mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 05:17:22 +00:00
Removed unsupported policy settings
This commit is contained in:
ManikaDhiman
parent
389438fa2e
commit
65855ad8a0
@ -439,9 +439,6 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
|
||||
<li>LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia</li>
|
||||
<li>LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters</li>
|
||||
<li>LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</li>
|
||||
<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</li>
|
||||
<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</li>
|
||||
<li>LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</li>
|
||||
<li>LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</li>
|
||||
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</li>
|
||||
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</li>
|
||||
@ -459,7 +456,6 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
|
||||
<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</li>
|
||||
<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</li>
|
||||
<li>LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</li>
|
||||
<li>LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</li>
|
||||
<li>LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</li>
|
||||
<li>LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode</li>
|
||||
<li>Notifications/DisallowCloudNotification</li>
|
||||
@ -2000,8 +1996,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
|
||||
### September 2020
|
||||
|New or updated topic | Description|
|
||||
|--- | ---|
|
||||
|
||||
|[Policy CSP - LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)|Removed the following policy setting from the documentation because it is not supported in Windows 10:<br> LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon <br>|
|
||||
|[Policy CSP - LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)|Removed the following unsupported policy settings from the documentation:<br>- LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon <br>- LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways<br>- LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible<br>- LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges<br>- LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems<br>|
|
||||
|
||||
### August 2020
|
||||
|New or updated topic | Description|
|
||||
@ -2443,9 +2438,6 @@ How do I turn if off? | The service can be stopped from the "Services" console o
|
||||
<ul>
|
||||
<li>Bluetooth/AllowPromptedProximalConnections</li>
|
||||
<li>KioskBrowser/EnableEndSessionButton</li>
|
||||
<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</li>
|
||||
<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</li>
|
||||
<li>LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</li>
|
||||
<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication</li>
|
||||
<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic</li>
|
||||
<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</li>
|
||||
@ -2654,7 +2646,6 @@ How do I turn if off? | The service can be stopped from the "Services" console o
|
||||
<li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</li>
|
||||
<li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</li>
|
||||
<li>LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</li>
|
||||
<li>LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</li>
|
||||
<li>LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</li>
|
||||
<li>LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode</li>
|
||||
<li>RestrictedGroups/ConfigureGroupMembership</li>
|
||||
|
||||
@ -2498,15 +2498,6 @@ The following diagram shows the Policy configuration service provider in tree fo
|
||||
<dd>
|
||||
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly" id="localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly">LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways" id="localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways">LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible" id="localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible">LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges" id="localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges">LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked" id="localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked">LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</a>
|
||||
</dd>
|
||||
@ -2591,9 +2582,6 @@ The following diagram shows the Policy configuration service provider in tree fo
|
||||
<dd>
|
||||
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile" id="localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile">LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-systemobjects-requirecaseinsensitivityfornonwindowssubsystems" id="localpoliciessecurityoptions-systemobjects-requirecaseinsensitivityfornonwindowssubsystems">LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation" id="localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation">LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</a>
|
||||
</dd>
|
||||
|
||||
@ -45,15 +45,6 @@ manager: dansimp
|
||||
<dd>
|
||||
<a href="#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly">LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways">LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible">LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges">LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked">LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</a>
|
||||
</dd>
|
||||
@ -138,9 +129,6 @@ manager: dansimp
|
||||
<dd>
|
||||
<a href="#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile">LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#localpoliciessecurityoptions-systemobjects-requirecaseinsensitivityfornonwindowssubsystems">LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation">LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</a>
|
||||
</dd>
|
||||
@ -711,256 +699,6 @@ GP Info:
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--Policy-->
|
||||
<a href="" id="localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways"></a>**LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways**
|
||||
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Windows Edition</th>
|
||||
<th>Supported?</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Home</td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Pro</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Business</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Enterprise</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Education</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<hr/>
|
||||
|
||||
<!--Scope-->
|
||||
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||
|
||||
> [!div class = "checklist"]
|
||||
> * Device
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
|
||||
> [!WARNING]
|
||||
> Starting in the version 1809 of Windows, this policy is deprecated.
|
||||
|
||||
Domain member: Digitally encrypt or sign secure channel data (always)
|
||||
|
||||
This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted.
|
||||
|
||||
When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc.
|
||||
|
||||
This setting determines whether or not all secure channel traffic initiated by the domain member meets minimum security requirements. Specifically it determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. If this policy is enabled, then the secure channel will not be established unless either signing or encryption of all secure channel traffic is negotiated. If this policy is disabled, then encryption and signing of all secure channel traffic is negotiated with the Domain Controller in which case the level of signing and encryption depends on the version of the Domain Controller and the settings of the following two policies:
|
||||
|
||||
Domain member: Digitally encrypt secure channel data (when possible)
|
||||
Domain member: Digitally sign secure channel data (when possible)
|
||||
|
||||
Default: Enabled.
|
||||
|
||||
Notes:
|
||||
|
||||
If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic.
|
||||
If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic.
|
||||
Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not.
|
||||
|
||||
<!--/Description-->
|
||||
<!--RegistryMapped-->
|
||||
GP Info:
|
||||
- GP English name: *Domain member: Digitally encrypt or sign secure channel data (always)*
|
||||
- GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
|
||||
|
||||
<!--/RegistryMapped-->
|
||||
<!--SupportedValues-->
|
||||
|
||||
<!--/SupportedValues-->
|
||||
<!--Example-->
|
||||
|
||||
<!--/Example-->
|
||||
<!--Validation-->
|
||||
|
||||
<!--/Validation-->
|
||||
<!--/Policy-->
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--Policy-->
|
||||
<a href="" id="localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible"></a>**LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible**
|
||||
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Windows Edition</th>
|
||||
<th>Supported?</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Home</td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Pro</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Business</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Enterprise</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Education</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<hr/>
|
||||
|
||||
<!--Scope-->
|
||||
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||
|
||||
> [!div class = "checklist"]
|
||||
> * Device
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
|
||||
> [!WARNING]
|
||||
> Starting in the version 1809 of Windows, this policy is deprecated.
|
||||
|
||||
Domain member: Digitally encrypt secure channel data (when possible)
|
||||
|
||||
This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates.
|
||||
|
||||
When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass-through authentication, LSA SID/name Lookup etc.
|
||||
|
||||
This setting determines whether or not the domain member attempts to negotiate encryption for all secure channel traffic that it initiates. If enabled, the domain member will request encryption of all secure channel traffic. If the domain controller supports encryption of all secure channel traffic, then all secure channel traffic will be encrypted. Otherwise only logon information transmitted over the secure channel will be encrypted. If this setting is disabled, then the domain member will not attempt to negotiate secure channel encryption.
|
||||
|
||||
Default: Enabled.
|
||||
|
||||
Important
|
||||
|
||||
There is no known reason for disabling this setting. Besides unnecessarily reducing the potential confidentiality level of the secure channel, disabling this setting may unnecessarily reduce secure channel throughput, because concurrent API calls that use the secure channel are only possible when the secure channel is signed or encrypted.
|
||||
|
||||
Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains.
|
||||
|
||||
<!--/Description-->
|
||||
<!--RegistryMapped-->
|
||||
GP Info:
|
||||
- GP English name: *Domain member: Digitally encrypt secure channel data (when possible)*
|
||||
- GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
|
||||
|
||||
<!--/RegistryMapped-->
|
||||
<!--SupportedValues-->
|
||||
|
||||
<!--/SupportedValues-->
|
||||
<!--Example-->
|
||||
|
||||
<!--/Example-->
|
||||
<!--Validation-->
|
||||
|
||||
<!--/Validation-->
|
||||
<!--/Policy-->
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--Policy-->
|
||||
<a href="" id="localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges"></a>**LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges**
|
||||
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Windows Edition</th>
|
||||
<th>Supported?</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Home</td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Pro</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Business</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Enterprise</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Education</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<hr/>
|
||||
|
||||
<!--Scope-->
|
||||
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||
|
||||
> [!div class = "checklist"]
|
||||
> * Device
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
|
||||
> [!WARNING]
|
||||
> Starting in the version 1809 of Windows, this policy is deprecated.
|
||||
|
||||
Domain member: Disable machine account password changes
|
||||
|
||||
Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specified by the setting for Domain Member: Maximum age for machine account password, which by default is every 30 days.
|
||||
|
||||
Default: Disabled.
|
||||
|
||||
Notes
|
||||
|
||||
This security setting should not be enabled. Computer account passwords are used to establish secure channel communications between members and domain controllers and, within the domain, between the domain controllers themselves. Once it is established, the secure channel is used to transmit sensitive information that is necessary for making authentication and authorization decisions.
|
||||
This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names.
|
||||
|
||||
<!--/Description-->
|
||||
<!--RegistryMapped-->
|
||||
GP Info:
|
||||
- GP English name: *Domain member: Disable machine account password changes*
|
||||
- GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
|
||||
|
||||
<!--/RegistryMapped-->
|
||||
<!--SupportedValues-->
|
||||
|
||||
<!--/SupportedValues-->
|
||||
<!--Example-->
|
||||
|
||||
<!--/Example-->
|
||||
<!--Validation-->
|
||||
|
||||
<!--/Validation-->
|
||||
<!--/Policy-->
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--Policy-->
|
||||
<a href="" id="localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked**
|
||||
|
||||
@ -3038,63 +2776,6 @@ GP Info:
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--Policy-->
|
||||
<a href="" id="localpoliciessecurityoptions-systemobjects-requirecaseinsensitivityfornonwindowssubsystems"></a>**LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems**
|
||||
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Windows Edition</th>
|
||||
<th>Supported?</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Home</td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Pro</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Business</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Enterprise</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Education</td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<hr/>
|
||||
|
||||
<!--Scope-->
|
||||
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||
|
||||
> [!div class = "checklist"]
|
||||
> * Device
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
System objects: Require case insensitivity for non-Windows subsystems
|
||||
|
||||
This security setting determines whether case insensitivity is enforced for all subsystems. The Win32 subsystem is case insensitive. However, the kernel supports case sensitivity for other subsystems, such as POSIX.
|
||||
|
||||
If this setting is enabled, case insensitivity is enforced for all directory objects, symbolic links, and IO objects, including file objects. Disabling this setting does not allow the Win32 subsystem to become case sensitive.
|
||||
|
||||
Default: Enabled.
|
||||
|
||||
<!--/Description-->
|
||||
<!--/Policy-->
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--Policy-->
|
||||
<a href="" id="localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation"></a>**LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation**
|
||||
|
||||
|
||||
@ -533,9 +533,6 @@ ms.date: 07/18/2019
|
||||
- [LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia)
|
||||
- [LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters)
|
||||
- [LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly)
|
||||
- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways)
|
||||
- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible)
|
||||
- [LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges)
|
||||
- [LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked)
|
||||
- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin)
|
||||
- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user