -78,6 +75,12 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- + + + + + + @@ -401,7 +404,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- - + @@ -1800,7 +1803,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- - + @@ -2170,11 +2173,6 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- 10.0.25210.0 - - - true - - {A244370E-44C9-4C06-B551-F6016E563076} @@ -2183,8 +2181,29 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device- > [!NOTE] -> The policy listed above contains **Allow All** rules. Microsoft recommends deploying this policy alongside an existing WDAC policy instead of merging it with the existing policy. If you must use a single policy, remove the **Allow All** rules before merging it with the existing policy. For more information, see [Create a WDAC Deny Policy](create-wdac-deny-policy.md#single-policy-considerations). +> The policy listed above contains **Allow All** rules. Microsoft recommends deploying this policy alongside an existing WDAC policy instead of merging it with the existing policy. If you must use a single policy, remove the **Allow All** rules before merging it with the existing policy. For more information, see [Create a WDAC Deny Policy](/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy#single-policy-considerations). + +## Steps to download and apply the vulnerable driver blocklist binary + +If you prefer to apply the vulnerable driver blocklist exactly as shown above, follow these steps: + +1. Download the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) +2. Download and extract the [vulnerable driver blocklist binaries](https://aka.ms/VulnerableDriverBlockList) +3. Select either the audit only version or the enforced version and rename the file to SiPolicy.p7b +4. Copy SiPolicy.p7b to %windir%\system32\CodeIntegrity +5. Run the WDAC policy refresh tool you downloaded in Step 1 above to activate and refresh all WDAC policies on your computer + +To check that the policy was successfully applied on your computer: + +1. Open Event Viewer +2. Browse to **Applications and Services Logs - Microsoft - Windows - CodeIntegrity - Operational** +3. Select **Filter Current Log...** +4. Replace "<All Event IDs>" with "3099" and select OK +5. Look for a 3099 event where the PolicyNameBuffer and PolicyIdBuffer match the Name and Id PolicyInfo settings found at the bottom of the blocklist WDAC Policy XML in this article. NOTE: Your computer may have more than one 3099 event if other WDAC policies are also present. + +> [!NOTE] +> If any vulnerable drivers are already running that would be blocked by the policy, you must reboot your computer for those drivers to be blocked. Running processes aren't shutdown when activating a new WDAC policy without reboot. ## More information -- [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md) +- [Merge Windows Defender Application Control policies](/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies) diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md index dfddeebe3f..51b8d2f3a5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md @@ -9,7 +9,7 @@ author: jsuther1974 ms.reviewer: jogeurte ms.author: jogeurte ms.manager: jsuther -manager: dansimp +manager: aaroncz ms.date: 07/01/2022 ms.technology: windows-sec ms.topic: article diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md index 6691993b1b..2d2b9d73a8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 02/21/2018 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md index fcf1dd7a24..8111aec72f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md +++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 03/01/2022 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 45ffe31061..dc1754d95c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jgeurten ms.reviewer: jsuther1974 -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 08/29/2022 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md index 287c4058d0..7cb6570d5a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 03/01/2018 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 406209261e..c58a7cb649 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -3,7 +3,7 @@ title: Understand Windows Defender Application Control policy design decisions description: Understand Windows Defender Application Control policy design decisions. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -manager: dansimp +manager: aaroncz ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library @@ -13,7 +13,7 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp +ms.author: vinpa ms.date: 02/08/2018 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index bcfc28eb19..2f9f3c81b4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -2,7 +2,6 @@ title: Understanding Windows Defender Application Control (WDAC) secure settings description: Learn about secure settings in Windows Defender Application Control. ms.prod: windows-client -ms.technology: itpro-security ms.localizationpriority: medium ms.collection: M365-security-compliance author: jgeurten @@ -10,6 +9,7 @@ ms.reviewer: vinpa ms.author: jogeurte manager: aaroncz ms.date: 10/11/2021 +ms.technology: itpro-security --- # Understanding WDAC Policy Settings diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md index b84336abab..f708b2ccfb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 05/03/2018 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md index 5956abbc56..ba4c665c5b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md @@ -3,7 +3,7 @@ title: Use the Device Guard Signing Portal in the Microsoft Store for Business description: You can sign code integrity policies with the Device Guard signing portal to prevent them from being tampered with after they're deployed. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.author: dansimp +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library @@ -13,7 +13,7 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -manager: dansimp +manager: aaroncz ms.date: 02/19/2019 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md index 07f86d0c75..bf52be862f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jogeurte -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 08/15/2022 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index b3e830a04b..89d432372f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -3,8 +3,8 @@ title: Use a Windows Defender Application Control policy to control specific plu description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md index 4256d0a041..5d5f0d73f7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: jogeurte -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 08/10/2022 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index e430a2a554..8dc6b58351 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md index 696ab59fea..46065ed6cb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md @@ -10,10 +10,10 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: denisebmsft +author: vinaypamnani-msft ms.reviewer: isbrahm -ms.author: deniseb -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 09/30/2020 ms.custom: asr ms.technology: windows-sec diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md index e1353dfcf7..df2a6bc8c3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jgeurten ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.topic: conceptual ms.date: 10/14/2020 ms.technology: windows-sec diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md index 65a4c8ef77..7cac9d5ed3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jgeurten ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.topic: conceptual ms.date: 10/14/2020 ms.technology: windows-sec diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md index 5a109b3b15..3bbfc39b1c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jgeurten ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.topic: conceptual ms.date: 10/14/2020 ms.technology: windows-sec diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md index 172bcc1cf7..6eab848632 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jgeurten ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.topic: conceptual ms.date: 10/14/2020 ms.technology: windows-sec diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md index 2510df6b70..95a29f34dd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md @@ -7,8 +7,8 @@ ms.localizationpriority: medium ms.collection: M365-security-compliance author: jgeurten ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.topic: conceptual ms.date: 05/24/2022 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md index e993bb919d..6ee4af0b30 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md @@ -9,7 +9,7 @@ author: jgeurten ms.reviewer: aaroncz ms.author: jogeurte manager: jsuther -ms.date: 06/27/2022 +ms.date: 10/06/2022 ms.topic: overview --- @@ -26,9 +26,31 @@ ms.topic: overview You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](windows-defender-application-control-design-guide.md), do so now before proceeding. +## Convert your WDAC policy XML to binary + +Before you deploy your WDAC policies, you must first convert the XML to its binary form. You can do this using the following PowerShell example. You must set the $WDACPolicyXMLFile variable to point to your WDAC policy XML file. + + ```powershell + ## Update the path to your WDAC policy XML + $WDACPolicyXMLFile = $env:USERPROFILE"\Desktop\MyWDACPolicy.xml" + [xml]$WDACPolicy = Get-Content -Path $WDACPolicyXMLFile + if (($WDACPolicy.SiPolicy.PolicyID) -ne $null) ## Multiple policy format (For Windows builds 1903+ only, including Server 2022) + { + $PolicyID = $WDACPolicy.SiPolicy.PolicyID + $PolicyBinary = $PolicyID+".cip" + } + else ## Single policy format (Windows Server 2016 and 2019, and Windows 10 1809 LTSC) + { + $PolicyBinary = "SiPolicy.p7b" + } + + ## Binary file will be written to your desktop + ConvertFrom-CIPolicy -XmlFilePath $WDACPolicyXMLFile -BinaryFilePath $env:USERPROFILE\Desktop\$PolicyBinary + ``` + ## Plan your deployment -As with any significant change to your environment, implementing application control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Decide what devices you'll manage with Windows Defender Application Control and split them into deployment rings so you can control the scale of the deployment and respond if anything goes wrong. Define the success criteria that will determine when it's safe to continue from one ring to the next. +As with any significant change to your environment, implementing application control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Identify the devices you'll manage with WDAC and split them into deployment rings. This way, you can control the speed and scale of the deployment and respond if anything goes wrong. Define the success criteria that will determine when it's safe to continue from one ring to the next. All Windows Defender Application Control policy changes should be deployed in audit mode before proceeding to enforcement. Carefully monitor events from devices where the policy has been deployed to ensure the block events you observe match your expectation before broadening the deployment to other deployment rings. If your organization uses Microsoft Defender for Endpoint, you can use the Advanced Hunting feature to centrally monitor WDAC-related events. Otherwise, we recommend using an event log forwarding solution to collect relevant events from your managed endpoints. diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md index 05fbd4e9b6..7fae51569d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.topic: conceptual ms.date: 02/20/2018 ms.technology: windows-sec diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md index 9a160774c9..8057453ab4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md @@ -12,8 +12,8 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 03/16/2020 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md index 012e954059..55c1309a6c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md @@ -10,10 +10,10 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: denisebmsft +author: vinaypamnani-msft ms.reviewer: isbrahm -ms.author: deniseb -manager: dansimp +ms.author: vinpa +manager: aaroncz ms.date: 05/26/2020 ms.custom: asr ms.technology: windows-sec diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md index 203ac733d5..afa4f4d5f6 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md @@ -8,11 +8,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp -ms.date: +author: vinaypamnani-msft +ms.author: vinpa +ms.date: ms.reviewer: -manager: dansimp +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md index e3814dc5d2..a5967f6c83 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md @@ -9,11 +9,11 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium audience: ITPro -author: dansimp -ms.author: dansimp +author: vinaypamnani-msft +ms.author: vinpa ms.date: ms.reviewer: -manager: dansimp +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md index 2f252dac4f..3205a64589 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md @@ -8,11 +8,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: vinaypamnani-msft +ms.author: vinpa ms.date: ms.reviewer: -manager: dansimp +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md index a4136a591a..a962210468 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md @@ -8,11 +8,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: vinaypamnani-msft +ms.author: vinpa ms.date: ms.reviewer: -manager: dansimp +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md index 66b2b79227..85d6fb7d55 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md @@ -8,11 +8,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: vinaypamnani-msft +ms.author: vinpa ms.date: ms.reviewer: -manager: dansimp +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md index 8f9528db75..1254b36895 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md @@ -8,11 +8,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: vinaypamnani-msft +ms.author: vinpa ms.date: ms.reviewer: -manager: dansimp +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md index b0d7e2beea..ded2f50dd3 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md @@ -7,11 +7,11 @@ ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium -author: dansimp -ms.author: dansimp -ms.date: +author: vinaypamnani-msft +ms.author: vinpa +ms.date: ms.reviewer: -manager: dansimp +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index c684f86a90..f9af03851a 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -8,11 +8,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: vinaypamnani-msft +ms.author: vinpa ms.date: ms.reviewer: -manager: dansimp +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md index cade645c59..afbbb0ed13 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md @@ -8,10 +8,10 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: vinaypamnani-msft +ms.author: vinpa ms.reviewer: -manager: dansimp +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md index 2b298178cb..c981e1284a 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md @@ -8,11 +8,11 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: vinaypamnani-msft +ms.author: vinpa ms.date: 04/30/2018 ms.reviewer: -manager: dansimp +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md index 218c4f941f..2660a6688b 100644 --- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -4,10 +4,10 @@ description: The Windows Security app brings together common Windows security fe search.product: eADQiWindows 10XVcnh ms.prod: m365-security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: vinaypamnani-msft +ms.author: vinpa ms.reviewer: -manager: dansimp +manager: aaroncz ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md index 1c50e07a18..5b34d730d4 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -3,15 +3,15 @@ title: How a Windows Defender System Guard helps protect Windows 10 description: Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof. Learn how it works. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa search.appverid: met150 ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp +author: vinaypamnani-msft ms.date: 03/01/2019 ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index e3cc007d51..9e835c880f 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -7,11 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp +author: vinaypamnani-msft ms.date: 11/30/2021 ms.reviewer: -manager: dansimp -ms.author: dansimp +manager: aaroncz +ms.author: vinpa ms.technology: windows-sec --- diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md index b663f72d19..3d7b87469b 100644 --- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md +++ b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Add Production Devices to the Membership Group for a Zone diff --git a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md index 9f5d3bac7c..912e1fa2d0 100644 --- a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md +++ b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Add Test Devices to the Membership Group for a Zone diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md index 180ebf61e7..c7f24b1c8b 100644 --- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md +++ b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Appendix A: Sample GPO Template Files for Settings Used in this Guide diff --git a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md index 88a28959fc..6624b87ab4 100644 --- a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Assign Security Group Filters to the GPO diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md index 68b7ae50a0..601d8b57a2 100644 --- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md @@ -15,12 +15,12 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Basic Firewall Policy Design diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index db778a73a8..aaba567e0b 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -14,12 +14,12 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Best practices for configuring Windows Defender Firewall diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md index 77da6ba1be..62c002d8a3 100644 --- a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md +++ b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Boundary Zone GPOs diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/threat-protection/windows-firewall/boundary-zone.md index d8077459ac..b9e4dd126b 100644 --- a/windows/security/threat-protection/windows-firewall/boundary-zone.md +++ b/windows/security/threat-protection/windows-firewall/boundary-zone.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Boundary Zone diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md index 02c88fdfb7..f9b3e0f409 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Certificate-based Isolation Policy Design Example diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md index c21f3ae251..356c10b95d 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Certificate-based isolation policy design diff --git a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md index effdd2a70c..843c8f137e 100644 --- a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md +++ b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Change Rules from Request to Require Mode diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md index d3356b14f3..d2a0485b0d 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Configuring Basic Firewall Settings diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md index 176d8f4536..a364018452 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Configuring Rules for an Isolated Server Zone diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md index e546b37adf..04cbb1130e 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md index 55e7e19754..17ed3a9528 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Configuring Rules for the Boundary Zone diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md index 5d0a18a69f..57ae807cc2 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Configuring Rules for the Encryption Zone diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md index 648850a336..9fb6e3cb73 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Configuring Rules for the Isolated Domain diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md index 6168d455d3..4e3125ebdc 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Creating Group Policy Objects diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md index 57a25a4b6c..7a5ac77508 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Creating Inbound Firewall Rules diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md index 879c1a55b6..f0e2b093f1 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Creating Outbound Firewall Rules diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md index 9094725eda..991962bcd4 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md index 6a5f00771e..1476c38297 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Implementing a Basic Firewall Policy Design diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md index ce48d49c77..6364c0305a 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Implementing a Certificate-based Isolation Policy Design diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md index 6061bc86b5..eb350bd760 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Implementing a Domain Isolation Policy Design diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md index 87364021d1..d3789892cc 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Checklist: Implementing a Standalone Server Isolation Policy Design diff --git a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md index 7f45ce6466..1d473ddc4d 100644 --- a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md +++ b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Configure Authentication Methods diff --git a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md index f839c60899..50d6e880b1 100644 --- a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md +++ b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Configure Data Protection (Quick Mode) Settings diff --git a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md index feb3b8e3a2..d346745243 100644 --- a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md +++ b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Configure Group Policy to Autoenroll and Deploy Certificates diff --git a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md index dd062985fe..9fd555af79 100644 --- a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md +++ b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Configure Key Exchange (Main Mode) Settings diff --git a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md index 2a9fedfb36..aac4b877fc 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Configure the Rules to Require Encryption diff --git a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md index acae2a5eb6..bd46701603 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Configure the Windows Defender Firewall with Advanced Security Log diff --git a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md index 7f4b8057f3..647bf70abd 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md @@ -13,12 +13,12 @@ ms.localizationpriority: medium author: paolomatarazzo ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Configure the Workstation Authentication Certificate Template diff --git a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md index 81905439d5..3e389bd53d 100644 --- a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md +++ b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Configure Windows Defender Firewall with Advanced Security to Suppress Notifications When a Program Is Blocked diff --git a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md index e23f800b1e..6c36b36cad 100644 --- a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md +++ b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Confirm That Certificates Are Deployed Correctly diff --git a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md index 603fb772d6..34416f5d1a 100644 --- a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md +++ b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Copy a GPO to Create a New GPO diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md index f3f7a3bb1b..f5c4208826 100644 --- a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md +++ b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Create a Group Account in Active Directory diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md index 8926c70552..d6e785f222 100644 --- a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md +++ b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Create a Group Policy Object diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md index a2ad8d6f6c..8fddd4cea9 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Create an Authentication Exemption List Rule diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md index 99d3d07f46..526644fd38 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Create an Authentication Request Rule diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md index 76b063f72d..b86d4c572d 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Create an Inbound ICMP Rule diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md index 56a7c6808c..ee346607bc 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Create an Inbound Port Rule diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md index 1d6f3352d0..206586bc34 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Create an Inbound Program or Service Rule diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md index 9c6df54f31..897e13bfc7 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md @@ -16,12 +16,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Create an Outbound Port Rule diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md index 79eb7dda0d..4097123344 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Create an Outbound Program or Service Rule diff --git a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md index 2fec297236..3bd92a1dc9 100644 --- a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md +++ b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Create Inbound Rules to Support RPC diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md index 3b6a633dbf..0b68a6e222 100644 --- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md +++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md @@ -10,12 +10,12 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Create Windows Firewall rules in Intune diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index 2bdb97ef09..d75ebd5a78 100644 --- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Create WMI Filters for the GPO diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md index 0b2d46c86c..a09c2d52f1 100644 --- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md +++ b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Designing a Windows Defender Firewall with Advanced Security Strategy diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md index 7cc8bd8b35..6e3c8737e3 100644 --- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Determining the Trusted State of Your Devices diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md index 95dc6e163c..e28ab99f06 100644 --- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Documenting the Zones diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md index 82b302fd7b..0c969c9b5f 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Domain Isolation Policy Design Example diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md index 340f62976e..91e38bd34f 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Domain Isolation Policy Design diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md index 123058b8dd..6d3dcdfa6d 100644 --- a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md +++ b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Enable Predefined Inbound Rules diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md index 000488608e..c244fb2eab 100644 --- a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md +++ b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Enable Predefined Outbound Rules diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md index bcca4ec64f..df4ef1a7d4 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Encryption Zone GPOs diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md index 7038a7f49d..2269ca6e98 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Encryption Zone diff --git a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md index 3096a8342b..0c72496402 100644 --- a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md +++ b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Evaluating Windows Defender Firewall with Advanced Security Design Examples diff --git a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md index d6de9a861d..194b00eec8 100644 --- a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md +++ b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Exempt ICMP from Authentication diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md index ac27c34d95..51b2aec7a3 100644 --- a/windows/security/threat-protection/windows-firewall/exemption-list.md +++ b/windows/security/threat-protection/windows-firewall/exemption-list.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Exemption List diff --git a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md index f13a1094ec..620fae301e 100644 --- a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md +++ b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md @@ -12,12 +12,12 @@ ms.collection: - m365-initiative-windows-security ms.topic: troubleshooting ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Filter origin audit log improvements diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/threat-protection/windows-firewall/firewall-gpos.md index 80b417b9a0..e4ef35dea9 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md +++ b/windows/security/threat-protection/windows-firewall/firewall-gpos.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Firewall GPOs diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md index d52cb81f95..189be188ac 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Basic Firewall Policy Design Example diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 9d3ccfc6b4..7cee2d2297 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -12,12 +12,12 @@ ms.collection: - m365-initiative-windows-security ms.topic: troubleshooting ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Troubleshooting Windows Firewall settings after a Windows upgrade diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md index 8725d0c4ed..53d336899b 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Gathering Information about Your Active Directory Deployment diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md index bfe7c5a55b..539efaed2b 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Gathering Information about Your Current Network Infrastructure diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md index eb25dfbbce..c67a8a360d 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Gathering Information about Your Devices diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md index 27ebec7226..07b32875e4 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md +++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Gathering Other Relevant Information diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md index 5f8c2be8fe..eb85318064 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md +++ b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Gathering the Information You Need diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md index a9b3bb3f08..e7c72f07ba 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # GPO\_DOMISO\_Boundary diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md index 9849e51f4d..bf21796c6c 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md @@ -11,12 +11,12 @@ ms.prod: m365-security ms.localizationpriority: medium ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # GPO\_DOMISO\_Encryption\_WS2008 diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md index c50f026cc3..8d8d945cf8 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # GPO\_DOMISO\_Firewall diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md index 40f53282db..aca4b854b7 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # GPO\_DOMISO\_IsolatedDomain\_Clients diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md index cd7824dccc..077e1c50be 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # GPO\_DOMISO\_IsolatedDomain\_Servers diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md index 393ecebb5b..a67543dbe0 100644 --- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md +++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Identifying Windows Defender Firewall with Advanced Security implementation goals diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md index 663cee3cb9..b926a5bb42 100644 --- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md +++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Implementing Your Windows Defender Firewall with Advanced Security Design Plan diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md index d15da4ef92..609821853b 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Isolated Domain GPOs diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md index 16663963fe..aa1531e17c 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Isolated Domain diff --git a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md index 4da13f6712..de2b87956e 100644 --- a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md +++ b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md @@ -11,12 +11,12 @@ ms.date: 09/08/2021 ms.reviewer: jekrynit ms.author: paoloma ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Isolating Microsoft Store Apps on Your Network diff --git a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md index 50361255a5..b795a08520 100644 --- a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md +++ b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Link the GPO to the Domain diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md index b729a362be..329d380327 100644 --- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Mapping your implementation goals to a Windows Firewall with Advanced Security design diff --git a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md index ce5e5032ad..5277aa77c2 100644 --- a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md +++ b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Modify GPO Filters to Apply to a Different Zone or Version of Windows diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md index 2a59a2ec1e..11cda0416a 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Open the Group Policy Management Console to IP Security Policies diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md index fbbda89fb9..43d09d117d 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Group Policy Management of Windows Firewall with Advanced Security diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md index 548d290e41..fedbf805e2 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Group Policy Management of Windows Defender Firewall diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md index 7d3b9aafd8..e20243511e 100644 --- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Open Windows Defender Firewall with Advanced Security diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md index 6ed68f701c..ccdd9b55ac 100644 --- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md +++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Planning Certificate-based Authentication diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md index 0edcdd46c3..aeeca7ddb6 100644 --- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Planning Domain Isolation Zones diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md index 12a6970f24..9a503da0b3 100644 --- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md +++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Planning GPO Deployment diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md index a63f2b239f..3a300f7eaf 100644 --- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Planning Group Policy Deployment for Your Isolation Zones diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md index ee193d5c3d..6df1ae0d34 100644 --- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Planning Isolation Groups for the Zones diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md index ebc3e779ce..16f08b9ba6 100644 --- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md +++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Planning Network Access Groups diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md index 6cdcc36dc6..0ab07e8cad 100644 --- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Planning Server Isolation Zones diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md index f4bcdca804..79ca26d813 100644 --- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md +++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Planning Settings for a Basic Firewall Policy diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md index 1a921ebe00..c57943a952 100644 --- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md +++ b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Planning the GPOs diff --git a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md index 1411d23007..5160cfd7df 100644 --- a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Planning to Deploy Windows Defender Firewall with Advanced Security diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md index 9d104e67c2..224a496c8f 100644 --- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Planning Your Windows Defender Firewall with Advanced Security Design diff --git a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md index b12f025700..8910afd625 100644 --- a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md +++ b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Procedures Used in This Guide diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md index e143a06c23..d7b7a4c84c 100644 --- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md +++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/18/2022 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Protect devices from unwanted network traffic diff --git a/windows/security/threat-protection/windows-firewall/quarantine.md b/windows/security/threat-protection/windows-firewall/quarantine.md index c914408573..95854461d4 100644 --- a/windows/security/threat-protection/windows-firewall/quarantine.md +++ b/windows/security/threat-protection/windows-firewall/quarantine.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Quarantine behavior diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md index eda42f13e6..00c99caff9 100644 --- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md +++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Require Encryption When Accessing Sensitive Network Resources diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md index 1b7a5eef66..3b0c932630 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Restrict Access to Only Specified Users or Computers diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md index 83e9ef9191..bf59103872 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Restrict access to only trusted devices diff --git a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md index ccd8c1f678..eb310d4c41 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md +++ b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Restrict Server Access to Members of a Group Only diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md index 5de4aeebab..f24b7476bd 100644 --- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md +++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md @@ -11,12 +11,12 @@ ms.date: 09/08/2021 ms.reviewer: jekrynit ms.author: paoloma ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Securing End-to-End IPsec connections by using IKEv2 diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md index 15f710e53b..f4c6d9fed8 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Server Isolation GPOs diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md index f920003a00..ec95c37ee0 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Server Isolation Policy Design Example diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md index 5dc27f7b43..4ad3aebbe7 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Server Isolation Policy Design diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md index 9796a30b9e..f06ed29108 100644 --- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md +++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md @@ -12,12 +12,12 @@ ms.collection: - m365-initiative-windows-security ms.topic: troubleshooting ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Troubleshooting UWP App Connectivity Issues diff --git a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md index 72d9d7fa43..5735661582 100644 --- a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md +++ b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md index e924d932ea..dea520028b 100644 --- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md +++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md @@ -11,12 +11,12 @@ ms.date: 09/08/2021 ms.reviewer: jekrynit ms.author: paoloma ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Understanding the Windows Defender Firewall with Advanced Security Design Process diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md index 9359451826..70a5c87532 100644 --- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md +++ b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Verify That Network Traffic Is Authenticated diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md index 14a6de27f4..0aa360a552 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md @@ -11,12 +11,12 @@ ms.date: 09/08/2021 ms.reviewer: jekrynit ms.author: paoloma ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Windows Defender Firewall with Advanced Security Administration with Windows PowerShell diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md index b2d5a9b049..99eb44ac9d 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Windows Defender Firewall with Advanced Security deployment overview diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md index b23f7bc963..a0d78a1a59 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md @@ -11,12 +11,12 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/08/2021 ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Windows Defender Firewall with Advanced Security design guide diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md index dc08cf7455..aa7a327952 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md @@ -12,12 +12,12 @@ ms.date: 09/08/2021 ms.reviewer: jekrynit ms.custom: asr ms.technology: windows-sec -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows Server 2016 -- ✅ Windows Server 2019 -- ✅ Windows Server 2022 +appliesto: + - ✅ Windows 10 + - ✅ Windows 11 + - ✅ Windows Server 2016 + - ✅ Windows Server 2019 + - ✅ Windows Server 2022 --- # Windows Defender Firewall with Advanced Security diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index d9ecdb1fb0..e23ee6cb2e 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -4,7 +4,7 @@ description: This topic details how Microsoft supports the Common Criteria certi ms.prod: m365-security author: dansimp ms.author: dansimp -manager: dansimp +manager: aaroncz ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md index 7d809b3599..31a7fcd852 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md @@ -2,9 +2,9 @@ title: Windows Sandbox architecture description: Windows Sandbox architecture ms.prod: m365-security -author: dansimp -ms.author: dansimp -manager: dansimp +author: vinaypamnani-msft +ms.author: vinpa +manager: aaroncz ms.collection: ms.topic: article ms.localizationpriority: diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index c4b16514e9..c85e770b80 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -2,9 +2,9 @@ title: Windows Sandbox configuration description: Windows Sandbox configuration ms.prod: m365-security -author: dansimp -ms.author: dansimp -manager: dansimp +author: vinaypamnani-msft +ms.author: vinpa +manager: aaroncz ms.collection: ms.topic: article ms.localizationpriority: medium diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md index 5325926107..a1b72463ad 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md @@ -2,9 +2,9 @@ title: Windows Sandbox description: Windows Sandbox overview ms.prod: m365-security -author: dansimp -ms.author: dansimp -manager: dansimp +author: vinaypamnani-msft +ms.author: vinpa +manager: aaroncz ms.collection: ms.topic: article ms.localizationpriority: diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md index 8963229d82..1e396d55eb 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -3,9 +3,9 @@ title: Get support for security baselines description: Find answers to frequently asked question on how to get support for baselines, the Security Compliance Toolkit (SCT), and related topics. ms.prod: m365-security ms.localizationpriority: medium -ms.author: dansimp -author: dansimp -manager: dansimp +ms.author: vinpa +author: vinaypamnani-msft +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/14/2022 diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md index 92875c810d..3fb82ea906 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -3,9 +3,9 @@ title: Microsoft Security Compliance Toolkit 1.0 Guide description: This article describes how to use Security Compliance Toolkit 1.0 in your organization ms.prod: m365-security ms.localizationpriority: medium -ms.author: dansimp -author: dansimp -manager: dansimp +ms.author: vinpa +author: vinaypamnani-msft +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/14/2022 diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md index ec95bffc72..20a7602001 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md @@ -3,9 +3,9 @@ title: Security baselines guide description: Learn how to use security baselines in your organization. ms.prod: m365-security ms.localizationpriority: medium -ms.author: dansimp -author: dansimp -manager: dansimp +ms.author: vinpa +author: vinaypamnani-msft +manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/26/2022 diff --git a/windows/security/trusted-boot.md b/windows/security/trusted-boot.md index 409613d466..37a654e8fd 100644 --- a/windows/security/trusted-boot.md +++ b/windows/security/trusted-boot.md @@ -2,9 +2,9 @@ title: Secure Boot and Trusted Boot description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11 search.appverid: MET150 -author: denisebmsft -ms.author: deniseb -manager: dansimp +author: vinaypamnani-msft +ms.author: vinpa +manager: aaroncz ms.topic: conceptual ms.date: 09/21/2021 ms.prod: m365-security diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md index 4cea2b5834..6e2cf83c4a 100644 --- a/windows/security/zero-trust-windows-device-health.md +++ b/windows/security/zero-trust-windows-device-health.md @@ -3,9 +3,9 @@ title: Zero Trust and Windows device health description: Describes the process of Windows device health attestation ms.reviewer: ms.topic: article -manager: dansimp -ms.author: dansimp -author: dansimp +manager: aaroncz +ms.author: paoloma +author: paolomatarazzo ms.collection: M365-security-compliance ms.custom: intro-overview ms.prod: m365-security