mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
first pass at changing string/content refs to SmartScreen Filter to Windows Defender SmartScreen
This commit is contained in:
martyav
parent
99fbd9b2b4
commit
64b3a91470
@ -3,7 +3,8 @@ author: eavena
|
||||
ms.author: eravena
|
||||
ms.date: 10/02/2018
|
||||
ms.reviewer:
|
||||
audience: itpro
manager: dansimp
|
||||
audience: itpro
|
||||
manager: dansimp
|
||||
ms.prod: edge
|
||||
ms.topic: include
|
||||
---
|
||||
@ -26,7 +27,7 @@ ms.topic: include
|
||||
|
||||
To verify Windows Defender SmartScreen is turned off (disabled):
|
||||
1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
|
||||
2. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.<p>
|
||||
2. Verify the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.<p>
|
||||
|
||||
|
||||
### ADMX info and settings
|
||||
|
||||
@ -115,9 +115,9 @@ The following tables include info on Windows 10 settings that have been validate
|
||||
| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
|
||||
| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
|
||||
| Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
|
||||
| Allow SmartScreen | Keep this enabled to turn on SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
|
||||
| Prevent ignoring SmartScreen Filter warnings for websites | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
|
||||
| Prevent ignoring SmartScreen Filter warnings for files | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
|
||||
| Allow Windows Defender SmartScreen | Keep this enabled to turn on Windows Defender SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
|
||||
| Prevent ignoring Windows Defender SmartScreen warnings for websites | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
|
||||
| Prevent ignoring Windows Defender SmartScreen warnings for files | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes |
|
||||
|
||||
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
|
||||
|
||||
|
||||
@ -1617,7 +1617,7 @@ As a final quality control step, verify the device configuration to ensure that
|
||||
* The device can connect to the Internet and view the appropriate web content in Microsoft Edge.
|
||||
* Windows Update is active and current with software updates.
|
||||
* Windows Defender is active and current with malware Security intelligence.
|
||||
* The SmartScreen Filter is active.
|
||||
* Windows Defender SmartScreen is active.
|
||||
* All Microsoft Store apps are properly installed and updated.
|
||||
* All Windows desktop apps are properly installed and updated.
|
||||
* Printers are properly configured.
|
||||
|
||||
@ -1096,7 +1096,7 @@ As a final quality control step, verify the device configuration to ensure that
|
||||
- The device can connect to the Internet and view the appropriate web content in Microsoft Edge.
|
||||
- Windows Update is active and current with software updates.
|
||||
- Windows Defender is active and current with malware Security intelligence.
|
||||
- The SmartScreen Filter is active.
|
||||
- Windows Defender SmartScreen is active.
|
||||
- All Microsoft Store apps are properly installed and updated.
|
||||
- All Windows desktop apps are properly installed and updated.
|
||||
- Printers are properly configured.
|
||||
|
||||
@ -1637,7 +1637,7 @@ Most restricted value: 1
|
||||
To verify AllowSmartScreen is set to 0 (not allowed):
|
||||
|
||||
1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
|
||||
2. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.
|
||||
2. Verify the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.
|
||||
|
||||
<!--/Validation-->
|
||||
<!--/Policy-->
|
||||
|
||||
@ -2987,11 +2987,11 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host malicious content. SmartScreen Filter also prevents the execution of files that are known to be malicious.
|
||||
This policy setting determines whether the user can bypass warnings from Windows Defender SmartScreen. Windows Defender SmartScreen prevents the user from browsing to or downloading from sites that are known to host malicious content. Windows Defender SmartScreen also prevents the execution of files that are known to be malicious.
|
||||
|
||||
If you enable this policy setting, SmartScreen Filter warnings block the user.
|
||||
If you enable this policy setting, Windows Defender SmartScreen warnings block the user.
|
||||
|
||||
If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
|
||||
If you disable or do not configure this policy setting, the user can bypass Windows Defender SmartScreen warnings.
|
||||
|
||||
<!--/Description-->
|
||||
> [!TIP]
|
||||
@ -3050,11 +3050,11 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the Internet.
|
||||
This policy setting determines whether the user can bypass warnings from Windows Defender SmartScreen. Windows Defender SmartScreen warns the user about executable files that Internet Explorer users do not commonly download from the Internet.
|
||||
|
||||
If you enable this policy setting, SmartScreen Filter warnings block the user.
|
||||
If you enable this policy setting, Windows Defender SmartScreen warnings block the user.
|
||||
|
||||
If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
|
||||
If you disable or do not configure this policy setting, the user can bypass Windows Defender SmartScreen warnings.
|
||||
|
||||
<!--/Description-->
|
||||
> [!TIP]
|
||||
@ -5883,13 +5883,13 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
|
||||
If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
|
||||
|
||||
If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
|
||||
|
||||
@ -7754,13 +7754,13 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
|
||||
If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
|
||||
|
||||
If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
|
||||
|
||||
@ -8607,13 +8607,13 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
|
||||
If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
|
||||
|
||||
If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
|
||||
|
||||
@ -9460,13 +9460,13 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
|
||||
If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
|
||||
|
||||
If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
|
||||
|
||||
@ -10319,13 +10319,13 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
|
||||
If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
|
||||
|
||||
If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
|
||||
|
||||
@ -11036,13 +11036,13 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
|
||||
If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
|
||||
|
||||
If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
|
||||
|
||||
@ -11824,13 +11824,13 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
|
||||
If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
|
||||
|
||||
If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
|
||||
|
||||
@ -12612,13 +12612,13 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
|
||||
If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
|
||||
|
||||
If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
|
||||
|
||||
@ -13219,11 +13219,11 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware.
|
||||
This policy setting prevents the user from managing Windows Defender SmartScreen, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware.
|
||||
|
||||
If you enable this policy setting, the user is not prompted to turn on SmartScreen Filter. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.
|
||||
If you enable this policy setting, the user is not prompted to turn on Windows Defender SmartScreen. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.
|
||||
|
||||
If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on SmartScreen Filter during the first-run experience.
|
||||
If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on Windows Defender SmartScreen during the first-run experience.
|
||||
|
||||
<!--/Description-->
|
||||
> [!TIP]
|
||||
@ -14771,13 +14771,13 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
|
||||
If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
|
||||
|
||||
If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
|
||||
|
||||
@ -17067,13 +17067,13 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
This policy setting controls whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you enable this policy setting, Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
|
||||
If you disable this policy setting, Windows Defender SmartScreen does not scan pages in this zone for malicious content.
|
||||
|
||||
If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
|
||||
If you do not configure this policy setting, the user can choose whether Windows Defender SmartScreen scans pages in this zone for malicious content.
|
||||
|
||||
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
|
||||
|
||||
|
||||
@ -634,12 +634,12 @@ The following settings for Microsoft Edge on Windows 10 Mobile can be managed.
|
||||
- **Allow InPrivate** Whether users can use InPrivate browsing
|
||||
- **Allow Password Manager** Whether users can use Password Manager to save and manage passwords locally
|
||||
- **Allow Search Suggestions in Address Bar** Whether search suggestions are shown in the address bar
|
||||
- **Allow SmartScreen** Whether SmartScreen Filter is enabled
|
||||
- **Allow Windows Defender SmartScreen** Whether Windows Defender SmartScreen is enabled
|
||||
- **Cookies** Whether cookies are allowed
|
||||
- **Favorites** Configure Favorite URLs
|
||||
- **First Run URL** The URL to open when a user launches Microsoft Edge for the first time
|
||||
- **Prevent SmartScreen Prompt Override** Whether users can override the SmartScreen warnings for URLs
|
||||
- **Prevent Smart Screen Prompt Override for Files** Whether users can override the SmartScreen warnings for files
|
||||
- **Prevent Windows Defender SmartScreen Prompt Override** Whether users can override the Windows Defender SmartScreen warnings for URLs
|
||||
- **Prevent Smart Screen Prompt Override for Files** Whether users can override the Windows Defender SmartScreen warnings for files
|
||||
|
||||
## Manage
|
||||
|
||||
|
||||
@ -135,8 +135,8 @@ This section describes the **Policies** settings that you can configure in [prov
|
||||
| [PreventCertErrorOverrides](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | Specify whether to override security warnings about sites that have SSL errors. | X | X | X | | X |
|
||||
| [PreventFirstRunPage](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | X | | | | |
|
||||
| [PreventLiveTileDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | X | X | X | | X |
|
||||
| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites. | X | X | X | | X |
|
||||
| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. | X | X | X | | X |
|
||||
| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | X | X | X | | X |
|
||||
| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | X | X | X | | X |
|
||||
PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | X | | | | |
|
||||
| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users cannot turn off, using a semi-colon delimited list of extension package family names. | X | | | | |
|
||||
| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | X | X | X | | X |
|
||||
|
||||
@ -67,7 +67,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
|
||||
|
||||
1. **Internet Explorer** The following Microsoft Internet Explorer MDM policies are available in the [Internet Explorer CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer)
|
||||
1. MDM Policy: [InternetExplorer/AllowSuggestedSites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-allowsuggestedsites). Recommends websites based on the user’s browsing activity. **Set to Disabled**
|
||||
1. MDM Policy: [InternetExplorer/PreventManagingSmartScreenFilter]( https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-preventmanagingsmartscreenfilter). Prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. **Set to String** with Value:
|
||||
1. MDM Policy: [InternetExplorer/PreventManagingSmartScreenFilter]( https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-preventmanagingsmartscreenfilter). Prevents the user from managing Windows Defender SmartScreen, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. **Set to String** with Value:
|
||||
1. **\<enabled/>\<data id=”IE9SafetyFilterOptions” value=”1”/>**
|
||||
1. MDM Policy: [InternetExplorer/DisableFlipAheadFeature]( https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disableflipaheadfeature). Determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website. **Set to Enabled**
|
||||
1. MDM Policy: [InternetExplorer/DisableHomePageChange]( https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablehomepagechange). Determines whether users can change the default Home Page or not. **Set to String** with Value:
|
||||
@ -90,7 +90,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
|
||||
1. MDM Policy: [Browser/AllowMicrosoftCompatbilityList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist). Specify the Microsoft compatibility list in Microsoft Edge. **Set to 0 (zero)**
|
||||
1. MDM Policy: [Browser/AllowPasswordManager](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager). Choose whether employees can save passwords locally on their devices. **Set to 0 (zero)**
|
||||
1. MDM Policy: [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar). Choose whether the Address Bar shows search suggestions. **Set to 0 (zero)**
|
||||
1. MDM Policy: [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen). Choose whether SmartScreen is turned on or off. **Set to 0 (zero)**
|
||||
1. MDM Policy: [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen). Choose whether Windows Defender SmartScreen is turned on or off. **Set to 0 (zero)**
|
||||
|
||||
1. **Network Connection Status Indicator**
|
||||
1. [Connectivity/DisallowNetworkConnectivityActiveTests](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests). Note: After you apply this policy you must restart the device for the policy setting to take effect. **Set to 1 (one)**
|
||||
|
||||
@ -417,7 +417,7 @@ To turn off Insider Preview builds for Windows 10:
|
||||
| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | Choose whether an employee can configure enhanced suggestions, which are presented to the employee as they type in the Address Bar. <br /> **Set Value to: Disabled**|
|
||||
| Turn off the auto-complete feature for web addresses | Choose whether auto-complete suggests possible matches when employees are typing web address in the Address Bar. <br /> **Set Value to: Enabled** </br> You can also turn this off in the UI by clearing the <strong>Internet Options</strong> > **Advanced** > **Use inline AutoComplete in the Internet Explorer Address Bar and Open Dialog** check box.|
|
||||
| Turn off browser geolocation | Choose whether websites can request location data from Internet Explorer. <br /> **Set Value to: Enabled**|
|
||||
| Prevent managing SmartScreen filter | Choose whether employees can manage the SmartScreen Filter in Internet Explorer. <br /> **Set Value to: Enabled** and then set **Select SmartScreen filtering mode** to **Off**.|
|
||||
| Prevent managing Windows Defender SmartScreen | Choose whether employees can manage the Windows Defender SmartScreen in Internet Explorer. <br /> **Set Value to: Enabled** and then set **Select Windows Defender SmartScreen mode** to **Off**.|
|
||||
|
||||
|
||||
| Registry Key | Registry path |
|
||||
@ -426,7 +426,7 @@ To turn off Insider Preview builds for Windows 10:
|
||||
| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer<br />REG_DWORD: AllowServicePoweredQSA <br />**Set Value to: 0**|
|
||||
| Turn off the auto-complete feature for web addresses |HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\CurrentVersion\\Explorer\\AutoComplete<br/>REG_SZ: AutoSuggest <br />Set Value to: **no** |
|
||||
| Turn off browser geolocation | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Geolocation<br/>REG_DWORD: PolicyDisableGeolocation <br />**Set Value to: 1** |
|
||||
| Prevent managing SmartScreen filter | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter<br/>REG_DWORD: EnabledV9 <br />**Set Value to: 0** |
|
||||
| Prevent managing Windows Defender SmartScreen | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter<br/>REG_DWORD: EnabledV9 <br />**Set Value to: 0** |
|
||||
|
||||
There are more Group Policy objects that are used by Internet Explorer:
|
||||
|
||||
@ -577,7 +577,7 @@ Alternatively, you can configure the following Registry keys as described:
|
||||
| Configure Do Not Track | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_DWORD name: DoNotTrack<br/> REG_DWORD: **1** |
|
||||
| Configure Password Manager | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main<br/>REG_SZ name: FormSuggest Passwords<br /> REG_SZ: **No** |
|
||||
| Configure search suggestions in Address Bar | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes<br/>REG_DWORD name: ShowSearchSuggestionsGlobal <br />Value: **0**|
|
||||
| Configure Windows Defender SmartScreen Filter (Windows 10, version 1703) | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter<br/>REG_DWORD name: EnabledV9 <br/>Value: **0** |
|
||||
| Configure Windows Defender SmartScreen (Windows 10, version 1703) | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter<br/>REG_DWORD name: EnabledV9 <br/>Value: **0** |
|
||||
| Allow web content on New Tab page | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI<br/>REG_DWORD name: AllowWebContentOnNewTabPage <br/>Value: **0** |
|
||||
| Configure corporate Home pages | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Internet Settings<br/>REG_SZ name: ProvisionedHomePages <br/>Value: **<<about:blank>>**|
|
||||
| Prevent the First Run webpage from opening on Microsoft Edge | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main <br>REG_DWORD name: PreventFirstRunPage <br/>Value: **1**|
|
||||
@ -875,7 +875,7 @@ To turn off **Let apps use my advertising ID for experiences across apps (turnin
|
||||
|
||||
- Create a REG_DWORD registry setting named **DisabledByGroupPolicy** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo** with a value of 1 (one).
|
||||
|
||||
To turn off **Turn on SmartScreen Filter to check web content (URLs) that Microsoft Store apps use**:
|
||||
To turn off **Turn on Windows Defender SmartScreen to check web content (URLs) that Microsoft Store apps use**:
|
||||
|
||||
- Turn off the feature in the UI.
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ ms.author: dansimp
|
||||
|
||||
The Windows operating system has many features to help protect you from malware, and it does an amazingly good job. Except for apps that businesses develop and use internally, all Microsoft Store apps must meet a series of requirements to be certified and included in the Microsoft Store. This certification process examines several criteria, including security, and is an effective means of preventing malware from entering the Microsoft Store. Even if a malicious app does get through, the Windows 10 operating system includes a series of security features that can mitigate the impact. For instance, Microsoft Store apps are sandboxed and lack the privileges necessary to access user data or change system settings.
|
||||
|
||||
Windows 10 has multiple levels of protection for desktop apps and data, too. Windows Defender uses signatures to detect and quarantine apps that are known to be malicious. The SmartScreen Filter warns users before allowing them to run an untrustworthy app, even if it’s recognized as malware. Before an app can change system settings, the user would have to grant the app administrative privileges by using User Account Control.
|
||||
Windows 10 has multiple levels of protection for desktop apps and data, too. Windows Defender uses signatures to detect and quarantine apps that are known to be malicious. The Windows Defender SmartScreen warns users before allowing them to run an untrustworthy app, even if it’s recognized as malware. Before an app can change system settings, the user would have to grant the app administrative privileges by using User Account Control.
|
||||
|
||||
Those are just some of the ways that Windows 10 protects you from malware. However, those security features protect you only after Windows 10 starts. Modern malware—and bootkits specifically—are capable of starting before Windows, completely bypassing operating system security, and remaining completely hidden.
|
||||
|
||||
|
||||
@ -43,7 +43,7 @@ To configure these settings:
|
||||
Location | Setting | Description | Default setting (if not configured)
|
||||
---|---|---|---
|
||||
Real-time protection | Monitor file and program activity on your computer | The Windows Defender Antivirus engine makes note of any file changes (file writes, such as moves, copies, or modifications) and general program activity (programs that are opened or running and that cause other programs to run) | Enabled
|
||||
Real-time protection | Scan all downloaded files and attachments | Downloaded files and attachments are automatically scanned. This operates in addition to the SmartScreen filter, which scans files before and during downloading | Enabled
|
||||
Real-time protection | Scan all downloaded files and attachments | Downloaded files and attachments are automatically scanned. This operates in addition to the Windows Defender SmartScreen, which scans files before and during downloading | Enabled
|
||||
Real-time protection | Turn on process scanning whenever real-time protection is enabled | You can independently enable the Windows Defender Antivirus engine to scan running processes for suspicious modifications or behaviors. This is useful if you have temporarily disabled real-time protection and want to automatically scan processes that started while it was disabled | Enabled
|
||||
Real-time protection | Turn on behavior monitoring | The AV engine will monitor file processes, file and registry changes, and other events on your endpoints for suspicious and known malicious activity | Enabled
|
||||
Real-time protection | Turn on raw volume write notifications | Information about raw volume writes will be analyzed by behavior monitoring | Enabled
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings (Windows 10)
|
||||
description: A list of all available setttings for Windows Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
|
||||
keywords: SmartScreen Filter, Windows SmartScreen
|
||||
keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: explore
|
||||
ms.sitesec: library
|
||||
@ -60,17 +60,17 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor
|
||||
<tr>
|
||||
<td>Administrative Templates\Windows Components\Internet Explorer\Prevent managing SmartScreen Filter</td>
|
||||
<td>Internet Explorer 9 or later</td>
|
||||
<td>This policy setting prevents the employee from managing SmartScreen Filter.<p>If you enable this policy setting, the employee isn't prompted to turn on SmartScreen Filter. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the employee.<p>If you disable or don't configure this policy setting, the employee is prompted to decide whether to turn on SmartScreen Filter during the first-run experience.</td>
|
||||
<td>This policy setting prevents the employee from managing Windows Defender SmartScreen.<p>If you enable this policy setting, the employee isn't prompted to turn on Windows Defender SmartScreen. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the employee.<p>If you disable or don't configure this policy setting, the employee is prompted to decide whether to turn on Windows Defender SmartScreen during the first-run experience.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings</td>
|
||||
<td>Internet Explorer 8 or later</td>
|
||||
<td>This policy setting determines whether an employee can bypass warnings from SmartScreen Filter.<p>If you enable this policy setting, SmartScreen Filter warnings block the employee.<p>If you disable or don't configure this policy setting, the employee can bypass SmartScreen Filter warnings.</td>
|
||||
<td>This policy setting determines whether an employee can bypass warnings from Windows Defender SmartScreen.<p>If you enable this policy setting, Windows Defender SmartScreen warnings block the employee.<p>If you disable or don't configure this policy setting, the employee can bypass Windows Defender SmartScreen warnings.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet</td>
|
||||
<td>Internet Explorer 9 or later</td>
|
||||
<td>This policy setting determines whether the employee can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the employee about executable files that Internet Explorer users do not commonly download from the Internet.<p>If you enable this policy setting, SmartScreen Filter warnings block the employee.<p>If you disable or don't configure this policy setting, the employee can bypass SmartScreen Filter warnings.</td>
|
||||
<td>This policy setting determines whether the employee can bypass warnings from Windows Defender SmartScreen. Windows Defender SmartScreen warns the employee about executable files that Internet Explorer users do not commonly download from the Internet.<p>If you enable this policy setting, Windows Defender SmartScreen warnings block the employee.<p>If you disable or don't configure this policy setting, the employee can bypass Windows Defender SmartScreen warnings.</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Defender SmartScreen overview (Windows 10)
|
||||
description: Conceptual info about Windows Defender SmartScreen.
|
||||
keywords: SmartScreen Filter, Windows SmartScreen
|
||||
keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: explore
|
||||
ms.sitesec: library
|
||||
@ -35,7 +35,7 @@ Windows Defender SmartScreen helps to protect your employees if they try to visi
|
||||
- Checking downloaded files against a list of files that are well known and downloaded by many Windows users. If the file isn't on that list, SmartScreen shows a warning, advising caution.
|
||||
|
||||
>[!NOTE]
|
||||
>Before Windows 10, version 1703 this feature was called the SmartScreen Filter when used within the browser and Windows SmartScreen when used outside of the browser.
|
||||
>Before Windows 10, version 1703 this feature was called the Windows Defender SmartScreen when used within the browser and Windows SmartScreen when used outside of the browser.
|
||||
|
||||
## Benefits of Windows Defender SmartScreen
|
||||
Windows Defender SmartScreen helps to provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially-engineered attack. The primary benefits are:
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Set up and use Windows Defender SmartScreen on individual devices (Windows 10)
|
||||
description: Steps about what happens when an employee tries to run an app, how employees can report websites as safe or unsafe, and how employees can use the Windows Security to set Windows Defender SmartScreen for individual devices.
|
||||
keywords: SmartScreen Filter, Windows SmartScreen
|
||||
keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: explore
|
||||
ms.sitesec: library
|
||||
|
||||
@ -199,8 +199,8 @@ Microsoft recommends using [the rings methodology](https://docs.microsoft.com/wi
|
||||
| Windows Components / Event Log Service / Application | Specify the maximum log file size (KB) | 32768 | Specifies the maximum size of the log file in kilobytes. |
|
||||
| Windows Components / Event Log Service / Security | Specify the maximum log file size (KB) | 196608 | Specifies the maximum size of the log file in kilobytes. |
|
||||
| Windows Components / Event Log Service / System | Specify the maximum log file size (KB) | Enabled: 32768 | Specifies the maximum size of the log file in kilobytes. |
|
||||
| Windows Components / File Explorer | Configure Windows Defender SmartScreen | [[[main setting]]] = Enabled <br/> Pick one of the following settings = Warn and prevent bypass | Configure whether to turn on Windows Defender SmartScreen to provide warning messages to help protect your employees from potential phishing scams and malicious software|
|
||||
| Windows Components / Internet Explorer | Prevent managing SmartScreen Filter | On | Prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. |
|
||||
| Windows Components / File Explorer | Configure SmartScreen Filter | [[[main setting]]] = Enabled <br/> Pick one of the following settings = Warn and prevent bypass | Configure whether to turn on Windows Defender SmartScreen to provide warning messages to help protect your employees from potential phishing scams and malicious software|
|
||||
| Windows Components / Internet Explorer | Prevent managing SmartScreen Filter | On | Prevents the user from managing Windows Defender SmartScreen, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. |
|
||||
| Windows Components / Internet Explorer | Specify use of ActiveX Installer Service for installation of ActiveX controls | Enabled | This policy setting allows you to specify how ActiveX controls are installed. If you enable this policy setting, ActiveX controls are installed only if the ActiveX Installer Service is present and has been configured to allow the installation of ActiveX controls. If you disable or do not configure this policy setting, ActiveX controls, including per-user controls, are installed through the standard installation process. |
|
||||
| Windows Components / Internet Explorer | Turn off the Security Settings Check feature | Disabled | This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk. If you enable this policy setting, the feature is turned off. If you disable or do not configure this policy setting, the feature is turned on. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel | Prevent ignoring certificate errors | Enabled | This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired", "revoked", or "name mismatch" errors) in Internet Explorer. |
|
||||
@ -236,7 +236,7 @@ Microsoft recommends using [the rings methodology](https://docs.microsoft.com/wi
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Show security warning for potentially unsafe files | Prompt | This policy setting controls whether the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example). |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Turn on Cross-Site Scripting Filter | Enabled: Enable | Controls whether the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Turn on Protected Mode | Enable | Allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Turn on SmartScreen Filter scan | Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Turn on SmartScreen Filter scan | Enable | Controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Use Pop-up Blocker | Enabled: Enable | Allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Userdata persistence | Disable | This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Web sites in less privileged Web content zones can navigate into this zone | Disable | This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. |
|
||||
@ -245,11 +245,11 @@ Microsoft recommends using [the rings methodology](https://docs.microsoft.com/wi
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Intranet Zone | Java permissions | Enabled: High Safety | Allows you to manage permissions for Java applets. High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Local Machine Zone | Don't run antimalware programs against ActiveX controls | Disable | Determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Local Machine Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-down Internet Zone | Turn on SmartScreen Filter scan | Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-down Internet Zone | Turn on SmartScreen Filter scan | Enable | Controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Intranet Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Local Machine Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Restricted Sites Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Restricted Sites Zone | Turn on SmartScreen Filter scan | Enabled: Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Restricted Sites Zone | Turn on SmartScreen Filter scan | Enabled: Enable | Controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Trusted Sites Zone | Java permissions | Disable Java | Allows you to configure policy settings according to the default for the selected security level, such Low, Medium, or High. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Access data sources across domains | Enabled: Disable | This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow active scripting | Disable | This policy setting allows you to manage whether script code on pages in the zone is run. |
|
||||
@ -286,7 +286,7 @@ Microsoft recommends using [the rings methodology](https://docs.microsoft.com/wi
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Show security warning for potentially unsafe files | Disable | This policy setting controls whether the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example). If you disable this policy setting, these files do not open. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Turn on Cross-Site Scripting Filter | Enable | Controls whether the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Turn on Protected Mode | Enable | Allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Turn on SmartScreen Filter scan | Enabled: Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Turn on SmartScreen Filter scan | Enabled: Enable | Controls whether Windows Defender SmartScreen scans pages in this zone for malicious content. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Use Pop-up Blocker | Enable | Allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Userdata persistence | Disable | This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Web sites in less privileged Web content zones can navigate into this zone | Disable | This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. |
|
||||
@ -304,7 +304,7 @@ Microsoft recommends using [the rings methodology](https://docs.microsoft.com/wi
|
||||
| Windows Components / Internet Explorer / Security Features / Restrict ActiveX Install | Internet Explorer Processes | Enabled | This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes. If you enable this policy setting, prompting for ActiveX control installations will be blocked for Internet Explorer processes. |
|
||||
| Windows Components / Internet Explorer / Security Features / Restrict File Download | Internet Explorer Processes | Enabled | This policy setting enables blocking of file download prompts that are not user initiated. If you enable this policy setting, file download prompts that are not user initiated will be blocked for Internet Explorer processes. |
|
||||
| Windows Components / Internet Explorer / Security Features / Scripted Window Security Restrictions | Internet Explorer Processes | Enabled | Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars. If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes. |
|
||||
| Windows Components / Microsoft Edge | Configure Windows Defender SmartScreen | Enabled | Configures whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on. If you enable this setting, Windows Defender SmartScreen is turned on and employees can't turn it off. If you disable this setting, Windows Defender SmartScreen is turned off and employees can't turn it on. If you don't configure this setting, employees can choose whether to use Windows Defender SmartScreen. |
|
||||
| Windows Components / Microsoft Edge | Configure SmartScreen Filter | Enabled | Configures whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, Windows Defender SmartScreen is turned on. If you enable this setting, Windows Defender SmartScreen is turned on and employees can't turn it off. If you disable this setting, Windows Defender SmartScreen is turned off and employees can't turn it on. If you don't configure this setting, employees can choose whether to use Windows Defender SmartScreen. |
|
||||
| Windows Components / Microsoft Edge | Prevent certificate error overrides | Enabled | Web security certificates are used to ensure a site your users go to is legitimate, and in some circumstances encrypts the data. With this policy, you can specify whether to prevent users from bypassing the security warning to sites that have SSL errors. If enabled, overriding certificate errors are not allowed. If disabled or not configured, overriding certificate errors are allowed. |
|
||||
| Windows Components / Remote Desktop Services / Remote Desktop Connection Client | Do not allow passwords to be saved | Enabled | Controls whether passwords can be saved on this computer from Remote Desktop Connection. |
|
||||
| Windows Components / Remote Desktop Services / Remote Desktop Session Host / Security | Always prompt for password upon connection | Enabled | This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client. |
|
||||
@ -319,8 +319,8 @@ Microsoft recommends using [the rings methodology](https://docs.microsoft.com/wi
|
||||
| Windows Components / Windows Defender Antivirus / Real-time Protection | Turn on behavior monitoring | Enabled | Allows you to configure behavior monitoring. |
|
||||
| Windows Components / Windows Defender Antivirus / Scan | Scan removable drives | Enabled | Allows you to manage whether to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan. |
|
||||
| Windows Components / Windows Defender Antivirus / Scan | Specify the interval to run quick scans per day | 24 | Allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). |
|
||||
| Windows Components / Windows Defender SmartScreen / Explorer | Configure Windows Defender SmartScreen | [[[main setting]]] = Enabled <br/> Pick one of the following settings = Warn and prevent bypass | Turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options: <br/>- Warn and prevent bypass<br/>- Warn<br/>If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app. If you disable this policy, SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from the Internet. If you do not configure this policy, SmartScreen will be enabled by default, but users may change their settings. |
|
||||
| Windows Components / Windows Defender SmartScreen / Microsoft Edge | Configure Windows Defender SmartScreen | Enabled | Turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. If you enable this policy, SmartScreen will be turned on for all users. |
|
||||
| Windows Components / SmartScreen Filter / Explorer | Configure SmartScreen Filter | [[[main setting]]] = Enabled <br/> Pick one of the following settings = Warn and prevent bypass | Turn Windows Defender SmartScreen on or off. Windows Defender SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. If you enable this policy, Windows Defender SmartScreen will be turned on for all users. Its behavior can be controlled by the following options: <br/>- Warn and prevent bypass<br/>- Warn<br/>If you enable this policy with the "Warn and prevent bypass" option, Windows Defender SmartScreen's dialogs will not present the user with the option to disregard the warning and run the app. Windows Defender SmartScreen will continue to show the warning on subsequent attempts to run the app. If you enable this policy with the "Warn" option, Windows Defender SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. Windows Defender SmartScreen will not warn the user again for that app if the user tells Windows Defender SmartScreen to run the app. If you disable this policy, Windows Defender SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from the Internet. If you do not configure this policy, Windows Defender SmartScreen will be enabled by default, but users may change their settings. |
|
||||
| Windows Components / SmartScreen Filter / Microsoft Edge | Configure SmartScreen Filter | Enabled | Turn Windows Defender SmartScreen on or off. Windows Defender SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. If you enable this policy, Windows Defender SmartScreen will be turned on for all users. |
|
||||
| Windows Components / Windows Ink Workspace | Allow Windows Ink Workspace | On, but disallow access above lock | Allow Windows Ink Workspace |
|
||||
| Windows Components / Windows Installer | Allow user control over installs | Disabled | Permits users to change installation options that typically are available only to system administrators |
|
||||
| Windows Components / Windows Installer | Always install with elevated privileges | Disabled | Directs Windows Installer to use elevated permissions when it installs any program on the system |
|
||||
|
||||
@ -63,8 +63,8 @@ than the process in level 1.
|
||||
| System / Remote Assistance | Configure Solicited Remote Assistance | - [[[main setting]]] = Disabled <br/> - Maximum ticket time (value) = [[[delete]]] <br/> - Maximum ticket time (units) = [[[delete]]] <br/> - Method for sending email invitations = [[[delete]]] <br/> - Permit remote control of this computer = [[[delete]]] | This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. |
|
||||
| Windows Components / App Privacy | Let Windows apps activate with voice while the system is locked | Force Deny | Specifies whether Windows apps can be activated by voice while the system is locked. If you choose the "User is in control" option, employees in your organization can decide whether users can interact with applications using speech while the system is locked by using Settings > Privacy on the device. If you choose the "Force Allow" option, users can interact with applications using speech while the system is locked and employees in your organization cannot change it. If you choose the "Force Deny" option, users cannot interact with applications using speech while the system is locked and employees in your organization cannot change it. If you disable or do not configure this policy setting, employees in your organization can decide whether users can interact with applications using speech while the system is locked by using Settings > Privacy on the device. This policy is applied to Windows apps and Cortana. It takes precedence of the Allow Cortana above lock policy. This policy is applicable only when Allow voice activation policy is configured to allow applications to be activated with voice. |
|
||||
| Windows Components / BitLocker Drive Encryption / Removable Data Drives | Deny write access to removable drives not protected by BitLocker | Enabled | This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. If the "Deny write access to devices configured in another organization" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed, it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting. If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access. Note: This policy setting can be overridden by the policy settings under User Configuration\\Administrative Templates\\System\\Removable Storage Access. If the "Removable Disks: Deny write access" policy setting is enabled, this policy setting will be ignored. |
|
||||
| Windows Components / Internet Explorer | Prevent bypassing SmartScreen Filter warnings | Enabled | This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host malicious content. SmartScreen Filter also prevents the execution of files that are known to be malicious. |
|
||||
| Windows Components / Internet Explorer | Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet | Enabled | This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the Internet. |
|
||||
| Windows Components / Internet Explorer | Prevent bypassing SmartScreen Filter warnings | Enabled | This policy setting determines whether the user can bypass warnings from Windows Defender SmartScreen. Windows Defender SmartScreen prevents the user from browsing to or downloading from sites that are known to host malicious content. Windows Defender SmartScreen also prevents the execution of files that are known to be malicious. |
|
||||
| Windows Components / Internet Explorer | Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet | Enabled | This policy setting determines whether the user can bypass warnings from Windows Defender SmartScreen. Windows Defender SmartScreen warns the user about executable files that Internet Explorer users do not commonly download from the Internet. |
|
||||
| Windows Components / Internet Explorer | Prevent per-user installation of ActiveX controls | Enabled | This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis. If you enable this policy setting, ActiveX controls cannot be installed on a per-user basis. |
|
||||
| Windows Components / Internet Explorer | Security Zones: Do not allow users to add/delete sites | Enabled | Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level. If you enable this policy, the site management settings for security zones are disabled. |
|
||||
| Windows Components / Internet Explorer | Security Zones: Do not allow users to change policies | Enabled | Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level. If you enable this policy, the Custom Level button and security-level slider on the Security tab in the Internet Options dialog box are disabled. |
|
||||
@ -72,7 +72,7 @@ than the process in level 1.
|
||||
| Windows Components / Internet Explorer | Turn off Crash Detection | Enabled | This policy setting allows you to manage the crash detection feature of add-on Management. If you enable this policy setting, a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier, namely, to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply. |
|
||||
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Internet Zone | Download signed ActiveX controls | Disable | This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. |
|
||||
| Windows Components / Microsoft Edge | Prevent bypassing Windows Defender SmartScreen prompts for files | Enabled | This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about downloading unverified files. If you enable this setting, employees can't ignore Windows Defender SmartScreen warnings and they are blocked from downloading the unverified files. If you disable or don't configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue the download process. |
|
||||
| Windows Components / Windows Defender SmartScreen / Microsoft Edge | Prevent bypassing Windows Defender SmartScreen prompts for sites | Enabled | Lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites |
|
||||
| Windows Components / SmartScreen Filter / Microsoft Edge | Prevent bypassing SmartScreen Filter prompts for sites | Enabled | Lets you decide whether employees can override the Windows Defender SmartScreen warnings about potentially malicious websites |
|
||||
| Windows Components / Remote Desktop Services / Remote Desktop | Do not allow drive redirection | Enabled | This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection). By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format \<driveletter\> on \<computername\>. You can use this policy setting to override this behavior. if you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions and Clipboard file copy redirection is not allowed on computers running Windows Server 2003 Windows 8 and Windows XP. If you disable this policy setting client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed. If you do not configure this policy setting client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level. |
|
||||
| Windows Components / Windows Defender Antivirus | Configure detection for potentially unwanted applications | Enabled: Audit | Enable or disable detection for potentially unwanted applications. You can choose to block, audit, or allow when potentially unwanted software is being downloaded or attempts to install itself on your computer. |
|
||||
| Windows Components / Windows Game Recording and Broadcasting | Enables or disables Windows Game Recording and Broadcasting | Disabled | This setting enables or disables the Windows Game Recording and Broadcasting features. If you disable this setting, Windows Game Recording will not be allowed. |
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user