diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 6a465d87b3..1e2452332b 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -215,6 +215,11 @@ "redirect_url": "/surface/manage-surface-driver-and-firmware-updates", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md", + "redirect_url": "/azure/active-directory/devices/device-registration-how-it-works", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md", "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-exploit-protection-mitigations", @@ -18944,6 +18949,18 @@ "source_path": "windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md", "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance", "redirect_document_id": false + }, + { + "source_path": "windows/client-management/windows-10-mobile-and-mdm.md", + "redirect_url": "/windows/client-management/index", + "redirect_document_id": false + }, + { + "source_path": "windows/application-management/deploy-app-upgrades-windows-10-mobile.md", + "redirect_url": "/windows/application-management/index", + "redirect_document_id": false } + + ] } diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md index 9dab12f4c1..d0251e80ba 100644 --- a/education/trial-in-a-box/educator-tib-get-started.md +++ b/education/trial-in-a-box/educator-tib-get-started.md @@ -320,11 +320,11 @@ To graph the equation 3x+4=7, follow these instructions: **Watch what Educators say about Microsoft Education delivering better learning outcomes** Bring out the best in students by providing a platform for collaborating, exploring, personalized learning, and getting things done across all devices. -| | | +|  |  | |:--- |:--- | |
See how one school improves reading skills using Learning Tools Immersive Reader |
Here's how Microsoft Teams creates more robust classroom experiences at all ages. | |
Watch teachers elevate the education of students using OneNote. |
Here what other teachers say about using Minecraft: Education Edition in their classrooms. | -| | | + ## Update your apps diff --git a/education/trial-in-a-box/itadmin-tib-get-started.md b/education/trial-in-a-box/itadmin-tib-get-started.md index 51e0cf23d8..be9a131941 100644 --- a/education/trial-in-a-box/itadmin-tib-get-started.md +++ b/education/trial-in-a-box/itadmin-tib-get-started.md @@ -22,14 +22,14 @@ manager: dansimp Learn how to quickly deploy and manage devices for your school in 5 quick steps. -| | | +|  |  | | :---: |:--- | | [![Log in to Device A](images/admin-TIB-setp-1-v3.png)](#it-task1) | [Log in](#it-task1) to **Device A** with your IT Admin credentials and connect to your school's network. | | [![Configure Device B with Set up School PCs](images/admin-TIB-setp-2-v3.png)](#it-task2) | [Configure Device B](#it-task2) with the Set up School PCs app. | | [![Configure Intune for Education](images/admin-TIB-setp-3-v3.png)](#it-task3) | [Express configure Intune for Education](#it-task3) to manage devices, users, and policies. | | [![Find and deploy apps](images/admin-TIB-setp-4-v3.png)](#it-task4) | [Find apps from the Microsoft Store for Education](#it-task4) and deploy them to manage devices in your tenant. | | [![Create custom folders](images/admin-TIB-setp-5-v3.png)](#it-task5) | [Create custom folders](#it-task5) that will appear on each managed device's **Start** menu. | -| | | +
To get the most out of Microsoft Education, we've pre-configured your tenant for you so you don't need to set it up. A tenant is representative of an organization. It is a dedicated instance of the Azure AD service that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Office 365. We've also pre-populated the tenant with fictitious Student Information System (SIS) data so you can work with this as you follow the guide. diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md index d313477bd1..e81f1a2194 100644 --- a/education/windows/test-windows10s-for-edu.md +++ b/education/windows/test-windows10s-for-edu.md @@ -79,7 +79,7 @@ Make sure all drivers are installed and working properly on your device running Check with your device manufacturer before trying Windows 10 in S mode on your device to see if the drivers are available and supported by the device manufacturer. -| | | | +|   |   |   | | - | - | - | | Acer | Alldocube | American Future Tech | | ASBISC | Asus | Atec | diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 42a25f2be3..3d8a9d9f4d 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -1,5 +1,5 @@ --- -title: Windows 10 - Apps +title: Learn about the different app types in Windows 10 | Microsoft Docs ms.reviewer: manager: dansimp description: Use this article to understand the different types of apps that run on Windows 10, such as UWP and Win32 apps. @@ -16,172 +16,788 @@ ms.topic: article >Applies to: Windows 10 -The following types of apps run on Windows 10: -- Windows apps - introduced in Windows 8, primarily installed from the Store app. -- Universal Windows Platform (UWP) apps - designed to work across platforms, can be installed on multiple platforms including Windows client, Windows Phone, and Xbox. All UWP apps are also Windows apps, but not all Windows apps are UWP apps. -- "Win32" apps - traditional Windows applications. +On your Windows 10 devices, you can run the following app types: -Digging into the Windows apps, there are two categories: -- Apps - All other apps, installed in C:\Program Files\WindowsApps. There are two classes of apps: - - Provisioned: Installed in user account the first time you sign in with a new user account. - - Installed: Installed as part of the OS. -- System apps - Apps that are installed in the C:\Windows\* directory. These apps are integral to the OS. +- **Windows apps**: These apps are included with the Windows OS, and are also installed from the Microsoft Store app. There are two categories: -The following tables list the system apps, installed Windows apps, and provisioned Windows apps in a standard Windows 10 Enterprise installation. (If you have a custom image, your specific apps might differ.) The tables list the app, the full name, show the app's status in Windows 10 version 1709, 1803, and 1809 and indicate whether an app can be uninstalled through the UI. + - **Apps**: All apps installed in `C:\Program Files\WindowsApps`. There are two classes of apps: -Some of the apps show up in multiple tables - that's because their status changed between versions. Make sure to check the version column for the version you are currently running. + - **Provisioned**: Installed in user account the first time you sign in with a new user account. + - **Installed**: Installed as part of the OS. + + - **System apps**: Apps installed in the `C:\Windows\` directory. These apps are part of the Windows OS. + +- **Universal Windows Platform (UWP) apps**: These apps run and can be installed on many Windows platforms, including tablets, Microsoft HoloLens, Xbox, and more. All UWP apps are Windows apps. But, not all Windows apps are UWP apps. +- **Win32 apps**: These apps are traditional Windows applications. + +This article lists the provisioned Windows apps and system apps installed on a standard Windows 10 Enterprise device. If you use custom images, your specific apps might be different. + +Some of the apps show up in multiple areas. That's because their status changed between versions. Make sure to check the version column for the version you're currently running. ## Provisioned Windows apps -You can list all provisioned Windows apps with this PowerShell command: +The first time a user signs into a Windows device, some apps are automatically provisioned. To get a list of all provisioned Windows apps, run the following Windows PowerShell command: ```Powershell Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName ``` -Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909, and 2004. +The following information lists the provisioned apps on the supported Windows 10 OS versions: -
+- [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | Package name: Microsoft.3DBuilder + - Supported versions: -| Package name | App name | 1803 | 1809 | 1903 | 1909 | 2004 | Uninstall through UI? | -|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:----:|:---------------------:| -| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | | Yes | -| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | x | Yes | -| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | x | Via Settings App | -| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | x | x | x | x | No | -| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | | No | -| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.MicrosoftOfficeHub | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | x | Yes | -| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | x | Yes | -| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | x | x | x | x | No | -| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.Office.OneNote | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | x | Yes | -| Microsoft.OneConnect | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | | No | -| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | | | -| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | | No | -| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | x | x | x | x | No | -| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | x | No | -| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.VP9VideoExtensions | | | x | x | x | x | No | -| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | x | x | x | x | No | -| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | x | No | -| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.Xbox.TCUI | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.XboxApp | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.XboxGameOverlay | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.XboxGamingOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | x | No | -| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | x | x | x | x | No | -| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | x | No | -| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | x | No | + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ✔️ | ✔️ | | | | | | ->[!NOTE] ->The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it. + --- + +- [Bing Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | Package name: Microsoft.BingWeather + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + + --- + +- [Desktop App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | Package name: Microsoft.DesktopAppInstaller + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | Use Settings App | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + + --- + +- [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | Package name: Microsoft.GetHelp + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + + --- + +- [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | Package name: Microsoft.Getstarted + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + + --- + +- [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | Package name: Microsoft.HEIFImageExtension + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + + --- + +- [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | Package name:Microsoft.Messaging + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| | ✔️| ✔️| ✔️| + + --- + +- [Microsoft 3D Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | Package name: Microsoft.Microsoft3DViewer + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | Package name: Microsoft.MicrosoftOfficeHub + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ✔️ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | Package name: Microsoft.MicrosoftSolitaireCollection + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ✔️ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | Package name: Microsoft.MicrosoftStickyNotes + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | Package name: Microsoft.MixedReality.Portal + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | Package name: Microsoft.MSPaint + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | Package name: Microsoft.Office.OneNote + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ✔️ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | Package name: Microsoft.OneConnect + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| | ✔️| ✔️| ✔️| + + --- + +- Microsoft.Outlook.DesktopIntegrationServices + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | | ✔️ | ✔️| | ✔️| | | + + --- + +- [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | Package name: Microsoft.People + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | Package name: Microsoft.Print3D + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| | ✔️| ✔️| ✔️| + + --- + +- [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | Package name: Microsoft.ScreenSketch + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | Package name: Microsoft.SkypeApp + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | Package name: Microsoft.StorePurchaseApp + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- Microsoft.VP9VideoExtensions + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | Package name: Microsoft.Wallet + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | Package name: Microsoft.WebMediaExtensions + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | Package name: Microsoft.WebpImageExtension + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | Package name: Microsoft.Windows.Photos + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | Package name: Microsoft.WindowsAlarms + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | Package name: Microsoft.WindowsCalculator + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | Package name: Microsoft.WindowsCamera + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | Package name: microsoft.windowscommunicationsapps + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | Package name: Microsoft.WindowsFeedbackHub + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | Package name: Microsoft.WindowsMaps + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | Package name: Microsoft.WindowsSoundRecorder + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | Package name: Microsoft.WindowsStore + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + + - The Store app shouldn't be removed. If you remove the Store app, and want to reinstall it, you can restore your system from a backup, or reset your system. Instead of removing the Store app, use group policies to hide or disable it. + +- [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | Package name: Microsoft.Xbox.TCUI + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | Package name: Microsoft.XboxApp + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | Package name: Microsoft.XboxGameOverlay + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | Package name: Microsoft.XboxGamingOverlay + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | Package name: Microsoft.XboxIdentityProvider + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- Microsoft.XboxSpeechToTextOverlay + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | Package name: Microsoft.YourPhone + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | Package name: Microsoft.ZuneMusic + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- + +- [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | Package name: Microsoft.ZuneVideo + - Supported versions: + + --- + | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | + | --- | --- | --- | --- | --- | --- |--- | + | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️| + + --- ## System apps -System apps are integral to the operating system. Here are the typical system apps in Windows 10 versions 1709, 1803, and 1809. - -You can list all system apps with this PowerShell command: +System apps are used by the operating system. To get a list of all the system apps, run the following Windows PowerShell command: ```Powershell Get-AppxPackage -PackageTypeFilter Main | ? { $_.SignatureKind -eq "System" } | Sort Name | Format-Table Name, InstallLocation ``` -
-| Name | Package Name | 1709 | 1803 | 1809 |Uninstall through UI? | -|----------------------------------|---------------------------------------------|:-----:|:----:|:----:|-----------------------| -| File Picker | 1527c705-839a-4832-9118-54d4Bd6a0c89 | | x | x | No | -| File Explorer | c5e2524a-ea46-4f67-841f-6a9465d9d515 | | x | x | No | -| App Resolver UX | E2A4F912-2574-4A75-9BB0-0D023378592B | | x | x | No | -| Add Suggested Folders To Library | F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE | | x | x | No | -| | InputApp | x | x | x | No | -| Microsoft.AAD.Broker.Plugin | Microsoft.AAD.Broker.Plugin | x | x | x | No | -| Microsoft.AccountsControl | Microsoft.AccountsControl | x | x | x | No | -| Microsoft.AsyncTextService | Microsoft.AsyncTextService | | x | x | No | -| Hello setup UI | Microsoft.BioEnrollment | x | x | x | No | -| | Microsoft.CredDialogHost | x | x | x | No | -| | Microsoft.ECApp | x | x | x | No | -| | Microsoft.LockApp | x | x | x | No | -| Microsoft Edge | Microsoft.MicrosoftEdge | x | x | x | No | -| | Microsoft.MicrosoftEdgeDevToolsClient | | x | x | No | -| | Microsoft.PPIProjection | x | x | x | No | -| | Microsoft.Win32WebViewHost | | x | x | No | -| | Microsoft.Windows.Apprep.ChxApp | x | x | x | No | -| | Microsoft.Windows.AssignedAccessLockApp | x | x | x | No | -| | Microsoft.Windows.CapturePicker | | x | x | No | -| | Microsoft.Windows.CloudExperienceHost | x | x | x | No | -| | Microsoft.Windows.ContentDeliveryManager | x | x | x | No | -| Cortana | Microsoft.Windows.Cortana | x | x | x | No | -| | Microsoft.Windows.Holographic.FirstRun | x | x | | No | -| | Microsoft.Windows.OOBENetworkCaptivePort | x | x | x | No | -| | Microsoft.Windows.OOBENetworkConnectionFlow | x | x | x | No | -| | Microsoft.Windows.ParentalControls | x | x | x | No | -| People Hub | Microsoft.Windows.PeopleExperienceHost | x | x | x | No | -| | Microsoft.Windows.PinningConfirmationDialog | x | x | x | No | -| | Microsoft.Windows.SecHealthUI | x | x | x | No | -| | Microsoft.Windows.SecondaryTileExperience | x | | | No | -| | Microsoft.Windows.SecureAssessmentBrowser | x | x | x | No | -| Start | Microsoft.Windows.ShellExperienceHost | x | x | x | No | -| Windows Feedback | Microsoft.WindowsFeedback | * | | | No | -| | Microsoft.XboxGameCallableUI | x | x | x | No | -| | Windows.CBSPreview | | x | x | No | -| Contact Support* | Windows.ContactSupport | * | | | Via Settings App | -| Settings | Windows.immersivecontrolpanel | x | x | x | No | -| Print 3D | Windows.Print3D | | x | x | Yes | -| Print UI | Windows.PrintDialog | x | x | x | No | +The following information lists the system apps on some Windows 10 OS versions: +- File Picker | Package name: 1527c705-839a-4832-9118-54d4Bd6a0c89 -> [!NOTE] -> The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support). + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | -## Installed Windows apps + --- -Here are the typical installed Windows apps in Windows 10 versions 1709, 1803, and 1809. +- File Explorer | Package name: c5e2524a-ea46-4f67-841f-6a9465d9d515 -
+ --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | -| Name | Full name | 1709 | 1803 | 1809 | Uninstall through UI? | -|-----------------------|------------------------------------------|:----:|:----:|:----:|:---------------------:| -| Remote Desktop | Microsoft.RemoteDesktop | x | | x | Yes | -| Code Writer | ActiproSoftwareLLC.562882FEEB491 | x | x | | Yes | -| Eclipse Manager | 46928bounde.EclipseManager | x | x | | Yes | -| Pandora | PandoraMediaInc.29680B314EFC2 | x | x | | Yes | -| Photoshop Express | AdobeSystemIncorporated. AdobePhotoshop | x | x | | Yes | -| Duolingo | D5EA27B7.Duolingo- LearnLanguagesforFree | x | x | | Yes | -| Network Speed Test | Microsoft.NetworkSpeedTest | x | x | x | Yes | -| News | Microsoft.BingNews | x | x | x | Yes | -| Sway | Microsoft.Office.Sway | x | x | x | Yes | -| Microsoft.Advertising | Microsoft.Advertising.Xaml | x | x | x | Yes | -| | Microsoft.NET.Native.Framework.1.2 | x | x | | Yes | -| | Microsoft.NET.Native.Framework.1.3 | x | x | | Yes | -| | Microsoft.NET.Native.Framework.1.6 | x | x | x | Yes | -| | Microsoft.NET.Native.Framework.1.7 | | x | x | Yes | -| | Microsoft.NET.Native.Framework.2.0 | x | x | | Yes | -| | Microsoft.NET.Native.Runtime.1.1 | x | x | | Yes | -| | Microsoft.NET.Native.Runtime.1.3 | x | | | Yes | -| | Microsoft.NET.Native.Runtime.1.4 | x | x | | Yes | -| | Microsoft.NET.Native.Runtime.1.6 | x | x | x | Yes | -| | Microsoft.NET.Native.Runtime.1.7 | x | x | x | Yes | -| | Microsoft.NET.Native.Runtime.2.0 | x | x | | Yes | -| | Microsoft.Services.Store.Engagement | x | x | | Yes | -| | Microsoft.VCLibs.120.00 | x | x | | Yes | -| | Microsoft.VCLibs.140.00 | x | x | x | Yes | -| | Microsoft.VCLibs.120.00.Universal | x | | | Yes | -| | Microsoft.VCLibs.140.00.UWPDesktop | | x | | Yes | + --- + +- App Resolver UX | Package name: E2A4F912-2574-4A75-9BB0-0D023378592B + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Add Suggested Folders To Library | Package name: F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- InputApp + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | | | ✔️ | + + --- + +- Microsoft.AAD.Broker.Plugin | Package name: Microsoft.AAD.Broker.Plugin + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.AccountsControl | Package name: Microsoft.AccountsControl + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.AsyncTextService | Package name: Microsoft.AsyncTextService + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Hello setup UI | Package name: Microsoft.BioEnrollment + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.CredDialogHost + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.ECApp + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.LockApp + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft Edge | Package name: Microsoft.MicrosoftEdge + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.MicrosoftEdgeDevToolsClient + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.PPIProjection + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | | | ✔️ | + + --- + +- Microsoft.Win32WebViewHost + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.Windows.Apprep.ChxApp + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.Windows.AssignedAccessLockApp + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.Windows.CapturePicker + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.Windows.CloudExperienceHost + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.Windows.ContentDeliveryManager + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Cortana | Package name: Microsoft.Windows.Cortana + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | | | ✔️ | + + --- + +- Microsoft.Windows.OOBENetworkCaptivePort + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.Windows.OOBENetworkConnectionFlow + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.Windows.ParentalControls + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- People Hub | Package name: Microsoft.Windows.PeopleExperienceHost + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.Windows.PinningConfirmationDialog + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.Windows.SecHealthUI + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.Windows.SecureAssessmentBrowser + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Start | Package name: Microsoft.Windows.ShellExperienceHost + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Microsoft.XboxGameCallableUI + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Windows.CBSPreview + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Settings | Package name: Windows.immersivecontrolpanel + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- + +- Print 3D | Package name: Windows.Print3D + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ✔️ | | | ✔️ | + + --- + +- Print UI | Package name: Windows.PrintDialog + + --- + | Uninstall through UI? | 21H1 | 20H2 | 1809 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️ | + + --- ---- diff --git a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md b/windows/application-management/deploy-app-upgrades-windows-10-mobile.md deleted file mode 100644 index 59b3dc2209..0000000000 --- a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Application upgrades on Windows 10 Mobile -description: Learn how to deploy upgrades to applications running on Windows 10 Mobile. -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: mobile -ms.author: greglin -author: greg-lindsay -ms.date: 07/21/2017 -ms.reviewer: -manager: dansimp -ms.topic: article ---- -# Deploy application upgrades on Windows 10 Mobile - -> Applies to: Windows 10 - -When you have a new version of an application, how do you get that to the Windows 10 Mobile devices in your environment? With [application supersedence in Microsoft Endpoint Configuration Manager](/configmgr/apps/deploy-use/revise-and-supersede-applications#application-supersedence). - -There are two steps to deploy an app upgrade: - -1. [Define the supersedence](#define-app-supersedence) - this lets Configuration Manager know that the old version should be replaced by the new version. -2. [Deploy the upgrade](#deploy-the-app-upgrade) to your users. - -The following steps walk you through the upgrade deployment process - we have an upgraded version of the Walking Scorer app (moving from version 12.23.2.0 to 12.23.3.0). Because we previously used Configuration Manager to deploy the existing version, we'll use it now to upgrade the app. - -Before you can deploy the upgrade, make sure you import the new version of the app and distribute it to your manage.microsoft.com distribution point. - - - -## Define app supersedence - -1. In the Configuration Manager console, open the Software Library, and then find the new version of your app. - ![The Software Library in Configuration Manager](media/app-upgrade-cm-console.png) - -2. Right-click the new version, and then click **Properties**. -3. Click the **Supersedence** tab - there shouldn't be any supersedence rules yet. We'll add one next. - ![The list of supersedence rules for the app](media/app-upgrade-no-supersedence.png) - -4. Click **Add**, browse to the existing (older) version of the app that you're upgrading, and then click **OK**. -5. Under **New Deployment Type** select the new version of the app. (When you imported the new version, it comes in as a new deployment type. If you're upgrading a Universal application, you'll see only one type here.) - ![Create a supersedence rule for the new version of the app](media/app-upgrade-supersede-deploy-type.png) - > [!IMPORTANT] - > Do **NOT** select **Uninstall**. This tells Configuration Manager to uninstall the old version, but it does **NOT** then install the new version. - -6. Click **OK**. -7. If you have other versions of the same app, repeat steps 4-6 for each version. Click **OK** when you're done. - -> [!NOTE] -> Need to remove a supersedence? (Maybe the new version turned out to be flaky and you don't want users to get it yet.) On the **Supersedence** tab for the *new* version of the app, double-click the older version in the list of supersedence rules, and then change the **New Deployment Type** to **Do not replace**. - -## Deploy the app upgrade - -You're now ready to deploy the upgrade. On the **Home** tab in Configuration Manager, select the new version of the app, and then click **Deploy**, and follow the instructions in the wizard. When asked, set the **Purpose** to **Required**. - -You don't need to delete the deployment associated with the older version of the app. The status for that deployment will change to **Requirements not met** in the **Monitoring** view: - -![Monitoring view in Configuration Manager for the old version of the app](media/app-upgrade-old-version.png) - -If you haven't deployed an app through Configuration Manager before, check out [Deploy applications with Microsoft Endoint Configuration Manager](/configmgr/apps/deploy-use/deploy-applications). You can also see how to delete deployments (although you don't have to) and notify users about the upgraded app. \ No newline at end of file diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md index fe07daba50..4759d12a8c 100644 --- a/windows/application-management/sideload-apps-in-windows-10.md +++ b/windows/application-management/sideload-apps-in-windows-10.md @@ -14,10 +14,10 @@ ms.date: 05/20/2019 --- # Sideload LOB apps in Windows 10 + **Applies to** - Windows 10 -- Windows 10 Mobile > [!NOTE] > As of Windows Insider Build 18956, sideloading is enabled by default. Now, you can deploy a signed package onto a device without a special configuration. @@ -87,40 +87,6 @@ You can sideload apps on managed or unmanaged devices. **To install the app** - From the folder with the appx package, run the PowerShell `Add-AppxPackage` command to install the appx package. -## How do I sideload an app on mobile -You can sideload apps on managed or unmanaged devices. - -**To turn on sideloading for a managed device** - -- Deploy an enterprise policy. - -**To turn on sideloading for unmanaged devices** - -1. Open **Settings**. - -2. Click **Update & Security** > **For developers**. - -3. On **Use developer features**, select **Sideload apps**. - -**To import the security certificate for managed devices** - -1. Open the security certificate for the appx package, and select **Install Certificate**. - -2. On the **Certificate Import Wizard**, select **Local Machine**. - -3. Import the certificate to the **Trusted Root Certification Authorities** folder. - -**To import the security certificate for unmanaged devices** - -- You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package to a Windows 10 mobile device, see runtime instructions on [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=619164). - -**To install the app** - -- From an email, tap a xap, appx, or appx bundle package. - - -OR- - - With your mobile device tethered to a desktop, click a xap, appx, or appx bundle package from the files system to install the app.   diff --git a/windows/application-management/toc.yml b/windows/application-management/toc.yml index 282bdafc46..0b62f25cbb 100644 --- a/windows/application-management/toc.yml +++ b/windows/application-management/toc.yml @@ -3,16 +3,16 @@ items: href: index.yml - name: Application management items: + - name: Apps in Windows 10 + href: apps-in-windows-10.md + - name: Add apps and features in Windows 10 + href: add-apps-and-features.md - name: Sideload apps href: sideload-apps-in-windows-10.md - name: Remove background task resource restrictions href: enterprise-background-activity-controls.md - name: Enable or block Windows Mixed Reality apps in the enterprise href: manage-windows-mixed-reality.md - - name: Understand apps in Windows 10 - href: apps-in-windows-10.md - - name: Add apps and features in Windows 10 - href: add-apps-and-features.md - name: Repackage win32 apps in the MSIX format href: msix-app-packaging-tool.md - name: Application Virtualization (App-V) @@ -260,7 +260,5 @@ items: href: per-user-services-in-windows.md - name: Disabling System Services in Windows Server href: /windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server - - name: Deploy app upgrades on Windows 10 Mobile - href: deploy-app-upgrades-windows-10-mobile.md - name: How to keep apps removed from Windows 10 from returning during an update href: remove-provisioned-apps-during-update.md \ No newline at end of file diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md index 4fc41d68c1..f7fdbd3994 100644 --- a/windows/client-management/manage-corporate-devices.md +++ b/windows/client-management/manage-corporate-devices.md @@ -22,7 +22,6 @@ ms.topic: article **Applies to** - Windows 10 -- Windows 10 Mobile You can use the same management tools to manage all device types running Windows 10 : desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, System Center tools, and so on, will continue to work for Windows 10. @@ -36,7 +35,7 @@ You can use the same management tools to manage all device types running Windows | [New policies for Windows 10](new-policies-for-windows-10.md) | New Group Policy settings added in Windows 10 | | [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md) | Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education | | [Changes to Group Policy settings for Start in Windows 10](/windows/configuration/changes-to-start-policies-in-windows-10) | Changes to the Group Policy settings that you use to manage Start | -| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 10 Mobile in their organizations | +| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 in their organizations | ## Learn more diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index befd212478..73237ce6c0 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -35,6 +35,18 @@ Defender ------------InitialDetectionTime ------------LastThreatStatusChangeTime ------------NumberOfDetections +----EnableNetworkProtection +--------AllowNetworkProtectionDownLevel +--------AllowNetworkProtectionOnWinServer +--------DisableNetworkProtectionPerfTelemetry +--------DisableDatagramProcessing +--------DisableInboundConnectionFiltering +--------EnableDnsSinkhole +--------DisableDnsOverTcpParsing +--------DisableHttpParsing +--------DisableRdpParsing +--------DisableSshParsing +--------DisableTlsParsing ----Health --------ProductStatus (Added in Windows 10 version 1809) --------ComputerState @@ -125,7 +137,7 @@ The following table describes the supported values: | 7 | Remote access Trojan | | 8 | Trojan | | 9 | Email flooder | -| 10 | Keylogger | +| 10 | Key logger | | 11 | Dialer | | 12 | Monitoring software | | 13 | Browser modifier | @@ -185,7 +197,28 @@ The following list shows the supported values: - 7 = Removed - 8 = Cleaned - 9 = Allowed -- 10 = No Status ( Cleared) +- 10 = No Status (Cleared) + +Supported operation is Get. + +**Detections/*ThreatId*/CurrentStatus** +Information about the current status of the threat. + +The data type is integer. + +The following list shows the supported values: + +- 0 = Active +- 1 = Action failed +- 2 = Manual steps required +- 3 = Full scan required +- 4 = Reboot required +- 5 = Remediated with noncritical failures +- 6 = Quarantined +- 7 = Removed +- 8 = Cleaned +- 9 = Allowed +- 10 = No Status (Cleared) Supported operation is Get. @@ -217,6 +250,139 @@ The data type is integer. Supported operation is Get. +**EnableNetworkProtection** + +The Network Protection Service is a network filter that helps to protect you against web-based malicious threats, including phishing and malware. The Network Protection service contacts the SmartScreen URL reputation service to validate the safety of connections to web resources. +The acceptable values for this parameter are: +- 0: Disabled. The Network Protection service will not block navigation to malicious websites, or contact the SmartScreen URL reputation service. It will still send connection metadata to the antimalware engine if behavior monitoring is enabled, to enhance AV Detections. +- 1: Enabled. The Network Protection service will block connections to malicious websites based on URL Reputation from the SmartScreen URL reputation service. +- 2: AuditMode. As above, but the Network Protection service will not block connections to malicious websites, but will instead log the access to the event log. + +Accepted values: Disabled, Enabled, and AuditMode +Position: Named +Default value: Disabled +Accept pipeline input: False +Accept wildcard characters: False + +**EnableNetworkProtection/AllowNetworkProtectionDownLevel** + +By default, network protection is not allowed to be enabled on Windows versions before 1709, regardless of the setting of the EnableNetworkProtection configuration. Set this configuration to "$true" to override that behavior and allow Network Protection to be set to Enabled or Audit Mode. +- Type: Boolean +- Position: Named +- Default value: False +- Accept pipeline input: False +- Accept wildcard characters: False + +**EnableNetworkProtection/AllowNetworkProtectionOnWinServer** + +By default, network protection is not allowed to be enabled on Windows Server, regardless of the setting of the EnableNetworkProtection configuration. Set this configuration to "$true" to override that behavior and allow Network Protection to be set to Enabled or Audit Mode. + +- Type: Boolean +- Position: Named +- Default value: False +- Accept pipeline input: False +- Accept wildcard characters: False + +**EnableNetworkProtection/DisableNetworkProtectionPerfTelemetry** + +Network Protection sends up anonymized performance statistics about its connection monitoring to improve our product and help to find bugs. You can disable this behavior by setting this configuration to "$true". + +- Type: Boolean +- Position: Named +- Default value: False +- Accept pipeline input: False +- Accept wildcard characters: False + +**EnableNetworkProtection/DisableDatagramProcessing** + +Network Protection inspects UDP connections allowing us to find malicious DNS or other UDP Traffic. To disable this functionality, set this configuration to "$true". + +- Type: Boolean +- Position: Named +- Default value: False +- Accept pipeline input: False +- Accept wildcard characters: False + +**EnableNetworkProtection/DisableInboundConnectionFiltering** + +Network Protection inspects and can block both connections that originate from the host machine, as well as those that originates from outside the machine. To have network connection to inspect only outbound connections, set this configuration to "$true". + +- Type: Boolean +- Position: Named +- Default value: False +- Accept pipeline input: False +- Accept wildcard characters: False + +**EnableNetworkProtection/EnableDnsSinkhole** + +Network Protection can inspect the DNS traffic of a machine and, in conjunction with behavior monitoring, detect and sink hole DNS exfiltration attempts and other DNS based malicious attacks. Set this configuration to "$true" to enable this feature. + +- Type: Boolean +- Position: Named +- Default value: False +- Accept pipeline input: False +- Accept wildcard characters: False + +**EnableNetworkProtection/DisableDnsOverTcpParsing** + +Network Protection inspects DNS traffic that occurs over a TCP channel, to provide metadata for Anti-malware Behavior Monitoring or to allow for DNS sink holing if the -EnableDnsSinkhole configuration is set. This can be disabled by setting this value to "$true". + +- Type: Boolean +- Position: Named +- Default value: False +- Accept pipeline input: False +- Accept wildcard characters: False + +**EnableNetworkProtection/DisableDnsParsing** + +Network Protection inspects DNS traffic that occurs over a UDP channel, to provide metadata for Anti-malware Behavior Monitoring or to allow for DNS sink holing if the -EnableDnsSinkhole configuration is set. This can be disabled by setting this value to "$true". + +- Type: Boolean +- Position: Named +- Default value: False +- Accept pipeline input: False +- Accept wildcard characters: False + +**EnableNetworkProtection/DisableHttpParsing** + +Network Protection inspects HTTP traffic to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. HTTP connections to malicious websites can also be blocked if -EnableNetworkProtection is set to enabled. HTTP inspection can be disabled by setting this value to "$true". + +- Type: Boolean +- Position: Named +- Default value: False +- Accept pipeline input: False +- Accept wildcard characters: False + +**EnableNetworkProtection/DisableRdpParsing** + +Network Protection inspects RDP traffic so that it can block connections from known malicious hosts if -EnableNetworkProtection is set to be enabled, and to provide metadata to behavior monitoring. RDP inspection can be disabled by setting this value to "$true". + +- Type: Boolean +- Position: Named +- Default value: False +- Accept pipeline input: False +- Accept wildcard characters: False + +**EnableNetworkProtection/DisableSshParsing** + +Network Protection inspects SSH traffic, so that it can block connections from known malicious hosts. If -EnableNetworkProtection is set to be enabled, and to provide metadata to behavior monitoring. SSH inspection can be disabled by setting this value to "$true". + +- Type: Boolean +- Position: Named +- Default value: False +- Accept pipeline input: False +- Accept wildcard characters: False + +**EnableNetworkProtection/DisableTlsParsing** + +Network Protection inspects TLS traffic (also known as HTTPS traffic) to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. TLS connections to malicious websites can also be blocked if -EnableNetworkProtection is set to enabled. HTTP inspection can be disabled by setting this value to "$true". + +- Type: Boolean +- Position: Named +- Default value: False +- Accept pipeline input: False +- Accept wildcard characters: False + **Health** An interior node to group information about Windows Defender health status. @@ -248,7 +414,7 @@ Supported product status values: - Service is shutting down as part of system shutdown = 1 << 16 - Threat remediation failed critically = 1 << 17 - Threat remediation failed non-critically = 1 << 18 -- No status flags set (well initialized state) = 1 << 19 +- No status flags set (well-initialized state) = 1 << 19 - Platform is out of date = 1 << 20 - Platform update is in progress = 1 << 21 - Platform is about to be outdated = 1 << 22 @@ -552,7 +718,7 @@ Beta Channel: Devices set to this channel will be the first to receive new updat Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments. -Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%). +Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested applying to a small, representative part of your production population (~10%). Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%). @@ -581,7 +747,7 @@ Beta Channel: Devices set to this channel will be the first to receive new updat Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments. -Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%). +Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested applying to a small, representative part of your production population (~10%). Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%). @@ -637,8 +803,8 @@ The data type is integer. Supported operations are Add, Delete, Get, Replace. Valid values are: -• 1 – Enabled. -• 0 (default) – Not Configured. +- 1 – Enabled. +- 0 (default) – Not Configured. More details: diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md index 4339466ef0..a7236eea80 100644 --- a/windows/client-management/mdm/index.md +++ b/windows/client-management/mdm/index.md @@ -28,8 +28,6 @@ Third-party MDM servers can manage Windows 10 by using the MDM protocol. The bu With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros’ operational needs, addressing security concerns for modern cloud-managed devices. -> [!NOTE] ->Intune support for the MDM security baseline is coming soon. The MDM security baseline includes policies that cover the following areas: @@ -48,7 +46,7 @@ For more details about the MDM policies defined in the MDM security baseline and - [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip) -For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](/intune/security-baseline-settings-windows). +For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all). diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index d760021b1e..0ed2ddc357 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -92,7 +92,7 @@ Note: Wild card characters cannot be used when specifying the host URLs. ADMX Info: -- GP English name: *Approved Installation Sites for ActiveX Controls* +- GP Friendly name: *Approved Installation Sites for ActiveX Controls* - GP name: *ApprovedActiveXInstallSites* - GP path: *Windows Components/ActiveX Installer Service* - GP ADMX file name: *ActiveXInstallService.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md index a4020d12f2..67982daf0e 100644 --- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md +++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md @@ -95,7 +95,7 @@ If the trusted site uses the HTTPS protocol, this policy setting can also contro ADMX Info: -- GP English name: *Establish ActiveX installation policy for sites in Trusted zones* +- GP Friendly name: *Establish ActiveX installation policy for sites in Trusted zones* - GP name: *AxISURLZonePolicies* - GP path: *Windows Components\ActiveX Installer Service* - GP ADMX file name: *ActiveXInstallService.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md index 647cff6ce4..0c7c4b543b 100644 --- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md +++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md @@ -125,7 +125,7 @@ If you disable this setting or do not configure it, all programs (Category: All) ADMX Info: -- GP English name: *Specify default category for Add New Programs* +- GP Friendly name: *Specify default category for Add New Programs* - GP name: *DefaultCategory* - GP path: *Control Panel/Add or Remove Programs* - GP ADMX file name: *addremoveprograms.admx* @@ -206,7 +206,7 @@ If you disable this setting or do not configure it, the "Add a program from CD-R ADMX Info: -- GP English name: *Hide the "Add a program from CD-ROM or floppy disk" option* +- GP Friendly name: *Hide the "Add a program from CD-ROM or floppy disk" option* - GP name: *NoAddFromCDorFloppy* - GP path: *Control Panel/Add or Remove Programs* - GP ADMX file name: *addremoveprograms.admx* @@ -287,7 +287,7 @@ If you disable this setting or do not configure it, "Add programs from Microsoft ADMX Info: -- GP English name: *Hide the "Add programs from Microsoft" option* +- GP Friendly name: *Hide the "Add programs from Microsoft" option* - GP name: *NoAddFromInternet* - GP path: *Control Panel/Add or Remove Programs* - GP ADMX file name: *addremoveprograms.admx* @@ -370,7 +370,7 @@ If you disable this setting or do not configure it, "Add programs from your netw ADMX Info: -- GP English name: *Hide the "Add programs from your network" option* +- GP Friendly name: *Hide the "Add programs from your network" option* - GP name: *NoAddFromNetwork* - GP path: *Control Panel/Add or Remove Programs* - GP ADMX file name: *addremoveprograms.admx* @@ -447,7 +447,7 @@ If you disable this setting or do not configure it, the Add New Programs button ADMX Info: -- GP English name: *Hide Add New Programs page* +- GP Friendly name: *Hide Add New Programs page* - GP name: *NoAddPage* - GP path: *Control Panel/Add or Remove Programs* - GP ADMX file name: *addremoveprograms.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index ff2c292c54..e145a37e11 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -131,7 +131,7 @@ If the status is set to Not Configured, the OS falls back on a local policy set ADMX Info: -- GP English name: *Prevent access to 16-bit applications* +- GP Friendly name: *Prevent access to 16-bit applications* - GP name: *AppCompatPrevent16BitMach* - GP path: *Windows Components/Application Compatibility* - GP ADMX file name: *AppCompat.admx* @@ -202,7 +202,7 @@ Enabling this policy setting removes the property page from the context-menus, b ADMX Info: -- GP English name: *Remove Program Compatibility Property Page* +- GP Friendly name: *Remove Program Compatibility Property Page* - GP name: *AppCompatRemoveProgramCompatPropPage* - GP path: *Windows Components/Application Compatibility* - GP ADMX file name: *AppCompat.admx* @@ -277,7 +277,7 @@ Disabling telemetry will take effect on any newly launched applications. To ensu ADMX Info: -- GP English name: *Turn off Application Telemetry* +- GP Friendly name: *Turn off Application Telemetry* - GP name: *AppCompatTurnOffApplicationImpactTelemetry* - GP path: *Windows Components/Application Compatibility* - GP ADMX file name: *AppCompat.admx* @@ -353,7 +353,7 @@ Reboot the system after changing the setting to ensure that your system accurate ADMX Info: -- GP English name: *Turn off SwitchBack Compatibility Engine* +- GP Friendly name: *Turn off SwitchBack Compatibility Engine* - GP name: *AppCompatTurnOffSwitchBack* - GP path: *Windows Components/Application Compatibility* - GP ADMX file name: *AppCompat.admx* @@ -431,7 +431,7 @@ This option is useful to server administrators who require faster performance an ADMX Info: -- GP English name: *Turn off Application Compatibility Engine* +- GP Friendly name: *Turn off Application Compatibility Engine* - GP name: *AppCompatTurnOffEngine* - GP path: *Windows Components/Application Compatibility* - GP ADMX file name: *AppCompat.admx* @@ -498,7 +498,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting ex ADMX Info: -- GP English name: *Turn off Program Compatibility Assistant* +- GP Friendly name: *Turn off Program Compatibility Assistant* - GP name: *AppCompatTurnOffProgramCompatibilityAssistant_1* - GP path: *Windows Components/Application Compatibility* - GP ADMX file name: *AppCompat.admx* @@ -572,7 +572,7 @@ If you disable or do not configure this policy setting, the PCA will be turned o ADMX Info: -- GP English name: *Turn off Program Compatibility Assistant* +- GP Friendly name: *Turn off Program Compatibility Assistant* - GP name: *AppCompatTurnOffProgramCompatibilityAssistant_2* - GP path: *Windows Components/Application Compatibility* - GP ADMX file name: *AppCompat.admx* @@ -645,7 +645,7 @@ If you disable or do not configure this policy setting, Steps Recorder will be e ADMX Info: -- GP English name: *Turn off Steps Recorder* +- GP Friendly name: *Turn off Steps Recorder* - GP name: *AppCompatTurnOffUserActionRecord* - GP path: *Windows Components/Application Compatibility* - GP ADMX file name: *AppCompat.admx* @@ -721,7 +721,7 @@ If you disable or do not configure this policy setting, the Inventory Collector ADMX Info: -- GP English name: *Turn off Inventory Collector* +- GP Friendly name: *Turn off Inventory Collector* - GP name: *AppCompatTurnOffProgramInventory* - GP path: *Windows Components/Application Compatibility* - GP ADMX file name: *AppCompat.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md index 9a4ac00b81..f3aef0211f 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md +++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md @@ -97,7 +97,7 @@ If you disable or do not configure this policy setting, Group Policy blocks depl ADMX Info: -- GP English name: *Allow deployment operations in special profiles* +- GP Friendly name: *Allow deployment operations in special profiles* - GP name: *AllowDeploymentInSpecialProfiles* - GP path: *Windows Components\App Package Deployment* - GP ADMX file name: *AppxPackageManager.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md index de1358be57..c30dafd023 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md +++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md @@ -99,7 +99,7 @@ If you disable or don't set this policy setting, Windows Store apps will only us ADMX Info: -- GP English name: *Turn on dynamic Content URI Rules for Windows store apps* +- GP Friendly name: *Turn on dynamic Content URI Rules for Windows store apps* - GP name: *AppxRuntimeApplicationContentUriRules* - GP path: *Windows Components\App runtime* - GP ADMX file name: *AppXRuntime.admx* @@ -169,7 +169,7 @@ If you disable or do not configure this policy setting, Windows Store apps can o ADMX Info: -- GP English name: *Block launching desktop apps associated with a file.* +- GP Friendly name: *Block launching desktop apps associated with a file.* - GP name: *AppxRuntimeBlockFileElevation* - GP path: *Windows Components\App runtime* - GP ADMX file name: *AppXRuntime.admx* @@ -241,7 +241,7 @@ If you disable or do not configure this policy setting, all Universal Windows ap ADMX Info: -- GP English name: *Block launching Universal Windows apps with Windows Runtime API access from hosted content.* +- GP Friendly name: *Block launching Universal Windows apps with Windows Runtime API access from hosted content.* - GP name: *AppxRuntimeBlockHostedAppAccessWinRT* - GP path: *Windows Components\App runtime* - GP ADMX file name: *AppXRuntime.admx* @@ -314,7 +314,7 @@ If you disable or do not configure this policy setting, Windows Store apps can o ADMX Info: -- GP English name: *Block launching desktop apps associated with a URI scheme* +- GP Friendly name: *Block launching desktop apps associated with a URI scheme* - GP name: *AppxRuntimeBlockProtocolElevation* - GP path: *Windows Components\App runtime* - GP ADMX file name: *AppXRuntime.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md index 8bc9cf11ea..7a82136079 100644 --- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md @@ -108,7 +108,7 @@ If you do not configure this policy setting, Windows uses its default trust logi ADMX Info: -- GP English name: *Trust logic for file attachments* +- GP Friendly name: *Trust logic for file attachments* - GP name: *AM_EstimateFileHandlerRisk* - GP path: *Windows Components\Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* @@ -185,7 +185,7 @@ If you do not configure this policy setting, Windows sets the default risk level ADMX Info: -- GP English name: *Default risk level for file attachments* +- GP Friendly name: *Default risk level for file attachments* - GP name: *AM_SetFileRiskLevel* - GP path: *Windows Components\Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* @@ -256,7 +256,7 @@ If you do not configure this policy setting, Windows uses its built-in list of h ADMX Info: -- GP English name: *Inclusion list for high risk file types* +- GP Friendly name: *Inclusion list for high risk file types* - GP name: *AM_SetHighRiskInclusion* - GP path: *Windows Components\Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* @@ -327,7 +327,7 @@ If you do not configure this policy setting, Windows uses its default trust logi ADMX Info: -- GP English name: *Inclusion list for low file types* +- GP Friendly name: *Inclusion list for low file types* - GP name: *AM_SetLowRiskInclusion* - GP path: *Windows Components\Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* @@ -398,7 +398,7 @@ If you do not configure this policy setting, Windows uses its default trust logi ADMX Info: -- GP English name: *Inclusion list for moderate risk file types* +- GP Friendly name: *Inclusion list for moderate risk file types* - GP name: *AM_SetModRiskInclusion* - GP path: *Windows Components\Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index 45e3546cb4..56d9939332 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -95,7 +95,7 @@ Default is Not configured. ADMX Info: -- GP English name: *Include command line in process creation events* +- GP Friendly name: *Include command line in process creation events* - GP name: *IncludeCmdLine* - GP path: *System/Audit Process Creation* - GP ADMX file name: *AuditSettings.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md index a9c4c671d0..9a5fd957e7 100644 --- a/windows/client-management/mdm/policy-csp-admx-bits.md +++ b/windows/client-management/mdm/policy-csp-admx-bits.md @@ -132,7 +132,7 @@ If you disable or do not configure this policy setting, the BITS client uses Win ADMX Info: -- GP English name: *Do not allow the BITS client to use Windows Branch Cache* +- GP Friendly name: *Do not allow the BITS client to use Windows Branch Cache* - GP name: *BITS_DisableBranchCache* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* @@ -204,7 +204,7 @@ If you disable or do not configure this policy setting, the computer attempts to ADMX Info: -- GP English name: *Do not allow the computer to act as a BITS Peercaching client* +- GP Friendly name: *Do not allow the computer to act as a BITS Peercaching client* - GP name: *BITS_DisablePeercachingClient* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* @@ -276,7 +276,7 @@ If you disable or do not configure this policy setting, the computer will offer ADMX Info: -- GP English name: *Do not allow the computer to act as a BITS Peercaching server* +- GP Friendly name: *Do not allow the computer to act as a BITS Peercaching server* - GP name: *BITS_DisablePeercachingServer* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* @@ -348,7 +348,7 @@ If you disable or do not configure this policy setting, the BITS peer caching fe ADMX Info: -- GP English name: *Allow BITS Peercaching* +- GP Friendly name: *Allow BITS Peercaching* - GP name: *BITS_EnablePeercaching* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* @@ -425,7 +425,7 @@ If you disable this policy setting or do not configure it, the default value of ADMX Info: -- GP English name: *Limit the maximum network bandwidth used for Peercaching* +- GP Friendly name: *Limit the maximum network bandwidth used for Peercaching* - GP name: *BITS_MaxBandwidthServedForPeers* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* @@ -499,7 +499,7 @@ If you disable or do not configure this policy setting, the limits defined for w ADMX Info: -- GP English name: *Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers* +- GP Friendly name: *Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers* - GP name: *BITS_MaxBandwidthV2_Maintenance* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* @@ -571,7 +571,7 @@ If you disable or do not configure this policy setting, BITS uses all available ADMX Info: -- GP English name: *Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers* +- GP Friendly name: *Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers* - GP name: *BITS_MaxBandwidthV2_Work* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* @@ -644,7 +644,7 @@ If you disable or do not configure this policy setting, the default size of the ADMX Info: -- GP English name: *Limit the BITS Peercache size* +- GP Friendly name: *Limit the BITS Peercache size* - GP name: *BITS_MaxCacheSize* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* @@ -716,7 +716,7 @@ If you disable or do not configure this policy setting, files that have not been ADMX Info: -- GP English name: *Limit the age of files in the BITS Peercache* +- GP Friendly name: *Limit the age of files in the BITS Peercache* - GP name: *BITS_MaxContentAge* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* @@ -789,7 +789,7 @@ If you disable or do not configure this policy setting, the default value of 90 ADMX Info: -- GP English name: *Limit the maximum BITS job download time* +- GP Friendly name: *Limit the maximum BITS job download time* - GP name: *BITS_MaxDownloadTime* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* @@ -861,7 +861,7 @@ If you disable or do not configure this policy setting, BITS will use the defaul ADMX Info: -- GP English name: *Limit the maximum number of files allowed in a BITS job* +- GP Friendly name: *Limit the maximum number of files allowed in a BITS job* - GP name: *BITS_MaxFilesPerJob* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* @@ -933,7 +933,7 @@ If you disable or do not configure this policy setting, BITS will use the defaul ADMX Info: -- GP English name: *Limit the maximum number of BITS jobs for this computer* +- GP Friendly name: *Limit the maximum number of BITS jobs for this computer* - GP name: *BITS_MaxJobsPerMachine* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* @@ -1005,7 +1005,7 @@ If you disable or do not configure this policy setting, BITS will use the defaul ADMX Info: -- GP English name: *Limit the maximum number of BITS jobs for each user* +- GP Friendly name: *Limit the maximum number of BITS jobs for each user* - GP name: *BITS_MaxJobsPerUser* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* @@ -1077,7 +1077,7 @@ If you disable or do not configure this policy setting, BITS will limit ranges t ADMX Info: -- GP English name: *Limit the maximum number of ranges that can be added to the file in a BITS job* +- GP Friendly name: *Limit the maximum number of ranges that can be added to the file in a BITS job* - GP name: *BITS_MaxRangesPerFile* - GP path: *Network\Background Intelligent Transfer Service (BITS)* - GP ADMX file name: *Bits.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md index b258029bba..44e91fe2e9 100644 --- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -96,7 +96,7 @@ For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Sc ADMX Info: -- GP English name: *SSL Cipher Suite Order* +- GP Friendly name: *SSL Cipher Suite Order* - GP name: *SSLCipherSuiteOrder* - GP path: *Network/SSL Configuration Settings* - GP ADMX file name: *CipherSuiteOrder.admx* @@ -179,7 +179,7 @@ CertUtil.exe -DisplayEccCurve ADMX Info: -- GP English name: *ECC Curve Order* +- GP Friendly name: *ECC Curve Order* - GP name: *SSLCurveOrder* - GP path: *Network/SSL Configuration Settings* - GP ADMX file name: *CipherSuiteOrder.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md index fe5fda7a65..13d4fabf45 100644 --- a/windows/client-management/mdm/policy-csp-admx-com.md +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -98,7 +98,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Download missing COM components* +- GP Friendly name: *Download missing COM components* - GP name: *AppMgmt_COM_SearchForCLSID_1* - GP path: *System* - GP ADMX file name: *COM.admx* @@ -173,7 +173,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Download missing COM components* +- GP Friendly name: *Download missing COM components* - GP name: *AppMgmt_COM_SearchForCLSID_2* - GP path: *System* - GP ADMX file name: *COM.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md index e2b1569c90..9dec30ad01 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md @@ -107,7 +107,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec ADMX Info: -- GP English name: *Hide specified Control Panel items* +- GP Friendly name: *Hide specified Control Panel items* - GP name: *DisallowCpls* - GP path: *Control Panel* - GP ADMX file name: *ControlPanel.admx* @@ -181,7 +181,7 @@ If this policy setting is not configured, the Control Panel opens to the view us ADMX Info: -- GP English name: *Always open All Control Panel Items when opening Control Panel* +- GP Friendly name: *Always open All Control Panel Items when opening Control Panel* - GP name: *ForceClassicControlPanel* - GP path: *Control Panel* - GP ADMX file name: *ControlPanel.admx* @@ -262,7 +262,7 @@ If users try to select a Control Panel item from the Properties item on a contex ADMX Info: -- GP English name: *Prohibit access to Control Panel and PC settings* +- GP Friendly name: *Prohibit access to Control Panel and PC settings* - GP name: *NoControlPanel* - GP path: *Control Panel* - GP ADMX file name: *ControlPanel.admx* @@ -339,7 +339,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec ADMX Info: -- GP English name: *Show only specified Control Panel items* +- GP Friendly name: *Show only specified Control Panel items* - GP name: *RestrictCpls* - GP path: *Control Panel* - GP ADMX file name: *ControlPanel.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md index 970899b339..f1f3907cbe 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md @@ -159,7 +159,7 @@ Also, see the "Prohibit access to the Control Panel" (User Configuration\Adminis ADMX Info: -- GP English name: *Disable the Display Control Panel* +- GP Friendly name: *Disable the Display Control Panel* - GP name: *CPL_Display_Disable* - GP path: *Control Panel\Display* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -226,7 +226,7 @@ This setting prevents users from using Control Panel to add, configure, or chang ADMX Info: -- GP English name: *Hide Settings tab* +- GP Friendly name: *Hide Settings tab* - GP name: *CPL_Display_HideSettings* - GP path: *Control Panel\Display* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -297,7 +297,7 @@ For Windows 7 and later, use the "Prevent changing color and appearance" setting ADMX Info: -- GP English name: *Prevent changing color scheme* +- GP Friendly name: *Prevent changing color scheme* - GP name: *CPL_Personalization_DisableColorSchemeChoice* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -369,7 +369,7 @@ If you disable or do not configure this setting, there is no effect. ADMX Info: -- GP English name: *Prevent changing theme* +- GP Friendly name: *Prevent changing theme* - GP name: *CPL_Personalization_DisableThemeChange* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -438,7 +438,7 @@ When enabled on Windows XP and later systems, this setting prevents users and ap ADMX Info: -- GP English name: *Prevent changing visual style for windows and buttons* +- GP Friendly name: *Prevent changing visual style for windows and buttons* - GP name: *CPL_Personalization_DisableVisualStyle* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -511,7 +511,7 @@ Also, see the "Prevent changing Screen Saver" setting. ADMX Info: -- GP English name: *Enable screen saver* +- GP Friendly name: *Enable screen saver* - GP name: *CPL_Personalization_EnableScreenSaver* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -584,7 +584,7 @@ Note: This setting only applies to Enterprise, Education, and Server SKUs. ADMX Info: -- GP English name: *Force a specific default lock screen and logon image* +- GP Friendly name: *Force a specific default lock screen and logon image* - GP name: *CPL_Personalization_ForceDefaultLockScreen* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -653,7 +653,7 @@ If you disable or do not configure this setting, a user may change the font size ADMX Info: -- GP English name: *Prohibit selection of visual style font size* +- GP Friendly name: *Prohibit selection of visual style font size* - GP name: *CPL_Personalization_LockFontSize* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -722,7 +722,7 @@ If you enable this setting, the user will not be able to change their lock scree ADMX Info: -- GP English name: *Prevent changing lock screen and logon image* +- GP Friendly name: *Prevent changing lock screen and logon image* - GP name: *CPL_Personalization_NoChangingLockScreen* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -795,7 +795,7 @@ If the "Force a specific Start background" policy is also set on a supported ver ADMX Info: -- GP English name: *Prevent changing start menu background* +- GP Friendly name: *Prevent changing start menu background* - GP name: *CPL_Personalization_NoChangingStartMenuBackground* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -866,7 +866,7 @@ For systems prior to Windows Vista, this setting hides the Appearance and Themes ADMX Info: -- GP English name: *Prevent changing color and appearance* +- GP Friendly name: *Prevent changing color and appearance* - GP name: *CPL_Personalization_NoColorAppearanceUI* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -941,7 +941,7 @@ Also, see the "Allow only bitmapped wallpaper" setting. ADMX Info: -- GP English name: *Prevent changing desktop background* +- GP Friendly name: *Prevent changing desktop background* - GP name: *CPL_Personalization_NoDesktopBackgroundUI* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -1012,7 +1012,7 @@ For systems prior to Windows Vista, this setting also hides the Desktop tab in t ADMX Info: -- GP English name: *Prevent changing desktop icons* +- GP Friendly name: *Prevent changing desktop icons* - GP name: *CPL_Personalization_NoDesktopIconsUI* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -1081,7 +1081,7 @@ If you disable or do not configure this policy setting, users that are not requi ADMX Info: -- GP English name: *Do not display the lock screen* +- GP Friendly name: *Do not display the lock screen* - GP name: *CPL_Personalization_NoLockScreen* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -1150,7 +1150,7 @@ If you enable this setting, none of the mouse pointer scheme settings can be cha ADMX Info: -- GP English name: *Prevent changing mouse pointers* +- GP Friendly name: *Prevent changing mouse pointers* - GP name: *CPL_Personalization_NoMousePointersUI* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -1217,7 +1217,7 @@ This setting prevents users from using Control Panel to add, configure, or chang ADMX Info: -- GP English name: *Prevent changing screen saver* +- GP Friendly name: *Prevent changing screen saver* - GP name: *CPL_Personalization_NoScreenSaverUI* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -1286,7 +1286,7 @@ If you enable this setting, none of the Sound Scheme settings can be changed by ADMX Info: -- GP English name: *Prevent changing sounds* +- GP Friendly name: *Prevent changing sounds* - GP name: *CPL_Personalization_NoSoundSchemeUI* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -1355,7 +1355,7 @@ If this setting is enabled, the background and accent colors of Windows will be ADMX Info: -- GP English name: *Force a specific background and accent color* +- GP Friendly name: *Force a specific background and accent color* - GP name: *CPL_Personalization_PersonalColors* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -1431,7 +1431,7 @@ To ensure that a computer will be password protected, enable the "Enable Screen ADMX Info: -- GP English name: *Password protect the screen saver* +- GP Friendly name: *Password protect the screen saver* - GP name: *CPL_Personalization_ScreenSaverIsSecure* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -1510,7 +1510,7 @@ When not configured, whatever wait time is set on the client through the Screen ADMX Info: -- GP English name: *Screen saver timeout* +- GP Friendly name: *Screen saver timeout* - GP name: *CPL_Personalization_ScreenSaverTimeOut* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -1586,7 +1586,7 @@ If the specified screen saver is not installed on a computer to which this setti ADMX Info: -- GP English name: *Force specific screen saver* +- GP Friendly name: *Force specific screen saver* - GP name: *CPL_Personalization_SetScreenSaver* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -1655,7 +1655,7 @@ If you disable or do not configure this setting, the default theme will be appli ADMX Info: -- GP English name: *Load a specific theme* +- GP Friendly name: *Load a specific theme* - GP name: *CPL_Personalization_SetTheme* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -1733,7 +1733,7 @@ If you disable or do not configure this setting, the users can select the visual ADMX Info: -- GP English name: *Force a specific visual style file or force Windows Classic* +- GP Friendly name: *Force a specific visual style file or force Windows Classic* - GP name: *CPL_Personalization_SetVisualStyle* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -1802,7 +1802,7 @@ If this setting is set to a nonzero value, then Start uses the specified backgro ADMX Info: -- GP English name: *Force a specific Start background* +- GP Friendly name: *Force a specific Start background* - GP name: *CPL_Personalization_StartBackground* - GP path: *Control Panel\Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index 765b443616..6ad7cad008 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -93,7 +93,7 @@ If you disable or do not configure this policy setting, users will be able to cu ADMX Info: -- GP English name: *Apply the default account picture to all users* +- GP Friendly name: *Apply the default account picture to all users* - GP name: *UseDefaultTile* - GP path: *Control Panel/User Accounts* - GP ADMX file name: *Cpls.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md index 21edb1f061..b7ed4ab54a 100644 --- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md @@ -100,7 +100,7 @@ If you don't configure this policy setting on a workgroup device, a user on a Co ADMX Info: -- GP English name: *Allow users to select when a password is required when resuming from connected standby* +- GP Friendly name: *Allow users to select when a password is required when resuming from connected standby* - GP name: *AllowDomainDelayLock* - GP path: *System\Logon* - GP ADMX file name: *CredentialProviders.admx* @@ -172,7 +172,7 @@ If you disable or do not configure this policy setting, the system picks the def ADMX Info: -- GP English name: *Assign a default credential provider* +- GP Friendly name: *Assign a default credential provider* - GP name: *DefaultCredentialProvider* - GP path: *System\Logon* - GP ADMX file name: *CredentialProviders.admx* @@ -245,7 +245,7 @@ If you disable or do not configure this policy, all installed and otherwise enab ADMX Info: -- GP English name: *Exclude credential providers* +- GP Friendly name: *Exclude credential providers* - GP name: *ExcludedCredentialProviders* - GP path: *System\Logon* - GP ADMX file name: *CredentialProviders.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index 2cc80b3bec..04bbf46ba4 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -131,7 +131,7 @@ If you disable or do not configure (by default) this policy setting, delegation ADMX Info: -- GP English name: *Allow delegating default credentials with NTLM-only server authentication* +- GP Friendly name: *Allow delegating default credentials with NTLM-only server authentication* - GP name: *AllowDefCredentialsWhenNTLMOnly* - GP path: *System\Credentials Delegation* - GP ADMX file name: *CredSsp.admx* @@ -216,7 +216,7 @@ https://go.microsoft.com/fwlink/?LinkId=301508 ADMX Info: -- GP English name: *Allow delegating default credentials* +- GP Friendly name: *Allow delegating default credentials* - GP name: *AllowDefaultCredentials* - GP path: *System\Credentials Delegation* - GP ADMX file name: *CredSsp.admx* @@ -296,7 +296,7 @@ For more information about the vulnerability and servicing requirements for prot ADMX Info: -- GP English name: *Encryption Oracle Remediation* +- GP Friendly name: *Encryption Oracle Remediation* - GP name: *AllowEncryptionOracle* - GP path: *System\Credentials Delegation* - GP ADMX file name: *CredSsp.admx* @@ -378,7 +378,7 @@ If you disable this policy setting, delegation of fresh credentials is not permi ADMX Info: -- GP English name: *Allow delegating fresh credentials* +- GP Friendly name: *Allow delegating fresh credentials* - GP name: *AllowFreshCredentials* - GP path: *System\Credentials Delegation* - GP ADMX file name: *CredSsp.admx* @@ -460,7 +460,7 @@ If you disable this policy setting, delegation of fresh credentials is not permi ADMX Info: -- GP English name: *Allow delegating fresh credentials with NTLM-only server authentication* +- GP Friendly name: *Allow delegating fresh credentials with NTLM-only server authentication* - GP name: *AllowFreshCredentialsWhenNTLMOnly* - GP path: *System\Credentials Delegation* - GP ADMX file name: *CredSsp.admx* @@ -542,7 +542,7 @@ If you disable this policy setting, delegation of saved credentials is not permi ADMX Info: -- GP English name: *Allow delegating saved credentials* +- GP Friendly name: *Allow delegating saved credentials* - GP name: *AllowSavedCredentials* - GP path: *System\Credentials Delegation* - GP ADMX file name: *CredSsp.admx* @@ -624,7 +624,7 @@ If you disable this policy setting, delegation of saved credentials is not permi ADMX Info: -- GP English name: *Allow delegating saved credentials with NTLM-only server authentication* +- GP Friendly name: *Allow delegating saved credentials with NTLM-only server authentication* - GP name: *AllowSavedCredentialsWhenNTLMOnly* - GP path: *System\Credentials Delegation* - GP ADMX file name: *CredSsp.admx* @@ -704,7 +704,7 @@ This policy setting can be used in combination with the "Allow delegating defaul ADMX Info: -- GP English name: *Deny delegating default credentials* +- GP Friendly name: *Deny delegating default credentials* - GP name: *DenyDefaultCredentials* - GP path: *System\Credentials Delegation* - GP ADMX file name: *CredSsp.admx* @@ -784,7 +784,7 @@ This policy setting can be used in combination with the "Allow delegating fresh ADMX Info: -- GP English name: *Deny delegating fresh credentials* +- GP Friendly name: *Deny delegating fresh credentials* - GP name: *DenyFreshCredentials* - GP path: *System\Credentials Delegation* - GP ADMX file name: *CredSsp.admx* @@ -864,7 +864,7 @@ This policy setting can be used in combination with the "Allow delegating saved ADMX Info: -- GP English name: *Deny delegating saved credentials* +- GP Friendly name: *Deny delegating saved credentials* - GP name: *DenySavedCredentials* - GP path: *System\Credentials Delegation* - GP ADMX file name: *CredSsp.admx* @@ -945,7 +945,7 @@ If you disable or do not configure this policy setting, Restricted Admin and Rem ADMX Info: -- GP English name: *Restrict delegation of credentials to remote servers* +- GP Friendly name: *Restrict delegation of credentials to remote servers* - GP name: *RestrictedRemoteAdministration* - GP path: *System\Credentials Delegation* - GP ADMX file name: *CredSsp.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md index f897258fbe..acb7942b92 100644 --- a/windows/client-management/mdm/policy-csp-admx-credui.md +++ b/windows/client-management/mdm/policy-csp-admx-credui.md @@ -96,7 +96,7 @@ If you disable or do not configure this policy setting, users will enter Windows ADMX Info: -- GP English name: *Require trusted path for credential entry* +- GP Friendly name: *Require trusted path for credential entry* - GP name: *EnableSecureCredentialPrompting* - GP path: *Windows Components\Credential User Interface* - GP ADMX file name: *CredUI.admx* @@ -161,7 +161,7 @@ Available in the latest Windows 10 Insider Preview Build. If you turn this polic ADMX Info: -- GP English name: *Prevent the use of security questions for local accounts* +- GP Friendly name: *Prevent the use of security questions for local accounts* - GP name: *NoLocalPasswordResetQuestions* - GP path: *Windows Components\Credential User Interface* - GP ADMX file name: *CredUI.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index b8b9047875..b42e1e9ad0 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -99,7 +99,7 @@ However, users are still able to change their password when prompted by the syst ADMX Info: -- GP English name: *Remove Change Password* +- GP Friendly name: *Remove Change Password* - GP name: *DisableChangePassword* - GP path: *System/Ctrl+Alt+Del Options* - GP ADMX file name: *CtrlAltDel.admx* @@ -174,7 +174,7 @@ If you disable or do not configure this policy setting, users will be able to lo ADMX Info: -- GP English name: *Remove Lock Computer* +- GP Friendly name: *Remove Lock Computer* - GP name: *DisableLockWorkstation* - GP path: *System/Ctrl+Alt+Del Options* - GP ADMX file name: *CtrlAltDel.admx* @@ -244,7 +244,7 @@ If you disable or do not configure this policy setting, users can access Task Ma ADMX Info: -- GP English name: *Remove Task Manager* +- GP Friendly name: *Remove Task Manager* - GP name: *DisableTaskMgr* - GP path: *System/Ctrl+Alt+Del Options* - GP ADMX file name: *CtrlAltDel.admx* @@ -315,7 +315,7 @@ If you disable or do not configure this policy setting, users can see and select ADMX Info: -- GP English name: *Remove Logoff* +- GP Friendly name: *Remove Logoff* - GP name: *NoLogoff* - GP path: *System/Ctrl+Alt+Del Options* - GP ADMX file name: *CtrlAltDel.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md index 28d46d0d21..c2de3fdc86 100644 --- a/windows/client-management/mdm/policy-csp-admx-datacollection.md +++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md @@ -90,7 +90,7 @@ If you disable or do not configure this policy setting, then Microsoft will not ADMX Info: -- GP English name: *Configure the Commercial ID* +- GP Friendly name: *Configure the Commercial ID* - GP name: *CommercialIdPolicy* - GP path: *Windows Components\Data Collection and Preview Builds* - GP ADMX file name: *DataCollection.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md index 60c1836ab2..4baa5a5da4 100644 --- a/windows/client-management/mdm/policy-csp-admx-desktop.md +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -176,7 +176,7 @@ To see the filter bar, open Network Locations, click Entire Network, and then cl ADMX Info: -- GP English name: *Enable filter in Find dialog box* +- GP Friendly name: *Enable filter in Find dialog box* - GP name: *AD_EnableFilter* - GP path: *Desktop\Active Directory* - GP ADMX file name: *Desktop.admx* @@ -249,7 +249,7 @@ This setting is designed to let users search Active Directory but not tempt them ADMX Info: -- GP English name: *Hide Active Directory folder* +- GP Friendly name: *Hide Active Directory folder* - GP name: *AD_HideDirectoryFolder* - GP path: *Desktop\Active Directory* - GP ADMX file name: *Desktop.admx* @@ -320,7 +320,7 @@ This setting is designed to protect the network and the domain controller from t ADMX Info: -- GP English name: *Maximum size of Active Directory searches* +- GP Friendly name: *Maximum size of Active Directory searches* - GP name: *AD_QueryLimit* - GP path: *Desktop\Active Directory* - GP ADMX file name: *Desktop.admx* @@ -392,7 +392,7 @@ If you disable this setting or do not configure it, Active Desktop is disabled b ADMX Info: -- GP English name: *Enable Active Desktop* +- GP Friendly name: *Enable Active Desktop* - GP name: *ForceActiveDesktopOn* - GP path: *Desktop\Desktop* - GP ADMX file name: *Desktop.admx* @@ -464,7 +464,7 @@ If you disable this setting or do not configure it, Active Desktop is disabled b ADMX Info: -- GP English name: *Disable Active Desktop* +- GP Friendly name: *Disable Active Desktop* - GP name: *NoActiveDesktop* - GP path: *Desktop\Desktop* - GP ADMX file name: *Desktop.admx* @@ -531,7 +531,7 @@ This is a comprehensive setting that locks down the configuration you establish ADMX Info: -- GP English name: *Prohibit changes* +- GP Friendly name: *Prohibit changes* - GP name: *NoActiveDesktopChanges* - GP path: *Desktop\Desktop* - GP ADMX file name: *Desktop.admx* @@ -600,7 +600,7 @@ Also, see "Items displayed in Places Bar" in User Configuration\Administrative T ADMX Info: -- GP English name: *Hide and disable all items on the desktop* +- GP Friendly name: *Hide and disable all items on the desktop* - GP name: *NoDesktop* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -672,7 +672,7 @@ If you disable this setting or do not configure it, the default behavior of the ADMX Info: -- GP English name: *Remove the Desktop Cleanup Wizard* +- GP Friendly name: *Remove the Desktop Cleanup Wizard* - GP name: *NoDesktopCleanupWizard* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -739,7 +739,7 @@ This setting does not prevent the user from starting Internet Explorer by using ADMX Info: -- GP English name: *Hide Internet Explorer icon on desktop* +- GP Friendly name: *Hide Internet Explorer icon on desktop* - GP name: *NoInternetIcon* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -813,7 +813,7 @@ If you do not configure this setting, the default is to display Computer as usua ADMX Info: -- GP English name: *Remove Computer icon on the desktop* +- GP Friendly name: *Remove Computer icon on the desktop* - GP name: *NoMyComputerIcon* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -887,7 +887,7 @@ This setting does not remove the My Documents icon from the Start menu. To do so ADMX Info: -- GP English name: *Remove My Documents icon on the desktop* +- GP Friendly name: *Remove My Documents icon on the desktop* - GP name: *NoMyDocumentsIcon* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -957,7 +957,7 @@ This setting only affects the desktop icon. It does not prevent users from conne ADMX Info: -- GP English name: *Hide Network Locations icon on desktop* +- GP Friendly name: *Hide Network Locations icon on desktop* - GP name: *NoNetHood* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -1026,7 +1026,7 @@ If you disable or do not configure this setting, the Properties option is displa ADMX Info: -- GP English name: *Remove Properties from the Computer icon context menu* +- GP Friendly name: *Remove Properties from the Computer icon context menu* - GP name: *NoPropertiesMyComputer* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -1099,7 +1099,7 @@ If you disable or do not configure this policy setting, the Properties menu comm ADMX Info: -- GP English name: *Remove Properties from the Documents icon context menu* +- GP Friendly name: *Remove Properties from the Documents icon context menu* - GP name: *NoPropertiesMyDocuments* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -1168,7 +1168,7 @@ If you enable this setting, shared folders are not added to Network Locations au ADMX Info: -- GP English name: *Do not add shares of recently opened documents to Network Locations* +- GP Friendly name: *Do not add shares of recently opened documents to Network Locations* - GP name: *NoRecentDocsNetHood* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -1240,7 +1240,7 @@ This setting does not prevent the user from using other methods to gain access t ADMX Info: -- GP English name: *Remove Recycle Bin icon from desktop* +- GP Friendly name: *Remove Recycle Bin icon from desktop* - GP name: *NoRecycleBinIcon* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -1309,7 +1309,7 @@ If you disable or do not configure this setting, the Properties option is displa ADMX Info: -- GP English name: *Remove Properties from the Recycle Bin context menu* +- GP Friendly name: *Remove Properties from the Recycle Bin context menu* - GP name: *NoRecycleBinProperties* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -1376,7 +1376,7 @@ If you enable this setting, users can change the desktop, but some changes, such ADMX Info: -- GP English name: *Don't save settings at exit* +- GP Friendly name: *Don't save settings at exit* - GP name: *NoSaveSettings* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -1445,7 +1445,7 @@ If you disable or do not configure this policy, this window minimizing and resto ADMX Info: -- GP English name: *Turn off Aero Shake window minimizing mouse gesture* +- GP Friendly name: *Turn off Aero Shake window minimizing mouse gesture* - GP name: *NoWindowMinimizingShortcuts* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -1521,7 +1521,7 @@ Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Pr ADMX Info: -- GP English name: *Desktop Wallpaper* +- GP Friendly name: *Desktop Wallpaper* - GP name: *Wallpaper* - GP path: *Desktop\Desktop* - GP ADMX file name: *Desktop.admx* @@ -1590,7 +1590,7 @@ Also, see the "Disable all items" setting. ADMX Info: -- GP English name: *Prohibit adding items* +- GP Friendly name: *Prohibit adding items* - GP name: *sz_ATC_DisableAdd* - GP path: *Desktop\Desktop* - GP ADMX file name: *Desktop.admx* @@ -1662,7 +1662,7 @@ If you enable this setting, items added to the desktop cannot be closed; they al ADMX Info: -- GP English name: *Prohibit closing items* +- GP Friendly name: *Prohibit closing items* - GP name: *sz_ATC_DisableClose* - GP path: *Desktop\Desktop* - GP ADMX file name: *Desktop.admx* @@ -1733,7 +1733,7 @@ Also, see the "Prohibit closing items" and "Disable all items" settings. ADMX Info: -- GP English name: *Prohibit deleting items* +- GP Friendly name: *Prohibit deleting items* - GP name: *sz_ATC_DisableDel* - GP path: *Desktop\Desktop* - GP ADMX file name: *Desktop.admx* @@ -1800,7 +1800,7 @@ This setting disables the Properties button on the Web tab in Display in Control ADMX Info: -- GP English name: *Prohibit editing items* +- GP Friendly name: *Prohibit editing items* - GP name: *sz_ATC_DisableEdit* - GP path: *Desktop\Desktop* - GP ADMX file name: *Desktop.admx* @@ -1870,7 +1870,7 @@ This setting removes all Active Desktop items from the desktop. It also removes ADMX Info: -- GP English name: *Disable all items* +- GP Friendly name: *Disable all items* - GP name: *sz_ATC_NoComponents* - GP path: *Desktop\Desktop* - GP ADMX file name: *Desktop.admx* @@ -1945,7 +1945,7 @@ You can also use this setting to delete particular Web-based items from users' d ADMX Info: -- GP English name: *Add/Delete items* +- GP Friendly name: *Add/Delete items* - GP name: *sz_AdminComponents_Title* - GP path: *Desktop\Desktop* - GP ADMX file name: *Desktop.admx* @@ -2020,7 +2020,7 @@ Also, see the "Prohibit adjusting desktop toolbars" setting. ADMX Info: -- GP English name: *Prevent adding, dragging, dropping and closing the Taskbar's toolbars* +- GP Friendly name: *Prevent adding, dragging, dropping and closing the Taskbar's toolbars* - GP name: *sz_DB_DragDropClose* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -2092,7 +2092,7 @@ Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's tool ADMX Info: -- GP English name: *Prohibit adjusting desktop toolbars* +- GP Friendly name: *Prohibit adjusting desktop toolbars* - GP name: *sz_DB_Moving* - GP path: *Desktop* - GP ADMX file name: *Desktop.admx* @@ -2159,7 +2159,7 @@ Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User ADMX Info: -- GP English name: *Allow only bitmapped wallpaper* +- GP Friendly name: *Allow only bitmapped wallpaper* - GP name: *sz_DWP_NoHTMLPaper* - GP path: *Desktop\Desktop* - GP ADMX file name: *Desktop.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md index 6dbde4ba7a..470b11eb3f 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md @@ -111,7 +111,7 @@ If you disable or do not configure this policy setting, members of the Administr ADMX Info: -- GP English name: *Allow administrators to override Device Installation Restriction policies* +- GP Friendly name: *Allow administrators to override Device Installation Restriction policies* - GP name: *DeviceInstall_AllowAdminInstall* - GP path: *System\Device Installation\Device Installation Restrictions* - GP ADMX file name: *DeviceInstallation.admx* @@ -180,7 +180,7 @@ If you disable or do not configure this policy setting, Windows displays a defau ADMX Info: -- GP English name: *Display a custom message when installation is prevented by a policy setting* +- GP Friendly name: *Display a custom message when installation is prevented by a policy setting* - GP name: *DeviceInstall_DeniedPolicy_DetailText* - GP path: *System\Device Installation\Device Installation Restrictions* - GP ADMX file name: *DeviceInstallation.admx* @@ -249,7 +249,7 @@ If you disable or do not configure this policy setting, Windows displays a defau ADMX Info: -- GP English name: *Display a custom message title when device installation is prevented by a policy setting* +- GP Friendly name: *Display a custom message title when device installation is prevented by a policy setting* - GP name: *DeviceInstall_DeniedPolicy_SimpleText* - GP path: *System\Device Installation\Device Installation Restrictions* - GP ADMX file name: *DeviceInstallation.admx* @@ -318,7 +318,7 @@ If you disable or do not configure this policy setting, Windows waits 240 second ADMX Info: -- GP English name: *Configure device installation time-out* +- GP Friendly name: *Configure device installation time-out* - GP name: *DeviceInstall_InstallTimeout* - GP path: *System\Device Installation* - GP ADMX file name: *DeviceInstallation.admx* @@ -389,7 +389,7 @@ Note: If no reboot is forced, the device installation restriction right will not ADMX Info: -- GP English name: *Time (in seconds) to force reboot when required for policy changes to take effect* +- GP Friendly name: *Time (in seconds) to force reboot when required for policy changes to take effect* - GP name: *DeviceInstall_Policy_RebootTime* - GP path: *System\Device Installation\Device Installation Restrictions* - GP ADMX file name: *DeviceInstallation.admx* @@ -457,7 +457,7 @@ If you disable or do not configure this policy setting, Windows can install and ADMX Info: -- GP English name: *Prevent installation of removable devices* +- GP Friendly name: *Prevent installation of removable devices* - GP name: *DeviceInstall_Removable_Deny* - GP path: *System\Device Installation\Device Installation Restrictions* - GP ADMX file name: *DeviceInstallation.admx* @@ -526,7 +526,7 @@ If you disable or do not configure this policy setting, Windows creates a system ADMX Info: -- GP English name: *Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point* +- GP Friendly name: *Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point* - GP name: *DeviceInstall_SystemRestore* - GP path: *System\Device Installation* - GP ADMX file name: *DeviceInstallation.admx* @@ -596,7 +596,7 @@ If you disable or do not configure this policy setting, only members of the Admi ADMX Info: -- GP English name: *Allow non-administrators to install drivers for these device setup classes* +- GP Friendly name: *Allow non-administrators to install drivers for these device setup classes* - GP name: *DriverInstall_Classes_AllowUser* - GP path: *System\Device Installation* - GP ADMX file name: *DeviceInstallation.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md index 99a7d7da64..8816d46b2e 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md +++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md @@ -93,7 +93,7 @@ If you disable or do not configure this policy setting, "Found New Hardware" bal ADMX Info: -- GP English name: *Turn off "Found New Hardware" balloons during device installation* +- GP Friendly name: *Turn off "Found New Hardware" balloons during device installation* - GP name: *DeviceInstall_BalloonTips* - GP path: *System\Device Installation* - GP ADMX file name: *DeviceSetup.admx* @@ -164,7 +164,7 @@ If you disable or do not configure this policy setting, members of the Administr ADMX Info: -- GP English name: *Specify search order for device driver source locations* +- GP Friendly name: *Specify search order for device driver source locations* - GP name: *DriverSearchPlaces_SearchOrderConfiguration* - GP path: *System\Device Installation* - GP ADMX file name: *DeviceSetup.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index 3bd65a3fa2..b41032d0f8 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -95,7 +95,7 @@ If you disable or do not configure this setting, Digital Locker can be run. ADMX Info: -- GP English name: *Do not allow Digital Locker to run* +- GP Friendly name: *Do not allow Digital Locker to run* - GP name: *Digitalx_DiableApplication_TitleText_1* - GP path: *Windows Components/Digital Locker* - GP ADMX file name: *DigitalLocker.admx* @@ -166,7 +166,7 @@ If you disable or do not configure this setting, Digital Locker can be run. ADMX Info: -- GP English name: *Do not allow Digital Locker to run* +- GP Friendly name: *Do not allow Digital Locker to run* - GP name: *Digitalx_DiableApplication_TitleText_2* - GP path: *Windows Components/Digital Locker* - GP ADMX file name: *DigitalLocker.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md index d1e758c1e7..1151c3fbae 100644 --- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md +++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md @@ -92,7 +92,7 @@ This policy should not be set unless the DLT server is running on all domain con ADMX Info: -- GP English name: *Allow Distributed Link Tracking clients to use domain resources* +- GP Friendly name: *Allow Distributed Link Tracking clients to use domain resources* - GP name: *DLT_AllowDomainMode* - GP path: *Windows\System!DLT_AllowDomainMode* - GP ADMX file name: *DistributedLinkTracking.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index 9eab8af0c7..6d020b3a32 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -153,7 +153,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *Allow NetBT queries for fully qualified domain names* +- GP Friendly name: *Allow NetBT queries for fully qualified domain names* - GP name: *DNS_AllowFQDNNetBiosQueries* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -229,7 +229,7 @@ If you do not configure this policy setting, computers will use their local DNS ADMX Info: -- GP English name: *Allow DNS suffix appending to unqualified multi-label name queries* +- GP Friendly name: *Allow DNS suffix appending to unqualified multi-label name queries* - GP name: *DNS_AppendToMultiLabelName* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -298,7 +298,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *Connection-specific DNS suffix* +- GP Friendly name: *Connection-specific DNS suffix* - GP name: *DNS_Domain* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -384,7 +384,7 @@ If you disable this policy setting or do not configure it, DNS clients use the d ADMX Info: -- GP English name: *Primary DNS suffix devolution level* +- GP Friendly name: *Primary DNS suffix devolution level* - GP name: *DNS_DomainNameDevolutionLevel* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -454,7 +454,7 @@ If this policy setting is disabled, or if this policy setting is not configured, ADMX Info: -- GP English name: *Turn off IDN encoding* +- GP Friendly name: *Turn off IDN encoding* - GP name: *DNS_IdnEncoding* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -523,7 +523,7 @@ If this policy setting is disabled, or if this policy setting is not configured, ADMX Info: -- GP English name: *IDN mapping* +- GP Friendly name: *IDN mapping* - GP name: *DNS_IdnMapping* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -594,7 +594,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *DNS servers* +- GP Friendly name: *DNS servers* - GP name: *DNS_NameServer* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -666,7 +666,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *Prefer link local responses over DNS when received over a network with higher precedence* +- GP Friendly name: *Prefer link local responses over DNS when received over a network with higher precedence* - GP name: *DNS_PreferLocalResponsesOverLowerOrderDns* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -742,7 +742,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *Primary DNS suffix* +- GP Friendly name: *Primary DNS suffix* - GP name: *DNS_PrimaryDnsSuffix* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -816,7 +816,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *Register DNS records with connection-specific DNS suffix* +- GP Friendly name: *Register DNS records with connection-specific DNS suffix* - GP name: *DNS_RegisterAdapterName* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -892,7 +892,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *Register PTR records* +- GP Friendly name: *Register PTR records* - GP name: *DNS_RegisterReverseLookup* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -961,7 +961,7 @@ If you disable this policy setting, computers may not use dynamic DNS registrati ADMX Info: -- GP English name: *Dynamic update* +- GP Friendly name: *Dynamic update* - GP name: *DNS_RegistrationEnabled* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -1034,7 +1034,7 @@ If you disable this policy setting, existing A resource records that contain con ADMX Info: -- GP English name: *Replace addresses in conflicts* +- GP Friendly name: *Replace addresses in conflicts* - GP name: *DNS_RegistrationOverwritesInConflict* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -1110,7 +1110,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *Registration refresh interval* +- GP Friendly name: *Registration refresh interval* - GP name: *DNS_RegistrationRefreshInterval* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -1181,7 +1181,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *TTL value for A and PTR records* +- GP Friendly name: *TTL value for A and PTR records* - GP name: *DNS_RegistrationTtl* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -1256,7 +1256,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *DNS suffix search list* +- GP Friendly name: *DNS suffix search list* - GP name: *DNS_SearchList* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -1326,7 +1326,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *Turn off smart multi-homed name resolution* +- GP Friendly name: *Turn off smart multi-homed name resolution* - GP name: *DNS_SmartMultiHomedNameResolution* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -1398,7 +1398,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *Turn off smart protocol reordering* +- GP Friendly name: *Turn off smart protocol reordering* - GP name: *DNS_SmartProtocolReorder* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -1473,7 +1473,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *Update security level* +- GP Friendly name: *Update security level* - GP name: *DNS_UpdateSecurityLevel* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -1544,7 +1544,7 @@ If you disable this policy setting, or if you do not configure this policy setti ADMX Info: -- GP English name: *Update top level domain zones* +- GP Friendly name: *Update top level domain zones* - GP name: *DNS_UpdateTopLevelDomainZones* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -1631,7 +1631,7 @@ If you disable this policy setting, DNS clients do not attempt to resolve names ADMX Info: -- GP English name: *Primary DNS suffix devolution* +- GP Friendly name: *Primary DNS suffix devolution* - GP name: *DNS_UseDomainNameDevolution* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* @@ -1702,7 +1702,7 @@ If you disable this policy setting, or you do not configure this policy setting, ADMX Info: -- GP English name: *Turn off multicast name resolution* +- GP Friendly name: *Turn off multicast name resolution* - GP name: *Turn_Off_Multicast* - GP path: *Network/DNS Client* - GP ADMX file name: *DnsClient.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index faa2117abe..ad2161edfc 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -108,7 +108,7 @@ If you disable or do not configure this policy setting, the default internal col ADMX Info: -- GP English name: *Specify a default color* +- GP Friendly name: *Specify a default color* - GP name: *DwmDefaultColorizationColor_1* - GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* - GP ADMX file name: *DWM.admx* @@ -181,7 +181,7 @@ If you disable or do not configure this policy setting, the default internal col ADMX Info: -- GP English name: *Specify a default color* +- GP Friendly name: *Specify a default color* - GP name: *DwmDefaultColorizationColor_2* - GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* - GP ADMX file name: *DWM.admx* @@ -252,7 +252,7 @@ Changing this policy setting requires a logoff for it to be applied. ADMX Info: -- GP English name: *Do not allow window animations* +- GP Friendly name: *Do not allow window animations* - GP name: *DwmDisallowAnimations_1* - GP path: *Windows Components/Desktop Window Manager* - GP ADMX file name: *DWM.admx* @@ -323,7 +323,7 @@ Changing this policy setting requires a logoff for it to be applied. ADMX Info: -- GP English name: *Do not allow window animations* +- GP Friendly name: *Do not allow window animations* - GP name: *DwmDisallowAnimations_2* - GP path: *Windows Components/Desktop Window Manager* - GP ADMX file name: *DWM.admx* @@ -395,7 +395,7 @@ If you disable or do not configure this policy setting, you allow users to chang ADMX Info: -- GP English name: *Do not allow color changes* +- GP Friendly name: *Do not allow color changes* - GP name: *DwmDisallowColorizationColorChanges_1* - GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* - GP ADMX file name: *DWM.admx* @@ -467,7 +467,7 @@ If you disable or do not configure this policy setting, you allow users to chang ADMX Info: -- GP English name: *Do not allow color changes* +- GP Friendly name: *Do not allow color changes* - GP name: *DwmDisallowColorizationColorChanges_2* - GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring* - GP ADMX file name: *DWM.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md index 8a85ec79d6..454bd47f86 100644 --- a/windows/client-management/mdm/policy-csp-admx-eaime.md +++ b/windows/client-management/mdm/policy-csp-admx-eaime.md @@ -128,7 +128,7 @@ This policy setting applies to Japanese Microsoft IME only. ADMX Info: -- GP English name: *Do not include Non-Publishing Standard Glyph in the candidate list* +- GP Friendly name: *Do not include Non-Publishing Standard Glyph in the candidate list* - GP name: *L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList* - GP path: *Windows Components\IME* - GP ADMX file name: *EAIME.admx* @@ -214,7 +214,7 @@ This policy setting applies to Japanese Microsoft IME only. ADMX Info: -- GP English name: *Restrict character code range of conversion* +- GP Friendly name: *Restrict character code range of conversion* - GP name: *L_RestrictCharacterCodeRangeOfConversion* - GP path: *Windows Components\IME* - GP ADMX file name: *EAIME.admx* @@ -290,7 +290,7 @@ This policy setting is applied to Japanese Microsoft IME. ADMX Info: -- GP English name: *Turn off custom dictionary* +- GP Friendly name: *Turn off custom dictionary* - GP name: *L_TurnOffCustomDictionary* - GP path: *Windows Components\IME* - GP ADMX file name: *EAIME.admx* @@ -364,7 +364,7 @@ This policy setting applies to Japanese Microsoft IME only. ADMX Info: -- GP English name: *Turn off history-based predictive input* +- GP Friendly name: *Turn off history-based predictive input* - GP name: *L_TurnOffHistorybasedPredictiveInput* - GP path: *Windows Components\IME* - GP ADMX file name: *EAIME.admx* @@ -440,7 +440,7 @@ This policy setting applies to Japanese Microsoft IME. ADMX Info: -- GP English name: *Turn off Internet search integration* +- GP Friendly name: *Turn off Internet search integration* - GP name: *L_TurnOffInternetSearchIntegration* - GP path: *Windows Components\IME* - GP ADMX file name: *EAIME.admx* @@ -513,7 +513,7 @@ This policy setting is applied to Japanese Microsoft IME. ADMX Info: -- GP English name: *Turn off Open Extended Dictionary* +- GP Friendly name: *Turn off Open Extended Dictionary* - GP name: *L_TurnOffOpenExtendedDictionary* - GP path: *Windows Components\IME* - GP ADMX file name: *EAIME.admx* @@ -584,7 +584,7 @@ This policy setting applies to Japanese Microsoft IME only. ADMX Info: -- GP English name: *Turn off saving auto-tuning data to file* +- GP Friendly name: *Turn off saving auto-tuning data to file* - GP name: *L_TurnOffSavingAutoTuningDataToFile* - GP path: *Windows Components\IME* - GP ADMX file name: *EAIME.admx* @@ -657,7 +657,7 @@ This Policy setting applies to Microsoft CHS Pinyin IME and JPN IME. ADMX Info: -- GP English name: *Turn on cloud candidate* +- GP Friendly name: *Turn on cloud candidate* - GP name: *L_TurnOnCloudCandidate* - GP path: *Windows Components\IME* - GP ADMX file name: *EAIME.admx* @@ -730,7 +730,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. ADMX Info: -- GP English name: *Turn on cloud candidate for CHS* +- GP Friendly name: *Turn on cloud candidate for CHS* - GP name: *L_TurnOnCloudCandidateCHS* - GP path: *Windows Components\IME* - GP ADMX file name: *EAIME.admx* @@ -803,7 +803,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. ADMX Info: -- GP English name: *Turn on lexicon update* +- GP Friendly name: *Turn on lexicon update* - GP name: *L_TurnOnLexiconUpdate* - GP path: *Windows Components\IME* - GP ADMX file name: *EAIME.admx* @@ -876,7 +876,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME. ADMX Info: -- GP English name: *Turn on Live Sticker* +- GP Friendly name: *Turn on Live Sticker* - GP name: *L_TurnOnLiveStickers* - GP path: *Windows Components\IME* - GP ADMX file name: *EAIME.admx* @@ -947,7 +947,7 @@ This policy setting applies to Japanese Microsoft IME and Traditional Chinese IM ADMX Info: -- GP English name: *Turn on misconversion logging for misconversion report* +- GP Friendly name: *Turn on misconversion logging for misconversion report* - GP name: *L_TurnOnMisconversionLoggingForMisconversionReport* - GP path: *Windows Components\IME* - GP ADMX file name: *EAIME.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md index 96abbdd6f2..d5cdf442da 100644 --- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -92,7 +92,7 @@ This setting applies only to files moved within a volume. When files are moved t ADMX Info: -- GP English name: *Do not automatically encrypt files moved to encrypted folders* +- GP Friendly name: *Do not automatically encrypt files moved to encrypted folders* - GP name: *NoEncryptOnMove* - GP path: *System* - GP ADMX file name: *EncryptFilesonMove.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md index 01df1bdf33..a77d1438d2 100644 --- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md +++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md @@ -105,7 +105,7 @@ If you disable or do not configure this policy setting, all Enhanced Storage dev ADMX Info: -- GP English name: *Configure list of Enhanced Storage devices usable on your computer* +- GP Friendly name: *Configure list of Enhanced Storage devices usable on your computer* - GP name: *ApprovedEnStorDevices* - GP path: *System\Enhanced Storage Access* - GP ADMX file name: *EnhancedStorage.admx* @@ -174,7 +174,7 @@ If you disable or do not configure this policy setting, all IEEE 1667 silos on E ADMX Info: -- GP English name: *Configure list of IEEE 1667 silos usable on your computer* +- GP Friendly name: *Configure list of IEEE 1667 silos usable on your computer* - GP name: *ApprovedSilos* - GP path: *System\Enhanced Storage Access* - GP ADMX file name: *EnhancedStorage.admx* @@ -243,7 +243,7 @@ If you disable or do not configure this policy setting, a password can be used t ADMX Info: -- GP English name: *Do not allow password authentication of Enhanced Storage devices* +- GP Friendly name: *Do not allow password authentication of Enhanced Storage devices* - GP name: *DisablePasswordAuthentication* - GP path: *System\Enhanced Storage Access* - GP ADMX file name: *EnhancedStorage.admx* @@ -312,7 +312,7 @@ If you disable or do not configure this policy setting, non-Enhanced Storage rem ADMX Info: -- GP English name: *Do not allow non-Enhanced Storage removable devices* +- GP Friendly name: *Do not allow non-Enhanced Storage removable devices* - GP name: *DisallowLegacyDiskDevices* - GP path: *System\Enhanced Storage Access* - GP ADMX file name: *EnhancedStorage.admx* @@ -383,7 +383,7 @@ If you disable or do not configure this policy setting, the Enhanced Storage dev ADMX Info: -- GP English name: *Lock Enhanced Storage when the computer is locked* +- GP Friendly name: *Lock Enhanced Storage when the computer is locked* - GP name: *LockDeviceOnMachineLock* - GP path: *System\Enhanced Storage Access* - GP ADMX file name: *EnhancedStorage.admx* @@ -452,7 +452,7 @@ If you disable or do not configure this policy setting, USB Enhanced Storage dev ADMX Info: -- GP English name: *Allow only USB root hub connected Enhanced Storage devices* +- GP Friendly name: *Allow only USB root hub connected Enhanced Storage devices* - GP name: *RootHubConnectedEnStorDevices* - GP path: *System\Enhanced Storage Access* - GP ADMX file name: *EnhancedStorage.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index 3757e328fa..f54ecfc994 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -180,7 +180,7 @@ For related information, see the Configure Error Reporting and Report Operating ADMX Info: -- GP English name: *Default application reporting settings* +- GP Friendly name: *Default application reporting settings* - GP name: *PCH_AllOrNoneDef* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* - GP ADMX file name: *ErrorReporting.admx* @@ -251,7 +251,7 @@ If you disable or do not configure this policy setting, the Default application ADMX Info: -- GP English name: *List of applications to never report errors for* +- GP Friendly name: *List of applications to never report errors for* - GP name: *PCH_AllOrNoneEx* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* - GP ADMX file name: *ErrorReporting.admx* @@ -328,7 +328,7 @@ This setting will be ignored if the 'Configure Error Reporting' setting is disab ADMX Info: -- GP English name: *List of applications to always report errors for* +- GP Friendly name: *List of applications to always report errors for* - GP name: *PCH_AllOrNoneInc* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* - GP ADMX file name: *ErrorReporting.admx* @@ -418,7 +418,7 @@ See related policy settings Display Error Notification (same folder as this poli ADMX Info: -- GP English name: *Configure Error Reporting* +- GP Friendly name: *Configure Error Reporting* - GP name: *PCH_ConfigureReport* - GP path: *Windows Components\Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -491,7 +491,7 @@ See also the Configure Error Reporting policy setting. ADMX Info: -- GP English name: *Report operating system errors* +- GP Friendly name: *Report operating system errors* - GP name: *PCH_ReportOperatingSystemFaults* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* - GP ADMX file name: *ErrorReporting.admx* @@ -560,7 +560,7 @@ If you disable or do not configure this policy setting, no Windows Error Reporti ADMX Info: -- GP English name: *Configure Report Archive* +- GP Friendly name: *Configure Report Archive* - GP name: *WerArchive_1* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* - GP ADMX file name: *ErrorReporting.admx* @@ -629,7 +629,7 @@ If you disable or do not configure this policy setting, no Windows Error Reporti ADMX Info: -- GP English name: *Configure Report Archive* +- GP Friendly name: *Configure Report Archive* - GP name: *WerArchive_2* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* - GP ADMX file name: *ErrorReporting.admx* @@ -698,7 +698,7 @@ If you disable this policy setting, then all memory dumps are uploaded according ADMX Info: -- GP English name: *Automatically send memory dumps for OS-generated error reports* +- GP Friendly name: *Automatically send memory dumps for OS-generated error reports* - GP name: *WerAutoApproveOSDumps_1* - GP path: *Windows Components\Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -767,7 +767,7 @@ If you disable this policy setting, then all memory dumps are uploaded according ADMX Info: -- GP English name: *Automatically send memory dumps for OS-generated error reports* +- GP Friendly name: *Automatically send memory dumps for OS-generated error reports* - GP name: *WerAutoApproveOSDumps_2* - GP path: *Windows Components\Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -836,7 +836,7 @@ If you disable or do not configure this policy setting, WER throttles data by de ADMX Info: -- GP English name: *Do not throttle additional data* +- GP Friendly name: *Do not throttle additional data* - GP name: *WerBypassDataThrottling_1* - GP path: *Windows Components\Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -905,7 +905,7 @@ If you disable or do not configure this policy setting, WER throttles data by de ADMX Info: -- GP English name: *Do not throttle additional data* +- GP Friendly name: *Do not throttle additional data* - GP name: *WerBypassDataThrottling_2* - GP path: *Windows Components\Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -974,7 +974,7 @@ If you disable or do not configure this policy setting, WER does not send data, ADMX Info: -- GP English name: *Send data when on connected to a restricted/costed network* +- GP Friendly name: *Send data when on connected to a restricted/costed network* - GP name: *WerBypassNetworkCostThrottling_1* - GP path: *Windows Components\Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -1043,7 +1043,7 @@ If you disable or do not configure this policy setting, WER does not send data, ADMX Info: -- GP English name: *Send data when on connected to a restricted/costed network* +- GP Friendly name: *Send data when on connected to a restricted/costed network* - GP name: *WerBypassNetworkCostThrottling_2* - GP path: *Windows Components\Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -1112,7 +1112,7 @@ If you disable or do not configure this policy setting, WER checks for solutions ADMX Info: -- GP English name: *Send additional data when on battery power* +- GP Friendly name: *Send additional data when on battery power* - GP name: *WerBypassPowerThrottling_1* - GP path: *Windows Components\Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -1181,7 +1181,7 @@ If you disable or do not configure this policy setting, WER checks for solutions ADMX Info: -- GP English name: *Send additional data when on battery power* +- GP Friendly name: *Send additional data when on battery power* - GP name: *WerBypassPowerThrottling_2* - GP path: *Windows Components\Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -1250,7 +1250,7 @@ If you disable or do not configure this policy setting, Windows Error Reporting ADMX Info: -- GP English name: *Configure Corporate Windows Error Reporting* +- GP Friendly name: *Configure Corporate Windows Error Reporting* - GP name: *WerCER* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* - GP ADMX file name: *ErrorReporting.admx* @@ -1329,7 +1329,7 @@ If you disable or do not configure this policy setting, then the default consent ADMX Info: -- GP English name: *Customize consent settings* +- GP Friendly name: *Customize consent settings* - GP name: *WerConsentCustomize_1* - GP path: *Windows Components\Windows Error Reporting\Consent* - GP ADMX file name: *ErrorReporting.admx* @@ -1398,7 +1398,7 @@ If you disable or do not configure this policy setting, custom consent policy se ADMX Info: -- GP English name: *Ignore custom consent settings* +- GP Friendly name: *Ignore custom consent settings* - GP name: *WerConsentOverride_1* - GP path: *Windows Components\Windows Error Reporting\Consent* - GP ADMX file name: *ErrorReporting.admx* @@ -1467,7 +1467,7 @@ If you disable or do not configure this policy setting, custom consent policy se ADMX Info: -- GP English name: *Ignore custom consent settings* +- GP Friendly name: *Ignore custom consent settings* - GP name: *WerConsentOverride_2* - GP path: *Windows Components\Windows Error Reporting\Consent* - GP ADMX file name: *ErrorReporting.admx* @@ -1621,7 +1621,7 @@ If this policy setting is disabled or not configured, then the consent level def ADMX Info: -- GP English name: *Configure Default consent* +- GP Friendly name: *Configure Default consent* - GP name: *WerDefaultConsent_2* - GP path: *Windows Components\Windows Error Reporting\Consent* - GP ADMX file name: *ErrorReporting.admx* @@ -1760,7 +1760,7 @@ If you disable or do not configure this policy setting, errors are reported on a ADMX Info: -- GP English name: *List of applications to be excluded* +- GP Friendly name: *List of applications to be excluded* - GP name: *WerExlusion_1* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* - GP ADMX file name: *ErrorReporting.admx* @@ -1829,7 +1829,7 @@ If you disable or do not configure this policy setting, errors are reported on a ADMX Info: -- GP English name: *List of applications to be excluded* +- GP Friendly name: *List of applications to be excluded* - GP name: *WerExlusion_2* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* - GP ADMX file name: *ErrorReporting.admx* @@ -1898,7 +1898,7 @@ If you disable or do not configure this policy setting, Windows Error Reporting ADMX Info: -- GP English name: *Disable logging* +- GP Friendly name: *Disable logging* - GP name: *WerNoLogging_1* - GP path: *Windows Components\Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -1967,7 +1967,7 @@ If you disable or do not configure this policy setting, Windows Error Reporting ADMX Info: -- GP English name: *Disable logging* +- GP Friendly name: *Disable logging* - GP name: *WerNoLogging_2* - GP path: *Windows Components\Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -2036,7 +2036,7 @@ If you disable or do not configure this policy setting, then consent policy sett ADMX Info: -- GP English name: *Do not send additional data* +- GP Friendly name: *Do not send additional data* - GP name: *WerNoSecondLevelData_1* - GP path: *Windows Components\Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -2107,7 +2107,7 @@ If you disable or do not configure this policy setting, Windows Error Reporting ADMX Info: -- GP English name: *Configure Report Queue* +- GP Friendly name: *Configure Report Queue* - GP name: *WerQueue_1* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* - GP ADMX file name: *ErrorReporting.admx* @@ -2178,7 +2178,7 @@ If you disable or do not configure this policy setting, Windows Error Reporting ADMX Info: -- GP English name: *Configure Report Queue* +- GP Friendly name: *Configure Report Queue* - GP name: *WerQueue_2* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* - GP ADMX file name: *ErrorReporting.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index f07d3af050..bd419345c7 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -96,7 +96,7 @@ This setting applies across all subscriptions for the forwarder (source computer ADMX Info: -- GP English name: *Configure forwarder resource usage* +- GP Friendly name: *Configure forwarder resource usage* - GP name: *ForwarderResourceUsage* - GP path: *Windows Components/Event Forwarding* - GP ADMX file name: *EventForwarding.admx* @@ -176,7 +176,7 @@ If you disable or do not configure this policy setting, the Event Collector comp ADMX Info: -- GP English name: *Configure target Subscription Manager* +- GP Friendly name: *Configure target Subscription Manager* - GP name: *SubscriptionManager* - GP path: *Windows Components/Event Forwarding* - GP ADMX file name: *EventForwarding.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md index bdeee9c870..7c171edf2e 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventlog.md +++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md @@ -150,7 +150,7 @@ If the policy setting is disabled, then no new events can be logged. Events can ADMX Info: -- GP English name: *Turn on logging* +- GP Friendly name: *Turn on logging* - GP name: *Channel_LogEnabled* - GP path: *Windows Components\Event Log Service\Setup* - GP ADMX file name: *EventLog.admx* @@ -219,7 +219,7 @@ If you disable or do not configure this policy setting, the Event Log uses the f ADMX Info: -- GP English name: *Control the location of the log file* +- GP Friendly name: *Control the location of the log file* - GP name: *Channel_LogFilePath_1* - GP path: *Windows Components\Event Log Service\Application* - GP ADMX file name: *EventLog.admx* @@ -288,7 +288,7 @@ If you disable or do not configure this policy setting, the Event Log uses the f ADMX Info: -- GP English name: *Control the location of the log file* +- GP Friendly name: *Control the location of the log file* - GP name: *Channel_LogFilePath_2* - GP path: *Windows Components\Event Log Service\Security* - GP ADMX file name: *EventLog.admx* @@ -357,7 +357,7 @@ If you disable or do not configure this policy setting, the Event Log uses the f ADMX Info: -- GP English name: *Control the location of the log file* +- GP Friendly name: *Control the location of the log file* - GP name: *Channel_LogFilePath_3* - GP path: *Windows Components\Event Log Service\Setup* - GP ADMX file name: *EventLog.admx* @@ -426,7 +426,7 @@ If you disable or do not configure this policy setting, the Event Log uses the f ADMX Info: -- GP English name: *Turn on logging* +- GP Friendly name: *Turn on logging* - GP name: *Channel_LogFilePath_4* - GP path: *Windows Components\Event Log Service\System* - GP ADMX file name: *EventLog.admx* @@ -495,7 +495,7 @@ If you disable or do not configure this policy setting, the maximum size of the ADMX Info: -- GP English name: *Specify the maximum log file size (KB)* +- GP Friendly name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_3* - GP path: *Windows Components\Event Log Service\Setup* - GP ADMX file name: *EventLog.admx* @@ -566,7 +566,7 @@ If you do not configure this policy setting and the "Retain old events" policy s ADMX Info: -- GP English name: *Back up log automatically when full* +- GP Friendly name: *Back up log automatically when full* - GP name: *Channel_Log_AutoBackup_1* - GP path: *Windows Components\Event Log Service\Application* - GP ADMX file name: *EventLog.admx* @@ -637,7 +637,7 @@ If you do not configure this policy setting and the "Retain old events" policy s ADMX Info: -- GP English name: *Back up log automatically when full* +- GP Friendly name: *Back up log automatically when full* - GP name: *Channel_Log_AutoBackup_2* - GP path: *Windows Components\Event Log Service\Security* - GP ADMX file name: *EventLog.admx* @@ -708,7 +708,7 @@ If you do not configure this policy setting and the "Retain old events" policy s ADMX Info: -- GP English name: *Back up log automatically when full* +- GP Friendly name: *Back up log automatically when full* - GP name: *Channel_Log_AutoBackup_3* - GP path: *Windows Components\Event Log Service\Setup* - GP ADMX file name: *EventLog.admx* @@ -779,7 +779,7 @@ If you do not configure this policy setting and the "Retain old events" policy s ADMX Info: -- GP English name: *Back up log automatically when full* +- GP Friendly name: *Back up log automatically when full* - GP name: *Channel_Log_AutoBackup_4* - GP path: *Windows Components\Event Log Service\System* - GP ADMX file name: *EventLog.admx* @@ -851,7 +851,7 @@ If you disable or do not configure this policy setting, all authenticated users ADMX Info: -- GP English name: *Configure log access* +- GP Friendly name: *Configure log access* - GP name: *Channel_Log_FileLogAccess_1* - GP path: *Windows Components\Event Log Service\Application* - GP ADMX file name: *EventLog.admx* @@ -923,7 +923,7 @@ If you disable or do not configure this policy setting, only system software and ADMX Info: -- GP English name: *Configure log access* +- GP Friendly name: *Configure log access* - GP name: *Channel_Log_FileLogAccess_2* - GP path: *Windows Components\Event Log Service\Security* - GP ADMX file name: *EventLog.admx* @@ -995,7 +995,7 @@ If you disable or do not configure this policy setting, all authenticated users ADMX Info: -- GP English name: *Configure log access* +- GP Friendly name: *Configure log access* - GP name: *Channel_Log_FileLogAccess_3* - GP path: *Windows Components\Event Log Service\Setup* - GP ADMX file name: *EventLog.admx* @@ -1067,7 +1067,7 @@ If you disable or do not configure this policy setting, only system software and ADMX Info: -- GP English name: *Configure log access* +- GP Friendly name: *Configure log access* - GP name: *Channel_Log_FileLogAccess_4* - GP path: *Windows Components\Event Log Service\System* - GP ADMX file name: *EventLog.admx* @@ -1138,7 +1138,7 @@ If you do not configure this policy setting, the previous policy setting configu ADMX Info: -- GP English name: *Configure log access (legacy)* +- GP Friendly name: *Configure log access (legacy)* - GP name: *Channel_Log_FileLogAccess_5* - GP path: *Windows Components\Event Log Service\Application* - GP ADMX file name: *EventLog.admx* @@ -1209,7 +1209,7 @@ If you do not configure this policy setting, the previous policy setting configu ADMX Info: -- GP English name: *Configure log access (legacy)* +- GP Friendly name: *Configure log access (legacy)* - GP name: *Channel_Log_FileLogAccess_6* - GP path: *Windows Components\Event Log Service\Security* - GP ADMX file name: *EventLog.admx* @@ -1280,7 +1280,7 @@ If you do not configure this policy setting, the previous policy setting configu ADMX Info: -- GP English name: *Configure log access (legacy)* +- GP Friendly name: *Configure log access (legacy)* - GP name: *Channel_Log_FileLogAccess_7* - GP path: *Windows Components\Event Log Service\Setup* - GP ADMX file name: *EventLog.admx* @@ -1351,7 +1351,7 @@ If you do not configure this policy setting, the previous policy setting configu ADMX Info: -- GP English name: *Configure log access (legacy)* +- GP Friendly name: *Configure log access (legacy)* - GP name: *Channel_Log_FileLogAccess_8* - GP path: *Windows Components\Event Log Service\System* - GP ADMX file name: *EventLog.admx* @@ -1422,7 +1422,7 @@ Note: Old events may or may not be retained according to the "Backup log automat ADMX Info: -- GP English name: *Control Event Log behavior when the log file reaches its maximum size* +- GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size* - GP name: *Channel_Log_Retention_2* - GP path: *Windows Components\Event Log Service\Security* - GP ADMX file name: *EventLog.admx* @@ -1493,7 +1493,7 @@ Note: Old events may or may not be retained according to the "Backup log automat ADMX Info: -- GP English name: *Control Event Log behavior when the log file reaches its maximum size* +- GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size* - GP name: *Channel_Log_Retention_3* - GP path: *Windows Components\Event Log Service\Setup* - GP ADMX file name: *EventLog.admx* @@ -1564,7 +1564,7 @@ Note: Old events may or may not be retained according to the "Backup log automat ADMX Info: -- GP English name: *Control Event Log behavior when the log file reaches its maximum size* +- GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size* - GP name: *Channel_Log_Retention_4* - GP path: *Windows Components\Event Log Service\System* - GP ADMX file name: *EventLog.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md index 36140f5eeb..be619c2c3b 100644 --- a/windows/client-management/mdm/policy-csp-admx-explorer.md +++ b/windows/client-management/mdm/policy-csp-admx-explorer.md @@ -98,7 +98,7 @@ Available in the latest Windows 10 Insider Preview Build. Sets the target of the ADMX Info: -- GP English name: *Set a support web page link* +- GP Friendly name: *Set a support web page link* - GP name: *AdminInfoUrl* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *Explorer.admx* @@ -173,7 +173,7 @@ If you disable or do not configure this policy setting, the menu bar will not be ADMX Info: -- GP English name: *Display the menu bar in File Explorer* +- GP Friendly name: *Display the menu bar in File Explorer* - GP name: *AlwaysShowClassicMenu* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *Explorer.admx* @@ -240,7 +240,7 @@ If you enable this policy setting on a machine that does not contain all program ADMX Info: -- GP English name: *Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time* +- GP Friendly name: *Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time* - GP name: *DisableRoamedProfileInit* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *Explorer.admx* @@ -312,7 +312,7 @@ If you disable or do not configure this policy setting, users will be able to ad ADMX Info: -- GP English name: *Prevent users from adding files to the root of their Users Files folder.* +- GP Friendly name: *Prevent users from adding files to the root of their Users Files folder.* - GP name: *PreventItemCreationInUsersFilesFolder* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *Explorer.admx* @@ -377,7 +377,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy is similar ADMX Info: -- GP English name: *Turn off common control and window animations* +- GP Friendly name: *Turn off common control and window animations* - GP name: *TurnOffSPIAnimations* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *Explorer.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md index 856646d7d1..2896e4cc5a 100644 --- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md +++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md @@ -93,7 +93,7 @@ By default, the RPC protocol message between File Server VSS provider and File S ADMX Info: -- GP English name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.* +- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.* - GP name: *Pol_EncryptProtocol* - GP path: *System/File Share Shadow Copy Provider* - GP ADMX file name: *FileServerVSSProvider.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md index b3759a2b16..079c55e92e 100644 --- a/windows/client-management/mdm/policy-csp-admx-filesys.md +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -105,7 +105,7 @@ Available in the latest Windows 10 Insider Preview Build. Compression can add to ADMX Info: -- GP English name: *Do not allow compression on all NTFS volumes* +- GP Friendly name: *Do not allow compression on all NTFS volumes* - GP name: *DisableCompression* - GP path: *System/Filesystem/NTFS* - GP ADMX file name: *FileSys.admx* @@ -173,7 +173,7 @@ A value of 1 will disable delete notifications for all volumes. ADMX Info: -- GP English name: *Disable delete notifications on all volumes* +- GP Friendly name: *Disable delete notifications on all volumes* - GP name: *DisableDeleteNotification* - GP path: *System/Filesystem* - GP ADMX file name: *FileSys.admx* @@ -236,7 +236,7 @@ Available in the latest Windows 10 Insider Preview Build. Encryption can add to ADMX Info: -- GP English name: *Do not allow encryption on all NTFS volumes* +- GP Friendly name: *Do not allow encryption on all NTFS volumes* - GP name: *DisableEncryption* - GP path: *System/Filesystem/NTFS* - GP ADMX file name: *FileSys.admx* @@ -299,7 +299,7 @@ Available in the latest Windows 10 Insider Preview Build. Encrypting the page fi ADMX Info: -- GP English name: *Enable NTFS pagefile encryption* +- GP Friendly name: *Enable NTFS pagefile encryption* - GP name: *EnablePagefileEncryption* - GP path: *System/Filesystem/NTFS* - GP ADMX file name: *FileSys.admx* @@ -362,7 +362,7 @@ Available in the latest Windows 10 Insider Preview Build. Enabling Win32 long pa ADMX Info: -- GP English name: *Enable Win32 long paths* +- GP Friendly name: *Enable Win32 long paths* - GP name: *LongPathsEnabled* - GP path: *System/Filesystem* - GP ADMX file name: *FileSys.admx* @@ -427,7 +427,7 @@ If you enable short names on all volumes then short names will always be generat ADMX Info: -- GP English name: *Short name creation options* +- GP Friendly name: *Short name creation options* - GP name: *ShortNameCreationSettings* - GP path: *System/Filesystem/NTFS* - GP ADMX file name: *FileSys.admx* @@ -501,7 +501,7 @@ For more information, refer to the Windows Help section. ADMX Info: -- GP English name: *Selectively allow the evaluation of a symbolic link* +- GP Friendly name: *Selectively allow the evaluation of a symbolic link* - GP name: *SymlinkEvaluation* - GP path: *System/Filesystem* - GP ADMX file name: *FileSys.admx* @@ -564,7 +564,7 @@ Available in the latest Windows 10 Insider Preview Build. TXF deprecated feature ADMX Info: -- GP English name: *Enable / disable TXF deprecated features* +- GP Friendly name: *Enable / disable TXF deprecated features* - GP name: *TxfDeprecatedFunctionality* - GP path: *System/Filesystem/NTFS* - GP ADMX file name: *FileSys.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md index cfada38cac..ed28fb4638 100644 --- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -114,7 +114,7 @@ If you disable or do not configure this policy setting, redirected shell folders ADMX Info: -- GP English name: *Do not automatically make all redirected folders available offline* +- GP Friendly name: *Do not automatically make all redirected folders available offline* - GP name: *DisableFRAdminPin* - GP path: *System/Folder Redirection* - GP ADMX file name: *FolderRedirection.admx* @@ -187,7 +187,7 @@ If you disable or do not configure this policy setting, all redirected shell fol ADMX Info: -- GP English name: *Do not automatically make specific redirected folders available offline* +- GP Friendly name: *Do not automatically make specific redirected folders available offline* - GP name: *DisableFRAdminPinByFolder* - GP path: *System/Folder Redirection* - GP ADMX file name: *FolderRedirection.admx* @@ -256,7 +256,7 @@ If you disable or do not configure this policy setting, when the path to a redir ADMX Info: -- GP English name: *Enable optimized move of contents in Offline Files cache on Folder Redirection server path change* +- GP Friendly name: *Enable optimized move of contents in Offline Files cache on Folder Redirection server path change* - GP name: *FolderRedirectionEnableCacheRename* - GP path: *System/Folder Redirection* - GP ADMX file name: *FolderRedirection.admx* @@ -328,7 +328,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W ADMX Info: -- GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents* +- GP Friendly name: *Use localized subfolder names when redirecting Start Menu and My Documents* - GP name: *LocalizeXPRelativePaths_1* - GP path: *System/Folder Redirection* - GP ADMX file name: *FolderRedirection.admx* @@ -400,7 +400,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W ADMX Info: -- GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents* +- GP Friendly name: *Use localized subfolder names when redirecting Start Menu and My Documents* - GP name: *LocalizeXPRelativePaths_2* - GP path: *System/Folder Redirection* - GP ADMX file name: *FolderRedirection.admx* @@ -473,7 +473,7 @@ If you disable or do not configure this policy setting and the user has redirect ADMX Info: -- GP English name: *Redirect folders on primary computers only* +- GP Friendly name: *Redirect folders on primary computers only* - GP name: *PrimaryComputer_FR_1* - GP path: *System/Folder Redirection* - GP ADMX file name: *FolderRedirection.admx* @@ -546,7 +546,7 @@ If you disable or do not configure this policy setting and the user has redirect ADMX Info: -- GP English name: *Redirect folders on primary computers only* +- GP Friendly name: *Redirect folders on primary computers only* - GP name: *PrimaryComputer_FR_2* - GP path: *System/Folder Redirection* - GP ADMX file name: *FolderRedirection.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md index b37e84f406..857ff5d89f 100644 --- a/windows/client-management/mdm/policy-csp-admx-globalization.md +++ b/windows/client-management/mdm/policy-csp-admx-globalization.md @@ -161,7 +161,7 @@ If the policy is Disabled or Not Configured, then the user will be able to use i ADMX Info: -- GP English name: *Disallow copying of user input methods to the system account for sign-in* +- GP Friendly name: *Disallow copying of user input methods to the system account for sign-in* - GP name: *BlockUserInputMethodsForSignIn* - GP path: *System\Locale Services* - GP ADMX file name: *Globalization.admx* @@ -238,7 +238,7 @@ To set this policy setting on a per-user basis, make sure that you do not config ADMX Info: -- GP English name: *Disallow selection of Custom Locales* +- GP Friendly name: *Disallow selection of Custom Locales* - GP name: *CustomLocalesNoSelect_1* - GP path: *System\Locale Services* - GP ADMX file name: *Globalization.admx* @@ -315,7 +315,7 @@ To set this policy setting on a per-user basis, make sure that you do not config ADMX Info: -- GP English name: *Disallow selection of Custom Locales* +- GP Friendly name: *Disallow selection of Custom Locales* - GP name: *CustomLocalesNoSelect_2* - GP path: *System\Locale Services* - GP ADMX file name: *Globalization.admx* @@ -392,7 +392,7 @@ If you disable or do not configure this policy setting, the user can see the Adm ADMX Info: -- GP English name: *Hide Regional and Language Options administrative options* +- GP Friendly name: *Hide Regional and Language Options administrative options* - GP name: *HideAdminOptions* - GP path: *Control Panel\Regional and Language Options* - GP ADMX file name: *Globalization.admx* @@ -466,7 +466,7 @@ If you disable or do not configure this policy setting, the user sees the option ADMX Info: -- GP English name: *Hide the geographic location option* +- GP Friendly name: *Hide the geographic location option* - GP name: *HideCurrentLocation* - GP path: *Control Panel\Regional and Language Options* - GP ADMX file name: *Globalization.admx* @@ -539,7 +539,7 @@ If you enable this policy setting, the user does not see the option for changing ADMX Info: -- GP English name: *Hide the select language group options* +- GP Friendly name: *Hide the select language group options* - GP name: *HideLanguageSelection* - GP path: *Control Panel\Regional and Language Options* - GP ADMX file name: *Globalization.admx* @@ -610,7 +610,7 @@ If you disable or do not configure this policy setting, the user sees the region ADMX Info: -- GP English name: *Hide user locale selection and customization options* +- GP Friendly name: *Hide user locale selection and customization options* - GP name: *HideLocaleSelectAndCustomize* - GP path: *Control Panel\Regional and Language Options* - GP ADMX file name: *Globalization.admx* @@ -693,7 +693,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol ADMX Info: -- GP English name: *Turn off automatic learning* +- GP Friendly name: *Turn off automatic learning* - GP name: *ImplicitDataCollectionOff_1* - GP path: *Control Panel\Regional and Language Options\Handwriting personalization* - GP ADMX file name: *Globalization.admx* @@ -776,7 +776,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol ADMX Info: -- GP English name: *Turn off automatic learning* +- GP Friendly name: *Turn off automatic learning* - GP name: *ImplicitDataCollectionOff_2* - GP path: *Control Panel\Regional and Language Options\Handwriting personalization* - GP ADMX file name: *Globalization.admx* @@ -847,7 +847,7 @@ If you disable or do not configure this policy setting, administrators can selec ADMX Info: -- GP English name: *Restrict system locales* +- GP Friendly name: *Restrict system locales* - GP name: *LocaleSystemRestrict* - GP path: *System\Locale Services* - GP ADMX file name: *Globalization.admx* @@ -920,7 +920,7 @@ If you disable or do not configure this policy setting, users can select any loc ADMX Info: -- GP English name: *Restrict user locales* +- GP Friendly name: *Restrict user locales* - GP name: *LocaleUserRestrict_1* - GP path: *System\Locale Services* - GP ADMX file name: *Globalization.admx* @@ -995,7 +995,7 @@ If this policy setting is enabled at the computer level, it cannot be disabled b ADMX Info: -- GP English name: *Restrict user locales* +- GP Friendly name: *Restrict user locales* - GP name: *LocaleUserRestrict_2* - GP path: *System\Locale Services* - GP ADMX file name: *Globalization.admx* @@ -1066,7 +1066,7 @@ If you disable or do not configure this policy setting, the user can specify whi ADMX Info: -- GP English name: *Restricts the UI language Windows uses for all logged users* +- GP Friendly name: *Restricts the UI language Windows uses for all logged users* - GP name: *LockMachineUILanguage* - GP path: *Control Panel\Regional and Language Options* - GP ADMX file name: *Globalization.admx* @@ -1139,7 +1139,7 @@ To enable this policy setting in Windows Server 2003, Windows XP, or Windows 200 ADMX Info: -- GP English name: *Restricts the UI languages Windows should use for the selected user* +- GP Friendly name: *Restricts the UI languages Windows should use for the selected user* - GP name: *LockUserUILanguage* - GP path: *Control Panel\Regional and Language Options* - GP ADMX file name: *Globalization.admx* @@ -1212,7 +1212,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer ADMX Info: -- GP English name: *Disallow changing of geographic location* +- GP Friendly name: *Disallow changing of geographic location* - GP name: *PreventGeoIdChange_1* - GP path: *System\Locale Services* - GP ADMX file name: *Globalization.admx* @@ -1285,7 +1285,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer ADMX Info: -- GP English name: *Disallow changing of geographic location* +- GP Friendly name: *Disallow changing of geographic location* - GP name: *PreventGeoIdChange_2* - GP path: *System\Locale Services* - GP ADMX file name: *Globalization.admx* @@ -1362,7 +1362,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i ADMX Info: -- GP English name: *Disallow user override of locale settings* +- GP Friendly name: *Disallow user override of locale settings* - GP name: *PreventUserOverrides_1* - GP path: *System\Locale Services* - GP ADMX file name: *Globalization.admx* @@ -1439,7 +1439,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i ADMX Info: -- GP English name: *Disallow user override of locale settings* +- GP Friendly name: *Disallow user override of locale settings* - GP name: *PreventUserOverrides_2* - GP path: *System\Locale Services* - GP ADMX file name: *Globalization.admx* @@ -1510,7 +1510,7 @@ If you disable or do not configure this policy setting, the logged-on user can a ADMX Info: -- GP English name: *Restrict selection of Windows menus and dialogs language* +- GP Friendly name: *Restrict selection of Windows menus and dialogs language* - GP name: *RestrictUILangSelect* - GP path: *Control Panel\Regional and Language Options* - GP ADMX file name: *Globalization.admx* @@ -1582,7 +1582,7 @@ Note that the availability and function of this setting is dependent on supporte ADMX Info: -- GP English name: *Turn off autocorrect misspelled words* +- GP Friendly name: *Turn off autocorrect misspelled words* - GP name: *TurnOffAutocorrectMisspelledWords* - GP path: *Control Panel\Regional and Language Options* - GP ADMX file name: *Globalization.admx* @@ -1655,7 +1655,7 @@ Note that the availability and function of this setting is dependent on supporte ADMX Info: -- GP English name: *Turn off highlight misspelled words* +- GP Friendly name: *Turn off highlight misspelled words* - GP name: *TurnOffHighlightMisspelledWords* - GP path: *Control Panel\Regional and Language Options* - GP ADMX file name: *Globalization.admx* @@ -1727,7 +1727,7 @@ Note that the availability and function of this setting is dependent on supporte ADMX Info: -- GP English name: *Turn off insert a space after selecting a text prediction* +- GP Friendly name: *Turn off insert a space after selecting a text prediction* - GP name: *TurnOffInsertSpace* - GP path: *Control Panel\Regional and Language Options* - GP ADMX file name: *Globalization.admx* @@ -1800,7 +1800,7 @@ Note that the availability and function of this setting is dependent on supporte ADMX Info: -- GP English name: *Turn off offer text predictions as I type* +- GP Friendly name: *Turn off offer text predictions as I type* - GP name: *TurnOffOfferTextPredictions* - GP path: *Control Panel\Regional and Language Options* - GP ADMX file name: *Globalization.admx* @@ -1873,7 +1873,7 @@ If you disable or do not configure this policy setting, Windows does not interpr ADMX Info: -- GP English name: *Century interpretation for Year 2000* +- GP Friendly name: *Century interpretation for Year 2000* - GP name: *Y2K* - GP path: *System* - GP ADMX file name: *Globalization.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md index 45abf7cdd0..cbb70f971a 100644 --- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md @@ -225,7 +225,7 @@ If you disable this policy setting, the behavior is the same as if it is not con ADMX Info: -- GP English name: *Allow cross-forest user policy and roaming user profiles* +- GP Friendly name: *Allow cross-forest user policy and roaming user profiles* - GP name: *AllowX-ForestPolicy-and-RUP* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -300,7 +300,7 @@ The "Process even if the Group Policy objects have not changed" option updates a ADMX Info: -- GP English name: *Configure software Installation policy processing* +- GP Friendly name: *Configure software Installation policy processing* - GP name: *CSE_AppMgmt* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -377,7 +377,7 @@ The "Process even if the Group Policy objects have not changed" option updates a ADMX Info: -- GP English name: *Configure disk quota policy processing* +- GP Friendly name: *Configure disk quota policy processing* - GP name: *CSE_DiskQuota* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -454,7 +454,7 @@ The "Process even if the Group Policy objects have not changed" option updates a ADMX Info: -- GP English name: *Configure EFS recovery policy processing* +- GP Friendly name: *Configure EFS recovery policy processing* - GP name: *CSE_EFSRecovery* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -529,7 +529,7 @@ The "Process even if the Group Policy objects have not changed" option updates a ADMX Info: -- GP English name: *Configure folder redirection policy processing* +- GP Friendly name: *Configure folder redirection policy processing* - GP name: *CSE_FolderRedirection* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -606,7 +606,7 @@ The "Process even if the Group Policy objects have not changed" option updates a ADMX Info: -- GP English name: *Configure Internet Explorer Maintenance policy processing* +- GP Friendly name: *Configure Internet Explorer Maintenance policy processing* - GP name: *CSE_IEM* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -683,7 +683,7 @@ The "Process even if the Group Policy objects have not changed" option updates a ADMX Info: -- GP English name: *Configure IP security policy processing* +- GP Friendly name: *Configure IP security policy processing* - GP name: *CSE_IPSecurity* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -756,7 +756,7 @@ The "Process even if the Group Policy objects have not changed" option updates a ADMX Info: -- GP English name: *Configure registry policy processing* +- GP Friendly name: *Configure registry policy processing* - GP name: *CSE_Registry* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -831,7 +831,7 @@ The "Process even if the Group Policy objects have not changed" option updates a ADMX Info: -- GP English name: *Configure scripts policy processing* +- GP Friendly name: *Configure scripts policy processing* - GP name: *CSE_Scripts* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -906,7 +906,7 @@ The "Process even if the Group Policy objects have not changed" option updates a ADMX Info: -- GP English name: *Configure security policy processing* +- GP Friendly name: *Configure security policy processing* - GP name: *CSE_Security* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -985,7 +985,7 @@ The "Process even if the Group Policy objects have not changed" option updates a ADMX Info: -- GP English name: *Configure wired policy processing* +- GP Friendly name: *Configure wired policy processing* - GP name: *CSE_Wired* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -1064,7 +1064,7 @@ The "Process even if the Group Policy objects have not changed" option updates a ADMX Info: -- GP English name: *Configure wireless policy processing* +- GP Friendly name: *Configure wireless policy processing* - GP name: *CSE_Wireless* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -1133,7 +1133,7 @@ If you disable or do not configure this policy setting, Group Policy will use th ADMX Info: -- GP English name: *Specify workplace connectivity wait time for policy processing* +- GP Friendly name: *Specify workplace connectivity wait time for policy processing* - GP name: *CorpConnSyncWaitTime* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -1211,7 +1211,7 @@ If you disable or do not configure this policy setting, interactive users can ge ADMX Info: -- GP English name: *Determine if interactive users can generate Resultant Set of Policy data* +- GP Friendly name: *Determine if interactive users can generate Resultant Set of Policy data* - GP name: *DenyRsopToInteractiveUser_1* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -1289,7 +1289,7 @@ If you disable or do not configure this policy setting, interactive users can ge ADMX Info: -- GP English name: *Determine if interactive users can generate Resultant Set of Policy data* +- GP Friendly name: *Determine if interactive users can generate Resultant Set of Policy data* - GP name: *DenyRsopToInteractiveUser_2* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -1354,7 +1354,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting pr ADMX Info: -- GP English name: *Turn off Group Policy Client Service AOAC optimization* +- GP Friendly name: *Turn off Group Policy Client Service AOAC optimization* - GP name: *DisableAOACProcessing* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -1434,7 +1434,7 @@ Files will always be copied to the GPO if they have a later timestamp. ADMX Info: -- GP English name: *Turn off automatic update of ADM files* +- GP Friendly name: *Turn off automatic update of ADM files* - GP name: *DisableAutoADMUpdate* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -1506,7 +1506,7 @@ If you disable or do not configure this policy setting, updates can be applied w ADMX Info: -- GP English name: *Turn off background refresh of Group Policy* +- GP Friendly name: *Turn off background refresh of Group Policy* - GP name: *DisableBackgroundPolicy* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -1580,7 +1580,7 @@ If you disable or do not configure this policy setting, Local GPOs continue to b ADMX Info: -- GP English name: *Turn off Local Group Policy Objects processing* +- GP Friendly name: *Turn off Local Group Policy Objects processing* - GP name: *DisableLGPOProcessing* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -1656,7 +1656,7 @@ Also, see the "Set Group Policy refresh interval for computers" policy setting t ADMX Info: -- GP English name: *Remove users' ability to invoke machine policy refresh* +- GP Friendly name: *Remove users' ability to invoke machine policy refresh* - GP name: *DisableUsersFromMachGP* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -1727,7 +1727,7 @@ If you do not configure this policy setting, the default behavior depends on the ADMX Info: -- GP English name: *Continue experiences on this device* +- GP Friendly name: *Continue experiences on this device* - GP name: *EnableCDP* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -1800,7 +1800,7 @@ If you disable this policy setting, the Group Policy client will not cache appli ADMX Info: -- GP English name: *Configure Group Policy Caching* +- GP Friendly name: *Configure Group Policy Caching* - GP name: *EnableLogonOptimization* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -1873,7 +1873,7 @@ If you disable or do not configure this policy setting, the Group Policy client ADMX Info: -- GP English name: *Enable Group Policy Caching for Servers* +- GP Friendly name: *Enable Group Policy Caching for Servers* - GP name: *EnableLogonOptimizationOnServerSKU* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -1944,7 +1944,7 @@ If you do not configure this policy setting, the default behavior depends on the ADMX Info: -- GP English name: *Phone-PC linking on this device* +- GP Friendly name: *Phone-PC linking on this device* - GP name: *EnableMMX* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -2020,7 +2020,7 @@ In Group Policy Object Editor, preferences have a red icon to distinguish them f ADMX Info: -- GP English name: *Enforce Show Policies Only* +- GP Friendly name: *Enforce Show Policies Only* - GP name: *EnforcePoliciesOnly* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -2087,7 +2087,7 @@ This feature can be configured to be in 3 modes: On, Off, and Audit. By default, ADMX Info: -- GP English name: *Untrusted Font Blocking* +- GP Friendly name: *Untrusted Font Blocking* - GP name: *DisableUsersFromMachGP* - GP path: *System\Mitigation Options* - GP ADMX file name: *GroupPolicy.admx* @@ -2165,7 +2165,7 @@ If you disable this setting or do not configure it, the Group Policy Object Edit ADMX Info: -- GP English name: *Configure Group Policy domain controller selection* +- GP Friendly name: *Configure Group Policy domain controller selection* - GP name: *GPDCOptions* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -2242,7 +2242,7 @@ Also, see the "Do not detect slow network connections" and related policies in C ADMX Info: -- GP English name: *Configure Group Policy slow link detection* +- GP Friendly name: *Configure Group Policy slow link detection* - GP name: *GPTransferRate_1* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -2319,7 +2319,7 @@ Also, see the "Do not detect slow network connections" and related policies in C ADMX Info: -- GP English name: *Configure Group Policy slow link detection* +- GP Friendly name: *Configure Group Policy slow link detection* - GP name: *GPTransferRate_2* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -2401,7 +2401,7 @@ This setting is only used when the "Turn off background refresh of Group Policy" ADMX Info: -- GP English name: *Set Group Policy refresh interval for computers* +- GP Friendly name: *Set Group Policy refresh interval for computers* - GP name: *GroupPolicyRefreshRate* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -2477,7 +2477,7 @@ This setting also lets you specify how much the actual update interval varies. T ADMX Info: -- GP English name: *Set Group Policy refresh interval for domain controllers* +- GP Friendly name: *Set Group Policy refresh interval for domain controllers* - GP name: *GroupPolicyRefreshRateDC* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -2561,7 +2561,7 @@ This setting also lets you specify how much the actual update interval varies. T ADMX Info: -- GP English name: *Set Group Policy refresh interval for users* +- GP Friendly name: *Set Group Policy refresh interval for users* - GP name: *GroupPolicyRefreshRateUser* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -2636,7 +2636,7 @@ If you do not configure this policy setting, Group Policy will wait five minutes ADMX Info: -- GP English name: *Configure Logon Script Delay* +- GP Friendly name: *Configure Logon Script Delay* - GP name: *LogonScriptDelay* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -2707,7 +2707,7 @@ If this setting is Disabled or Not Configured, the default display name of New G ADMX Info: -- GP English name: *Set default name for new Group Policy objects* +- GP Friendly name: *Set default name for new Group Policy objects* - GP name: *NewGPODisplayName* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -2776,7 +2776,7 @@ If you disable this setting or do not configure it, new Group Policy object link ADMX Info: -- GP English name: *Create new Group Policy Object links disabled by default* +- GP Friendly name: *Create new Group Policy Object links disabled by default* - GP name: *NewGPOLinksDisabled* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -2862,7 +2862,7 @@ If you disable or do not configure this setting, the Group Policy Object Editor ADMX Info: -- GP English name: *Always use local ADM files for Group Policy Object Editor* +- GP Friendly name: *Always use local ADM files for Group Policy Object Editor* - GP name: *OnlyUseLocalAdminFiles* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -2949,7 +2949,7 @@ Setting flags not specified here to any value other than ? results in undefined ADMX Info: -- GP English name: *Process Mitigation Options* +- GP Friendly name: *Process Mitigation Options* - GP name: *ProcessMitigationOptions* - GP path: *System\Mitigation Options* - GP ADMX file name: *GroupPolicy.admx* @@ -3023,7 +3023,7 @@ If you disable or do not configure this setting, RSoP logging is turned on. By d ADMX Info: -- GP English name: *Turn off Resultant Set of Policy logging* +- GP Friendly name: *Turn off Resultant Set of Policy logging* - GP name: *RSoPLogging* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -3088,7 +3088,7 @@ Available in the latest Windows 10 Insider Preview Build. Enabling this setting ADMX Info: -- GP English name: *Enable AD/DFS domain controller synchronization during policy refresh* +- GP Friendly name: *Enable AD/DFS domain controller synchronization during policy refresh* - GP name: *ResetDfsClientInfoDuringRefreshPolicy* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -3162,7 +3162,7 @@ If you disable this setting or do not configure it, Group Policy will evaluate t ADMX Info: -- GP English name: *Configure Direct Access connections as a fast network connection* +- GP Friendly name: *Configure Direct Access connections as a fast network connection* - GP name: *SlowLinkDefaultForDirectAccess* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -3241,7 +3241,7 @@ If you disable or do not configure this policy setting, detecting a slow network ADMX Info: -- GP English name: *Change Group Policy processing to run asynchronously when a slow network connection is detected.* +- GP Friendly name: *Change Group Policy processing to run asynchronously when a slow network connection is detected.* - GP name: *SlowlinkDefaultToAsync* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -3310,7 +3310,7 @@ If you disable or do not configure this policy setting, Group Policy will use th ADMX Info: -- GP English name: *Specify startup policy processing wait time* +- GP Friendly name: *Specify startup policy processing wait time* - GP name: *SyncWaitTime* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* @@ -3388,7 +3388,7 @@ If you disable this setting or do not configure it, the user's Group Policy Obje ADMX Info: -- GP English name: *Configure user Group Policy loopback processing mode* +- GP Friendly name: *Configure user Group Policy loopback processing mode* - GP name: *UserPolicyMode* - GP path: *System\Group Policy* - GP ADMX file name: *GroupPolicy.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md index f1ea850871..fcdb9696af 100644 --- a/windows/client-management/mdm/policy-csp-admx-help.md +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -101,7 +101,7 @@ If you disable or do not configure this policy setting, DEP is turned on for HTM ADMX Info: -- GP English name: *Turn off Data Execution Prevention for HTML Help Executible* +- GP Friendly name: *Turn off Data Execution Prevention for HTML Help Executible* - GP name: *DisableHHDEP* - GP path: *System* - GP ADMX file name: *Help.admx* @@ -184,7 +184,7 @@ For additional options, see the "Restrict these programs from being launched fro ADMX Info: -- GP English name: *Restrict potentially unsafe HTML Help functions to specified folders* +- GP Friendly name: *Restrict potentially unsafe HTML Help functions to specified folders* - GP name: *HelpQualifiedRootDir_Comp* - GP path: *System* - GP ADMX file name: *Help.admx* @@ -258,7 +258,7 @@ If you disable or do not configure this policy setting, users can run all applic ADMX Info: -- GP English name: *Restrict these programs from being launched from Help* +- GP Friendly name: *Restrict these programs from being launched from Help* - GP name: *RestrictRunFromHelp* - GP path: *System* - GP ADMX file name: *Help.admx* @@ -331,7 +331,7 @@ If you disable or do not configure this policy setting, users can run all applic ADMX Info: -- GP English name: *Restrict these programs from being launched from Help* +- GP Friendly name: *Restrict these programs from being launched from Help* - GP name: *RestrictRunFromHelp_Comp* - GP path: *System* - GP ADMX file name: *Help.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md index bd11b4a210..15a6785034 100644 --- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md +++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md @@ -99,7 +99,7 @@ If you disable or do not configure this policy setting, the default behavior app ADMX Info: -- GP English name: *Turn off Active Help* +- GP Friendly name: *Turn off Active Help* - GP name: *ActiveHelp* - GP path: *Windows Components/Online Assistance* - GP ADMX file name: *HelpAndSupport.admx* @@ -170,7 +170,7 @@ Users can use the control to provide feedback on the quality and usefulness of t ADMX Info: -- GP English name: *Turn off Help Ratings* +- GP Friendly name: *Turn off Help Ratings* - GP name: *HPExplicitFeedback* - GP path: *System/Internet Communication Management/Internet Communication settings* - GP ADMX file name: *HelpAndSupport.admx* @@ -238,7 +238,7 @@ If you disable or do not configure this policy setting, users can turn on the He ADMX Info: -- GP English name: *Turn off Help Experience Improvement Program* +- GP Friendly name: *Turn off Help Experience Improvement Program* - GP name: *HPImplicitFeedback* - GP path: *System/Internet Communication Management/Internet Communication settings* - GP ADMX file name: *HelpAndSupport.admx* @@ -307,7 +307,7 @@ If you disable or do not configure this policy setting, users can access online ADMX Info: -- GP English name: *Turn off Windows Online* +- GP Friendly name: *Turn off Windows Online* - GP name: *HPOnlineAssistance* - GP path: *System/Internet Communication Management/Internet Communication settings* - GP ADMX file name: *HelpAndSupport.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index 688de0b909..c628cc0a3f 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -407,7 +407,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Administrative Templates (Computers)* +- GP Friendly name: *Administrative Templates (Computers)* - GP name: *MMC_ADMComputers_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -484,7 +484,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Administrative Templates (Computers)* +- GP Friendly name: *Administrative Templates (Computers)* - GP name: *MMC_ADMComputers_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -562,7 +562,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Administrative Templates (Users)* +- GP Friendly name: *Administrative Templates (Users)* - GP name: *MMC_ADMUsers_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -640,7 +640,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Administrative Templates (Users)* +- GP Friendly name: *Administrative Templates (Users)* - GP name: *MMC_ADMUsers_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -718,7 +718,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *ADSI Edit* +- GP Friendly name: *ADSI Edit* - GP name: *MMC_ADSI* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -796,7 +796,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Active Directory Domains and Trusts* +- GP Friendly name: *Active Directory Domains and Trusts* - GP name: *MMC_ActiveDirDomTrusts* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -874,7 +874,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Active Directory Sites and Services* +- GP Friendly name: *Active Directory Sites and Services* - GP name: *MMC_ActiveDirSitesServices* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -952,7 +952,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Active Directory Users and Computers* +- GP Friendly name: *Active Directory Users and Computers* - GP name: *MMC_ActiveDirUsersComp* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -1030,7 +1030,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *AppleTalk Routing* +- GP Friendly name: *AppleTalk Routing* - GP name: *MMC_AppleTalkRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -1108,7 +1108,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Authorization Manager* +- GP Friendly name: *Authorization Manager* - GP name: *MMC_AuthMan* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -1186,7 +1186,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Certification Authority* +- GP Friendly name: *Certification Authority* - GP name: *MMC_CertAuth* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -1263,7 +1263,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Certification Authority Policy Settings* +- GP Friendly name: *Certification Authority Policy Settings* - GP name: *MMC_CertAuthPolSet* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -1340,7 +1340,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Certificates* +- GP Friendly name: *Certificates* - GP name: *MMC_Certs* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -1417,7 +1417,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Certificate Templates* +- GP Friendly name: *Certificate Templates* - GP name: *MMC_CertsTemplate* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -1494,7 +1494,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Component Services* +- GP Friendly name: *Component Services* - GP name: *MMC_ComponentServices* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -1571,7 +1571,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Computer Management* +- GP Friendly name: *Computer Management* - GP name: *MMC_ComputerManagement* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -1648,7 +1648,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Connection Sharing (NAT)* +- GP Friendly name: *Connection Sharing (NAT)* - GP name: *MMC_ConnectionSharingNAT* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -1725,7 +1725,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *DCOM Configuration Extension* +- GP Friendly name: *DCOM Configuration Extension* - GP name: *MMC_DCOMCFG* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -1802,7 +1802,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Distributed File System* +- GP Friendly name: *Distributed File System* - GP name: *MMC_DFS* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -1879,7 +1879,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *DHCP Relay Management* +- GP Friendly name: *DHCP Relay Management* - GP name: *MMC_DHCPRelayMgmt* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -1956,7 +1956,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Device Manager* +- GP Friendly name: *Device Manager* - GP name: *MMC_DeviceManager_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -2033,7 +2033,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Device Manager* +- GP Friendly name: *Device Manager* - GP name: *MMC_DeviceManager_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -2110,7 +2110,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Disk Defragmenter* +- GP Friendly name: *Disk Defragmenter* - GP name: *MMC_DiskDefrag* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -2187,7 +2187,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Disk Management* +- GP Friendly name: *Disk Management* - GP name: *MMC_DiskMgmt* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -2264,7 +2264,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Enterprise PKI* +- GP Friendly name: *Enterprise PKI* - GP name: *MMC_EnterprisePKI* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -2341,7 +2341,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Event Viewer* +- GP Friendly name: *Event Viewer* - GP name: *MMC_EventViewer_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -2418,7 +2418,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Event Viewer (Windows Vista)* +- GP Friendly name: *Event Viewer (Windows Vista)* - GP name: *MMC_EventViewer_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -2495,7 +2495,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Event Viewer* +- GP Friendly name: *Event Viewer* - GP name: *MMC_EventViewer_3* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -2572,7 +2572,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Event Viewer (Windows Vista)* +- GP Friendly name: *Event Viewer (Windows Vista)* - GP name: *MMC_EventViewer_4* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -2650,7 +2650,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Event Viewer (Windows Vista)* +- GP Friendly name: *Event Viewer (Windows Vista)* - GP name: *MMC_EventViewer_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -2727,7 +2727,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *FAX Service* +- GP Friendly name: *FAX Service* - GP name: *MMC_FAXService* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -2804,7 +2804,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Failover Clusters Manager* +- GP Friendly name: *Failover Clusters Manager* - GP name: *MMC_FailoverClusters* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -2881,7 +2881,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Folder Redirection* +- GP Friendly name: *Folder Redirection* - GP name: *MMC_FolderRedirection_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -2958,7 +2958,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Folder Redirection* +- GP Friendly name: *Folder Redirection* - GP name: *MMC_FolderRedirection_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -3035,7 +3035,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *FrontPage Server Extensions* +- GP Friendly name: *FrontPage Server Extensions* - GP name: *MMC_FrontPageExt* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -3112,7 +3112,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Group Policy Management* +- GP Friendly name: *Group Policy Management* - GP name: *MMC_GroupPolicyManagementSnapIn* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* - GP ADMX file name: *MMCSnapins.admx* @@ -3189,7 +3189,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Group Policy Object Editor* +- GP Friendly name: *Group Policy Object Editor* - GP name: *MMC_GroupPolicySnapIn* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* - GP ADMX file name: *MMCSnapins.admx* @@ -3268,7 +3268,7 @@ When the Group Policy tab is inaccessible, it does not appear in the site, domai ADMX Info: -- GP English name: *Group Policy tab for Active Directory Tools* +- GP Friendly name: *Group Policy tab for Active Directory Tools* - GP name: *MMC_GroupPolicyTab* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* - GP ADMX file name: *MMCSnapins.admx* @@ -3345,7 +3345,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Health Registration Authority (HRA)* +- GP Friendly name: *Health Registration Authority (HRA)* - GP name: *MMC_HRA* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -3422,7 +3422,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Internet Authentication Service (IAS)* +- GP Friendly name: *Internet Authentication Service (IAS)* - GP name: *MMC_IAS* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -3499,7 +3499,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *IAS Logging* +- GP Friendly name: *IAS Logging* - GP name: *MMC_IASLogging* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -3576,7 +3576,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Internet Explorer Maintenance* +- GP Friendly name: *Internet Explorer Maintenance* - GP name: *MMC_IEMaintenance_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -3653,7 +3653,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Internet Explorer Maintenance* +- GP Friendly name: *Internet Explorer Maintenance* - GP name: *MMC_IEMaintenance_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -3730,7 +3730,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *IGMP Routing* +- GP Friendly name: *IGMP Routing* - GP name: *MMC_IGMPRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -3807,7 +3807,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Internet Information Services* +- GP Friendly name: *Internet Information Services* - GP name: *MMC_IIS* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -3884,7 +3884,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *IP Routing* +- GP Friendly name: *IP Routing* - GP name: *MMC_IPRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -3961,7 +3961,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *IP Security Policy Management* +- GP Friendly name: *IP Security Policy Management* - GP name: *MMC_IPSecManage_GP* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -4038,7 +4038,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *IPX RIP Routing* +- GP Friendly name: *IPX RIP Routing* - GP name: *MMC_IPXRIPRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -4115,7 +4115,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *IPX Routing* +- GP Friendly name: *IPX Routing* - GP name: *MMC_IPXRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -4192,7 +4192,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *IPX SAP Routing* +- GP Friendly name: *IPX SAP Routing* - GP name: *MMC_IPXSAPRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -4269,7 +4269,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Indexing Service* +- GP Friendly name: *Indexing Service* - GP name: *MMC_IndexingService* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -4346,7 +4346,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *IP Security Policy Management* +- GP Friendly name: *IP Security Policy Management* - GP name: *MMC_IpSecManage* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -4423,7 +4423,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *IP Security Monitor* +- GP Friendly name: *IP Security Monitor* - GP name: *MMC_IpSecMonitor* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -4500,7 +4500,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Local Users and Groups* +- GP Friendly name: *Local Users and Groups* - GP name: *MMC_LocalUsersGroups* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -4577,7 +4577,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Logical and Mapped Drives* +- GP Friendly name: *Logical and Mapped Drives* - GP name: *MMC_LogicalMappedDrives* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -4654,7 +4654,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Network Policy Server (NPS)* +- GP Friendly name: *Network Policy Server (NPS)* - GP name: *MMC_NPSUI* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -4731,7 +4731,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *NAP Client Configuration* +- GP Friendly name: *NAP Client Configuration* - GP name: *MMC_NapSnap* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -4808,7 +4808,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *NAP Client Configuration* +- GP Friendly name: *NAP Client Configuration* - GP name: *MMC_NapSnap_GP* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -4885,7 +4885,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *.Net Framework Configuration* +- GP Friendly name: *.Net Framework Configuration* - GP name: *MMC_Net_Framework* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -4962,7 +4962,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Online Responder* +- GP Friendly name: *Online Responder* - GP name: *MMC_OCSP* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -5039,7 +5039,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *OSPF Routing* +- GP Friendly name: *OSPF Routing* - GP name: *MMC_OSPFRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -5116,7 +5116,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Performance Logs and Alerts* +- GP Friendly name: *Performance Logs and Alerts* - GP name: *MMC_PerfLogsAlerts* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -5193,7 +5193,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Public Key Policies* +- GP Friendly name: *Public Key Policies* - GP name: *MMC_PublicKey* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -5270,7 +5270,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *QoS Admission Control* +- GP Friendly name: *QoS Admission Control* - GP name: *MMC_QoSAdmission* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -5347,7 +5347,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *RAS Dialin - User Node* +- GP Friendly name: *RAS Dialin - User Node* - GP name: *MMC_RAS_DialinUser* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -5424,7 +5424,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *RIP Routing* +- GP Friendly name: *RIP Routing* - GP name: *MMC_RIPRouting* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -5501,7 +5501,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Remote Installation Services* +- GP Friendly name: *Remote Installation Services* - GP name: *MMC_RIS* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -5578,7 +5578,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Routing and Remote Access* +- GP Friendly name: *Routing and Remote Access* - GP name: *MMC_RRA* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -5655,7 +5655,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Removable Storage Management* +- GP Friendly name: *Removable Storage Management* - GP name: *MMC_RSM* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -5732,7 +5732,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Removable Storage* +- GP Friendly name: *Removable Storage* - GP name: *MMC_RemStore* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -5809,7 +5809,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Remote Access* +- GP Friendly name: *Remote Access* - GP name: *MMC_RemoteAccess* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -5886,7 +5886,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Remote Desktops* +- GP Friendly name: *Remote Desktops* - GP name: *MMC_RemoteDesktop* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -5963,7 +5963,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Resultant Set of Policy snap-in* +- GP Friendly name: *Resultant Set of Policy snap-in* - GP name: *MMC_ResultantSetOfPolicySnapIn* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy* - GP ADMX file name: *MMCSnapins.admx* @@ -6040,7 +6040,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Routing* +- GP Friendly name: *Routing* - GP name: *MMC_Routing* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -6117,7 +6117,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Security Configuration and Analysis* +- GP Friendly name: *Security Configuration and Analysis* - GP name: *MMC_SCA* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -6194,7 +6194,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *SMTP Protocol* +- GP Friendly name: *SMTP Protocol* - GP name: *MMC_SMTPProtocol* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -6271,7 +6271,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *SNMP* +- GP Friendly name: *SNMP* - GP name: *MMC_SNMP* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* - GP ADMX file name: *MMCSnapins.admx* @@ -6348,7 +6348,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Scripts (Startup/Shutdown)* +- GP Friendly name: *Scripts (Startup/Shutdown)* - GP name: *MMC_ScriptsMachine_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -6425,7 +6425,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Scripts (Startup/Shutdown)* +- GP Friendly name: *Scripts (Startup/Shutdown)* - GP name: *MMC_ScriptsMachine_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -6502,7 +6502,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Scripts (Logon/Logoff)* +- GP Friendly name: *Scripts (Logon/Logoff)* - GP name: *MMC_ScriptsUser_1* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* @@ -6579,7 +6579,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo ADMX Info: -- GP English name: *Scripts (Logon/Logoff)* +- GP Friendly name: *Scripts (Logon/Logoff)* - GP name: *MMC_ScriptsUser_2* - GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions* - GP ADMX file name: *MMCSnapins.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md index c94cb373ac..99d423e98d 100644 --- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md @@ -92,7 +92,7 @@ By default, this setting is Disabled. This setting does not affect whether users ADMX Info: -- GP English name: *Block all consumer Microsoft account user authentication* +- GP Friendly name: *Block all consumer Microsoft account user authentication* - GP name: *MicrosoftAccount_DisableUserAuth* - GP path: *Windows Components\Microsoft account* - GP ADMX file name: *MSAPolicy.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md index 85cdf6f62c..0264d6cb1d 100644 --- a/windows/client-management/mdm/policy-csp-admx-msched.md +++ b/windows/client-management/mdm/policy-csp-admx-msched.md @@ -93,7 +93,7 @@ If you disable or do not configure this policy setting, the daily scheduled time ADMX Info: -- GP English name: *Automatic Maintenance Activation Boundary* +- GP Friendly name: *Automatic Maintenance Activation Boundary* - GP name: *ActivationBoundaryPolicy* - GP path: *Windows Components\Maintenance Scheduler* - GP ADMX file name: *msched.admx* @@ -166,7 +166,7 @@ If you disable this policy setting, no random delay will be applied to Automatic ADMX Info: -- GP English name: *Automatic Maintenance Random Delay* +- GP Friendly name: *Automatic Maintenance Random Delay* - GP name: *RandomDelayPolicy* - GP path: *Windows Components\Maintenance Scheduler* - GP ADMX file name: *msched.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md index 4af5ccff52..a8bf9c9ad2 100644 --- a/windows/client-management/mdm/policy-csp-admx-msdt.md +++ b/windows/client-management/mdm/policy-csp-admx-msdt.md @@ -102,7 +102,7 @@ No reboots or service restarts are required for this policy setting to take effe ADMX Info: -- GP English name: *Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider* +- GP Friendly name: *Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider* - GP name: *MsdtSupportProvider* - GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool* - GP ADMX file name: *MSDT.admx* @@ -189,7 +189,7 @@ The DPS can be configured with the Services snap-in to the Microsoft Management ADMX Info: -- GP English name: *Microsoft Support Diagnostic Tool: Restrict tool download* +- GP Friendly name: *Microsoft Support Diagnostic Tool: Restrict tool download* - GP name: *MsdtToolDownloadPolicy* - GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool* - GP ADMX file name: *MSDT.admx* @@ -264,7 +264,7 @@ This policy setting will only take effect when the Diagnostic Policy Service (DP ADMX Info: -- GP English name: *Microsoft Support Diagnostic Tool: Configure execution level* +- GP Friendly name: *Microsoft Support Diagnostic Tool: Configure execution level* - GP name: *WdiScenarioExecutionPolicy* - GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool* - GP ADMX file name: *MSDT.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md index b3f1bd2e74..0970c6a14e 100644 --- a/windows/client-management/mdm/policy-csp-admx-msi.md +++ b/windows/client-management/mdm/policy-csp-admx-msi.md @@ -162,7 +162,7 @@ If you disable or do not configure this policy setting, by default, only system ADMX Info: -- GP English name: *Allow users to browse for source while elevated* +- GP Friendly name: *Allow users to browse for source while elevated* - GP name: *AllowLockdownBrowse* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -236,7 +236,7 @@ Also, see the "Prevent removable media source for any install" policy setting. ADMX Info: -- GP English name: *Allow users to use media source while elevated* +- GP Friendly name: *Allow users to use media source while elevated* - GP name: *AllowLockdownMedia* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -307,7 +307,7 @@ This policy setting does not affect installations that run in the user's securit ADMX Info: -- GP English name: *Allow users to patch elevated products* +- GP Friendly name: *Allow users to patch elevated products* - GP name: *AllowLockdownPatch* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -383,7 +383,7 @@ If you disable or do not configure this policy setting, Windows Installer will u ADMX Info: -- GP English name: *Prohibit use of Restart Manager* +- GGP Friendly name: *Prohibit use of Restart Manager* - GP name: *DisableAutomaticApplicationShutdown* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -459,7 +459,7 @@ Also, see the "Enable user to browse for source while elevated" policy setting. ADMX Info: -- GP English name: *Remove browse dialog box for new source* +- GP Friendly name: *Remove browse dialog box for new source* - GP name: *DisableBrowse* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -529,7 +529,7 @@ If you disable or do not configure this policy setting, it enables faster applic ADMX Info: -- GP English name: *Prohibit flyweight patching* +- GP Friendly name: *Prohibit flyweight patching* - GP name: *DisableFlyweightPatching* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -603,7 +603,7 @@ If you disable or do not configure this policy setting, Windows Installer will a ADMX Info: -- GP English name: *Turn off logging via package settings* +- GP Friendly name: *Turn off logging via package settings* - GP name: *DisableLoggingFromPackage* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -679,7 +679,7 @@ This policy setting affects Windows Installer only. It does not prevent users fr ADMX Info: -- GP English name: *Turn off Windows Installer* +- GP Friendly name: *Turn off Windows Installer* - GP name: *DisableMSI* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -753,7 +753,7 @@ Also, see the "Enable user to use media source while elevated" and "Hide the 'Ad ADMX Info: -- GP English name: *Prevent removable media source for any installation* +- GP Friendly name: *Prevent removable media source for any installation* - GP name: *DisableMedia* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -828,7 +828,7 @@ Also, see the "Enable user to patch elevated products" policy setting. ADMX Info: -- GP English name: *Prevent users from using Windows Installer to install updates and upgrades* +- GP Friendly name: *Prevent users from using Windows Installer to install updates and upgrades* - GP name: *DisablePatch* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -899,7 +899,7 @@ This policy setting appears in the Computer Configuration and User Configuration ADMX Info: -- GP English name: *Prohibit rollback* +- GP Friendly name: *Prohibit rollback* - GP name: *DisableRollback_1* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -971,7 +971,7 @@ This policy setting appears in the Computer Configuration and User Configuration ADMX Info: -- GP English name: *Prohibit rollback* +- GP Friendly name: *Prohibit rollback* - GP name: *DisableRollback_2* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -1041,7 +1041,7 @@ If you disable or do not configure this policy setting, by default, the shared c ADMX Info: -- GP English name: *Turn off shared components* +- GP Friendly name: *Turn off shared components* - GP name: *DisableSharedComponent* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -1113,7 +1113,7 @@ If you disable or do not configure this policy setting, Windows Installer logs t ADMX Info: -- GP English name: *Specify the types of events Windows Installer records in its transaction log* +- GP Friendly name: *Specify the types of events Windows Installer records in its transaction log* - GP name: *MSILogging* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -1186,7 +1186,7 @@ If you disable or do not configure this policy setting, users without administra ADMX Info: -- GP English name: *Prohibit non-administrators from applying vendor signed updates* +- GP Friendly name: *Prohibit non-administrators from applying vendor signed updates* - GP name: *MSI_DisableLUAPatching* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -1259,7 +1259,7 @@ If you disable or do not configure this policy setting, a user can remove an upd ADMX Info: -- GP English name: *Prohibit removal of updates* +- GP Friendly name: *Prohibit removal of updates* - GP name: *MSI_DisablePatchUninstall* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -1330,7 +1330,7 @@ If you disable or do not configure this policy setting, by default, the Windows ADMX Info: -- GP English name: *Turn off creation of System Restore checkpoints* +- GP Friendly name: *Turn off creation of System Restore checkpoints* - GP name: *MSI_DisableSRCheckPoints* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -1401,7 +1401,7 @@ If you enable this policy setting and "Hide User Installs" is selected, the inst ADMX Info: -- GP English name: *Prohibit User Installs* +- GP Friendly name: *Prohibit User Installs* - GP name: *MSI_DisableUserInstalls* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -1478,7 +1478,7 @@ If you disable or do not configure this policy setting, the Windows Installer wi ADMX Info: -- GP English name: *Enforce upgrade component rules* +- GP Friendly name: *Enforce upgrade component rules* - GP name: *MSI_EnforceUpgradeComponentRules* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -1554,7 +1554,7 @@ If you disable or do not configure this policy setting, the Windows Installer wi ADMX Info: -- GP English name: *Control maximum size of baseline file cache* +- GP Friendly name: *Control maximum size of baseline file cache* - GP name: *MSI_MaxPatchCacheSize* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -1624,7 +1624,7 @@ If you disable or do not configure this policy setting, embedded UI is allowed t ADMX Info: -- GP English name: *Prevent embedded UI* +- GP Friendly name: *Prevent embedded UI* - GP name: *MsiDisableEmbeddedUI* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -1696,7 +1696,7 @@ This policy setting is designed for enterprises that use Web-based tools to dist ADMX Info: -- GP English name: *Prevent Internet Explorer security prompt for Windows Installer scripts* +- GP Friendly name: *Prevent Internet Explorer security prompt for Windows Installer scripts* - GP name: *SafeForScripting* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -1772,7 +1772,7 @@ To exclude a file source, omit or delete the letter representing that source typ ADMX Info: -- GP English name: *Specify the order in which Windows Installer searches for installation files* +- GP Friendly name: *Specify the order in which Windows Installer searches for installation files* - GP name: *SearchOrder* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* @@ -1850,7 +1850,7 @@ If you do not configure this policy setting on Windows 2000 Professional, Window ADMX Info: -- GP English name: *Save copies of transform files in a secure location on workstation* +- GP Friendly name: *Save copies of transform files in a secure location on workstation* - GP name: *TransformsSecure* - GP path: *Windows Components\Windows Installer* - GP ADMX file name: *MSI.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index da4cff082f..f35134f108 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -121,7 +121,7 @@ You must configure this setting to have complete NCA functionality. ADMX Info: -- GP English name: *Corporate Resources* +- GP Friendly name: *Corporate Resources* - GP name: *CorporateResources* - GP path: *Network\DirectAccess Client Experience Settings* - GP ADMX file name: *nca.admx* @@ -186,7 +186,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting sp ADMX Info: -- GP English name: *Custom Commands* +- GP Friendly name: *Custom Commands* - GP name: *CustomCommands* - GP path: *Network\DirectAccess Client Experience Settings* - GP ADMX file name: *nca.admx* @@ -257,7 +257,7 @@ You must configure this setting to have complete NCA functionality. ADMX Info: -- GP English name: *IPsec Tunnel Endpoints* +- GP Friendly name: *IPsec Tunnel Endpoints* - GP name: *DTEs* - GP path: *Network\DirectAccess Client Experience Settings* - GP ADMX file name: *nca.admx* @@ -324,7 +324,7 @@ If this setting is not configured, the string that appears for DirectAccess conn ADMX Info: -- GP English name: *Friendly Name* +- GP Friendly name: *Friendly Name* - GP name: *FriendlyName* - GP path: *Network\DirectAccess Client Experience Settings* - GP ADMX file name: *nca.admx* @@ -400,7 +400,7 @@ If this setting is not configured, users do not have Connect or Disconnect optio ADMX Info: -- GP English name: *Prefer Local Names Allowed* +- GP Friendly name: *Prefer Local Names Allowed* - GP name: *LocalNamesOn* - GP path: *Network\DirectAccess Client Experience Settings* - GP ADMX file name: *nca.admx* @@ -466,7 +466,7 @@ Set this to Disabled to keep NCA probing actively all the time. If this setting ADMX Info: -- GP English name: *DirectAccess Passive Mode* +- GP Friendly name: *DirectAccess Passive Mode* - GP name: *PassiveMode* - GP path: *Network\DirectAccess Client Experience Settings* - GP ADMX file name: *nca.admx* @@ -535,7 +535,7 @@ If this setting is not configured, the entry for DirectAccess connectivity appea ADMX Info: -- GP English name: *User Interface* +- GP Friendly name: *User Interface* - GP name: *ShowUI* - GP path: *Network\DirectAccess Client Experience Settings* - GP ADMX file name: *nca.admx* @@ -602,7 +602,7 @@ When the user sends the log files to the Administrator, NCA uses the default e-m ADMX Info: -- GP English name: *Support Email Address* +- GP Friendly name: *Support Email Address* - GP name: *SupportEmail* - GP path: *Network\DirectAccess Client Experience Settings* - GP ADMX file name: *nca.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md index 7bca9000d2..4981561468 100644 --- a/windows/client-management/mdm/policy-csp-admx-ncsi.md +++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md @@ -104,7 +104,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting e ADMX Info: -- GP English name: *Specify corporate DNS probe host address* +- GP Friendly name: *Specify corporate DNS probe host address* - GP name: *NCSI_CorpDnsProbeContent* - GP path: *Network\Network Connectivity Status Indicator* - GP ADMX file name: *NCSI.admx* @@ -169,7 +169,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting en ADMX Info: -- GP English name: *Specify corporate DNS probe host name* +- GP Friendly name: *Specify corporate DNS probe host name* - GP name: *NCSI_CorpDnsProbeHost* - GP path: *Network\Network Connectivity Status Indicator* - GP ADMX file name: *NCSI.admx* @@ -234,7 +234,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting en ADMX Info: -- GP English name: *Specify corporate site prefix list* +- GP Friendly name: *Specify corporate site prefix list* - GP name: *NCSI_CorpSitePrefixes* - GP path: *Network\Network Connectivity Status Indicator* - GP ADMX file name: *NCSI.admx* @@ -299,7 +299,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting en ADMX Info: -- GP English name: *Specify corporate Website probe URL* +- GP Friendly name: *Specify corporate Website probe URL* - GP name: *NCSI_CorpWebProbeUrl* - GP path: *Network\Network Connectivity Status Indicator* - GP ADMX file name: *NCSI.admx* @@ -367,7 +367,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting en ADMX Info: -- GP English name: *Specify domain location determination URL* +- GP Friendly name: *Specify domain location determination URL* - GP name: *NCSI_DomainLocationDeterminationUrl* - GP path: *Network\Network Connectivity Status Indicator* - GP ADMX file name: *NCSI.admx* @@ -432,7 +432,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting en ADMX Info: -- GP English name: *Specify global DNS* +- GP Friendly name: *Specify global DNS* - GP name: *NCSI_GlobalDns* - GP path: *Network\Network Connectivity Status Indicator* - GP ADMX file name: *NCSI.admx* @@ -497,7 +497,7 @@ Available in the latest Windows 10 Insider Preview Build. This Policy setting en ADMX Info: -- GP English name: *Specify passive polling* +- GP Friendly name: *Specify passive polling* - GP name: *NCSI_PassivePolling* - GP path: *Network\Network Connectivity Status Indicator* - GP ADMX file name: *NCSI.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 76c9223297..f8c2d7401e 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -200,7 +200,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D ADMX Info: -- GP English name: *Specify address lookup behavior for DC locator ping* +- GP Friendly name: *Specify address lookup behavior for DC locator ping* - GP name: *Netlogon_AddressLookupOnPingBehavior* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -273,7 +273,7 @@ If you do not configure this policy setting, DC Locator APIs can return IPv4/IPv ADMX Info: -- GP English name: *Return domain controller address type* +- GP Friendly name: *Return domain controller address type* - GP name: *Netlogon_AddressTypeReturned* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -346,7 +346,7 @@ If you disable this policy setting, when the AllowSingleLabelDnsDomain policy is ADMX Info: -- GP English name: *Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.* +- GP Friendly name: *Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.* - GP name: *Netlogon_AllowDnsSuffixSearch* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -421,7 +421,7 @@ If you do not configure this policy setting, Net Logon will not allow the negoti ADMX Info: -- GP English name: *Allow cryptography algorithms compatible with Windows NT 4.0* +- GP Friendly name: *Allow cryptography algorithms compatible with Windows NT 4.0* - GP name: *Netlogon_AllowNT4Crypto* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -496,7 +496,7 @@ If you do not configure this policy setting, it is not applied to any computers, ADMX Info: -- GP English name: *Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC* +- GP Friendly name: *Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC* - GP name: *Netlogon_AllowSingleLabelDnsDomain* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -569,7 +569,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D ADMX Info: -- GP English name: *Use automated site coverage by the DC Locator DNS SRV Records* +- GP Friendly name: *Use automated site coverage by the DC Locator DNS SRV Records* - GP name: *Netlogon_AutoSiteCoverage* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -645,7 +645,7 @@ If you disable this policy setting, the DC location algorithm can use NetBIOS-ba ADMX Info: -- GP English name: *Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails* +- GP Friendly name: *Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails* - GP name: *Netlogon_AvoidFallbackNetbiosDiscovery* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -720,7 +720,7 @@ If you do not configure this policy setting, it is not applied to any DCs. ADMX Info: -- GP English name: *Contact PDC on logon failure* +- GP Friendly name: *Contact PDC on logon failure* - GP name: *Netlogon_AvoidPdcOnWan* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -798,7 +798,7 @@ If the value of this setting is less than the value specified in the NegativeCac ADMX Info: -- GP English name: *Use initial DC discovery retry setting for background callers* +- GP Friendly name: *Use initial DC discovery retry setting for background callers* - GP name: *Netlogon_BackgroundRetryInitialPeriod* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -878,7 +878,7 @@ If the value for this setting is too small and the DC is not available, the freq ADMX Info: -- GP English name: *Use maximum DC discovery retry interval setting for background callers* +- GP Friendly name: *Use maximum DC discovery retry interval setting for background callers* - GP name: *Netlogon_BackgroundRetryMaximumPeriod* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -950,7 +950,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu ADMX Info: -- GP English name: *Use final DC discovery retry setting for background callers* +- GP Friendly name: *Use final DC discovery retry setting for background callers* - GP name: *Netlogon_BackgroundRetryQuitTime* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -1017,7 +1017,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting de ADMX Info: -- GP English name: *Use positive periodic DC cache refresh for background callers* +- GP Friendly name: *Use positive periodic DC cache refresh for background callers* - GP name: *Netlogon_BackgroundSuccessfulRefreshPeriod* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -1092,7 +1092,7 @@ If you disable this policy setting or do not configure it, the default behavior ADMX Info: -- GP English name: *Specify log file debug output level* +- GP Friendly name: *Specify log file debug output level* - GP name: *Netlogon_DebugFlag* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -1191,7 +1191,7 @@ If you do not configure this policy setting, DCs use their local configuration. ADMX Info: -- GP English name: *Specify DC Locator DNS records not registered by the DCs* +- GP Friendly name: *Specify DC Locator DNS records not registered by the DCs* - GP name: *Netlogon_DnsAvoidRegisterRecords* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -1267,7 +1267,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D ADMX Info: -- GP English name: *Specify Refresh Interval of the DC Locator DNS records* +- GP Friendly name: *Specify Refresh Interval of the DC Locator DNS records* - GP name: *Netlogon_DnsRefreshInterval* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -1343,7 +1343,7 @@ A reboot is not required for changes to this setting to take effect. ADMX Info: -- GP English name: *Use lowercase DNS host names when registering domain controller SRV records* +- GP Friendly name: *Use lowercase DNS host names when registering domain controller SRV records* - GP name: *Netlogon_DnsSrvRecordUseLowerCaseHostNames* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -1413,7 +1413,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D ADMX Info: -- GP English name: *Set TTL in the DC Locator DNS Records* +- GP Friendly name: *Set TTL in the DC Locator DNS Records* - GP name: *Netlogon_DnsTtl* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -1484,7 +1484,7 @@ If you do not configure this policy setting, it is not applied to any computers, ADMX Info: -- GP English name: *Specify expected dial-up delay on logon* +- GP Friendly name: *Specify expected dial-up delay on logon* - GP name: *Netlogon_ExpectedDialupDelay* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -1559,7 +1559,7 @@ If you do not configure this policy setting, Force Rediscovery will be used by d ADMX Info: -- GP English name: *Force Rediscovery Interval* +- GP Friendly name: *Force Rediscovery Interval* - GP name: *Netlogon_ForceRediscoveryInterval* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -1632,7 +1632,7 @@ If you do not configure this policy setting, it is not applied to any GCs, and G ADMX Info: -- GP English name: *Specify sites covered by the GC Locator DNS SRV Records* +- GP Friendly name: *Specify sites covered by the GC Locator DNS SRV Records* - GP name: *Netlogon_GcSiteCoverage* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -1708,7 +1708,7 @@ If you disable or do not configure this policy setting, this DC processes incomi ADMX Info: -- GP English name: *Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names* +- GP Friendly name: *Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names* - GP name: *Netlogon_IgnoreIncomingMailslotMessages* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -1781,7 +1781,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D ADMX Info: -- GP English name: *Set Priority in the DC Locator DNS SRV records* +- GP Friendly name: *Set Priority in the DC Locator DNS SRV records* - GP name: *Netlogon_LdapSrvPriority* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -1854,7 +1854,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D ADMX Info: -- GP English name: *Set Weight in the DC Locator DNS SRV records* +- GP Friendly name: *Set Weight in the DC Locator DNS SRV records* - GP name: *Netlogon_LdapSrvWeight* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -1925,7 +1925,7 @@ If you disable or do not configure this policy setting, the default behavior occ ADMX Info: -- GP English name: *Specify maximum log file size* +- GP Friendly name: *Specify maximum log file size* - GP name: *Netlogon_MaximumLogFileSize* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -1998,7 +1998,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D ADMX Info: -- GP English name: *Specify sites covered by the application directory partition DC Locator DNS SRV records* +- GP Friendly name: *Specify sites covered by the application directory partition DC Locator DNS SRV records* - GP name: *Netlogon_NdncSiteCoverage* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -2070,7 +2070,7 @@ The default value for this setting is 45 seconds. The maximum value for this set ADMX Info: -- GP English name: *Specify negative DC Discovery cache setting* +- GP Friendly name: *Specify negative DC Discovery cache setting* - GP name: *Netlogon_NegativeCachePeriod* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -2148,7 +2148,7 @@ If you enable this policy setting, domain administrators should ensure that the ADMX Info: -- GP English name: *Set Netlogon share compatibility* +- GP Friendly name: *Set Netlogon share compatibility* - GP name: *Netlogon_NetlogonShareCompatibilityMode* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -2217,7 +2217,7 @@ The default value for this setting is 30 minutes (1800). The maximum value for t ADMX Info: -- GP English name: *Specify positive periodic DC Cache refresh for non-background callers* +- GP Friendly name: *Specify positive periodic DC Cache refresh for non-background callers* - GP name: *Netlogon_NonBackgroundSuccessfulRefreshPeriod* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -2295,7 +2295,7 @@ If you do not configure this policy setting, it is not applied to any computers, ADMX Info: -- GP English name: *Use urgent mode when pinging domain controllers* +- GP Friendly name: *Use urgent mode when pinging domain controllers* - GP name: *Netlogon_PingUrgencyMode* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -2372,7 +2372,7 @@ To enable the setting, click Enabled, and then specify the interval in seconds. ADMX Info: -- GP English name: *Set scavenge interval* +- GP Friendly name: *Set scavenge interval* - GP name: *Netlogon_ScavengeInterval* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -2445,7 +2445,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D ADMX Info: -- GP English name: *Specify sites covered by the DC Locator DNS SRV records* +- GP Friendly name: *Specify sites covered by the DC Locator DNS SRV records* - GP name: *Netlogon_SiteCoverage* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -2518,7 +2518,7 @@ If you do not configure this policy setting, it is not applied to any computers, ADMX Info: -- GP English name: *Specify site name* +- GP Friendly name: *Specify site name* - GP name: *Netlogon_SiteName* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -2596,7 +2596,7 @@ If you enable this policy setting, domain administrators should ensure that the ADMX Info: -- GP English name: *Set SYSVOL share compatibility* +- GP Friendly name: *Set SYSVOL share compatibility* - GP name: *Netlogon_SysvolShareCompatibilityMode* - GP path: *System\Net Logon* - GP ADMX file name: *Netlogon.admx* @@ -2671,7 +2671,7 @@ If you do not configure this policy setting, Try Next Closest Site DC Location w ADMX Info: -- GP English name: *Try Next Closest Site* +- GP Friendly name: *Try Next Closest Site* - GP name: *Netlogon_TryNextClosestSite* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* @@ -2744,7 +2744,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D ADMX Info: -- GP English name: *Specify dynamic registration of the DC Locator DNS Records* +- GP Friendly name: *Specify dynamic registration of the DC Locator DNS Records* - GP name: *Netlogon_UseDynamicDns* - GP path: *System\Net Logon\DC Locator DNS Records* - GP ADMX file name: *Netlogon.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md index deb0305f18..42d74dc6ad 100644 --- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md +++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md @@ -180,7 +180,7 @@ The Install and Uninstall buttons appear in the properties dialog box for connec ADMX Info: -- GP English name: *Prohibit adding and removing components for a LAN or remote access connection* +- GP Friendly name: *Prohibit adding and removing components for a LAN or remote access connection* - GP name: *NC_AddRemoveComponents* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -256,7 +256,7 @@ If you disable this setting or do not configure it, the Advanced Settings item i ADMX Info: -- GP English name: *Prohibit access to the Advanced Settings item on the Advanced menu* +- GP Friendly name: *Prohibit access to the Advanced Settings item on the Advanced menu* - GP name: *NC_AdvancedSettings* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -337,7 +337,7 @@ Changing this setting from Enabled to Not Configured does not enable the Advance ADMX Info: -- GP English name: *Prohibit TCP/IP advanced configuration* +- GP Friendly name: *Prohibit TCP/IP advanced configuration* - GP name: *NC_AllowAdvancedTCPIPConfig* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -413,7 +413,7 @@ If you disable this setting or do not configure it, the Properties dialog box fo ADMX Info: -- GP English name: *Prohibit Enabling/Disabling components of a LAN connection* +- GP Friendly name: *Prohibit Enabling/Disabling components of a LAN connection* - GP name: *NC_ChangeBindState* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -495,7 +495,7 @@ When enabled, the "Prohibit deletion of remote access connections" setting takes ADMX Info: -- GP English name: *Ability to delete all user remote access connections* +- GP Friendly name: *Ability to delete all user remote access connections* - GP name: *NC_DeleteAllUserConnection* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -575,7 +575,7 @@ When enabled, this setting takes precedence over the "Ability to delete all user ADMX Info: -- GP English name: *Prohibit deletion of remote access connections* +- GP Friendly name: *Prohibit deletion of remote access connections* - GP name: *NC_DeleteConnection* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -648,7 +648,7 @@ If you disable this setting or do not configure it, the Remote Access Preference ADMX Info: -- GP English name: *Prohibit access to the Remote Access Preferences item on the Advanced menu* +- GP Friendly name: *Prohibit access to the Remote Access Preferences item on the Advanced menu* - GP name: *NC_DialupPrefs* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -717,7 +717,7 @@ If you disable this setting or do not configure it, the "local access only" icon ADMX Info: -- GP English name: *Do not show the "local access only" network icon* +- GP Friendly name: *Do not show the "local access only" network icon* - GP name: *NC_DoNotShowLocalOnlyIcon* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -793,7 +793,7 @@ If you disable this setting or do not configure it, Windows XP settings that exi ADMX Info: -- GP English name: *Enable Windows 2000 Network Connections settings for Administrators* +- GP Friendly name: *Enable Windows 2000 Network Connections settings for Administrators* - GP name: *NC_EnableAdminProhibits* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -866,7 +866,7 @@ If you do not configure this policy setting, traffic between remote client compu ADMX Info: -- GP English name: *Route all traffic through the internal network* +- GP Friendly name: *Route all traffic through the internal network* - GP name: *NC_ForceTunneling* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -935,7 +935,7 @@ If you disable or do not configure this policy setting, a DHCP-configured connec ADMX Info: -- GP English name: *Turn off notifications when a connection has only limited or no connectivity* +- GP Friendly name: *Turn off notifications when a connection has only limited or no connectivity* - GP name: *NC_IpStateChecking* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -1019,7 +1019,7 @@ The Local Area Connection Properties dialog box includes a list of the network c ADMX Info: -- GP English name: *Prohibit access to properties of components of a LAN connection* +- GP Friendly name: *Prohibit access to properties of components of a LAN connection* - GP name: *NC_LanChangeProperties* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -1095,7 +1095,7 @@ If you do not configure this setting, only Administrators and Network Configurat ADMX Info: -- GP English name: *Ability to Enable/Disable a LAN connection* +- GP Friendly name: *Ability to Enable/Disable a LAN connection* - GP name: *NC_LanConnect* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -1173,7 +1173,7 @@ If you disable this setting or do not configure it, a Properties menu item appea ADMX Info: -- GP English name: *Prohibit access to properties of a LAN connection* +- GP Friendly name: *Prohibit access to properties of a LAN connection* - GP name: *NC_LanProperties* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -1249,7 +1249,7 @@ If you disable this setting or do not configure it, the Make New Connection icon ADMX Info: -- GP English name: *Prohibit access to the New Connection Wizard* +- GP Friendly name: *Prohibit access to the New Connection Wizard* - GP name: *NC_NewConnectionWizard* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -1327,7 +1327,7 @@ If you disable this setting or do not configure it, the Internet Connection Fire ADMX Info: -- GP English name: *Prohibit use of Internet Connection Firewall on your DNS domain network* +- GP Friendly name: *Prohibit use of Internet Connection Firewall on your DNS domain network* - GP name: *NC_PersonalFirewallConfig* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -1409,7 +1409,7 @@ If you do not configure this setting, only Administrators and Network Configurat ADMX Info: -- GP English name: *Ability to change properties of an all user remote access connection* +- GP Friendly name: *Ability to change properties of an all user remote access connection* - GP name: *NC_RasAllUserProperties* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -1491,7 +1491,7 @@ The Networking tab of the Remote Access Connection Properties dialog box include ADMX Info: -- GP English name: *Prohibit access to properties of components of a remote access connection* +- GP Friendly name: *Prohibit access to properties of components of a remote access connection* - GP name: *NC_RasChangeProperties* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -1562,7 +1562,7 @@ If you disable this setting or do not configure it, the Connect and Disconnect o ADMX Info: -- GP English name: *Prohibit connecting and disconnecting a remote access connection* +- GP Friendly name: *Prohibit connecting and disconnecting a remote access connection* - GP name: *NC_RasConnect* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -1642,7 +1642,7 @@ If you disable this setting or do not configure it, a Properties menu item appea ADMX Info: -- GP English name: *Prohibit changing properties of a private remote access connection* +- GP Friendly name: *Prohibit changing properties of a private remote access connection* - GP name: *NC_RasMyProperties* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -1722,7 +1722,7 @@ This setting does not prevent users from using other programs, such as Internet ADMX Info: -- GP English name: *Ability to rename all user remote access connections* +- GP Friendly name: *Ability to rename all user remote access connections* - GP name: *NC_RenameAllUserRasConnection* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -1800,7 +1800,7 @@ If this setting is not configured, only Administrators and Network Configuration ADMX Info: -- GP English name: *Ability to rename LAN connections or remote access connections available to all users* +- GP Friendly name: *Ability to rename LAN connections or remote access connections available to all users* - GP name: *NC_RenameConnection* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -1876,7 +1876,7 @@ When the "Ability to rename LAN connections or remote access connections availab ADMX Info: -- GP English name: *Ability to rename LAN connections* +- GP Friendly name: *Ability to rename LAN connections* - GP name: *NC_RenameLanConnection* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -1952,7 +1952,7 @@ If you disable this setting or do not configure it, the Rename option is enabled ADMX Info: -- GP English name: *Prohibit renaming private remote access connections* +- GP Friendly name: *Prohibit renaming private remote access connections* - GP name: *NC_RenameMyRasConnection* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -2034,7 +2034,7 @@ Disabling this setting does not prevent Wireless Hosted Networking from using th ADMX Info: -- GP English name: *Prohibit use of Internet Connection Sharing on your DNS domain network* +- GP Friendly name: *Prohibit use of Internet Connection Sharing on your DNS domain network* - GP name: *NC_ShowSharedAccessUI* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -2107,7 +2107,7 @@ If you disable this setting or do not configure it, the connection status taskba ADMX Info: -- GP English name: *Prohibit viewing of status for an active connection* +- GP Friendly name: *Prohibit viewing of status for an active connection* - GP name: *NC_Statistics* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* @@ -2176,7 +2176,7 @@ If you disable or do not configure this policy setting, domain users can set a n ADMX Info: -- GP English name: *Require domain users to elevate when setting a network's location* +- GP Friendly name: *Require domain users to elevate when setting a network's location* - GP name: *NC_StdDomainUserSetLocation* - GP path: *Network\Network Connections* - GP ADMX file name: *NetworkConnections.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index d9524a1f82..fa64224da3 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -227,7 +227,7 @@ If you disable this setting or do not configure it, the system asks users whethe ADMX Info: -- GP English name: *Subfolders always available offline* +- GP Friendly name: *Subfolders always available offline* - GP name: *Pol_AlwaysPinSubFolders* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -301,7 +301,7 @@ If you do not configure this policy setting, no files or folders are made availa ADMX Info: -- GP English name: *Specify administratively assigned Offline Files* +- GP Friendly name: *Specify administratively assigned Offline Files* - GP name: *Pol_AssignedOfflineFiles_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -375,7 +375,7 @@ If you do not configure this policy setting, no files or folders are made availa ADMX Info: -- GP English name: *Specify administratively assigned Offline Files* +- GP Friendly name: *Specify administratively assigned Offline Files* - GP name: *Pol_AssignedOfflineFiles_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -446,7 +446,7 @@ If you disable or do not configure this policy setting, Windows performs a backg ADMX Info: -- GP English name: *Configure Background Sync* +- GP Friendly name: *Configure Background Sync* - GP name: *Pol_BackgroundSyncSettings* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -527,7 +527,7 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s ADMX Info: -- GP English name: *Limit disk space used by Offline Files* +- GP Friendly name: *Limit disk space used by Offline Files* - GP name: *Pol_CacheSize* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -611,7 +611,7 @@ Also, see the "Non-default server disconnect actions" setting. ADMX Info: -- GP English name: *Action on server disconnect* +- GP Friendly name: *Action on server disconnect* - GP name: *Pol_CustomGoOfflineActions_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -695,7 +695,7 @@ Also, see the "Non-default server disconnect actions" setting. ADMX Info: -- GP English name: *Action on server disconnect* +- GP Friendly name: *Action on server disconnect* - GP name: *Pol_CustomGoOfflineActions_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -775,7 +775,7 @@ If you do not configure this setting, disk space for automatically cached files ADMX Info: -- GP English name: *Default cache size* +- GP Friendly name: *Default cache size* - GP name: *Pol_DefCacheSize* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -849,7 +849,7 @@ If you do not configure this policy setting, Offline Files is enabled on Windows ADMX Info: -- GP English name: *Allow or Disallow use of the Offline Files feature* +- GP Friendly name: *Allow or Disallow use of the Offline Files feature* - GP name: *Pol_Enabled* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -926,7 +926,7 @@ This setting is applied at user logon. If this setting is changed after user log ADMX Info: -- GP English name: *Encrypt the Offline Files cache* +- GP Friendly name: *Encrypt the Offline Files cache* - GP name: *Pol_EncryptOfflineFiles* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1006,7 +1006,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the ADMX Info: -- GP English name: *Event logging level* +- GP Friendly name: *Event logging level* - GP name: *Pol_EventLoggingLevel_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1086,7 +1086,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the ADMX Info: -- GP English name: *Event logging level* +- GP Friendly name: *Event logging level* - GP name: *Pol_EventLoggingLevel_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1155,7 +1155,7 @@ If you disable or do not configure this policy setting, a user can create a file ADMX Info: -- GP English name: *Enable file screens* +- GP Friendly name: *Enable file screens* - GP name: *Pol_ExclusionListSettings* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1229,7 +1229,7 @@ To use this setting, type the file name extension in the "Extensions" box. To ty ADMX Info: -- GP English name: *Files not cached* +- GP Friendly name: *Files not cached* - GP name: *Pol_ExtExclusionList* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1313,7 +1313,7 @@ Also, see the "Non-default server disconnect actions" setting. ADMX Info: -- GP English name: *Action on server disconnect* +- GP Friendly name: *Action on server disconnect* - GP name: *Pol_GoOfflineAction_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1397,7 +1397,7 @@ Also, see the "Non-default server disconnect actions" setting. ADMX Info: -- GP English name: *Action on server disconnect* +- GP Friendly name: *Action on server disconnect* - GP name: *Pol_GoOfflineAction_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1471,7 +1471,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Prevent use of Offline Files folder* +- GP Friendly name: *Prevent use of Offline Files folder* - GP name: *Pol_NoCacheViewer_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1545,7 +1545,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Prevent use of Offline Files folder* +- GP Friendly name: *Prevent use of Offline Files folder* - GP name: *Pol_NoCacheViewer_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1619,7 +1619,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Prohibit user configuration of Offline Files* +- GP Friendly name: *Prohibit user configuration of Offline Files* - GP name: *Pol_NoConfigCache_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1693,7 +1693,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Prohibit user configuration of Offline Files* +- GP Friendly name: *Prohibit user configuration of Offline Files* - GP name: *Pol_NoConfigCache_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1766,7 +1766,7 @@ If you disable or do not configure this policy setting, users can manually speci ADMX Info: -- GP English name: *Remove "Make Available Offline" command* +- GP Friendly name: *Remove "Make Available Offline" command* - GP name: *Pol_NoMakeAvailableOffline_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1839,7 +1839,7 @@ If you disable or do not configure this policy setting, users can manually speci ADMX Info: -- GP English name: *Remove "Make Available Offline" command* +- GP Friendly name: *Remove "Make Available Offline" command* - GP name: *Pol_NoMakeAvailableOffline_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1916,7 +1916,7 @@ If you do not configure this policy setting, the "Make Available Offline" comman ADMX Info: -- GP English name: *Remove "Make Available Offline" for these files and folders* +- GP Friendly name: *Remove "Make Available Offline" for these files and folders* - GP name: *Pol_NoPinFiles_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -1993,7 +1993,7 @@ If you do not configure this policy setting, the "Make Available Offline" comman ADMX Info: -- GP English name: *Remove "Make Available Offline" for these files and folders* +- GP Friendly name: *Remove "Make Available Offline" for these files and folders* - GP name: *Pol_NoPinFiles_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -2073,7 +2073,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Turn off reminder balloons* +- GP Friendly name: *Turn off reminder balloons* - GP name: *Pol_NoReminders_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -2153,7 +2153,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Turn off reminder balloons* +- GP Friendly name: *Turn off reminder balloons* - GP name: *Pol_NoReminders_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -2226,7 +2226,7 @@ If you disable or do not configure this policy setting, remote files will be not ADMX Info: -- GP English name: *Enable Transparent Caching* +- GP Friendly name: *Enable Transparent Caching* - GP name: *Pol_OnlineCachingSettings* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -2297,7 +2297,7 @@ If you disable this setting or do not configure it, the system asks users whethe ADMX Info: -- GP English name: *Subfolders always available offline* +- GP Friendly name: *Subfolders always available offline* - GP name: *Pol_AlwaysPinSubFolders* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -2369,7 +2369,7 @@ If you disable this setting or do not configure it, automatically and manually c ADMX Info: -- GP English name: *At logoff, delete local copy of user’s offline files* +- GP Friendly name: *At logoff, delete local copy of user’s offline files* - GP name: *Pol_PurgeAtLogoff* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -2438,7 +2438,7 @@ If you disable this policy setting, all administratively assigned folders are sy ADMX Info: -- GP English name: *Turn on economical application of administratively assigned Offline Files* +- GP Friendly name: *Turn on economical application of administratively assigned Offline Files* - GP name: *Pol_QuickAdimPin* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -2512,7 +2512,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Reminder balloon frequency* +- GP Friendly name: *Reminder balloon frequency* - GP name: *Pol_ReminderFreq_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -2586,7 +2586,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Reminder balloon frequency* +- GP Friendly name: *Reminder balloon frequency* - GP name: *Pol_ReminderFreq_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -2655,7 +2655,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Initial reminder balloon lifetime* +- GP Friendly name: *Initial reminder balloon lifetime* - GP name: *Pol_ReminderInitTimeout_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -2724,7 +2724,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Initial reminder balloon lifetime* +- GP Friendly name: *Initial reminder balloon lifetime* - GP name: *Pol_ReminderInitTimeout_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -2793,7 +2793,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Reminder balloon lifetime* +- GP Friendly name: *Reminder balloon lifetime* - GP name: *Pol_ReminderTimeout_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -2862,7 +2862,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Reminder balloon lifetime* +- GP Friendly name: *Reminder balloon lifetime* - GP name: *Pol_ReminderTimeout_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -2941,7 +2941,7 @@ If you disable this policy setting, computers will not use the slow-link mode. ADMX Info: -- GP English name: *Configure slow-link mode* +- GP Friendly name: *Configure slow-link mode* - GP name: *Pol_SlowLinkSettings* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -3015,7 +3015,7 @@ If this setting is disabled or not configured, the default threshold value of 64 ADMX Info: -- GP English name: *Configure Slow link speed* +- GP Friendly name: *Configure Slow link speed* - GP name: *Pol_SlowLinkSpeed* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -3093,7 +3093,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Synchronize all offline files before logging off* +- GP Friendly name: *Synchronize all offline files before logging off* - GP name: *Pol_SyncAtLogoff_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -3171,7 +3171,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Synchronize all offline files before logging off* +- GP Friendly name: *Synchronize all offline files before logging off* - GP name: *Pol_SyncAtLogoff_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -3249,7 +3249,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Synchronize all offline files when logging on* +- GP Friendly name: *Synchronize all offline files when logging on* - GP name: *Pol_SyncAtLogon_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -3329,7 +3329,7 @@ This setting appears in the Computer Configuration and User Configuration folder ADMX Info: -- GP English name: *Synchronize all offline files when logging on* +- GP Friendly name: *Synchronize all offline files when logging on* - GP name: *Pol_SyncAtLogon_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -3401,7 +3401,7 @@ If you disable or do not configuring this setting, files are not synchronized wh ADMX Info: -- GP English name: *Synchronize offline files before suspend* +- GP Friendly name: *Synchronize offline files before suspend* - GP name: *Pol_SyncAtSuspend_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -3473,7 +3473,7 @@ If you disable or do not configuring this setting, files are not synchronized wh ADMX Info: -- GP English name: *Synchronize offline files before suspend* +- GP Friendly name: *Synchronize offline files before suspend* - GP name: *Pol_SyncAtSuspend_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -3542,7 +3542,7 @@ If this setting is disabled or not configured, synchronization will not run in t ADMX Info: -- GP English name: *Enable file synchronization on costed networks* +- GP Friendly name: *Enable file synchronization on costed networks* - GP name: *Pol_SyncOnCostedNetwork* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -3611,7 +3611,7 @@ If you disable or do not configure this policy setting, the "Work offline" comma ADMX Info: -- GP English name: *Remove "Work offline" command* +- GP Friendly name: *Remove "Work offline" command* - GP name: *Pol_WorkOfflineDisabled_1* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* @@ -3680,7 +3680,7 @@ If you disable or do not configure this policy setting, the "Work offline" comma ADMX Info: -- GP English name: *Remove "Work offline" command* +- GP Friendly name: *Remove "Work offline" command* - GP name: *Pol_WorkOfflineDisabled_2* - GP path: *Network\Offline Files* - GP ADMX file name: *OfflineFiles.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index 7704597e96..790bed78ed 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -124,7 +124,7 @@ Select one of the following: ADMX Info: -- GP English name: *Turn on BranchCache* +- GP Friendly name: *Turn on BranchCache* - GP name: *EnableWindowsBranchCache* - GP path: *Network\BranchCache* - GP ADMX file name: *PeerToPeerCaching.admx* @@ -202,7 +202,7 @@ Select one of the following: ADMX Info: -- GP English name: *Set BranchCache Distributed Cache mode* +- GP Friendly name: *Set BranchCache Distributed Cache mode* - GP name: *EnableWindowsBranchCache_Distributed* - GP path: *Network\BranchCache* - GP ADMX file name: *PeerToPeerCaching.admx* @@ -286,7 +286,7 @@ Hosted cache clients must trust the server certificate that is issued to the hos ADMX Info: -- GP English name: *Set BranchCache Hosted Cache mode* +- GP Friendly name: *Set BranchCache Hosted Cache mode* - GP name: *EnableWindowsBranchCache_Hosted* - GP path: *Network\BranchCache* - GP ADMX file name: *PeerToPeerCaching.admx* @@ -373,7 +373,7 @@ Select one of the following: ADMX Info: -- GP English name: *Enable Automatic Hosted Cache Discovery by Service Connection Point* +- GP Friendly name: *Enable Automatic Hosted Cache Discovery by Service Connection Point* - GP name: *EnableWindowsBranchCache_HostedCacheDiscovery* - GP path: *Network\BranchCache* - GP ADMX file name: *PeerToPeerCaching.admx* @@ -456,7 +456,7 @@ In circumstances where this setting is enabled, you can also select and configur ADMX Info: -- GP English name: *Configure Hosted Cache Servers* +- GP Friendly name: *Configure Hosted Cache Servers* - GP name: *EnableWindowsBranchCache_HostedMultipleServers* - GP path: *Network\BranchCache* - GP ADMX file name: *PeerToPeerCaching.admx* @@ -533,7 +533,7 @@ In circumstances where this policy setting is enabled, you can also select and c ADMX Info: -- GP English name: *Configure BranchCache for network files* +- GP Friendly name: *Configure BranchCache for network files* - GP name: *EnableWindowsBranchCache_SMB* - GP path: *Network\BranchCache* - GP ADMX file name: *PeerToPeerCaching.admx* @@ -617,7 +617,7 @@ In circumstances where this setting is enabled, you can also select and configur ADMX Info: -- GP English name: *Set percentage of disk space used for client computer cache* +- GP Friendly name: *Set percentage of disk space used for client computer cache* - GP name: *SetCachePercent* - GP path: *Network\BranchCache* - GP ADMX file name: *PeerToPeerCaching.admx* @@ -698,7 +698,7 @@ In circumstances where this setting is enabled, you can also select and configur ADMX Info: -- GP English name: *Set age for segments in the data cache* +- GP Friendly name: *Set age for segments in the data cache* - GP name: *SetDataCacheEntryMaxAge* - GP path: *Network\BranchCache* - GP ADMX file name: *PeerToPeerCaching.admx* @@ -782,7 +782,7 @@ Select from the following versions ADMX Info: -- GP English name: *Configure Client BranchCache Version Support* +- GP Friendly name: *Configure Client BranchCache Version Support* - GP name: *SetDowngrading* - GP path: *Network\BranchCache* - GP ADMX file name: *PeerToPeerCaching.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md index a19a43f761..cd77c701e3 100644 --- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md +++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md @@ -107,7 +107,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is ADMX Info: -- GP English name: *Configure Scenario Execution Level* +- GP Friendly name: *Configure Scenario Execution Level* - GP name: *WdiScenarioExecutionPolicy_1* - GP path: *System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics* - GP ADMX file name: *PerformanceDiagnostics.admx* @@ -184,7 +184,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is ADMX Info: -- GP English name: *Configure Scenario Execution Level* +- GP Friendly name: *Configure Scenario Execution Level* - GP name: *WdiScenarioExecutionPolicy_2* - GP path: *System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics* - GP ADMX file name: *PerformanceDiagnostics.admx* @@ -261,7 +261,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is ADMX Info: -- GP English name: *Configure Scenario Execution Level* +- GP Friendly name: *Configure Scenario Execution Level* - GP name: *WdiScenarioExecutionPolicy_3* - GP path: *System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics* - GP ADMX file name: *PerformanceDiagnostics.admx* @@ -338,7 +338,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is ADMX Info: -- GP English name: *Configure Scenario Execution Level* +- GP Friendly name: *Configure Scenario Execution Level* - GP name: *WdiScenarioExecutionPolicy_4* - GP path: *System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics* - GP ADMX file name: *PerformanceDiagnostics.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md index e7609b69d8..17087dd1d9 100644 --- a/windows/client-management/mdm/policy-csp-admx-power.md +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -164,7 +164,7 @@ If you do not configure this policy setting, users control this setting. ADMX Info: -- GP English name: *Allow network connectivity during connected-standby (plugged in)* +- GP Friendly name: *Allow network connectivity during connected-standby (plugged in)* - GP name: *ACConnectivityInStandby_2* - GP path: *System\Power Management\Sleep Settings* - GP ADMX file name: *Power.admx* @@ -233,7 +233,7 @@ If you disable or do not configure this policy setting, users control this setti ADMX Info: -- GP English name: *Turn on the ability for applications to prevent sleep transitions (plugged in)* +- GP Friendly name: *Turn on the ability for applications to prevent sleep transitions (plugged in)* - GP name: *ACCriticalSleepTransitionsDisable_2* - GP path: *System\Power Management\Sleep Settings* - GP ADMX file name: *Power.admx* @@ -306,7 +306,7 @@ If you disable this policy or do not configure this policy setting, users contro ADMX Info: -- GP English name: *Select the Start menu Power button action (plugged in)* +- GP Friendly name: *Select the Start menu Power button action (plugged in)* - GP name: *ACStartMenuButtonAction_2* - GP path: *System\Power Management\Button Settings* - GP ADMX file name: *Power.admx* @@ -375,7 +375,7 @@ If you disable or do not configure this policy setting, applications, services, ADMX Info: -- GP English name: *Allow applications to prevent automatic sleep (plugged in)* +- GP Friendly name: *Allow applications to prevent automatic sleep (plugged in)* - GP name: *AllowSystemPowerRequestAC* - GP path: *System\Power Management\Sleep Settings* - GP ADMX file name: *Power.admx* @@ -444,7 +444,7 @@ If you disable or do not configure this policy setting, applications, services, ADMX Info: -- GP English name: *Allow applications to prevent automatic sleep (on battery)* +- GP Friendly name: *Allow applications to prevent automatic sleep (on battery)* - GP name: *AllowSystemPowerRequestDC* - GP path: *System\Power Management\Sleep Settings* - GP ADMX file name: *Power.admx* @@ -513,7 +513,7 @@ If you disable or do not configure this policy setting, the computer does not au ADMX Info: -- GP English name: *Allow automatic sleep with Open Network Files (plugged in)* +- GP Friendly name: *Allow automatic sleep with Open Network Files (plugged in)* - GP name: *AllowSystemSleepWithRemoteFilesOpenAC* - GP path: *System\Power Management\Sleep Settings* - GP ADMX file name: *Power.admx* @@ -582,7 +582,7 @@ If you disable or do not configure this policy setting, the computer does not au ADMX Info: -- GP English name: *Allow automatic sleep with Open Network Files (on battery)* +- GP Friendly name: *Allow automatic sleep with Open Network Files (on battery)* - GP name: *AllowSystemSleepWithRemoteFilesOpenDC* - GP path: *System\Power Management\Sleep Settings* - GP ADMX file name: *Power.admx* @@ -651,7 +651,7 @@ If you disable or do not configure this policy setting, users can see and change ADMX Info: -- GP English name: *Specify a custom active power plan* +- GP Friendly name: *Specify a custom active power plan* - GP name: *CustomActiveSchemeOverride_2* - GP path: *System\Power Management* - GP ADMX file name: *Power.admx* @@ -725,7 +725,7 @@ If you disable or do not configure this policy setting, users control this setti ADMX Info: -- GP English name: *Critical battery notification action* +- GP Friendly name: *Critical battery notification action* - GP name: *DCBatteryDischargeAction0_2* - GP path: *System\Power Management\Notification Settings* - GP ADMX file name: *Power.admx* @@ -799,7 +799,7 @@ If you disable or do not configure this policy setting, users control this setti ADMX Info: -- GP English name: *Low battery notification action* +- GP Friendly name: *Low battery notification action* - GP name: *DCBatteryDischargeAction1_2* - GP path: *System\Power Management\Notification Settings* - GP ADMX file name: *Power.admx* @@ -870,7 +870,7 @@ If you disable this policy setting or do not configure it, users control this se ADMX Info: -- GP English name: *Critical battery notification level* +- GP Friendly name: *Critical battery notification level* - GP name: *DCBatteryDischargeLevel0_2* - GP path: *System\Power Management\Notification Settings* - GP ADMX file name: *Power.admx* @@ -943,7 +943,7 @@ If you disable or do not configure this policy setting, users can control this s ADMX Info: -- GP English name: *Turn off low battery user notification* +- GP Friendly name: *Turn off low battery user notification* - GP name: *DCBatteryDischargeLevel1UINotification_2* - GP path: *System\Power Management\Notification Settings* - GP ADMX file name: *Power.admx* @@ -1014,7 +1014,7 @@ If you disable this policy setting or do not configure it, users control this se ADMX Info: -- GP English name: *Low battery notification level* +- GP Friendly name: *Low battery notification level* - GP name: *DCBatteryDischargeLevel1_2* - GP path: *System\Power Management\Notification Settings* - GP ADMX file name: *Power.admx* @@ -1085,7 +1085,7 @@ If you do not configure this policy setting, users control this setting. ADMX Info: -- GP English name: *Allow network connectivity during connected-standby (on battery)* +- GP Friendly name: *Allow network connectivity during connected-standby (on battery)* - GP name: *DCConnectivityInStandby_2* - GP path: *System\Power Management\Sleep Settings* - GP ADMX file name: *Power.admx* @@ -1154,7 +1154,7 @@ If you disable or do not configure this policy setting, users control this setti ADMX Info: -- GP English name: *Turn on the ability for applications to prevent sleep transitions (on battery)* +- GP Friendly name: *Turn on the ability for applications to prevent sleep transitions (on battery)* - GP name: *DCCriticalSleepTransitionsDisable_2* - GP path: *System\Power Management\Sleep Settings* - GP ADMX file name: *Power.admx* @@ -1227,7 +1227,7 @@ If you disable this policy or do not configure this policy setting, users contro ADMX Info: -- GP English name: *Select the Start menu Power button action (on battery)* +- GP Friendly name: *Select the Start menu Power button action (on battery)* - GP name: *DCStartMenuButtonAction_2* - GP path: *System\Power Management\Button Settings* - GP ADMX file name: *Power.admx* @@ -1296,7 +1296,7 @@ If you disable or do not configure this policy setting, users can see and change ADMX Info: -- GP English name: *Turn Off the hard disk (plugged in)* +- GP Friendly name: *Turn Off the hard disk (plugged in)* - GP name: *DiskACPowerDownTimeOut_2* - GP path: *System\Power Management\Hard Disk Settings* - GP ADMX file name: *Power.admx* @@ -1365,7 +1365,7 @@ If you disable or do not configure this policy setting, users can see and change ADMX Info: -- GP English name: *Turn Off the hard disk (on battery)* +- GP Friendly name: *Turn Off the hard disk (on battery)* - GP name: *DiskDCPowerDownTimeOut_2* - GP path: *System\Power Management\Hard Disk Settings* - GP ADMX file name: *Power.admx* @@ -1440,7 +1440,7 @@ If you disable or do not configure this policy setting, the computer system safe ADMX Info: -- GP English name: *Do not turn off system power after a Windows system shutdown has occurred.* +- GP Friendly name: *Do not turn off system power after a Windows system shutdown has occurred.* - GP name: *Dont_PowerOff_AfterShutdown* - GP path: *System* - GP ADMX file name: *Power.admx* @@ -1511,7 +1511,7 @@ If you disable or do not configure this policy setting, users control this setti ADMX Info: -- GP English name: *Turn on desktop background slideshow (plugged in)* +- GP Friendly name: *Turn on desktop background slideshow (plugged in)* - GP name: *EnableDesktopSlideShowAC* - GP path: *System\Power Management\Video and Display Settings* - GP ADMX file name: *Power.admx* @@ -1582,7 +1582,7 @@ If you disable or do not configure this policy setting, users control this setti ADMX Info: -- GP English name: *Turn on desktop background slideshow (on battery)* +- GP Friendly name: *Turn on desktop background slideshow (on battery)* - GP name: *EnableDesktopSlideShowDC* - GP path: *System\Power Management\Video and Display Settings* - GP ADMX file name: *Power.admx* @@ -1651,7 +1651,7 @@ If you disable or do not configure this policy setting, users control this setti ADMX Info: -- GP English name: *Select an active power plan* +- GP Friendly name: *Select an active power plan* - GP name: *InboxActiveSchemeOverride_2* - GP path: *System\Power Management* - GP ADMX file name: *Power.admx* @@ -1720,7 +1720,7 @@ If you disable or do not configure this policy setting, users control if their c ADMX Info: -- GP English name: *Prompt for password on resume from hibernate/suspend* +- GP Friendly name: *Prompt for password on resume from hibernate/suspend* - GP name: *PW_PromptPasswordOnResume* - GP path: *System\Power Management* - GP ADMX file name: *Power.admx* @@ -1789,7 +1789,7 @@ If you disable or do not configure this policy setting, users control this setti ADMX Info: -- GP English name: *Turn off Power Throttling* +- GP Friendly name: *Turn off Power Throttling* - GP name: *PowerThrottlingTurnOff* - GP path: *System\Power Management\Power Throttling Settings* - GP ADMX file name: *Power.admx* @@ -1858,7 +1858,7 @@ If you disable or do not configure this policy setting, users can see and change ADMX Info: -- GP English name: *Reserve battery notification level* +- GP Friendly name: *Reserve battery notification level* - GP name: *ReserveBatteryNotificationLevel* - GP path: *System\Power Management\Notification Settings* - GP ADMX file name: *Power.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md index cf73077bc0..dff726a8e8 100644 --- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md @@ -105,7 +105,7 @@ To add modules and snap-ins to the policy setting list, click Show, and then typ ADMX Info: -- GP English name: *Turn on Module Logging* +- GP Friendly name: *Turn on Module Logging* - GP name: *EnableModuleLogging* - GP path: *Windows Components\Windows PowerShell* - GP ADMX file name: *PowerShellExecutionPolicy.admx* @@ -180,7 +180,7 @@ If you disable this policy setting, no scripts are allowed to run. ADMX Info: -- GP English name: *Turn on Script Execution* +- GP Friendly name: *Turn on Script Execution* - GP name: *EnableScripts* - GP path: *Windows Components\Windows PowerShell* - GP ADMX file name: *PowerShellExecutionPolicy.admx* @@ -255,7 +255,7 @@ If you use the OutputDirectory setting to enable transcript logging to a shared ADMX Info: -- GP English name: *Turn on PowerShell Transcription* +- GP Friendly name: *Turn on PowerShell Transcription* - GP name: *EnableTranscripting* - GP path: *Windows Components\Windows PowerShell* - GP ADMX file name: *PowerShellExecutionPolicy.admx* @@ -328,7 +328,7 @@ If this policy setting is disabled or not configured, this policy setting does n ADMX Info: -- GP English name: *Set the default source path for Update-Help* +- GP Friendly name: *Set the default source path for Update-Help* - GP name: *EnableUpdateHelpDefaultSourcePath* - GP path: *Windows Components\Windows PowerShell* - GP ADMX file name: *PowerShellExecutionPolicy.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index 0781ec7432..2376b4480e 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -173,7 +173,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" setting in ADMX Info: -- GP English name: *Activate Internet printing* +- GP Friendly name: *Activate Internet printing* - GP name: *AllowWebPrinting* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -249,7 +249,7 @@ If you disable this policy setting, then print drivers will be loaded within all ADMX Info: -- GP English name: *Isolate print drivers from applications* +- GP Friendly name: *Isolate print drivers from applications* - GP name: *ApplicationDriverIsolation* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -325,7 +325,7 @@ Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Opt ADMX Info: -- GP English name: *Custom support URL in the Printers folder's left pane* +- GP Friendly name: *Custom support URL in the Printers folder's left pane* - GP name: *CustomizedSupportUrl* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -398,7 +398,7 @@ By default, Windows Ultimate, Professional and Home SKUs will continue to search ADMX Info: -- GP English name: *Extend Point and Print connection to search Windows Update* +- GP Friendly name: *Extend Point and Print connection to search Windows Update* - GP name: *DoNotInstallCompatibleDriverFromWindowsUpdate* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -481,7 +481,7 @@ In Windows 8 and later, Bluetooth printers are not shown so its limit does not a ADMX Info: -- GP English name: *Add Printer wizard - Network scan page (Managed network)* +- GP Friendly name: *Add Printer wizard - Network scan page (Managed network)* - GP name: *DomainPrinters* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -553,7 +553,7 @@ If you disable this setting, the network printer browse page is removed from wit ADMX Info: -- GP English name: *Browse the network to find printers* +- GP Friendly name: *Browse the network to find printers* - GP name: *DownlevelBrowse* - GP path: *Control Panel\Printers* - GP ADMX file name: *Printing.admx* @@ -633,7 +633,7 @@ If you do not enable this policy setting, the behavior is the same as disabling ADMX Info: -- GP English name: *Always render print jobs on the server* +- GP Friendly name: *Always render print jobs on the server* - GP name: *EMFDespooling* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -700,7 +700,7 @@ This setting may improve the performance of the XPS Rasterization Service or the ADMX Info: -- GP English name: *Always rasterize content to be printed using a software rasterizer* +- GP Friendly name: *Always rasterize content to be printed using a software rasterizer* - GP name: *ForceSoftwareRasterization* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -773,7 +773,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" and "Activ ADMX Info: -- GP English name: *Browse a common web site to find printers* +- GP Friendly name: *Browse a common web site to find printers* - GP name: *IntranetPrintersUrl* - GP path: *Control Panel\Printers* - GP ADMX file name: *Printing.admx* @@ -847,7 +847,7 @@ If you enable this setting, installation of a printer using a kernel-mode driver ADMX Info: -- GP English name: *Disallow installation of printers using kernel-mode drivers* +- GP Friendly name: *Disallow installation of printers using kernel-mode drivers* - GP name: *KMPrintersAreBlocked* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -918,7 +918,7 @@ If you do not configure this setting, default printer management will not change ADMX Info: -- GP English name: *Turn off Windows default printer management* +- GP Friendly name: *Turn off Windows default printer management* - GP name: *LegacyDefaultPrinterMode* - GP path: *Control Panel\Printers* - GP ADMX file name: *Printing.admx* @@ -987,7 +987,7 @@ If you disable or do not configure this policy setting, the default MXDW output ADMX Info: -- GP English name: *Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)* +- GP Friendly name: *Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)* - GP name: *MXDWUseLegacyOutputFormatMSXPS* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -1058,7 +1058,7 @@ If this policy is disabled, or not configured, users can delete printers using t ADMX Info: -- GP English name: *Prevent deletion of printers* +- GP Friendly name: *Prevent deletion of printers* - GP name: *NoDeletePrinter* - GP path: *Control Panel\Printers* - GP ADMX file name: *Printing.admx* @@ -1138,7 +1138,7 @@ In Windows 8 and later, Bluetooth printers are not shown so its limit does not a ADMX Info: -- GP English name: *Add Printer wizard - Network scan page (Unmanaged network)* +- GP Friendly name: *Add Printer wizard - Network scan page (Unmanaged network)* - GP name: *NonDomainPrinters* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -1207,7 +1207,7 @@ If this setting is disabled, or not configured, users will not be restricted to ADMX Info: -- GP English name: *Only use Package Point and print* +- GP Friendly name: *Only use Package Point and print* - GP name: *PackagePointAndPrintOnly* - GP path: *Control Panel\Printers* - GP ADMX file name: *Printing.admx* @@ -1276,7 +1276,7 @@ If this setting is disabled, or not configured, users will not be restricted to ADMX Info: -- GP English name: *Only use Package Point and print* +- GP Friendly name: *Only use Package Point and print* - GP name: *PackagePointAndPrintOnly_Win7* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -1349,7 +1349,7 @@ If this setting is disabled, or not configured, package point and print will not ADMX Info: -- GP English name: *Package Point and print - Approved servers* +- GP Friendly name: *Package Point and print - Approved servers* - GP name: *PackagePointAndPrintServerList* - GP path: *Control Panel\Printers* - GP ADMX file name: *Printing.admx* @@ -1422,7 +1422,7 @@ If this setting is disabled, or not configured, package point and print will not ADMX Info: -- GP English name: *Package Point and print - Approved servers* +- GP Friendly name: *Package Point and print - Approved servers* - GP name: *PackagePointAndPrintServerList_Win7* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -1495,7 +1495,7 @@ If you disable this setting or do not configure it, and the user does not type a ADMX Info: -- GP English name: *Computer location* +- GP Friendly name: *Computer location* - GP name: *PhysicalLocation* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -1566,7 +1566,7 @@ If you disable this setting or do not configure it, Location Tracking is disable ADMX Info: -- GP English name: *Pre-populate printer search location text* +- GP Friendly name: *Pre-populate printer search location text* - GP name: *PhysicalLocationSupport* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -1640,7 +1640,7 @@ If you disable this policy setting, the print spooler will execute print drivers ADMX Info: -- GP English name: *Execute print drivers in isolated processes* +- GP Friendly name: *Execute print drivers in isolated processes* - GP name: *PrintDriverIsolationExecutionPolicy* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -1714,7 +1714,7 @@ If you disable or do not configure this policy setting, the print spooler uses t ADMX Info: -- GP English name: *Override print driver execution compatibility setting reported by print driver* +- GP Friendly name: *Override print driver execution compatibility setting reported by print driver* - GP name: *PrintDriverIsolationOverrideCompat* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -1785,7 +1785,7 @@ This setting only provides a starting point for Active Directory searches for pr ADMX Info: -- GP English name: *Default Active Directory path when searching for printers* +- GP Friendly name: *Default Active Directory path when searching for printers* - GP name: *PrinterDirectorySearchScope* - GP path: *Control Panel\Printers* - GP ADMX file name: *Printing.admx* @@ -1861,7 +1861,7 @@ If you do not configure this setting, shared printers are announced to browse ma ADMX Info: -- GP English name: *Printer browsing* +- GP Friendly name: *Printer browsing* - GP name: *PrinterServerThread* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -1933,7 +1933,7 @@ If you enable this policy setting, the print job name will be included in new lo ADMX Info: -- GP English name: *Allow job name in event logs* +- GP Friendly name: *Allow job name in event logs* - GP name: *ShowJobTitleInEventLogs* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -2004,7 +2004,7 @@ If you disable this policy setting or do not configure it, then all printer exte ADMX Info: -- GP English name: *Do not allow v4 printer drivers to show printer extensions* +- GP Friendly name: *Do not allow v4 printer drivers to show printer extensions* - GP name: *V4DriverDisallowPrinterExtension* - GP path: *Printers* - GP ADMX file name: *Printing.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md index 60ed6563a3..55aeef679a 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing2.md +++ b/windows/client-management/mdm/policy-csp-admx-printing2.md @@ -119,7 +119,7 @@ The default behavior is to automatically publish shared printers in Active Direc ADMX Info: -- GP English name: *Automatically publish new printers in Active Directory* +- GP Friendly name: *Automatically publish new printers in Active Directory* - GP name: *AutoPublishing* - GP path: *Printers* - GP ADMX file name: *Printing2.admx* @@ -193,7 +193,7 @@ If you disable this setting, the domain controller does not prune this computer' ADMX Info: -- GP English name: *Allow pruning of published printers* +- GP Friendly name: *Allow pruning of published printers* - GP name: *ImmortalPrintQueue* - GP path: *Printers* - GP ADMX file name: *Printing2.admx* @@ -274,7 +274,7 @@ You can enable this setting to change the default behavior. To use this setting, ADMX Info: -- GP English name: *Prune printers that are not automatically republished* +- GP Friendly name: *Prune printers that are not automatically republished* - GP name: *PruneDownlevel* - GP path: *Printers* - GP ADMX file name: *Printing2.admx* @@ -350,7 +350,7 @@ If you do not configure or disable this setting the default values will be used. ADMX Info: -- GP English name: *Directory pruning interval* +- GP Friendly name: *Directory pruning interval* - GP name: *PruningInterval* - GP path: *Printers* - GP ADMX file name: *Printing2.admx* @@ -424,7 +424,7 @@ By default, the pruning thread runs at normal priority. However, you can adjust ADMX Info: -- GP English name: *Directory pruning priority* +- GP Friendly name: *Directory pruning priority* - GP name: *PruningPriority* - GP path: *Printers* - GP ADMX file name: *Printing2.admx* @@ -500,7 +500,7 @@ If you do not configure or disable this setting, the default values are used. ADMX Info: -- GP English name: *Directory pruning retry* +- GP Friendly name: *Directory pruning retry* - GP name: *PruningRetries* - GP path: *Printers* - GP ADMX file name: *Printing2.admx* @@ -576,7 +576,7 @@ Note: This setting does not affect the logging of pruning events; the actual pru ADMX Info: -- GP English name: *Log directory pruning retry events* +- GP Friendly name: *Log directory pruning retry events* - GP name: *PruningRetryLog* - GP path: *Printers* - GP ADMX file name: *Printing2.admx* @@ -647,7 +647,7 @@ The spooler must be restarted for changes to this policy to take effect. ADMX Info: -- GP English name: *Allow Print Spooler to accept client connections* +- GP Friendly name: *Allow Print Spooler to accept client connections* - GP name: *RegisterSpoolerRemoteRpcEndPoint* - GP path: *Printers* - GP ADMX file name: *Printing2.admx* @@ -718,7 +718,7 @@ To disable verification, disable this setting, or enable this setting and select ADMX Info: -- GP English name: *Check published state* +- GP Friendly name: *Check published state* - GP name: *VerifyPublishedState* - GP path: *Printers* - GP ADMX file name: *Printing2.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md index b325def568..269ccd44c0 100644 --- a/windows/client-management/mdm/policy-csp-admx-programs.md +++ b/windows/client-management/mdm/policy-csp-admx-programs.md @@ -112,7 +112,7 @@ This setting does not prevent the Default Programs icon from appearing on the St ADMX Info: -- GP English name: *Hide "Set Program Access and Computer Defaults" page* +- GP Friendly name: *Hide "Set Program Access and Computer Defaults" page* - GP name: *NoDefaultPrograms* - GP path: *Control Panel\Programs* - GP ADMX file name: *Programs.admx* @@ -188,7 +188,7 @@ If this setting is disabled or is not configured, the "Install a program from th ADMX Info: -- GP English name: *Hide "Get Programs" page* +- GP Friendly name: *Hide "Get Programs" page* - GP name: *NoGetPrograms* - GP path: *Control Panel\Programs* - GP ADMX file name: *Programs.admx* @@ -259,7 +259,7 @@ This setting does not prevent users from using other tools and methods to instal ADMX Info: -- GP English name: *Hide "Installed Updates" page* +- GP Friendly name: *Hide "Installed Updates" page* - GP name: *NoInstalledUpdates* - GP path: *Control Panel\Programs* - GP ADMX file name: *Programs.admx* @@ -328,7 +328,7 @@ This setting does not prevent users from using other tools and methods to view o ADMX Info: -- GP English name: *Hide "Programs and Features" page* +- GP Friendly name: *Hide "Programs and Features" page* - GP name: *NoProgramsAndFeatures* - GP path: *Control Panel\Programs* - GP ADMX file name: *Programs.admx* @@ -401,7 +401,7 @@ This setting does not prevent users from using other tools and methods to instal ADMX Info: -- GP English name: *Hide the Programs Control Panel* +- GP Friendly name: *Hide the Programs Control Panel* - GP name: *NoProgramsCPL* - GP path: *Control Panel\Programs* - GP ADMX file name: *Programs.admx* @@ -470,7 +470,7 @@ This setting does not prevent users from using other tools and methods to config ADMX Info: -- GP English name: *Hide "Windows Features"* +- GP Friendly name: *Hide "Windows Features"* - GP name: *NoWindowsFeatures* - GP path: *Control Panel\Programs* - GP ADMX file name: *Programs.admx* @@ -544,7 +544,7 @@ If this feature is disabled or is not configured, the "Get new programs from Win ADMX Info: -- GP English name: *Hide "Windows Marketplace"* +- GP Friendly name: *Hide "Windows Marketplace"* - GP name: *NoWindowsMarketplace* - GP path: *Control Panel\Programs* - GP ADMX file name: *Programs.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md index 794b2ccea4..917a3bcdc5 100644 --- a/windows/client-management/mdm/policy-csp-admx-reliability.md +++ b/windows/client-management/mdm/policy-csp-admx-reliability.md @@ -104,7 +104,7 @@ If you do not configure this policy setting, the Persistent System Timestamp is ADMX Info: -- GP English name: *Enable Persistent Time Stamp* +- GP Friendly name: *Enable Persistent Time Stamp* - GP name: *EE_EnablePersistentTimeStamp* - GP path: *System* - GP ADMX file name: *Reliability.admx* @@ -179,7 +179,7 @@ Also see the "Configure Error Reporting" policy setting. ADMX Info: -- GP English name: *Report unplanned shutdown events* +- GP Friendly name: *Report unplanned shutdown events* - GP name: *PCH_ReportShutdownEvents* - GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* - GP ADMX file name: *Reliability.admx* @@ -257,7 +257,7 @@ If you do not configure this policy setting, the default behavior for the System ADMX Info: -- GP English name: *Activate Shutdown Event Tracker System State Data feature* +- GP Friendly name: *Activate Shutdown Event Tracker System State Data feature* - GP name: *ShutdownEventTrackerStateFile* - GP path: *System* - GP ADMX file name: *Reliability.admx* @@ -337,7 +337,7 @@ If you do not configure this policy setting, the default behavior for the Shutdo ADMX Info: -- GP English name: *Display Shutdown Event Tracker* +- GP Friendly name: *Display Shutdown Event Tracker* - GP name: *ShutdownReason* - GP path: *System* - GP ADMX file name: *Reliability.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md index ee0e87ac83..485d680915 100644 --- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md @@ -95,7 +95,7 @@ If you do not configure this policy setting, users can configure the setting in ADMX Info: -- GP English name: *Allow only Windows Vista or later connections* +- GP Friendly name: *Allow only Windows Vista or later connections* - GP name: *RA_EncryptedTicketOnly* - GP path: *System\Remote Assistance* - GP ADMX file name: *RemoteAssistance.admx* @@ -182,7 +182,7 @@ If you do not configure this policy setting, application-based settings are used ADMX Info: -- GP English name: *Turn on bandwidth optimization* +- GP Friendly name: *Turn on bandwidth optimization* - GP name: *RA_Optimize_Bandwidth* - GP path: *System\Remote Assistance* - GP ADMX file name: *RemoteAssistance.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md index 05f6d8b135..b839eb3de7 100644 --- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -186,7 +186,7 @@ If you disable or do not configure this setting, the operating system does not f ADMX Info: -- GP English name: *Set time (in seconds) to force reboot* +- GP Friendly name: *Set time (in seconds) to force reboot* - GP name: *AccessRights_RebootTime_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -258,7 +258,7 @@ If you disable or do not configure this setting, the operating system does not f ADMX Info: -- GP English name: *Set time (in seconds) to force reboot* +- GP Friendly name: *Set time (in seconds) to force reboot* - GP name: *AccessRights_RebootTime_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -327,7 +327,7 @@ If you disable or do not configure this policy setting, execute access is allowe ADMX Info: -- GP English name: *CD and DVD: Deny execute access* +- GP Friendly name: *CD and DVD: Deny execute access* - GP name: *CDandDVD_DenyExecute_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -395,7 +395,7 @@ If you disable or do not configure this policy setting, read access is allowed t ADMX Info: -- GP English name: *CD and DVD: Deny read access* +- GP Friendly name: *CD and DVD: Deny read access* - GP name: *CDandDVD_DenyRead_Access_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -464,7 +464,7 @@ If you disable or do not configure this policy setting, read access is allowed t ADMX Info: -- GP English name: *CD and DVD: Deny read access* +- GP Friendly name: *CD and DVD: Deny read access* - GP name: *CDandDVD_DenyRead_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -533,7 +533,7 @@ If you disable or do not configure this policy setting, write access is allowed ADMX Info: -- GP English name: *CD and DVD: Deny write access* +- GP Friendly name: *CD and DVD: Deny write access* - GP name: *CDandDVD_DenyWrite_Access_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -602,7 +602,7 @@ If you disable or do not configure this policy setting, write access is allowed ADMX Info: -- GP English name: *CD and DVD: Deny write access* +- GP Friendly name: *CD and DVD: Deny write access* - GP name: *CDandDVD_DenyWrite_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -671,7 +671,7 @@ If you disable or do not configure this policy setting, read access is allowed t ADMX Info: -- GP English name: *Custom Classes: Deny read access* +- GP Friendly name: *Custom Classes: Deny read access* - GP name: *CustomClasses_DenyRead_Access_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -740,7 +740,7 @@ If you disable or do not configure this policy setting, read access is allowed t ADMX Info: -- GP English name: *Custom Classes: Deny read access* +- GP Friendly name: *Custom Classes: Deny read access* - GP name: *CustomClasses_DenyRead_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -809,7 +809,7 @@ If you disable or do not configure this policy setting, write access is allowed ADMX Info: -- GP English name: *Custom Classes: Deny write access* +- GP Friendly name: *Custom Classes: Deny write access* - GP name: *CustomClasses_DenyWrite_Access_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -877,7 +877,7 @@ If you disable or do not configure this policy setting, write access is allowed ADMX Info: -- GP English name: *Custom Classes: Deny write access* +- GP Friendly name: *Custom Classes: Deny write access* - GP name: *CustomClasses_DenyWrite_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -945,7 +945,7 @@ If you disable or do not configure this policy setting, execute access is allowe ADMX Info: -- GP English name: *Floppy Drives: Deny execute access* +- GP Friendly name: *Floppy Drives: Deny execute access* - GP name: *FloppyDrives_DenyExecute_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1013,7 +1013,7 @@ If you disable or do not configure this policy setting, read access is allowed t ADMX Info: -- GP English name: *Floppy Drives: Deny read access* +- GP Friendly name: *Floppy Drives: Deny read access* - GP name: *FloppyDrives_DenyRead_Access_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1081,7 +1081,7 @@ If you disable or do not configure this policy setting, read access is allowed t ADMX Info: -- GP English name: *Floppy Drives: Deny read access* +- GP Friendly name: *Floppy Drives: Deny read access* - GP name: *FloppyDrives_DenyRead_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1148,7 +1148,7 @@ If you disable or do not configure this policy setting, write access is allowed ADMX Info: -- GP English name: *Floppy Drives: Deny write access* +- GP Friendly name: *Floppy Drives: Deny write access* - GP name: *FloppyDrives_DenyWrite_Access_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1216,7 +1216,7 @@ If you disable or do not configure this policy setting, write access is allowed ADMX Info: -- GP English name: *Floppy Drives: Deny write access* +- GP Friendly name: *Floppy Drives: Deny write access* - GP name: *FloppyDrives_DenyWrite_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1283,7 +1283,7 @@ If you disable or do not configure this policy setting, execute access is allowe ADMX Info: -- GP English name: *Removable Disks: Deny execute access* +- GP Friendly name: *Removable Disks: Deny execute access* - GP name: *RemovableDisks_DenyExecute_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1351,7 +1351,7 @@ If you disable or do not configure this policy setting, read access is allowed t ADMX Info: -- GP English name: *Removable Disks: Deny read access* +- GP Friendly name: *Removable Disks: Deny read access* - GP name: *RemovableDisks_DenyRead_Access_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1418,7 +1418,7 @@ If you disable or do not configure this policy setting, read access is allowed t ADMX Info: -- GP English name: *Removable Disks: Deny read access* +- GP Friendly name: *Removable Disks: Deny read access* - GP name: *RemovableDisks_DenyRead_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1489,7 +1489,7 @@ If you disable or do not configure this policy setting, write access is allowed ADMX Info: -- GP English name: *Removable Disks: Deny write access* +- GP Friendly name: *Removable Disks: Deny write access* - GP name: *RemovableDisks_DenyWrite_Access_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1559,7 +1559,7 @@ If you disable or do not configure this policy setting, write and read accesses ADMX Info: -- GP English name: *All Removable Storage classes: Deny all access* +- GP Friendly name: *All Removable Storage classes: Deny all access* - GP name: *RemovableStorageClasses_DenyAll_Access_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1629,7 +1629,7 @@ If you disable or do not configure this policy setting, write and read accesses ADMX Info: -- GP English name: *All Removable Storage classes: Deny all access* +- GP Friendly name: *All Removable Storage classes: Deny all access* - GP name: *RemovableStorageClasses_DenyAll_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1697,7 +1697,7 @@ If you disable or do not configure this policy setting, remote users cannot open ADMX Info: -- GP English name: *All Removable Storage: Allow direct access in remote sessions* +- GP Friendly name: *All Removable Storage: Allow direct access in remote sessions* - GP name: *Removable_Remote_Allow_Access* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1765,7 +1765,7 @@ If you disable or do not configure this policy setting, execute access is allowe ADMX Info: -- GP English name: *Tape Drives: Deny execute access* +- GP Friendly name: *Tape Drives: Deny execute access* - GP name: *TapeDrives_DenyExecute_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1832,7 +1832,7 @@ If you disable or do not configure this policy setting, read access is allowed t ADMX Info: -- GP English name: *Tape Drives: Deny read access* +- GP Friendly name: *Tape Drives: Deny read access* - GP name: *TapeDrives_DenyRead_Access_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1900,7 +1900,7 @@ If you disable or do not configure this policy setting, read access is allowed t ADMX Info: -- GP English name: *Tape Drives: Deny read access* +- GP Friendly name: *Tape Drives: Deny read access* - GP name: *TapeDrives_DenyRead_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -1967,7 +1967,7 @@ If you disable or do not configure this policy setting, write access is allowed ADMX Info: -- GP English name: *Tape Drives: Deny write access* +- GP Friendly name: *Tape Drives: Deny write access* - GP name: *TapeDrives_DenyWrite_Access_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -2035,7 +2035,7 @@ If you disable or do not configure this policy setting, write access is allowed ADMX Info: -- GP English name: *Tape Drives: Deny write access* +- GP Friendly name: *Tape Drives: Deny write access* - GP name: *TapeDrives_DenyWrite_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -2103,7 +2103,7 @@ If you disable or do not configure this policy setting, read access is allowed t ADMX Info: -- GP English name: *WPD Devices: Deny read access* +- GP Friendly name: *WPD Devices: Deny read access* - GP name: *WPDDevices_DenyRead_Access_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -2170,7 +2170,7 @@ If you disable or do not configure this policy setting, read access is allowed t ADMX Info: -- GP English name: *WPD Devices: Deny read access* +- GP Friendly name: *WPD Devices: Deny read access* - GP name: *WPDDevices_DenyRead_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -2238,7 +2238,7 @@ If you disable or do not configure this policy setting, write access is allowed ADMX Info: -- GP English name: *WPD Devices: Deny write access* +- GP Friendly name: *WPD Devices: Deny write access* - GP name: *WPDDevices_DenyWrite_Access_1* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* @@ -2306,7 +2306,7 @@ If you disable or do not configure this policy setting, write access is allowed ADMX Info: -- GP English name: *WPD Devices: Deny write access* +- GP Friendly name: *WPD Devices: Deny write access* - GP name: *WPDDevices_DenyWrite_Access_2* - GP path: *System\Removable Storage Access* - GP ADMX file name: *RemovableStorage.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md index 053d6fda1d..c999d05318 100644 --- a/windows/client-management/mdm/policy-csp-admx-rpc.md +++ b/windows/client-management/mdm/policy-csp-admx-rpc.md @@ -119,7 +119,7 @@ You must select an error response type in the drop-down box. ADMX Info: -- GP English name: *Propagate extended error information* +- GP Friendly name: *Propagate extended error information* - GP name: *RpcExtendedErrorInformation* - GP path: *System\Remote Procedure Call* - GP ADMX file name: *RPC.admx* @@ -199,7 +199,7 @@ If you enable this policy setting, then: ADMX Info: -- GP English name: *Ignore Delegation Failure* +- GP Friendly name: *Ignore Delegation Failure* - GP name: *RpcIgnoreDelegationFailure* - GP path: *System\Remote Procedure Call* - GP ADMX file name: *RPC.admx* @@ -280,7 +280,7 @@ If you enable this policy setting, and the IIS server running the RPC HTTP proxy ADMX Info: -- GP English name: *Set Minimum Idle Connection Timeout for RPC/HTTP connections* +- GP Friendly name: *Set Minimum Idle Connection Timeout for RPC/HTTP connections* - GP name: *RpcMinimumHttpConnectionTimeout* - GP path: *System\Remote Procedure Call* - GP ADMX file name: *RPC.admx* @@ -366,7 +366,7 @@ If you enable this policy setting, you can use the drop-down box to determine wh ADMX Info: -- GP English name: *Maintain RPC Troubleshooting State Information* +- GP Friendly name: *Maintain RPC Troubleshooting State Information* - GP name: *RpcStateInformation* - GP path: *System\Remote Procedure Call* - GP ADMX file name: *RPC.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md index 8019979d43..c28841c0c5 100644 --- a/windows/client-management/mdm/policy-csp-admx-scripts.md +++ b/windows/client-management/mdm/policy-csp-admx-scripts.md @@ -123,7 +123,7 @@ If you disable or do not configure this policy setting, user account cross-fores ADMX Info: -- GP English name: *Allow logon scripts when NetBIOS or WINS is disabled* +- GP Friendly name: *Allow logon scripts when NetBIOS or WINS is disabled* - GP name: *Allow_Logon_Script_NetbiosDisabled* - GP path: *System\Scripts* - GP ADMX file name: *Scripts.admx* @@ -198,7 +198,7 @@ If you disable or do not configure this setting the system lets the combined set ADMX Info: -- GP English name: *Specify maximum wait time for Group Policy scripts* +- GP Friendly name: *Specify maximum wait time for Group Policy scripts* - GP name: *MaxGPOScriptWaitPolicy* - GP path: *System\Scripts* - GP ADMX file name: *Scripts.admx* @@ -290,7 +290,7 @@ Within GPO C: C.cmd, C.ps1 ADMX Info: -- GP English name: *Run Windows PowerShell scripts first at computer startup, shutdown* +- GP Friendly name: *Run Windows PowerShell scripts first at computer startup, shutdown* - GP name: *Run_Computer_PS_Scripts_First* - GP path: *System\Scripts* - GP ADMX file name: *Scripts.admx* @@ -363,7 +363,7 @@ Also, see the "Run Logon Scripts Visible" setting. ADMX Info: -- GP English name: *Run legacy logon scripts hidden* +- GP Friendly name: *Run legacy logon scripts hidden* - GP name: *Run_Legacy_Logon_Script_Hidden* - GP path: *System\Scripts* - GP ADMX file name: *Scripts.admx* @@ -434,7 +434,7 @@ If you disable or do not configure this policy setting, the instructions are sup ADMX Info: -- GP English name: *Display instructions in logoff scripts as they run* +- GP Friendly name: *Display instructions in logoff scripts as they run* - GP name: *Run_Logoff_Script_Visible* - GP path: *System\Scripts* - GP ADMX file name: *Scripts.admx* @@ -505,7 +505,7 @@ This policy setting appears in the Computer Configuration and User Configuration ADMX Info: -- GP English name: *Run logon scripts synchronously* +- GP Friendly name: *Run logon scripts synchronously* - GP name: *Run_Logon_Script_Sync_1* - GP path: *System\Scripts* - GP ADMX file name: *Scripts.admx* @@ -576,7 +576,7 @@ This policy setting appears in the Computer Configuration and User Configuration ADMX Info: -- GP English name: *Run logon scripts synchronously* +- GP Friendly name: *Run logon scripts synchronously* - GP name: *Run_Logon_Script_Sync_2* - GP path: *System\Scripts* - GP ADMX file name: *Scripts.admx* @@ -647,7 +647,7 @@ If you disable or do not configure this policy setting, the instructions are sup ADMX Info: -- GP English name: *Display instructions in logon scripts as they run* +- GP Friendly name: *Display instructions in logon scripts as they run* - GP name: *Run_Logon_Script_Visible* - GP path: *System\Scripts* - GP ADMX file name: *Scripts.admx* @@ -718,7 +718,7 @@ If you disable or do not configure this policy setting, the instructions are sup ADMX Info: -- GP English name: *Display instructions in shutdown scripts as they run* +- GP Friendly name: *Display instructions in shutdown scripts as they run* - GP name: *Run_Shutdown_Script_Visible* - GP path: *System\Scripts* - GP ADMX file name: *Scripts.admx* @@ -792,7 +792,7 @@ If you disable or do not configure this policy setting, a startup cannot run unt ADMX Info: -- GP English name: *Run startup scripts asynchronously* +- GP Friendly name: *Run startup scripts asynchronously* - GP name: *Run_Startup_Script_Sync* - GP path: *System\Scripts* - GP ADMX file name: *Scripts.admx* @@ -866,7 +866,7 @@ If you disable or do not configure this policy setting, the instructions are sup ADMX Info: -- GP English name: *Display instructions in startup scripts as they run* +- GP Friendly name: *Display instructions in startup scripts as they run* - GP name: *Run_Startup_Script_Visible* - GP path: *System\Scripts* - GP ADMX file name: *Scripts.admx* @@ -961,7 +961,7 @@ This policy setting appears in the Computer Configuration and User Configuration ADMX Info: -- GP English name: *Run Windows PowerShell scripts first at user logon, logoff* +- GP Friendly name: *Run Windows PowerShell scripts first at user logon, logoff* - GP name: *Run_User_PS_Scripts_First* - GP path: *System\Scripts* - GP ADMX file name: *Scripts.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index cf6bf9fdf7..e7a0beefc6 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -96,7 +96,7 @@ If you disable this policy setting, users can only access and search troubleshoo ADMX Info: -- GP English name: *Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)* +- GP Friendly name: *Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)* - GP name: *BetterWhenConnected* - GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics* - GP ADMX file name: *sdiageng.admx* @@ -167,7 +167,7 @@ Note that this setting also controls a user's ability to launch standalone troub ADMX Info: -- GP English name: *Troubleshooting: Allow users to access and run Troubleshooting Wizards* +- GP Friendly name: *Troubleshooting: Allow users to access and run Troubleshooting Wizards* - GP name: *ScriptedDiagnosticsExecutionPolicy* - GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics* - GP ADMX file name: *sdiageng.admx* @@ -236,7 +236,7 @@ If you disable or do not configure this policy setting, the scripted diagnostics ADMX Info: -- GP English name: *Configure Security Policy for Scripted Diagnostics* +- GP Friendly name: *Configure Security Policy for Scripted Diagnostics* - GP name: *ScriptedDiagnosticsSecurityPolicy* - GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics* - GP ADMX file name: *sdiageng.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index 4e97164a9e..7c06bd2059 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -102,7 +102,7 @@ In Windows Vista, this policy setting monitors essential security settings to in ADMX Info: -- GP English name: *Turn on Security Center (Domain PCs only)* +- GP Friendly name: *Turn on Security Center (Domain PCs only)* - GP name: *SecurityCenter_SecurityCenterInDomain* - GP path: *Windows Components\Security Center* - GP ADMX file name: *Securitycenter.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md index aa5c26fd6f..47b29235a9 100644 --- a/windows/client-management/mdm/policy-csp-admx-sensors.md +++ b/windows/client-management/mdm/policy-csp-admx-sensors.md @@ -102,7 +102,7 @@ If you disable or do not configure this policy setting, all location scripts wil ADMX Info: -- GP English name: *Turn off location scripting* +- GP Friendly name: *Turn off location scripting* - GP name: *DisableLocationScripting_1* - GP path: *Windows Components\Location and Sensors* - GP ADMX file name: *Sensors.admx* @@ -171,7 +171,7 @@ If you disable or do not configure this policy setting, all location scripts wil ADMX Info: -- GP English name: *Turn off location scripting* +- GP Friendly name: *Turn off location scripting* - GP name: *DisableLocationScripting_2* - GP path: *Windows Components\Location and Sensors* - GP ADMX file name: *Sensors.admx* @@ -240,7 +240,7 @@ If you disable or do not configure this policy setting, all programs on this com ADMX Info: -- GP English name: *Turn off location* +- GP Friendly name: *Turn off location* - GP name: *DisableLocation_1* - GP path: *Windows Components\Location and Sensors* - GP ADMX file name: *Sensors.admx* @@ -309,7 +309,7 @@ If you disable or do not configure this policy setting, all programs on this com ADMX Info: -- GP English name: *Turn off sensors* +- GP Friendly name: *Turn off sensors* - GP name: *DisableSensors_1* - GP path: *Windows Components\Location and Sensors* - GP ADMX file name: *Sensors.admx* @@ -378,7 +378,7 @@ If you disable or do not configure this policy setting, all programs on this com ADMX Info: -- GP English name: *Turn off sensors* +- GP Friendly name: *Turn off sensors* - GP name: *DisableSensors_2* - GP path: *Windows Components\Location and Sensors* - GP ADMX file name: *Sensors.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index 6b62a42e86..c537254102 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -92,7 +92,7 @@ If you disable or do not configure this policy setting, or if the required files ADMX Info: -- GP English name: *Specify settings for optional component installation and component repair* +- GP Friendly name: *Specify settings for optional component installation and component repair* - GP name: *Servicing* - GP path: *System* - GP ADMX file name: *Servicing.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md index b79d238174..6f35209bce 100644 --- a/windows/client-management/mdm/policy-csp-admx-settingsync.md +++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md @@ -116,7 +116,7 @@ If you do not set or disable this setting, syncing of the "AppSync" group is on ADMX Info: -- GP English name: *Do not sync Apps* +- GP Friendly name: *Do not sync Apps* - GP name: *DisableAppSyncSettingSync* - GP path: *Windows Components\Sync your settings* - GP ADMX file name: *SettingSync.admx* @@ -187,7 +187,7 @@ If you do not set or disable this setting, syncing of the "app settings" group i ADMX Info: -- GP English name: *Do not sync app settings* +- GP Friendly name: *Do not sync app settings* - GP name: *DisableApplicationSettingSync* - GP path: *Windows Components\Sync your settings* - GP ADMX file name: *SettingSync.admx* @@ -258,7 +258,7 @@ If you do not set or disable this setting, syncing of the "passwords" group is o ADMX Info: -- GP English name: *Do not sync passwords* +- GP Friendly name: *Do not sync passwords* - GP name: *DisableCredentialsSettingSync* - GP path: *Windows Components\Sync your settings* - GP ADMX file name: *SettingSync.admx* @@ -329,7 +329,7 @@ If you do not set or disable this setting, syncing of the "desktop personalizati ADMX Info: -- GP English name: *Do not sync desktop personalization* +- GP Friendly name: *Do not sync desktop personalization* - GP name: *DisableDesktopThemeSettingSync* - GP path: *Windows Components\Sync your settings* - GP ADMX file name: *SettingSync.admx* @@ -400,7 +400,7 @@ If you do not set or disable this setting, syncing of the "personalize" group is ADMX Info: -- GP English name: *Do not sync personalize* +- GP Friendly name: *Do not sync personalize* - GP name: *DisablePersonalizationSettingSync* - GP path: *Windows Components\Sync your settings* - GP ADMX file name: *SettingSync.admx* @@ -471,7 +471,7 @@ If you do not set or disable this setting, "sync your settings" is on by default ADMX Info: -- GP English name: *Do not sync* +- GP Friendly name: *Do not sync* - GP name: *DisableSettingSync* - GP path: *Windows Components\Sync your settings* - GP ADMX file name: *SettingSync.admx* @@ -542,7 +542,7 @@ If you do not set or disable this setting, syncing of the "Start layout" group i ADMX Info: -- GP English name: *Do not sync start settings* +- GP Friendly name: *Do not sync start settings* - GP name: *DisableStartLayoutSettingSync* - GP path: *Windows Components\Sync your settings* - GP ADMX file name: *SettingSync.admx* @@ -611,7 +611,7 @@ If you do not set or disable this setting, syncing on metered connections is con ADMX Info: -- GP English name: *Do not sync on metered connections* +- GP Friendly name: *Do not sync on metered connections* - GP name: *DisableSyncOnPaidNetwork* - GP path: *Windows Components\Sync your settings* - GP ADMX file name: *SettingSync.admx* @@ -682,7 +682,7 @@ If you do not set or disable this setting, syncing of the "Other Windows setting ADMX Info: -- GP English name: *Do not sync other Windows settings* +- GP Friendly name: *Do not sync other Windows settings* - GP name: *DisableWindowsSettingSync* - GP path: *Windows Components\Sync your settings* - GP ADMX file name: *SettingSync.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md index 467cab854e..cc867fb098 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md +++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md @@ -95,7 +95,7 @@ If you disable this policy setting, users cannot publish DFS roots in AD DS and ADMX Info: -- GP English name: *Allow DFS roots to be published* +- GP Friendly name: *Allow DFS roots to be published* - GP name: *PublishDfsRoots* - GP path: *Shared Folders* - GP ADMX file name: *SharedFolders.admx* @@ -168,7 +168,7 @@ If you disable this policy setting, users cannot publish shared folders in AD DS ADMX Info: -- GP English name: *Allow shared folders to be published* +- GP Friendly name: *Allow shared folders to be published* - GP name: *PublishSharedFolders* - GP path: *Shared Folders* - GP ADMX file name: *SharedFolders.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md index faccab55d9..b7e9e8ddaa 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharing.md +++ b/windows/client-management/mdm/policy-csp-admx-sharing.md @@ -89,7 +89,7 @@ If you disable or don't configure this policy setting, users can share files out ADMX Info: -- GP English name: *Prevent users from sharing files within their profile.* +- GP Friendly name: *Prevent users from sharing files within their profile.* - GP name: *NoInplaceSharing* - GP path: *Windows Components\Network Sharing* - GP ADMX file name: *Sharing.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md index 223fa3819b..7d8f85894f 100644 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -102,7 +102,7 @@ If you disable this policy setting or do not configure it, users can run Cmd.exe ADMX Info: -- GP English name: *Prevent access to the command prompt* +- GP Friendly name: *Prevent access to the command prompt* - GP name: *DisableCMD* - GP path: *System* - GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx* @@ -173,7 +173,7 @@ To prevent users from using other administrative tools, use the "Run only specif ADMX Info: -- GP English name: *Prevent access to registry editing tools* +- GP Friendly name: *Prevent access to registry editing tools* - GP name: *DisableRegedit* - GP path: *System* - GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx* @@ -249,7 +249,7 @@ This policy setting only prevents users from running programs that are started b ADMX Info: -- GP English name: *Don't run specified Windows applications* +- GP Friendly name: *Don't run specified Windows applications* - GP name: *DisallowApps* - GP path: *System* - GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx* @@ -324,7 +324,7 @@ This policy setting only prevents users from running programs that are started b ADMX Info: -- GP English name: *Run only specified Windows applications* +- GP Friendly name: *Run only specified Windows applications* - GP name: *RestrictApps* - GP path: *System* - GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-skydrive.md b/windows/client-management/mdm/policy-csp-admx-skydrive.md index 464845261e..72c1b9ab34 100644 --- a/windows/client-management/mdm/policy-csp-admx-skydrive.md +++ b/windows/client-management/mdm/policy-csp-admx-skydrive.md @@ -92,7 +92,7 @@ If you enable or disable this setting, do not return the setting to Not Configur ADMX Info: -- GP English name: *Prevent OneDrive from generating network traffic until the user signs in to OneDrive* +- GP Friendly name: *Prevent OneDrive from generating network traffic until the user signs in to OneDrive* - GP name: *PreventNetworkTrafficPreUserSignIn* - GP path: *Windows Components\OneDrive* - GP ADMX file name: *SkyDrive.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index 227aeb686b..3b4ac39e4f 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -141,7 +141,7 @@ If you disable or do not configure this policy setting, only certificates that c ADMX Info: -- GP English name: *Allow certificates with no extended key usage certificate attribute* +- GP Friendly name: *Allow certificates with no extended key usage certificate attribute* - GP name: *AllowCertificatesWithNoEKU* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -212,7 +212,7 @@ If you disable or do not configure this policy setting then the integrated unblo ADMX Info: -- GP English name: *Allow Integrated Unblock screen to be displayed at the time of logon* +- GP Friendly name: *Allow Integrated Unblock screen to be displayed at the time of logon* - GP name: *AllowIntegratedUnblock* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -281,7 +281,7 @@ If you disable or do not configure this policy setting, any available smart card ADMX Info: -- GP English name: *Allow signature keys valid for Logon* +- GP Friendly name: *Allow signature keys valid for Logon* - GP name: *AllowSignatureOnlyKeys* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -352,7 +352,7 @@ If you disable or do not configure this policy setting, certificates which are e ADMX Info: -- GP English name: *Allow time invalid certificates* +- GP Friendly name: *Allow time invalid certificates* - GP name: *AllowTimeInvalidCertificates* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -421,7 +421,7 @@ If you disable this policy setting, certificate propagation will not occur and t ADMX Info: -- GP English name: *Turn on certificate propagation from smart card* +- GP Friendly name: *Turn on certificate propagation from smart card* - GP name: *CertPropEnabledString* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -486,7 +486,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting al ADMX Info: -- GP English name: *Configure root certificate clean up* +- GP Friendly name: *Configure root certificate clean up* - GP name: *CertPropRootCleanupString* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -558,7 +558,7 @@ If you disable this policy setting then root certificates will not be propagated ADMX Info: -- GP English name: *Turn on root certificate propagation from smart card* +- GP Friendly name: *Turn on root certificate propagation from smart card* - GP name: *CertPropRootEnabledString* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -630,7 +630,7 @@ If you disable or do not configure this policy setting, plaintext PINs can be re ADMX Info: -- GP English name: *Prevent plaintext PINs from being returned by Credential Manager* +- GP Friendly name: *Prevent plaintext PINs from being returned by Credential Manager* - GP name: *DisallowPlaintextPin* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -702,7 +702,7 @@ If you disable or do not configure this policy setting, ECC certificates on a sm ADMX Info: -- GP English name: *Allow ECC certificates to be used for logon and authentication* +- GP Friendly name: *Allow ECC certificates to be used for logon and authentication* - GP name: *EnumerateECCCerts* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -778,7 +778,7 @@ If you disable this policy setting, no filtering will take place. ADMX Info: -- GP English name: *Filter duplicate logon certificates* +- GP Friendly name: *Filter duplicate logon certificates* - GP name: *FilterDuplicateCerts* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -849,7 +849,7 @@ If you disable or do not configure this setting, Windows will only attempt to re ADMX Info: -- GP English name: *Force the reading of all certificates from the smart card* +- GP Friendly name: *Force the reading of all certificates from the smart card* - GP name: *ForceReadingAllCertificates* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -921,7 +921,7 @@ If you disable or do not configure this policy setting, the default message will ADMX Info: -- GP English name: *Display string when smart card is blocked* +- GP Friendly name: *Display string when smart card is blocked* - GP name: *IntegratedUnblockPromptString* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -992,7 +992,7 @@ If you disable, the subject name will be displayed as it appears in the certific ADMX Info: -- GP English name: *Reverse the subject name stored in a certificate when displaying* +- GP Friendly name: *Reverse the subject name stored in a certificate when displaying* - GP name: *ReverseSubject* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -1064,7 +1064,7 @@ If you disable this policy setting, Smart Card Plug and Play will be disabled an ADMX Info: -- GP English name: *Turn on Smart Card Plug and Play service* +- GP Friendly name: *Turn on Smart Card Plug and Play service* - GP name: *SCPnPEnabled* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -1136,7 +1136,7 @@ If you disable this policy setting, a confirmation message will not be displayed ADMX Info: -- GP English name: *Notify user of successful smart card driver installation* +- GP Friendly name: *Notify user of successful smart card driver installation* - GP name: *SCPnPNotification* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -1205,7 +1205,7 @@ If you disable or do not configure this policy setting, an optional field that a ADMX Info: -- GP English name: *Allow user name hint* +- GP Friendly name: *Allow user name hint* - GP name: *X509HintsNeeded* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index 9e6698333d..62a6c6c8e5 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -108,7 +108,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify ADMX Info: -- GP English name: *Specify communities* +- GP Friendly name: *Specify communities* - GP name: *SNMP_Communities* - GP path: *Network\SNMP* - GP ADMX file name: *Snmp.admx* @@ -188,7 +188,7 @@ Also, see the other two SNMP policy settings: "Specify trap configuration" and " ADMX Info: -- GP English name: *Specify permitted managers* +- GP Friendly name: *Specify permitted managers* - GP name: *SNMP_PermittedManagers* - GP path: *Network\SNMP* - GP ADMX file name: *Snmp.admx* @@ -266,7 +266,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify ADMX Info: -- GP English name: *Specify traps for public community* +- GP Friendly name: *Specify traps for public community* - GP name: *SNMP_Traps_Public* - GP path: *Network\SNMP* - GP ADMX file name: *Snmp.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index 43eb801c4d..e108cbcee6 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -288,7 +288,7 @@ If you do not configure this policy (default), there will not be a "Search the I ADMX Info: -- GP English name: *Add Search Internet link to Start Menu* +- GP Friendly name: *Add Search Internet link to Start Menu* - GP name: *AddSearchInternetLinkInStartMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -368,7 +368,7 @@ This policy also does not clear items that the user may have pinned to the Jump ADMX Info: -- GP English name: *Clear history of recently opened documents on exit* +- GP Friendly name: *Clear history of recently opened documents on exit* - GP name: *ClearRecentDocsOnExit* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -435,7 +435,7 @@ If you disable or do not configure this policy, the start menu recent programs l ADMX Info: -- GP English name: *Clear the recent programs list for new users* +- GP Friendly name: *Clear the recent programs list for new users* - GP name: *ClearRecentProgForNewUserInStartMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -504,7 +504,7 @@ This setting does not prevent new notifications from appearing. See the "Turn of ADMX Info: -- GP English name: *Clear tile notifications during log on* +- GP Friendly name: *Clear tile notifications during log on* - GP name: *ClearTilesOnExit* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -573,7 +573,7 @@ If you disable or don't configure this policy setting, the desktop apps won't be ADMX Info: -- GP English name: *List desktop apps first in the Apps view* +- GP Friendly name: *List desktop apps first in the Apps view* - GP name: *DesktopAppsFirstInAppsView* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -644,7 +644,7 @@ If you disable or don’t configure this policy setting, the user can configure ADMX Info: -- GP English name: *Search just apps from the Apps view* +- GP Friendly name: *Search just apps from the Apps view* - GP name: *DisableGlobalSearchOnAppsView* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -721,7 +721,7 @@ Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\ ADMX Info: -- GP English name: *Add Logoff to the Start Menu* +- GP Friendly name: *Add Logoff to the Start Menu* - GP name: *ForceStartMenuLogOff* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -792,7 +792,7 @@ If you don’t configure this policy setting, the default setting for the user ADMX Info: -- GP English name: *Go to the desktop instead of Start when signing in* +- GP Friendly name: *Go to the desktop instead of Start when signing in* - GP name: *GoToDesktopOnSignIn* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -866,7 +866,7 @@ If you disable this setting or do not configure it, all Start menu shortcuts app ADMX Info: -- GP English name: *Gray unavailable Windows Installer programs Start Menu shortcuts* +- GP Friendly name: *Gray unavailable Windows Installer programs Start Menu shortcuts* - GP name: *GreyMSIAds* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -935,7 +935,7 @@ If you disable or do not configure this policy setting, the Power button and the ADMX Info: -- GP English name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands* +- GP Friendly name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands* - GP name: *HidePowerOptions* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1009,7 +1009,7 @@ To Turn off personalized menus without specifying a setting, click Start, click ADMX Info: -- GP English name: *Turn off personalized menus* +- GP Friendly name: *Turn off personalized menus* - GP name: *Intellimenus* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1083,7 +1083,7 @@ If you disable this setting or do not configure it, the user can configure the t ADMX Info: -- GP English name: *Lock the Taskbar* +- GP Friendly name: *Lock the Taskbar* - GP name: *LockTaskbar* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1152,7 +1152,7 @@ Enabling this setting adds a check box to the Run dialog box, giving users the o ADMX Info: -- GP English name: *Add "Run in Separate Memory Space" check box to Run dialog box* +- GP Friendly name: *Add "Run in Separate Memory Space" check box to Run dialog box* - GP name: *MemCheckBoxInRunDlg* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1225,7 +1225,7 @@ If you do not configure it, the user can choose if they want notifications colla ADMX Info: -- GP English name: *Turn off notification area cleanup* +- GP Friendly name: *Turn off notification area cleanup* - GP name: *NoAutoTrayNotify* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1296,7 +1296,7 @@ If you disable this setting or do not configure it, all pop-up text is displayed ADMX Info: -- GP English name: *Remove Balloon Tips on Start Menu items* +- GP Friendly name: *Remove Balloon Tips on Start Menu items* - GP name: *NoBalloonTip* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1365,7 +1365,7 @@ If you disable or do not configure this setting, you will allow a user to select ADMX Info: -- GP English name: *Prevent users from customizing their Start Screen* +- GP Friendly name: *Prevent users from customizing their Start Screen* - GP name: *NoChangeStartMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1437,7 +1437,7 @@ If you disable or do not configure this policy setting, the Power button and the ADMX Info: -- GP English name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands* +- GP Friendly name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands* - GP name: *NoClose* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1506,7 +1506,7 @@ To see the Program menu items in the All Users profile, on the system drive, go ADMX Info: -- GP English name: *Remove common program groups from Start Menu* +- GP Friendly name: *Remove common program groups from Start Menu* - GP name: *NoCommonGroups* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1582,7 +1582,7 @@ If you disable or do not configure this setting, the Display Favorite item is av ADMX Info: -- GP English name: *Remove Favorites menu from Start Menu* +- GP Friendly name: *Remove Favorites menu from Start Menu* - GP name: *NoFavoritesMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1657,7 +1657,7 @@ If you disable or do not configure this policy setting, the Search link is avail ADMX Info: -- GP English name: *Remove Search link from Start Menu* +- GP Friendly name: *Remove Search link from Start Menu* - GP name: *NoFind* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1724,7 +1724,7 @@ If you disable or do not configure this policy, the start menu will show a link ADMX Info: -- GP English name: *Remove Games link from Start Menu* +- GP Friendly name: *Remove Games link from Start Menu* - GP name: *NoGamesFolderOnStartMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1795,7 +1795,7 @@ This policy setting only affects the Start menu. It does not remove the Help men ADMX Info: -- GP English name: *Remove Help menu from Start Menu* +- GP Friendly name: *Remove Help menu from Start Menu* - GP name: *NoHelp* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1868,7 +1868,7 @@ This policy setting does not prevent users from pinning programs to the Start M ADMX Info: -- GP English name: *Turn off user tracking* +- GP Friendly name: *Turn off user tracking* - GP name: *NoInstrumentation* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -1942,7 +1942,7 @@ If you disable or do not configure this setting, the all apps list will be visib ADMX Info: -- GP English name: *Remove All Programs list from the Start menu* +- GP Friendly name: *Remove All Programs list from the Start menu* - GP name: *NoMoreProgramsList* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2017,7 +2017,7 @@ Also, see the "Disable programs on Settings menu" and "Disable Control Panel" po ADMX Info: -- GP English name: *Remove Network Connections from Start Menu* +- GP Friendly name: *Remove Network Connections from Start Menu* - GP name: *NoNetAndDialupConnect* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2086,7 +2086,7 @@ If you disable this setting or do not configure it, the "Pinned Programs" list r ADMX Info: -- GP English name: *Remove pinned programs list from the Start Menu* +- GP Friendly name: *Remove pinned programs list from the Start Menu* - GP name: *NoPinnedPrograms* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2166,7 +2166,7 @@ This setting also does not hide document shortcuts displayed in the Open dialog ADMX Info: -- GP English name: *Remove Recent Items menu from Start Menu* +- GP Friendly name: *Remove Recent Items menu from Start Menu* - GP name: *NoRecentDocsMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2240,7 +2240,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use ADMX Info: -- GP English name: *Do not use the search-based method when resolving shell shortcuts* +- GP Friendly name: *Do not use the search-based method when resolving shell shortcuts* - GP name: *NoResolveSearch* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2313,7 +2313,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use ADMX Info: -- GP English name: *Do not use the tracking-based method when resolving shell shortcuts* +- GP Friendly name: *Do not use the tracking-based method when resolving shell shortcuts* - GP name: *NoResolveTrack* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2401,7 +2401,7 @@ If you disable or do not configure this setting, users will be able to access th ADMX Info: -- GP English name: *Remove Run menu from Start Menu* +- GP Friendly name: *Remove Run menu from Start Menu* - GP name: *NoRun* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2475,7 +2475,7 @@ If you disable or do not configure this policy setting, the Default Programs lin ADMX Info: -- GP English name: *Remove Default Programs link from the Start menu.* +- GP Friendly name: *Remove Default Programs link from the Start menu.* - GP name: *NoSMConfigurePrograms* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2549,7 +2549,7 @@ Also, see the "Remove Documents icon on the desktop" policy setting. ADMX Info: -- GP English name: *Remove Documents icon from Start Menu* +- GP Friendly name: *Remove Documents icon from Start Menu* - GP name: *NoSMMyDocuments* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2618,7 +2618,7 @@ If you disable or do not configure this policy setting, the Music icon is availa ADMX Info: -- GP English name: *Remove Music icon from Start Menu* +- GP Friendly name: *Remove Music icon from Start Menu* - GP name: *NoSMMyMusic* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2687,7 +2687,7 @@ If you disable or do not configure this policy setting, the Network icon is avai ADMX Info: -- GP English name: *Remove Network icon from Start Menu* +- GP Friendly name: *Remove Network icon from Start Menu* - GP name: *NoSMMyNetworkPlaces* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2756,7 +2756,7 @@ If you disable or do not configure this policy setting, the Pictures icon is ava ADMX Info: -- GP English name: *Remove Pictures icon from Start Menu* +- GP Friendly name: *Remove Pictures icon from Start Menu* - GP name: *NoSMMyPictures* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2823,7 +2823,7 @@ If you disable or do not configure this policy, the start menu will search for c ADMX Info: -- GP English name: *Do not search communications* +- GP Friendly name: *Do not search communications* - GP name: *NoSearchCommInStartMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2890,7 +2890,7 @@ If you disable or do not configure this policy, the "See all results" link will ADMX Info: -- GP English name: *Remove Search Computer link* +- GP Friendly name: *Remove Search Computer link* - GP name: *NoSearchComputerLinkInStartMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -2957,7 +2957,7 @@ If you disable or do not configure this policy, a "See more results" link will b ADMX Info: -- GP English name: *Remove See More Results / Search Everywhere link* +- GP Friendly name: *Remove See More Results / Search Everywhere link* - GP name: *NoSearchEverywhereLinkInStartMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3024,7 +3024,7 @@ If you disable or do not configure this policy setting, the Start menu will sear ADMX Info: -- GP English name: *Do not search for files* +- GP Friendly name: *Do not search for files* - GP name: *NoSearchFilesInStartMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3091,7 +3091,7 @@ If you disable or do not configure this policy, the start menu will search for f ADMX Info: -- GP English name: *Do not search Internet* +- GP Friendly name: *Do not search Internet* - GP name: *NoSearchInternetInStartMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3158,7 +3158,7 @@ If you disable or do not configure this policy setting, the Start menu search bo ADMX Info: -- GP English name: *Do not search programs and Control Panel items* +- GP Friendly name: *Do not search programs and Control Panel items* - GP name: *NoSearchProgramsInStartMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3231,7 +3231,7 @@ Also, see the "Disable Control Panel," "Disable Display in Control Panel," and " ADMX Info: -- GP English name: *Remove programs on Settings menu* +- GP Friendly name: *Remove programs on Settings menu* - GP name: *NoSetFolders* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3302,7 +3302,7 @@ If you disable or do not configure this policy setting, the Taskbar and Start Me ADMX Info: -- GP English name: *Prevent changes to Taskbar and Start Menu Settings* +- GP Friendly name: *Prevent changes to Taskbar and Start Menu Settings* - GP name: *NoSetTaskbar* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3371,7 +3371,7 @@ If you disable or do not configure this policy setting, the Downloads link is av ADMX Info: -- GP English name: *Remove Downloads link from Start Menu* +- GP Friendly name: *Remove Downloads link from Start Menu* - GP name: *NoStartMenuDownload* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3438,7 +3438,7 @@ If you disable or do not configure this policy, users can use the Start Menu opt ADMX Info: -- GP English name: *Remove Homegroup link from Start Menu* +- GP Friendly name: *Remove Homegroup link from Start Menu* - GP name: *NoStartMenuHomegroup* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3507,7 +3507,7 @@ If you disable or do not configure this policy setting, the Recorded TV link is ADMX Info: -- GP English name: *Remove Recorded TV link from Start Menu* +- GP Friendly name: *Remove Recorded TV link from Start Menu* - GP name: *NoStartMenuRecordedTV* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3580,7 +3580,7 @@ If you disable this setting or do not configured it, Windows 2000 Professional a ADMX Info: -- GP English name: *Remove user's folders from the Start Menu* +- GP Friendly name: *Remove user's folders from the Start Menu* - GP name: *NoStartMenuSubFolders* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3649,7 +3649,7 @@ If you disable or do not configure this policy setting, the Videos link is avail ADMX Info: -- GP English name: *Remove Videos link from Start Menu* +- GP Friendly name: *Remove Videos link from Start Menu* - GP name: *NoStartMenuVideos* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3722,7 +3722,7 @@ If you do not configure this setting, the default is the new style, and the user ADMX Info: -- GP English name: *Force classic Start Menu* +- GP Friendly name: *Force classic Start Menu* - GP name: *NoStartPage* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3791,7 +3791,7 @@ If you disable or do not configure this setting, the default behavior of the clo ADMX Info: -- GP English name: *Remove Clock from the system notification area* +- GP Friendly name: *Remove Clock from the system notification area* - GP name: *NoTaskBarClock* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3862,7 +3862,7 @@ If you disable or do not configure it, items on the taskbar that share the same ADMX Info: -- GP English name: *Prevent grouping of taskbar items* +- GP Friendly name: *Prevent grouping of taskbar items* - GP name: *NoTaskGrouping* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -3933,7 +3933,7 @@ If this setting is disabled or is not configured, the taskbar displays all toolb ADMX Info: -- GP English name: *Do not display any custom toolbars in the taskbar* +- GP Friendly name: *Do not display any custom toolbars in the taskbar* - GP name: *NoToolbarsOnTaskbar* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4004,7 +4004,7 @@ This policy setting does not prevent users from using other methods to issue the ADMX Info: -- GP English name: *Remove access to the context menus for the taskbar* +- GP Friendly name: *Remove access to the context menus for the taskbar* - GP name: *NoTrayContextMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4078,7 +4078,7 @@ If this setting is disabled or is not configured, the notification area is shown ADMX Info: -- GP English name: *Hide the notification area* +- GP Friendly name: *Hide the notification area* - GP name: *NoTrayItemsDisplay* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4145,7 +4145,7 @@ If you disable this setting or do not configure it, users can access the uninsta ADMX Info: -- GP English name: *Prevent users from uninstalling applications from Start* +- GP Friendly name: *Prevent users from uninstalling applications from Start* - GP name: *NoUninstallFromStart* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4212,7 +4212,7 @@ If you disable or do not configure this policy, the start menu will display a li ADMX Info: -- GP English name: *Remove user folder link from Start Menu* +- GP Friendly name: *Remove user folder link from Start Menu* - GP name: *NoUserFolderOnStartMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4283,7 +4283,7 @@ If you disable or do not configure this policy setting, the user name label appe ADMX Info: -- GP English name: *Remove user name from Start Menu* +- GP Friendly name: *Remove user name from Start Menu* - GP name: *NoUserNameOnStartMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4358,7 +4358,7 @@ Also, see the "Hide the "Add programs from Microsoft" option" policy setting. ADMX Info: -- GP English name: *Remove links and access to Windows Update* +- GP Friendly name: *Remove links and access to Windows Update* - GP name: *NoWindowsUpdate* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4429,7 +4429,7 @@ If you disable or do not configure this setting, the Start Menu power button wil ADMX Info: -- GP English name: *Change Start Menu power button* +- GP Friendly name: *Change Start Menu power button* - GP name: *PowerButtonAction* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4500,7 +4500,7 @@ If you do not configure this policy setting, then users will be able to turn the ADMX Info: -- GP English name: *Show QuickLaunch on Taskbar* +- GP Friendly name: *Show QuickLaunch on Taskbar* - GP name: *QuickLaunchEnabled* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4567,7 +4567,7 @@ If you disable this setting or do not configure it, the "Undock PC" button remai ADMX Info: -- GP English name: *Remove the "Undock PC" button from the Start Menu* +- GP Friendly name: *Remove the "Undock PC" button from the Start Menu* - GP name: *RemoveUnDockPCButton* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4636,7 +4636,7 @@ If you disable or don’t configure this policy setting, the Start screen will a ADMX Info: -- GP English name: *Show the Apps view automatically when the user goes to Start* +- GP Friendly name: *Show the Apps view automatically when the user goes to Start* - GP name: *ShowAppsViewOnStart* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4708,7 +4708,7 @@ If you disable this setting or do not configure it, users cannot access the "Run ADMX Info: -- GP English name: *Show "Run as different user" command on Start* +- GP Friendly name: *Show "Run as different user" command on Start* - GP name: *ShowRunAsDifferentUserInStart* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4777,7 +4777,7 @@ If the Remove Run link from Start Menu policy is set, the Add the Run command to ADMX Info: -- GP English name: *Add the Run command to the Start Menu* +- GP Friendly name: *Add the Run command to the Start Menu* - GP name: *ShowRunInStartMenu* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4846,7 +4846,7 @@ If you disable or don't configure this policy setting, the Start screen will alw ADMX Info: -- GP English name: *Show Start on the display the user is using when they press the Windows logo key* +- GP Friendly name: *Show Start on the display the user is using when they press the Windows logo key* - GP name: *ShowStartOnDisplayWithForegroundOnWinKey* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4921,7 +4921,7 @@ See also: "Remove Logoff" policy setting in User Configuration\Administrative Te ADMX Info: -- GP English name: *Remove Logoff on the Start Menu* +- GP Friendly name: *Remove Logoff on the Start Menu* - GP name: *StartMenuLogOff* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* @@ -4987,7 +4987,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting al ADMX Info: -- GP English name: *Pin Apps to Start when installed* +- GP Friendly name: *Pin Apps to Start when installed* - GP name: *StartPinAppsWhenInstalled* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md index d636e16649..00d40074f3 100644 --- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -96,7 +96,7 @@ Also, see the "Turn off System Restore" policy setting. If the "Turn off System ADMX Info: -- GP English name: *Turn off Configuration* +- GP Friendly name: *Turn off Configuration* - GP name: *SR_DisableConfig* - GP path: *System\System Restore* - GP ADMX file name: *SystemRestore.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md index 4237d69e83..77fdd56a9d 100644 --- a/windows/client-management/mdm/policy-csp-admx-taskbar.md +++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md @@ -157,7 +157,7 @@ A reboot is required for this policy setting to take effect. ADMX Info: -- GP English name: *Remove Notifications and Action Center* +- GP Friendly name: *Remove Notifications and Action Center* - GP name: *DisableNotificationCenter* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -230,7 +230,7 @@ A reboot is required for this policy setting to take effect. ADMX Info: -- GP English name: *Disable showing balloon notifications as toasts.* +- GP Friendly name: *Disable showing balloon notifications as toasts.* - GP name: *EnableLegacyBalloonNotifications* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -299,7 +299,7 @@ If you disable or do not configure this policy setting, the Security and Mainten ADMX Info: -- GP English name: *Remove the Security and Maintenance icon* +- GP Friendly name: *Remove the Security and Maintenance icon* - GP name: *HideSCAHealth* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -368,7 +368,7 @@ If you disable or do not configure this policy setting, the networking icon is d ADMX Info: -- GP English name: *Remove the networking icon* +- GP Friendly name: *Remove the networking icon* - GP name: *HideSCANetwork* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -437,7 +437,7 @@ If you disable or do not configure this policy setting, the battery meter is dis ADMX Info: -- GP English name: *Remove the battery meter* +- GP Friendly name: *Remove the battery meter* - GP name: *HideSCAPower* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -506,7 +506,7 @@ If you disable or do not configure this policy setting, the volume control icon ADMX Info: -- GP English name: *Remove the volume control icon* +- GP Friendly name: *Remove the volume control icon* - GP name: *HideSCAVolume* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -575,7 +575,7 @@ If you disable do not configure this policy setting, feature advertisement ballo ADMX Info: -- GP English name: *Turn off feature advertisement balloon notifications* +- GP Friendly name: *Turn off feature advertisement balloon notifications* - GP name: *NoBalloonFeatureAdvertisements* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -644,7 +644,7 @@ If you disable or do not configure this policy setting, users can pin the Store ADMX Info: -- GP English name: *Do not allow pinning Store app to the Taskbar* +- GP Friendly name: *Do not allow pinning Store app to the Taskbar* - GP name: *NoPinningStoreToTaskbar* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -713,7 +713,7 @@ If you disable or do not configure this policy setting, users can pin files, fol ADMX Info: -- GP English name: *Do not allow pinning items in Jump Lists* +- GP Friendly name: *Do not allow pinning items in Jump Lists* - GP name: *NoPinningToDestinations* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -782,7 +782,7 @@ If you disable or do not configure this policy setting, users can change the pro ADMX Info: -- GP English name: *Do not allow pinning programs to the Taskbar* +- GP Friendly name: *Do not allow pinning programs to the Taskbar* - GP name: *NoPinningToTaskbar* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -856,7 +856,7 @@ If you disable or do not configure this policy setting, all files that the user ADMX Info: -- GP English name: *Do not display or track items in Jump Lists from remote locations* +- GP Friendly name: *Do not display or track items in Jump Lists from remote locations* - GP name: *NoRemoteDestinations* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -927,7 +927,7 @@ If you disable or do not configure this policy setting, newly added notification ADMX Info: -- GP English name: *Turn off automatic promotion of notification icons to the taskbar* +- GP Friendly name: *Turn off automatic promotion of notification icons to the taskbar* - GP name: *NoSystraySystemPromotion* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -1000,7 +1000,7 @@ If you don’t configure this policy setting, the default setting for the user ADMX Info: -- GP English name: *Show Windows Store apps on the taskbar* +- GP Friendly name: *Show Windows Store apps on the taskbar* - GP name: *ShowWindowsStoreAppsOnTaskbar* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -1071,7 +1071,7 @@ If you disable or do not configure this policy setting, the user will be able to ADMX Info: -- GP English name: *Lock all taskbar settings* +- GP Friendly name: *Lock all taskbar settings* - GP name: *TaskbarLockAll* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -1142,7 +1142,7 @@ If you disable or do not configure this policy setting, the users and applicatio ADMX Info: -- GP English name: *Prevent users from adding or removing toolbars* +- GP Friendly name: *Prevent users from adding or removing toolbars* - GP name: *TaskbarNoAddRemoveToolbar* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -1213,7 +1213,7 @@ If you disable or do not configure this policy setting, users are able to rearra ADMX Info: -- GP English name: *Prevent users from rearranging toolbars* +- GP Friendly name: *Prevent users from rearranging toolbars* - GP name: *TaskbarNoDragToolbar* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -1284,7 +1284,7 @@ If you disable or do not configure this policy setting, users can show taskbars ADMX Info: -- GP English name: *Do not allow taskbars on more than one display* +- GP Friendly name: *Do not allow taskbars on more than one display* - GP name: *TaskbarNoMultimon* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -1355,7 +1355,7 @@ If you disable or do not configure this policy setting, notification balloons ar ADMX Info: -- GP English name: *Turn off all balloon notifications* +- GP Friendly name: *Turn off all balloon notifications* - GP name: *TaskbarNoNotification* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -1426,7 +1426,7 @@ If you disable or do not configure this policy setting, users can pin programs s ADMX Info: -- GP English name: *Remove pinned programs from the Taskbar* +- GP Friendly name: *Remove pinned programs from the Taskbar* - GP name: *TaskbarNoPinnedList* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -1497,7 +1497,7 @@ If you disable or do not configure this policy setting, users are able to drag t ADMX Info: -- GP English name: *Prevent users from moving taskbar to another screen dock location* +- GP Friendly name: *Prevent users from moving taskbar to another screen dock location* - GP name: *TaskbarNoRedock* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -1568,7 +1568,7 @@ If you disable or do not configure this policy setting, users are able to resize ADMX Info: -- GP English name: *Prevent users from resizing the taskbar* +- GP Friendly name: *Prevent users from resizing the taskbar* - GP name: *TaskbarNoResize* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* @@ -1639,7 +1639,7 @@ If you disable or do not configure this policy setting, the taskbar thumbnails a ADMX Info: -- GP English name: *Turn off taskbar thumbnails* +- GP Friendly name: *Turn off taskbar thumbnails* - GP name: *TaskbarNoThumbnail* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *Taskbar.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index c4ebc56f82..716a9c9f64 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -126,7 +126,7 @@ If you disable or do not configure this policy setting, the local host setting i ADMX Info: -- GP English name: *Set 6to4 Relay Name* +- GP Friendly name: *Set 6to4 Relay Name* - GP name: *6to4_Router_Name* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -195,7 +195,7 @@ If you disable or do not configure this policy setting, the local host setting i ADMX Info: -- GP English name: *Set 6to4 Relay Name Resolution Interval* +- GP Friendly name: *Set 6to4 Relay Name Resolution Interval* - GP name: *6to4_Router_Name_Resolution_Interval* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -270,7 +270,7 @@ Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be ADMX Info: -- GP English name: *Set 6to4 State* +- GP Friendly name: *Set 6to4 State* - GP name: *6to4_State* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -345,7 +345,7 @@ Policy Disabled State: No IP-HTTPS interfaces are present on the host. ADMX Info: -- GP English name: *Set IP-HTTPS State* +- GP Friendly name: *Set IP-HTTPS State* - GP name: *IPHTTPS_ClientState* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -414,7 +414,7 @@ If you disable this policy setting, IP Stateless Autoconfiguration Limits will b ADMX Info: -- GP English name: *Set IP Stateless Autoconfiguration Limits State* +- GP Friendly name: *Set IP Stateless Autoconfiguration Limits State* - GP name: *IP_Stateless_Autoconfiguration_Limits_State* - GP path: *Network\TCPIP Settings\Parameters* - GP ADMX file name: *tcpip.admx* @@ -483,7 +483,7 @@ If you disable or do not configure this policy setting, the local host setting i ADMX Info: -- GP English name: *Set ISATAP Router Name* +- GP Friendly name: *Set ISATAP Router Name* - GP name: *ISATAP_Router_Name* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -558,7 +558,7 @@ Policy Disabled State: No ISATAP interfaces are present on the host. ADMX Info: -- GP English name: *Set ISATAP State* +- GP Friendly name: *Set ISATAP State* - GP name: *ISATAP_State* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -627,7 +627,7 @@ If you disable or do not configure this policy setting, the local host setting i ADMX Info: -- GP English name: *Set Teredo Client Port* +- GP Friendly name: *Set Teredo Client Port* - GP name: *Teredo_Client_Port* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -698,7 +698,7 @@ Policy Enabled State: If Default Qualified is enabled, Teredo will attempt quali ADMX Info: -- GP English name: *Set Teredo Default Qualified* +- GP Friendly name: *Set Teredo Default Qualified* - GP name: *Teredo_Default_Qualified* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -770,7 +770,7 @@ If you disable or do not configure this policy setting, the refresh rate is conf ADMX Info: -- GP English name: *Set Teredo Refresh Rate* +- GP Friendly name: *Set Teredo Refresh Rate* - GP name: *Teredo_Refresh_Rate* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -839,7 +839,7 @@ If you disable or do not configure this policy setting, the local settings on th ADMX Info: -- GP English name: *Set Teredo Server Name* +- GP Friendly name: *Set Teredo Server Name* - GP name: *Teredo_Server_Name* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -916,7 +916,7 @@ Enterprise Client: The Teredo interface is always present, even if the host is o ADMX Info: -- GP English name: *Set Teredo State* +- GP Friendly name: *Set Teredo State* - GP name: *Teredo_State* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -987,7 +987,7 @@ If you disable this policy setting, Window Scaling Heuristics will be disabled a ADMX Info: -- GP English name: *Set Window Scaling Heuristics State* +- GP Friendly name: *Set Window Scaling Heuristics State* - GP name: *Windows_Scaling_Heuristics_State* - GP path: *Network\TCPIP Settings\Parameters* - GP ADMX file name: *tcpip.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index d21e77ad3c..8e689c8544 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -97,7 +97,7 @@ If you disable or do not configure this policy setting, File Explorer displays o ADMX Info: -- GP English name: *Turn off the display of thumbnails and only display icons.* +- GP Friendly name: *Turn off the display of thumbnails and only display icons.* - GP name: *DisableThumbnails* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *Thumbnails.admx* @@ -168,7 +168,7 @@ If you disable or do not configure this policy setting, File Explorer displays o ADMX Info: -- GP English name: *Turn off the display of thumbnails and only display icons on network folders* +- GP Friendly name: *Turn off the display of thumbnails and only display icons on network folders* - GP name: *DisableThumbnailsOnNetworkFolders* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *Thumbnails.admx* @@ -239,7 +239,7 @@ If you disable or do not configure this policy setting, File Explorer creates, r ADMX Info: -- GP English name: *Turn off the caching of thumbnails in hidden thumbs.db files* +- GP Friendly name: *Turn off the caching of thumbnails in hidden thumbs.db files* - GP name: *DisableThumbsDBOnNetworkFolders* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *Thumbnails.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index a428786a24..7935207b97 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -117,7 +117,7 @@ If you disable or do not configure this policy setting, only those TPM commands ADMX Info: -- GP English name: *Configure the list of blocked TPM commands* +- GP Friendly name: *Configure the list of blocked TPM commands* - GP name: *BlockedCommandsList_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -182,7 +182,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting co ADMX Info: -- GP English name: *Configure the system to clear the TPM if it is not in a ready state.* +- GP Friendly name: *Configure the system to clear the TPM if it is not in a ready state.* - GP name: *ClearTPMIfNotReady_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -253,7 +253,7 @@ If you disable or do not configure this policy setting, Windows will block the T ADMX Info: -- GP English name: *Ignore the default list of blocked TPM commands* +- GP Friendly name: *Ignore the default list of blocked TPM commands* - GP name: *IgnoreDefaultList_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -324,7 +324,7 @@ If you disable or do not configure this policy setting, Windows will block the T ADMX Info: -- GP English name: *Ignore the local list of blocked TPM commands* +- GP Friendly name: *Ignore the local list of blocked TPM commands* - GP name: *IgnoreLocalList_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -402,7 +402,7 @@ Choose the operating system managed TPM authentication setting of "None" for com ADMX Info: -- GP English name: *Configure the level of TPM owner authorization information available to the operating system* +- GP Friendly name: *Configure the level of TPM owner authorization information available to the operating system* - GP name: *OSManagedAuth_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -467,7 +467,7 @@ Available in the latest Windows 10 Insider Preview Build. This group policy enab ADMX Info: -- GP English name: *Enable Device Health Attestation Monitoring and Reporting* +- GP Friendly name: *Enable Device Health Attestation Monitoring and Reporting* - GP name: *OptIntoDSHA_Name* - GP path: *System\Device Health Attestation Service* - GP ADMX file name: *TPM.admx* @@ -548,7 +548,7 @@ If this value is not configured, a default value of 480 minutes (8 hours) is use ADMX Info: -- GP English name: *Standard User Lockout Duration* +- GP Friendly name: *Standard User Lockout Duration* - GP name: *StandardUserAuthorizationFailureDuration_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -631,7 +631,7 @@ A value of zero means the OS will not allow standard users to send commands to t ADMX Info: -- GP English name: *Standard User Individual Lockout Threshold* +- GP Friendly name: *Standard User Individual Lockout Threshold* - GP name: *StandardUserAuthorizationFailureIndividualThreshold_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -714,7 +714,7 @@ A value of zero means the OS will not allow standard users to send commands to t ADMX Info: -- GP English name: *Standard User Total Lockout Threshold* +- GP Friendly name: *Standard User Total Lockout Threshold* - GP name: *StandardUserAuthorizationFailureTotalThreshold_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -779,7 +779,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting co ADMX Info: -- GP English name: *Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.* +- GP Friendly name: *Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.* - GP name: *UseLegacyDAP_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index 54ba484366..d068903115 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -470,7 +470,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Calculator* +- GP Friendly name: *Calculator* - GP name: *Calculator* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -549,7 +549,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Configure Sync Method* +- GP Friendly name: *Configure Sync Method* - GP name: *ConfigureSyncMethod* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -624,7 +624,7 @@ If you do not configure this policy, no UE-V rollback state is copied to the set ADMX Info: -- GP English name: *VDI Configuration* +- GP Friendly name: *VDI Configuration* - GP name: *ConfigureVdi* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -695,7 +695,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Contact IT Link Text* +- GP Friendly name: *Contact IT Link Text* - GP name: *ContactITDescription* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -765,7 +765,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Contact IT URL* +- GP Friendly name: *Contact IT URL* - GP name: *ContactITUrl* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -842,7 +842,7 @@ If you do not configure this policy setting, any defined values are deleted. ADMX Info: -- GP English name: *Do not synchronize Windows Apps* +- GP Friendly name: *Do not synchronize Windows Apps* - GP name: *DisableWin8Sync* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -914,7 +914,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Synchronize Windows settings* +- GP Friendly name: *Synchronize Windows settings* - GP name: *DisableWindowsOSSettings* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -981,7 +981,7 @@ Reboot is needed for enable to take effect. With Auto-register inbox templates e ADMX Info: -- GP English name: *Enable UEV* +- GP Friendly name: *Enable UEV* - GP name: *EnableUEV* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1053,7 +1053,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Finance* +- GP Friendly name: *Finance* - GP name: *Finance* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1124,7 +1124,7 @@ If you do not configure this policy setting, any defined values are deleted. ADMX Info: -- GP English name: *First Use Notification* +- GP Friendly name: *First Use Notification* - GP name: *FirstUseNotificationEnabled* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1196,7 +1196,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Games* +- GP Friendly name: *Games* - GP name: *Games* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1270,7 +1270,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Internet Explorer 8* +- GP Friendly name: *Internet Explorer 8* - GP name: *InternetExplorer8* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1342,7 +1342,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Internet Explorer 9* +- GP Friendly name: *Internet Explorer 9* - GP name: *InternetExplorer9* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1414,7 +1414,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Internet Explorer 10* +- GP Friendly name: *Internet Explorer 10* - GP name: *InternetExplorer10* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1486,7 +1486,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Internet Explorer 11* +- GP Friendly name: *Internet Explorer 11* - GP name: *InternetExplorer11* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1559,7 +1559,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Internet Explorer Common Settings* +- GP Friendly name: *Internet Explorer Common Settings* - GP name: *InternetExplorerCommon* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1630,7 +1630,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Maps* +- GP Friendly name: *Maps* - GP name: *Maps* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1700,7 +1700,7 @@ If you disable or do not configure this policy setting, no event is written to t ADMX Info: -- GP English name: *Settings package size warning threshold* +- GP Friendly name: *Settings package size warning threshold* - GP name: *MaxPackageSizeInBytes* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1772,7 +1772,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Access 2010* +- GP Friendly name: *Microsoft Access 2010* - GP name: *MicrosoftOffice2010Access* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1844,7 +1844,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 2010 Common Settings* +- GP Friendly name: *Microsoft Office 2010 Common Settings* - GP name: *MicrosoftOffice2010Common* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1915,7 +1915,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Excel 2010* +- GP Friendly name: *Microsoft Excel 2010* - GP name: *MicrosoftOffice2010Excel* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1987,7 +1987,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft InfoPath 2010* +- GP Friendly name: *Microsoft InfoPath 2010* - GP name: *MicrosoftOffice2010InfoPath* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2059,7 +2059,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Lync 2010* +- GP Friendly name: *Microsoft Lync 2010* - GP name: *MicrosoftOffice2010Lync* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2130,7 +2130,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft OneNote 2010* +- GP Friendly name: *Microsoft OneNote 2010* - GP name: *MicrosoftOffice2010OneNote* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2202,7 +2202,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Outlook 2010* +- GP Friendly name: *Microsoft Outlook 2010* - GP name: *MicrosoftOffice2010Outlook* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2274,7 +2274,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft PowerPoint 2010* +- GP Friendly name: *Microsoft PowerPoint 2010* - GP name: *MicrosoftOffice2010PowerPoint* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2345,7 +2345,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Project 2010* +- GP Friendly name: *Microsoft Project 2010* - GP name: *MicrosoftOffice2010Project* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2417,7 +2417,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Publisher 2010* +- GP Friendly name: *Microsoft Publisher 2010* - GP name: *MicrosoftOffice2010Publisher* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2489,7 +2489,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft SharePoint Designer 2010* +- GP Friendly name: *Microsoft SharePoint Designer 2010* - GP name: *MicrosoftOffice2010SharePointDesigner* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2561,7 +2561,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft SharePoint Workspace 2010* +- GP Friendly name: *Microsoft SharePoint Workspace 2010* - GP name: *MicrosoftOffice2010SharePointWorkspace* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2633,7 +2633,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Visio 2010* +- GP Friendly name: *Microsoft Visio 2010* - GP name: *MicrosoftOffice2010Visio* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2705,7 +2705,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Word 2010* +- GP Friendly name: *Microsoft Word 2010* - GP name: *MicrosoftOffice2010Word* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2776,7 +2776,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Access 2013* +- GP Friendly name: *Microsoft Access 2013* - GP name: *MicrosoftOffice2013Access* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2848,7 +2848,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Access 2013 backup only* +- GP Friendly name: *Access 2013 backup only* - GP name: *MicrosoftOffice2013AccessBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2920,7 +2920,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 2013 Common Settings* +- GP Friendly name: *Microsoft Office 2013 Common Settings* - GP name: *MicrosoftOffice2013Common* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2993,7 +2993,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Common 2013 backup only* +- GP Friendly name: *Common 2013 backup only* - GP name: *MicrosoftOffice2013CommonBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3066,7 +3066,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Excel 2013* +- GP Friendly name: *Microsoft Excel 2013* - GP name: *MicrosoftOffice2013Excel* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3137,7 +3137,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Excel 2013 backup only* +- GP Friendly name: *Excel 2013 backup only* - GP name: *MicrosoftOffice2013ExcelBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3209,7 +3209,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft InfoPath 2013* +- GP Friendly name: *Microsoft InfoPath 2013* - GP name: *MicrosoftOffice2013InfoPath* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3281,7 +3281,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *InfoPath 2013 backup only* +- GP Friendly name: *InfoPath 2013 backup only* - GP name: *MicrosoftOffice2013InfoPathBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3352,7 +3352,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Lync 2013* +- GP Friendly name: *Microsoft Lync 2013* - GP name: *MicrosoftOffice2013Lync* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3424,7 +3424,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Lync 2013 backup only* +- GP Friendly name: *Lync 2013 backup only* - GP name: *MicrosoftOffice2013LyncBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3496,7 +3496,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft OneDrive for Business 2013* +- GP Friendly name: *Microsoft OneDrive for Business 2013* - GP name: *MicrosoftOffice2013OneDriveForBusiness* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3568,7 +3568,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft OneNote 2013* +- GP Friendly name: *Microsoft OneNote 2013* - GP name: *MicrosoftOffice2013OneNote* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3640,7 +3640,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *OneNote 2013 backup only* +- GP Friendly name: *OneNote 2013 backup only* - GP name: *MicrosoftOffice2013OneNoteBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3711,7 +3711,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Outlook 2013* +- GP Friendly name: *Microsoft Outlook 2013* - GP name: *MicrosoftOffice2013Outlook* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3783,7 +3783,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Outlook 2013 backup only* +- GP Friendly name: *Outlook 2013 backup only* - GP name: *MicrosoftOffice2013OutlookBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3855,7 +3855,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft PowerPoint 2013* +- GP Friendly name: *Microsoft PowerPoint 2013* - GP name: *MicrosoftOffice2013PowerPoint* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3927,7 +3927,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *PowerPoint 2013 backup only* +- GP Friendly name: *PowerPoint 2013 backup only* - GP name: *MicrosoftOffice2013PowerPointBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3998,7 +3998,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Project 2013* +- GP Friendly name: *Microsoft Project 2013* - GP name: *MicrosoftOffice2013Project* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4070,7 +4070,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Project 2013 backup only* +- GP Friendly name: *Project 2013 backup only* - GP name: *MicrosoftOffice2013ProjectBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4142,7 +4142,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Publisher 2013* +- GP Friendly name: *Microsoft Publisher 2013* - GP name: *MicrosoftOffice2013Publisher* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4214,7 +4214,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Publisher 2013 backup only* +- GP Friendly name: *Publisher 2013 backup only* - GP name: *MicrosoftOffice2013PublisherBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4286,7 +4286,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft SharePoint Designer 2013* +- GP Friendly name: *Microsoft SharePoint Designer 2013* - GP name: *MicrosoftOffice2013SharePointDesigner* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4357,7 +4357,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *SharePoint Designer 2013 backup only* +- GP Friendly name: *SharePoint Designer 2013 backup only* - GP name: *MicrosoftOffice2013SharePointDesignerBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4428,7 +4428,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 2013 Upload Center* +- GP Friendly name: *Microsoft Office 2013 Upload Center* - GP name: *MicrosoftOffice2013UploadCenter* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4500,7 +4500,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Visio 2013* +- GP Friendly name: *Microsoft Visio 2013* - GP name: *MicrosoftOffice2013Visio* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4572,7 +4572,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Visio 2013 backup only* +- GP Friendly name: *Visio 2013 backup only* - GP name: *MicrosoftOffice2013VisioBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4644,7 +4644,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Word 2013* +- GP Friendly name: *Microsoft Word 2013* - GP name: *MicrosoftOffice2013Word* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4716,7 +4716,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Word 2013 backup only* +- GP Friendly name: *Word 2013 backup only* - GP name: *MicrosoftOffice2013WordBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4788,7 +4788,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Access 2016* +- GP Friendly name: *Microsoft Access 2016* - GP name: *MicrosoftOffice2016Access* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4860,7 +4860,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Access 2016 backup only* +- GP Friendly name: *Access 2016 backup only* - GP name: *MicrosoftOffice2016AccessBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4932,7 +4932,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 2016 Common Settings* +- GP Friendly name: *Microsoft Office 2016 Common Settings* - GP name: *MicrosoftOffice2016Common* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5005,7 +5005,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Common 2016 backup only* +- GP Friendly name: *Common 2016 backup only* - GP name: *MicrosoftOffice2016CommonBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5077,7 +5077,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Excel 2016* +- GP Friendly name: *Microsoft Excel 2016* - GP name: *MicrosoftOffice2016Excel* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5149,7 +5149,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Excel 2016 backup only* +- GP Friendly name: *Excel 2016 backup only* - GP name: *MicrosoftOffice2016ExcelBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5221,7 +5221,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Lync 2016* +- GP Friendly name: *Microsoft Lync 2016* - GP name: *MicrosoftOffice2016Lync* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5293,7 +5293,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Lync 2016 backup only* +- GP Friendly name: *Lync 2016 backup only* - GP name: *MicrosoftOffice2016LyncBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5365,7 +5365,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft OneDrive for Business 2016* +- GP Friendly name: *Microsoft OneDrive for Business 2016* - GP name: *MicrosoftOffice2016OneDriveForBusiness* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5437,7 +5437,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft OneNote 2016* +- GP Friendly name: *Microsoft OneNote 2016* - GP name: *MicrosoftOffice2016OneNote* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5509,7 +5509,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *OneNote 2016 backup only* +- GP Friendly name: *OneNote 2016 backup only* - GP name: *MicrosoftOffice2016OneNoteBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5581,7 +5581,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Outlook 2016* +- GP Friendly name: *Microsoft Outlook 2016* - GP name: *MicrosoftOffice2016Outlook* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5653,7 +5653,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Outlook 2016 backup only* +- GP Friendly name: *Outlook 2016 backup only* - GP name: *MicrosoftOffice2016OutlookBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5725,7 +5725,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft PowerPoint 2016* +- GP Friendly name: *Microsoft PowerPoint 2016* - GP name: *MicrosoftOffice2016PowerPoint* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5797,7 +5797,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *PowerPoint 2016 backup only* +- GP Friendly name: *PowerPoint 2016 backup only* - GP name: *MicrosoftOffice2016PowerPointBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5870,7 +5870,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Project 2016* +- GP Friendly name: *Microsoft Project 2016* - GP name: *MicrosoftOffice2016Project* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5941,7 +5941,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Project 2016 backup only* +- GP Friendly name: *Project 2016 backup only* - GP name: *MicrosoftOffice2016ProjectBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6013,7 +6013,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Publisher 2016* +- GP Friendly name: *Microsoft Publisher 2016* - GP name: *MicrosoftOffice2016Publisher* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6085,7 +6085,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Publisher 2016 backup only* +- GP Friendly name: *Publisher 2016 backup only* - GP name: *MicrosoftOffice2016PublisherBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6156,7 +6156,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 2016 Upload Center* +- GP Friendly name: *Microsoft Office 2016 Upload Center* - GP name: *MicrosoftOffice2016UploadCenter* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6228,7 +6228,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Visio 2016* +- GP Friendly name: *Microsoft Visio 2016* - GP name: *MicrosoftOffice2016Visio* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6300,7 +6300,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Visio 2016 backup only* +- GP Friendly name: *Visio 2016 backup only* - GP name: *MicrosoftOffice2016VisioBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6372,7 +6372,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Word 2016* +- GP Friendly name: *Microsoft Word 2016* - GP name: *MicrosoftOffice2016Word* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6444,7 +6444,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Word 2016 backup only* +- GP Friendly name: *Word 2016 backup only* - GP name: *MicrosoftOffice2016WordBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6516,7 +6516,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Access 2013* +- GP Friendly name: *Microsoft Office 365 Access 2013* - GP name: *MicrosoftOffice365Access2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6588,7 +6588,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Access 2016* +- GP Friendly name: *Microsoft Office 365 Access 2016* - GP name: *MicrosoftOffice365Access2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6660,7 +6660,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Common 2013* +- GP Friendly name: *Microsoft Office 365 Common 2013* - GP name: *MicrosoftOffice365Common2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6731,7 +6731,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Common 2016* +- GP Friendly name: *Microsoft Office 365 Common 2016* - GP name: *MicrosoftOffice365Common2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6803,7 +6803,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Excel 2013* +- GP Friendly name: *Microsoft Office 365 Excel 2013* - GP name: *MicrosoftOffice365Excel2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6875,7 +6875,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Excel 2016* +- GP Friendly name: *Microsoft Office 365 Excel 2016* - GP name: *MicrosoftOffice365Excel2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6946,7 +6946,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 InfoPath 2013* +- GP Friendly name: *Microsoft Office 365 InfoPath 2013* - GP name: *MicrosoftOffice365InfoPath2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7018,7 +7018,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Lync 2013* +- GP Friendly name: *Microsoft Office 365 Lync 2013* - GP name: *MicrosoftOffice365Lync2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7090,7 +7090,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Lync 2016* +- GP Friendly name: *Microsoft Office 365 Lync 2016* - GP name: *MicrosoftOffice365Lync2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7162,7 +7162,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 OneNote 2013* +- GP Friendly name: *Microsoft Office 365 OneNote 2013* - GP name: *MicrosoftOffice365OneNote2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7234,7 +7234,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 OneNote 2016* +- GP Friendly name: *Microsoft Office 365 OneNote 2016* - GP name: *MicrosoftOffice365OneNote2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7306,7 +7306,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Outlook 2013* +- GP Friendly name: *Microsoft Office 365 Outlook 2013* - GP name: *MicrosoftOffice365Outlook2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7378,7 +7378,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Outlook 2016* +- GP Friendly name: *Microsoft Office 365 Outlook 2016* - GP name: *MicrosoftOffice365Outlook2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7450,7 +7450,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 PowerPoint 2013* +- GP Friendly name: *Microsoft Office 365 PowerPoint 2013* - GP name: *MicrosoftOffice365PowerPoint2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7522,7 +7522,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 PowerPoint 2016* +- GP Friendly name: *Microsoft Office 365 PowerPoint 2016* - GP name: *MicrosoftOffice365PowerPoint2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7594,7 +7594,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Project 2013* +- GP Friendly name: *Microsoft Office 365 Project 2013* - GP name: *MicrosoftOffice365Project2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7665,7 +7665,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Project 2016* +- GP Friendly name: *Microsoft Office 365 Project 2016* - GP name: *MicrosoftOffice365Project2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7737,7 +7737,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Publisher 2013* +- GP Friendly name: *Microsoft Office 365 Publisher 2013* - GP name: *MicrosoftOffice365Publisher2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7809,7 +7809,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Publisher 2016* +- GP Friendly name: *Microsoft Office 365 Publisher 2016* - GP name: *MicrosoftOffice365Publisher2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7881,7 +7881,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 SharePoint Designer 2013* +- GP Friendly name: *Microsoft Office 365 SharePoint Designer 2013* - GP name: *MicrosoftOffice365SharePointDesigner2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7953,7 +7953,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Visio 2013* +- GP Friendly name: *Microsoft Office 365 Visio 2013* - GP name: *MicrosoftOffice365Visio2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8025,7 +8025,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Visio 2016* +- GP Friendly name: *Microsoft Office 365 Visio 2016* - GP name: *MicrosoftOffice365Visio2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8097,7 +8097,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Word 2013* +- GP Friendly name: *Microsoft Office 365 Word 2013* - GP name: *MicrosoftOffice365Word2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8169,7 +8169,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Microsoft Office 365 Word 2016* +- GP Friendly name: *Microsoft Office 365 Word 2016* - GP name: *MicrosoftOffice365Word2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8240,7 +8240,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Music* +- GP Friendly name: *Music* - GP name: *Music* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8312,7 +8312,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *News* +- GP Friendly name: *News* - GP name: *News* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8384,7 +8384,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Notepad* +- GP Friendly name: *Notepad* - GP name: *Notepad* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8457,7 +8457,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Reader* +- GP Friendly name: *Reader* - GP name: *Reader* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8527,7 +8527,7 @@ If you disable or do not configure this policy setting, the default value of 200 ADMX Info: -- GP English name: *Synchronization timeout* +- GP Friendly name: *Synchronization timeout* - GP name: *RepositoryTimeout* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8597,7 +8597,7 @@ If you disable or do not configure this policy setting, the user settings are st ADMX Info: -- GP English name: *Settings storage path* +- GP Friendly name: *Settings storage path* - GP name: *SettingsStoragePath* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8673,7 +8673,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Settings template catalog path* +- GP Friendly name: *Settings template catalog path* - GP name: *SettingsTemplateCatalogPath* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8745,7 +8745,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Sports* +- GP Friendly name: *Sports* - GP name: *Sports* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8811,7 +8811,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting al ADMX Info: -- GP English name: *Use User Experience Virtualization (UE-V)* +- GP Friendly name: *Use User Experience Virtualization (UE-V)* - GP name: *SyncEnabled* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8882,7 +8882,7 @@ If you do not configure this policy setting, any defined values are deleted. ADMX Info: -- GP English name: *Sync settings over metered connections* +- GP Friendly name: *Sync settings over metered connections* - GP name: *SyncOverMeteredNetwork* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8954,7 +8954,7 @@ If you do not configure this policy setting, any defined values are deleted. ADMX Info: -- GP English name: *Sync settings over metered connections even when roaming* +- GP Friendly name: *Sync settings over metered connections even when roaming* - GP name: *SyncOverMeteredNetworkWhenRoaming* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -9026,7 +9026,7 @@ If you do not configure this policy, any defined values will be deleted. ADMX Info: -- GP English name: *Ping the settings storage location before sync* +- GP Friendly name: *Ping the settings storage location before sync* - GP name: *SyncProviderPingEnabled* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -9097,7 +9097,7 @@ If you do not configure this policy setting, any defined values are deleted. ADMX Info: -- GP English name: *Sync Unlisted Windows Apps* +- GP Friendly name: *Sync Unlisted Windows Apps* - GP name: *SyncUnlistedWindows8Apps* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -9169,7 +9169,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Travel* +- GP Friendly name: *Travel* - GP name: *Travel* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -9238,7 +9238,7 @@ If you do not configure this policy setting, any defined values are deleted. ADMX Info: -- GP English name: *Tray Icon* +- GP Friendly name: *Tray Icon* - GP name: *TrayIconEnabled* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -9310,7 +9310,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Video* +- GP Friendly name: *Video* - GP name: *Video* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -9382,7 +9382,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *Weather* +- GP Friendly name: *Weather* - GP name: *Weather* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -9453,7 +9453,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: -- GP English name: *WordPad* +- GP Friendly name: *WordPad* - GP name: *Wordpad* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index 2382a9fb8e..7e23b796b2 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -111,7 +111,7 @@ If you disable or do not configure this policy setting, User Profile Service wil ADMX Info: -- GP English name: *Delete user profiles older than a specified number of days on system restart* +- GP Friendly name: *Delete user profiles older than a specified number of days on system restart* - GP name: *CleanupProfiles* - GP path: *System\User Profiles* - GP ADMX file name: *UserProfiles.admx* @@ -182,7 +182,7 @@ If you disable or do not configure this policy setting, Windows will always unlo ADMX Info: -- GP English name: *Do not forcefully unload the users registry at user logoff* +- GP Friendly name: *Do not forcefully unload the users registry at user logoff* - GP name: *DontForceUnloadHive* - GP path: *System\User Profiles* - GP ADMX file name: *UserProfiles.admx* @@ -256,7 +256,7 @@ If you disable or do not configure this policy setting, Windows will delete the ADMX Info: -- GP English name: *Leave Windows Installer and Group Policy Software Installation Data* +- GP Friendly name: *Leave Windows Installer and Group Policy Software Installation Data* - GP name: *LeaveAppMgmtData* - GP path: *System\User Profiles* - GP ADMX file name: *UserProfiles.admx* @@ -334,7 +334,7 @@ If you enable this policy setting, you can: ADMX Info: -- GP English name: *Limit profile size* +- GP Friendly name: *Limit profile size* - GP name: *LimitSize* - GP path: *System\User Profiles* - GP ADMX file name: *UserProfiles.admx* @@ -407,7 +407,7 @@ Also, see the "Delete cached copies of roaming profiles" policy setting. ADMX Info: -- GP English name: *Do not log users on with temporary profiles* +- GP Friendly name: *Do not log users on with temporary profiles* - GP name: *ProfileErrorAction* - GP path: *System\User Profiles* - GP ADMX file name: *UserProfiles.admx* @@ -480,7 +480,7 @@ If you disable or do not configure this policy setting, Windows considers the ne ADMX Info: -- GP English name: *Control slow network connection timeout for user profiles* +- GP Friendly name: *Control slow network connection timeout for user profiles* - GP name: *SlowLinkTimeOut* - GP path: *System\User Profiles* - GP ADMX file name: *UserProfiles.admx* @@ -558,7 +558,7 @@ If the "Set Remote Desktop Services User Home Directory" policy setting is enabl ADMX Info: -- GP English name: *Set user home folder* +- GP Friendly name: *Set user home folder* - GP name: *USER_HOME* - GP path: *System\User Profiles* - GP ADMX file name: *UserProfiles.admx* @@ -631,7 +631,7 @@ If you do not configure or disable this policy the user will have full control o ADMX Info: -- GP English name: *User management of sharing user name, account picture, and domain information with apps (not desktop apps)* +- GP Friendly name: *User management of sharing user name, account picture, and domain information with apps (not desktop apps)* - GP name: *UserInfoAccessAction* - GP path: *System\User Profiles* - GP ADMX file name: *UserProfiles.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index 7a60fbadde..2d0f47d74c 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -175,7 +175,7 @@ This parameter controls the frequency at which an event that indicates the numbe ADMX Info: -- GP English name: *Global Configuration Settings* +- GP Friendly name: *Global Configuration Settings* - GP name: *W32TIME_POLICY_CONFIG* - GP path: *System\Windows Time Service* - GP ADMX file name: *W32Time.admx* @@ -265,7 +265,7 @@ This value is a bitmask that controls events that may be logged to the System lo ADMX Info: -- GP English name: *Configure Windows NTP Client* +- GP Friendly name: *Configure Windows NTP Client* - GP name: *W32TIME_POLICY_CONFIGURE_NTPCLIENT* - GP path: *System\Windows Time Service\Time Providers* - GP ADMX file name: *W32Time.admx* @@ -336,7 +336,7 @@ If you disable or do not configure this policy setting, the local computer clock ADMX Info: -- GP English name: *Enable Windows NTP Client* +- GP Friendly name: *Enable Windows NTP Client* - GP name: *W32TIME_POLICY_ENABLE_NTPCLIENT* - GP path: *System\Windows Time Service\Time Providers* - GP ADMX file name: *W32Time.admx* @@ -405,7 +405,7 @@ If you disable or do not configure this policy setting, your computer cannot ser ADMX Info: -- GP English name: *Enable Windows NTP Server* +- GP Friendly name: *Enable Windows NTP Server* - GP name: *W32TIME_POLICY_ENABLE_NTPSERVER* - GP path: *System\Windows Time Service\Time Providers* - GP ADMX file name: *W32Time.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md index 85f0ad3341..3ec0e0695a 100644 --- a/windows/client-management/mdm/policy-csp-admx-wcm.md +++ b/windows/client-management/mdm/policy-csp-admx-wcm.md @@ -96,7 +96,7 @@ If this policy setting is not configured or is disabled, power management is ena ADMX Info: -- GP English name: *Disable power management in connected standby mode* +- GP Friendly name: *Disable power management in connected standby mode* - GP name: *WCM_DisablePowerManagement* - GP path: *Network\Windows Connection Manager* - GP ADMX file name: *WCM.admx* @@ -173,7 +173,7 @@ This policy setting depends on other group policy settings. For example, if 'Min ADMX Info: -- GP English name: *Enable Windows to soft-disconnect a computer from a network* +- GP Friendly name: *Enable Windows to soft-disconnect a computer from a network* - GP name: *WCM_EnableSoftDisconnect* - GP path: *Network\Windows Connection Manager* - GP ADMX file name: *WCM.admx* @@ -248,7 +248,7 @@ This policy setting is related to the "Enable Windows to soft-disconnect a compu ADMX Info: -- GP English name: *Minimize the number of simultaneous connections to the Internet or a Windows Domain* +- GP Friendly name: *Minimize the number of simultaneous connections to the Internet or a Windows Domain* - GP name: *WCM_MinimizeConnections* - GP path: *Network\Windows Connection Manager* - GP ADMX file name: *WCM.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index de5d9fde63..a289a23d5b 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -95,7 +95,7 @@ The default is for Windows Calendar to be turned on. ADMX Info: -- GP English name: *Turn off Windows Calendar* +- GP Friendly name: *Turn off Windows Calendar* - GP name: *TurnOffWinCal_1* - GP path: *Windows Components\Windows Calendar* - GP ADMX file name: *WinCal.admx* @@ -168,7 +168,7 @@ The default is for Windows Calendar to be turned on. ADMX Info: -- GP English name: *Turn off Windows Calendar* +- GP Friendly name: *Turn off Windows Calendar* - GP name: *TurnOffWinCal_2* - GP path: *Windows Components\Windows Calendar* - GP ADMX file name: *WinCal.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md index 5902416124..ab4c4a6c88 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md @@ -91,7 +91,7 @@ If you disable this policy setting or set it to Not Configured, the wizard will ADMX Info: -- GP English name: *Prevent the wizard from running.* +- GP Friendly name: *Prevent the wizard from running.* - GP name: *Disabled* - GP path: *Windows Components\Add features to Windows 10* - GP ADMX file name: *WindowsAnytimeUpgrade.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index d65677d585..80b1fb90ac 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -96,7 +96,7 @@ If you disable or do not configure this policy setting, users can access the wiz ADMX Info: -- GP English name: *Prohibit access of the Windows Connect Now wizards* +- GP Friendly name: *Prohibit access of the Windows Connect Now wizards* - GP name: *WCN_DisableWcnUi_1* - GP path: *Network\Windows Connect Now* - GP ADMX file name: *WindowsConnectNow.admx* @@ -165,7 +165,7 @@ If you disable or do not configure this policy setting, users can access the wiz ADMX Info: -- GP English name: *Prohibit access of the Windows Connect Now wizards* +- GP Friendly name: *Prohibit access of the Windows Connect Now wizards* - GP name: *WCN_DisableWcnUi_2* - GP path: *Network\Windows Connect Now* - GP ADMX file name: *WindowsConnectNow.admx* @@ -240,7 +240,7 @@ The default for this policy setting allows operations over all media. ADMX Info: -- GP English name: *Configuration of wireless settings using Windows Connect Now* +- GP Friendly name: *Configuration of wireless settings using Windows Connect Now* - GP name: *WCN_EnableRegistrar* - GP path: *Network\Windows Connect Now* - GP ADMX file name: *WindowsConnectNow.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index 352dd76846..7ffcac7be2 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -304,7 +304,7 @@ If you disable or do not configure this policy setting, Folder Redirection does ADMX Info: -- GP English name: *Verify old and new Folder Redirection targets point to the same share before redirecting* +- GP Friendly name: *Verify old and new Folder Redirection targets point to the same share before redirecting* - GP name: *CheckSameSourceAndTargetForFRAndDFS* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -379,7 +379,7 @@ If you disable or not configure this policy, the default File Explorer behavior ADMX Info: -- GP English name: *Turn on Classic Shell* +- GP Friendly name: *Turn on Classic Shell* - GP name: *ClassicShell* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -448,7 +448,7 @@ If you disable or do not configure this setting, the default behavior of not dis ADMX Info: -- GP English name: *Display confirmation dialog when deleting files* +- GP Friendly name: *Display confirmation dialog when deleting files* - GP name: *ConfirmFileDelete* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -518,7 +518,7 @@ If you disable or do not configure this policy setting, no changes are made to t ADMX Info: -- GP English name: *Location where all default Library definition files for users/machines reside.* +- GP Friendly name: *Location where all default Library definition files for users/machines reside.* - GP name: *DefaultLibrariesLocation* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -588,7 +588,7 @@ This disables access to user-defined properties, and properties stored in NTFS s ADMX Info: -- GP English name: *Disable binding directly to IPropertySetStorage without intermediate layers.* +- GP Friendly name: *Disable binding directly to IPropertySetStorage without intermediate layers.* - GP name: *DisableBindDirectlyToPropertySetStorage* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -667,7 +667,7 @@ If you disable or do not configure this policy, all default Windows Libraries fe ADMX Info: -- GP English name: *Turn off Windows Libraries features that rely on indexed file data* +- GP Friendly name: *Turn off Windows Libraries features that rely on indexed file data* - GP name: *DisableIndexedLibraryExperience* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -740,7 +740,7 @@ You can specify a known folder using its known folder id or using its canonical ADMX Info: -- GP English name: *Disable Known Folders* +- GP Friendly name: *Disable Known Folders* - GP name: *DisableKnownFolders* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -812,7 +812,7 @@ These suggestions are based on their past entries into the Search Box. ADMX Info: -- GP English name: *Turn off display of recent search entries in the File Explorer search box* +- GP Friendly name: *Turn off display of recent search entries in the File Explorer search box* - GP name: *DisableSearchBoxSuggestions* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -885,7 +885,7 @@ If you disable or do not configure this policy setting, file shortcut icons that ADMX Info: -- GP English name: *Allow the use of remote paths in file shortcut icons* +- GP Friendly name: *Allow the use of remote paths in file shortcut icons* - GP name: *EnableShellShortcutIconRemotePath* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -964,7 +964,7 @@ If you do not configure this policy, SmartScreen will be enabled by default, but ADMX Info: -- GP English name: *Configure Windows Defender SmartScreen* +- GP Friendly name: *Configure Windows Defender SmartScreen* - GP name: *EnableSmartScreen* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -1035,7 +1035,7 @@ For shell extensions to run on a per-user basis, there must be an entry at HKEY_ ADMX Info: -- GP English name: *Allow only per user or approved shell extensions* +- GP Friendly name: *Allow only per user or approved shell extensions* - GP name: *EnforceShellExtensionSecurity* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -1105,7 +1105,7 @@ If you disable or do not configure this policy setting, users can choose how the ADMX Info: -- GP English name: *Start File Explorer with ribbon minimized* +- GP Friendly name: *Start File Explorer with ribbon minimized* - GP name: *ExplorerRibbonStartsMinimized* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -1174,7 +1174,7 @@ If you disable or do not configure this policy setting, File Explorer shows snip ADMX Info: -- GP English name: *Turn off the display of snippets in Content view mode* +- GP Friendly name: *Turn off the display of snippets in Content view mode* - GP name: *HideContentViewModeSnippets* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -1248,7 +1248,7 @@ Changes to this setting may not be applied until the user logs off from Windows. ADMX Info: -- GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* +- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_Internet* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -1322,7 +1322,7 @@ Changes to this setting may not be applied until the user logs off from Windows. ADMX Info: -- GP English name: *Allow OpenSearch queries in File Explorer* +- GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_InternetLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -1396,7 +1396,7 @@ Changes to this setting may not be applied until the user logs off from Windows. ADMX Info: -- GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* +- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_Intranet* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -1470,7 +1470,7 @@ Changes to this setting may not be applied until the user logs off from Windows. ADMX Info: -- GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* +- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_IntranetLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -1544,7 +1544,7 @@ Changes to this setting may not be applied until the user logs off from Windows. ADMX Info: -- GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* +- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_LocalMachine* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -1618,7 +1618,7 @@ Changes to this setting may not be applied until the user logs off from Windows. ADMX Info: -- GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* +- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_LocalMachineLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -1692,7 +1692,7 @@ Changes to this setting may not be applied until the user logs off from Windows. ADMX Info: -- GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* +- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_Restricted* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -1766,7 +1766,7 @@ Changes to this setting may not be applied until the user logs off from Windows. ADMX Info: -- GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* +- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_RestrictedLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -1840,7 +1840,7 @@ Changes to this setting may not be applied until the user logs off from Windows. ADMX Info: -- GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* +- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_Trusted* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -1914,7 +1914,7 @@ Changes to this setting may not be applied until the user logs off from Windows. ADMX Info: -- GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* +- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer* - GP name: *IZ_Policy_OpenSearchPreview_TrustedLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -1986,7 +1986,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie ADMX Info: -- GP English name: *Allow OpenSearch queries in File Explorer* +- GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_Internet* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -2058,7 +2058,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie ADMX Info: -- GP English name: *Allow OpenSearch queries in File Explorer* +- GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_InternetLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -2130,7 +2130,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie ADMX Info: -- GP English name: *Allow OpenSearch queries in File Explorer* +- GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_Intranet* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -2202,7 +2202,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie ADMX Info: -- GP English name: *Allow OpenSearch queries in File Explorer* +- GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_IntranetLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -2274,7 +2274,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie ADMX Info: -- GP English name: *Allow OpenSearch queries in File Explorer* +- GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_LocalMachine* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -2346,7 +2346,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie ADMX Info: -- GP English name: *Allow OpenSearch queries in File Explorer* +- GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_LocalMachineLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -2418,7 +2418,7 @@ If you do not configure this policy setting, users cannot perform OpenSearch que ADMX Info: -- GP English name: *Allow OpenSearch queries in File Explorer* +- GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_Restricted* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -2491,7 +2491,7 @@ If you do not configure this policy setting, users cannot perform OpenSearch que ADMX Info: -- GP English name: *Allow OpenSearch queries in File Explorer* +- GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_RestrictedLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -2564,7 +2564,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie ADMX Info: -- GP English name: *Allow OpenSearch queries in File Explorer* +- GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_Trusted* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -2636,7 +2636,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie ADMX Info: -- GP English name: *Allow OpenSearch queries in File Explorer* +- GP Friendly name: *Allow OpenSearch queries in File Explorer* - GP name: *IZ_Policy_OpenSearchQuery_TrustedLockdown* - GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone* - GP ADMX file name: *WindowsExplorer.admx* @@ -2707,7 +2707,7 @@ If you disable or do not configure this policy setting, Windows searches for the ADMX Info: -- GP English name: *Do not track Shell shortcuts during roaming* +- GP Friendly name: *Do not track Shell shortcuts during roaming* - GP name: *LinkResolveIgnoreLinkInfo* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -2776,7 +2776,7 @@ If you disable or do not configure this policy setting, by default, the system d ADMX Info: -- GP English name: *Maximum number of recent documents* +- GP Friendly name: *Maximum number of recent documents* - GP name: *MaxRecentDocs* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -2849,7 +2849,7 @@ If you disable or do not configure this policy setting, the Back button is displ ADMX Info: -- GP English name: *Hide the common dialog back button* +- GP Friendly name: *Hide the common dialog back button* - GP name: *NoBackButton* - GP path: *Windows Components\File Explorer\Common Open File Dialog* - GP ADMX file name: *WindowsExplorer.admx* @@ -2921,7 +2921,7 @@ If you disable or do not configure this policy setting, users are able to use th ADMX Info: -- GP English name: *Remove CD Burning features* +- GP Friendly name: *Remove CD Burning features* - GP name: *NoCDBurning* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -2993,7 +2993,7 @@ If you disable or do not configure this policy setting, thumbnail views are cach ADMX Info: -- GP English name: *Turn off caching of thumbnail pictures* +- GP Friendly name: *Turn off caching of thumbnail pictures* - GP name: *NoCacheThumbNailPictures* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -3064,7 +3064,7 @@ If you disable or do not configure this policy setting, users are allowed to tur ADMX Info: -- GP English name: *Remove UI to change menu animation setting* +- GP Friendly name: *Remove UI to change menu animation setting* - GP name: *NoChangeAnimation* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -3131,7 +3131,7 @@ Effects, such as transitory underlines, are designed to enhance the user's exper ADMX Info: -- GP English name: *Remove UI to change keyboard navigation indicator setting* +- GP Friendly name: *Remove UI to change keyboard navigation indicator setting* - GP name: *NoChangeKeyboardNavigationIndicators* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -3200,7 +3200,7 @@ If you disable or do not configure this policy setting, the DFS tab is available ADMX Info: -- GP English name: *Remove DFS tab* +- GP Friendly name: *Remove DFS tab* - GP name: *NoDFSTab* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -3274,7 +3274,7 @@ If you disable or do not configure this policy setting, all drives are displayed ADMX Info: -- GP English name: *Hide these specified drives in My Computer* +- GP Friendly name: *Hide these specified drives in My Computer* - GP name: *NoDrives* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -3348,7 +3348,7 @@ To remove computers in the user's workgroup or domain from lists of network reso ADMX Info: -- GP English name: *No Entire Network in Network Locations* +- GP Friendly name: *No Entire Network in Network Locations* - GP name: *NoEntireNetwork* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -3422,7 +3422,7 @@ To see an example of the standard Open dialog box, start WordPad and, on the Fil ADMX Info: -- GP English name: *Hide the dropdown list of recent files* +- GP Friendly name: *Hide the dropdown list of recent files* - GP name: *NoFileMRU* - GP path: *Windows Components\File Explorer\Common Open File Dialog* - GP ADMX file name: *WindowsExplorer.admx* @@ -3489,7 +3489,7 @@ This setting does not prevent users from using other methods to perform tasks av ADMX Info: -- GP English name: *Remove File menu from File Explorer* +- GP Friendly name: *Remove File menu from File Explorer* - GP name: *NoFileMenu* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -3560,7 +3560,7 @@ If you disable or do not configure this policy setting, users can open Folder Op ADMX Info: -- GP English name: *Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon* +- GP Friendly name: *Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon* - GP name: *NoFolderOptions* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -3625,7 +3625,7 @@ Available in the latest Windows 10 Insider Preview Build. Removes the Hardware t ADMX Info: -- GP English name: *Remove Hardware tab* +- GP Friendly name: *Remove Hardware tab* - GP name: *NoHardwareTab* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -3697,7 +3697,7 @@ This setting does not remove the Computer Management item from the Start menu (S ADMX Info: -- GP English name: *Hides the Manage item on the File Explorer context menu* +- GP Friendly name: *Hides the Manage item on the File Explorer context menu* - GP name: *NoManageMyComputerVerb* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -3769,7 +3769,7 @@ If you disable or do not configure this policy setting, the Shared Documents fol ADMX Info: -- GP English name: *Remove Shared Documents from My Computer* +- GP Friendly name: *Remove Shared Documents from My Computer* - GP name: *NoMyComputerSharedDocuments* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -3843,7 +3843,7 @@ This setting does not prevent users from connecting to another computer by typin ADMX Info: -- GP English name: *Remove "Map Network Drive" and "Disconnect Network Drive"* +- GP Friendly name: *Remove "Map Network Drive" and "Disconnect Network Drive"* - GP name: *NoNetConnectDisconnect* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -3910,7 +3910,7 @@ If this group policy is enabled, no notifications will be shown. If the group po ADMX Info: -- GP English name: *Do not show the 'new application installed' notification* +- GP Friendly name: *Do not show the 'new application installed' notification* - GP name: *NoNewAppAlert* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -3980,7 +3980,7 @@ To see an example of the standard Open dialog box, start WordPad and, on the Fil ADMX Info: -- GP English name: *Hide the common dialog places bar* +- GP Friendly name: *Hide the common dialog places bar* - GP name: *NoPlacesBar* - GP path: *Windows Components\File Explorer\Common Open File Dialog* - GP ADMX file name: *WindowsExplorer.admx* @@ -4049,7 +4049,7 @@ If you disable or do not configure this setting, files and folders deleted using ADMX Info: -- GP English name: *Do not move deleted files to the Recycle Bin* +- GP Friendly name: *Do not move deleted files to the Recycle Bin* - GP name: *NoRecycleFiles* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -4122,7 +4122,7 @@ By default, users are not prompted for alternate logon credentials when installi ADMX Info: -- GP English name: *Do not request alternate credentials* +- GP Friendly name: *Do not request alternate credentials* - GP name: *NoRunAsInstallPrompt* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -4191,7 +4191,7 @@ If you do not configure this policy (default), there will be an "Internet" link ADMX Info: -- GP English name: *Remove the Search the Internet "Search again" link* +- GP Friendly name: *Remove the Search the Internet "Search again" link* - GP name: *NoSearchInternetTryHarderButton* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -4260,7 +4260,7 @@ If you disable or do not configure this setting, users will be able to access th ADMX Info: -- GP English name: *Remove Security tab* +- GP Friendly name: *Remove Security tab* - GP name: *NoSecurityTab* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -4329,7 +4329,7 @@ This policy setting does not affect the Search items on the File Explorer contex ADMX Info: -- GP English name: *Remove Search button from File Explorer* +- GP Friendly name: *Remove Search button from File Explorer* - GP name: *NoShellSearchButton* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -4399,7 +4399,7 @@ If you disable or do not configure this policy setting, File Explorer will sort ADMX Info: -- GP English name: *Turn off numerical sorting in File Explorer* +- GP Friendly name: *Turn off numerical sorting in File Explorer* - GP name: *NoStrCmpLogical* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -4466,7 +4466,7 @@ If you enable this setting, menus do not appear when you right-click the desktop ADMX Info: -- GP English name: *Remove File Explorer's default context menu* +- GP Friendly name: *Remove File Explorer's default context menu* - GP name: *NoViewContextMenu* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -4540,7 +4540,7 @@ To use this setting, select a drive or combination of drives from the drop-down ADMX Info: -- GP English name: *Prevent access to drives from My Computer* +- GP Friendly name: *Prevent access to drives from My Computer* - GP name: *NoViewOnDrive* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -4611,7 +4611,7 @@ If you disable or do not configure this setting, the Windows Key hotkeys are ava ADMX Info: -- GP English name: *Turn off Windows Key hotkeys* +- GP Friendly name: *Turn off Windows Key hotkeys* - GP name: *NoWindowsHotKeys* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -4684,7 +4684,7 @@ To remove network computers from lists of network resources, use the "No Entire ADMX Info: -- GP English name: *No Computers Near Me in Network Locations* +- GP Friendly name: *No Computers Near Me in Network Locations* - GP name: *NoWorkgroupContents* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -4766,7 +4766,7 @@ If you disable or do not configure this setting the default list of items will b ADMX Info: -- GP English name: *Items displayed in Places Bar* +- GP Friendly name: *Items displayed in Places Bar* - GP name: *PlacesBar* - GP path: *Windows Components\File Explorer\Common Open File Dialog* - GP ADMX file name: *WindowsExplorer.admx* @@ -4842,7 +4842,7 @@ If the dialog box does not appear, the installation proceeds with the current us ADMX Info: -- GP English name: *Request credentials for network installations* +- GP Friendly name: *Request credentials for network installations* - GP name: *PromptRunasInstallNetPath* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -4914,7 +4914,7 @@ If you disable or do not configure this setting, users can change the total amou ADMX Info: -- GP English name: *Maximum allowed Recycle Bin size* +- GP Friendly name: *Maximum allowed Recycle Bin size* - GP name: *RecycleBinSize* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -4985,7 +4985,7 @@ If you do not configure this policy setting the protocol is in the protected mod ADMX Info: -- GP English name: *Turn off shell protocol protected mode* +- GP Friendly name: *Turn off shell protocol protected mode* - GP name: *ShellProtocolProtectedModeTitle_1* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -5056,7 +5056,7 @@ If you do not configure this policy setting the protocol is in the protected mod ADMX Info: -- GP English name: *Turn off shell protocol protected mode* +- GP Friendly name: *Turn off shell protocol protected mode* - GP name: *ShellProtocolProtectedModeTitle_2* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -5127,7 +5127,7 @@ If you do not configure this policy setting, users will be able to choose whethe ADMX Info: -- GP English name: *Show hibernate in the power options menu* +- GP Friendly name: *Show hibernate in the power options menu* - GP name: *ShowHibernateOption* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -5198,7 +5198,7 @@ If you do not configure this policy setting, users will be able to choose whethe ADMX Info: -- GP English name: *Show sleep in the power options menu* +- GP Friendly name: *Show sleep in the power options menu* - GP name: *ShowSleepOption* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -5271,7 +5271,7 @@ If you disable or do not configure this policy setting, no Libraries or Search C ADMX Info: -- GP English name: *Pin Libraries or Search Connectors to the "Search again" links and the Start menu* +- GP Friendly name: *Pin Libraries or Search Connectors to the "Search again" links and the Start menu* - GP name: *TryHarderPinnedLibrary* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* @@ -5344,7 +5344,7 @@ If you disable or do not configure this policy setting, no custom Internet searc ADMX Info: -- GP English name: *Pin Internet search sites to the "Search again" links and the Start menu* +- GP Friendly name: *Pin Internet search sites to the "Search again" links and the Start menu* - GP name: *TryHarderPinnedOpenSearch* - GP path: *Windows Components\File Explorer* - GP ADMX file name: *WindowsExplorer.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md b/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md index 66662cba51..bc2f8b6a02 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md @@ -99,7 +99,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting hi ADMX Info: -- GP English name: *Hide the file scan progress window* +- GP Friendly name: *Hide the file scan progress window* - GP name: *WFPShowProgress* - GP path: *Windows File Protection!SfcShowProgress* - GP ADMX file name: *WindowsFileProtection.admx* @@ -173,7 +173,7 @@ To indicate that the cache size is unlimited, select "4294967295" as the maximum ADMX Info: -- GP English name: *Limit Windows File Protection cache size* +- GP Friendly name: *Limit Windows File Protection cache size* - GP name: *WFPQuota* - GP path: *System\Windows File Protection* - GP ADMX file name: *WindowsFileProtection.admx* @@ -251,7 +251,7 @@ This setting delays each startup. ADMX Info: -- GP English name: *Set Windows File Protection scanning* +- GP Friendly name: *Set Windows File Protection scanning* - GP name: *WFPScan* - GP path: *System\Windows File Protection* - GP ADMX file name: *WindowsFileProtection.admx* @@ -333,7 +333,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec ADMX Info: -- GP English name: *Specify Windows File Protection cache location* +- GP Friendly name: *Specify Windows File Protection cache location* - GP name: *WFPDllCacheDir* - GP path: *System\Windows File Protection* - GP ADMX file name: *WindowsFileProtection.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md index 301c276ef2..43885e4dc8 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md @@ -92,7 +92,7 @@ When this policy is either disabled or not configured, Windows Media DRM functio ADMX Info: -- GP English name: *Prevent Windows Media DRM Internet Access* +- GP Friendly name: *Prevent Windows Media DRM Internet Access* - GP name: *DisableOnline* - GP path: *Windows Components\Windows Media Digital Rights Management* - GP ADMX file name: *WindowsMediaDRM.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 86aa3334d8..73bedb6677 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -162,7 +162,7 @@ If you do not configure this policy setting, users can configure the HTTP proxy ADMX Info: -- GP English name: *Configure HTTP Proxy* +- GP Friendly name: *Configure HTTP Proxy* - GP name: *ConfigureHTTPProxySettings* - GP path: *Windows Components\Windows Media Player\Networking* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -242,7 +242,7 @@ If you do not configure this policy setting, users can configure the MMS proxy s ADMX Info: -- GP English name: *Configure MMS Proxy* +- GP Friendly name: *Configure MMS Proxy* - GP name: *ConfigureMMSProxySettings* - GP path: *Windows Components\Windows Media Player\Networking* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -320,7 +320,7 @@ If you do not configure this policy setting, users can configure the RTSP proxy ADMX Info: -- GP English name: *Configure RTSP Proxy* +- GP Friendly name: *Configure RTSP Proxy* - GP name: *ConfigureRTSPProxySettings* - GP path: *Windows Components\Windows Media Player\Networking* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -391,7 +391,7 @@ If you disable or do not configure this policy setting, the dialog boxes are dis ADMX Info: -- GP English name: *Prevent Automatic Updates* +- GP Friendly name: *Prevent Automatic Updates* - GP name: *DisableAutoUpdate* - GP path: *Windows Components\Windows Media Player* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -460,7 +460,7 @@ If you disable or do not configure this policy setting, the Network tab appears ADMX Info: -- GP English name: *Hide Network Tab* +- GP Friendly name: *Hide Network Tab* - GP name: *DisableNetworkSettings* - GP path: *Windows Components\Windows Media Player\Networking* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -531,7 +531,7 @@ If you do not configure this policy setting, and the "Set and lock skin" policy ADMX Info: -- GP English name: *Do Not Show First Use Dialog Boxes* +- GP Friendly name: *Do Not Show First Use Dialog Boxes* - GP name: *DisableSetupFirstUseConfiguration* - GP path: *Windows Components\Windows Media Player* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -602,7 +602,7 @@ When this policy is not configured and the Set and Lock Skin policy is enabled, ADMX Info: -- GP English name: *Do Not Show Anchor* +- GP Friendly name: *Do Not Show Anchor* - GP name: *DoNotShowAnchor* - GP path: *Windows Components\Windows Media Player\User Interface* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -675,7 +675,7 @@ Video smoothing is available only on the Windows XP Home Edition and Windows XP ADMX Info: -- GP English name: *Prevent Video Smoothing* +- GP Friendly name: *Prevent Video Smoothing* - GP name: *DontUseFrameInterpolation* - GP path: *Windows Components\Windows Media Player* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -746,7 +746,7 @@ If you do not configure this policy setting, users can change the setting for th ADMX Info: -- GP English name: *Allow Screen Saver* +- GP Friendly name: *Allow Screen Saver* - GP name: *EnableScreenSaver* - GP path: *Windows Components\Windows Media Player\Playback* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -817,7 +817,7 @@ If you disable or do not configure this policy setting, the Privacy tab is not h ADMX Info: -- GP English name: *Prevent Automatic Updates* +- GP Friendly name: *Prevent Automatic Updates* - GP name: *HidePrivacyTab* - GP path: *Windows Components\Windows Media Player\User Interface* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -886,7 +886,7 @@ If you disable or do not configure this policy setting, users can configure the ADMX Info: -- GP English name: *Hide Security Tab* +- GP Friendly name: *Hide Security Tab* - GP name: *HideSecurityTab* - GP path: *Windows Components\Windows Media Player\User Interface* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -960,7 +960,7 @@ If you disable or do not configure this policy setting, users can change the buf ADMX Info: -- GP English name: *Configure Network Buffering* +- GP Friendly name: *Configure Network Buffering* - GP name: *NetworkBuffering* - GP path: *Windows Components\Windows Media Player\Networking* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1031,7 +1031,7 @@ If you do not configure this policy setting, users can change the setting for th ADMX Info: -- GP English name: *Prevent Codec Download* +- GP Friendly name: *Prevent Codec Download* - GP name: *PolicyCodecUpdate* - GP path: *Windows Components\Windows Media Player\Playback* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1100,7 +1100,7 @@ If you disable or do not configure this policy setting, users can change the set ADMX Info: -- GP English name: *Prevent CD and DVD Media Information Retrieval* +- GP Friendly name: *Prevent CD and DVD Media Information Retrieval* - GP name: *PreventCDDVDMetadataRetrieval* - GP path: *Windows Components\Windows Media Player* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1169,7 +1169,7 @@ If you disable or do not configure this policy setting, anyone using Windows Med ADMX Info: -- GP English name: *Prevent Media Sharing* +- GP Friendly name: *Prevent Media Sharing* - GP name: *PreventLibrarySharing* - GP path: *Windows Components\Windows Media Player* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1238,7 +1238,7 @@ If you disable or do not configure this policy setting, users can change the set ADMX Info: -- GP English name: *Prevent Music File Media Information Retrieval* +- GP Friendly name: *Prevent Music File Media Information Retrieval* - GP name: *PreventMusicFileMetadataRetrieval* - GP path: *Windows Components\Windows Media Player* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1307,7 +1307,7 @@ If you disable or do not configure this policy setting, the user can choose whet ADMX Info: -- GP English name: *Prevent Quick Launch Toolbar Shortcut Creation* +- GP Friendly name: *Prevent Quick Launch Toolbar Shortcut Creation* - GP name: *PreventQuickLaunchShortcut* - GP path: *Windows Components\Windows Media Player* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1375,7 +1375,7 @@ If you disable or do not configure this policy setting, the Player automatically ADMX Info: -- GP English name: *PPrevent Radio Station Preset Retrieval* +- GP Friendly name: *PPrevent Radio Station Preset Retrieval* - GP name: *PreventRadioPresetsRetrieval* - GP path: *Windows Components\Windows Media Player* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1444,7 +1444,7 @@ If you disable or do not configure this policy setting, users can choose whether ADMX Info: -- GP English name: *Prevent Desktop Shortcut Creation* +- GP Friendly name: *Prevent Desktop Shortcut Creation* - GP name: *PreventWMPDeskTopShortcut* - GP path: *Windows Components\Windows Media Player* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1517,7 +1517,7 @@ If you disable or do not configure this policy setting, users can display the Pl ADMX Info: -- GP English name: *Set and Lock Skin* +- GP Friendly name: *Set and Lock Skin* - GP name: *SkinLockDown* - GP path: *Windows Components\Windows Media Player\User Interface* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1590,7 +1590,7 @@ If you disable this policy setting, the Protocols for MMS URLs and Multicast str ADMX Info: -- GP English name: *Streaming Media Protocols* +- GP Friendly name: *Streaming Media Protocols* - GP name: *WindowsStreamingMediaProtocols* - GP path: *Windows Components\Windows Media Player\Networking* - GP ADMX file name: *WindowsMediaPlayer.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md index 89752639b2..71e5c8b5aa 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md @@ -91,7 +91,7 @@ If you enable this policy setting, the WinRM service does not accept Kerberos cr ADMX Info: -- GP English name: *Disallow Kerberos authentication* +- GP Friendly name: *Disallow Kerberos authentication* - GP name: *DisallowKerberos_1* - GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -161,7 +161,7 @@ If you disable or do not configure this policy setting, the WinRM client uses th ADMX Info: -- GP English name: *Disallow Kerberos authentication* +- GP Friendly name: *Disallow Kerberos authentication* - GP name: *DisallowKerberos_2* - GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md index ce460a7d15..815572c120 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md @@ -102,7 +102,7 @@ If you don't configure this setting, the automatic download of app updates is de ADMX Info: -- GP English name: *Turn off Automatic Download of updates on Win8 machines* +- GP Friendly name: *Turn off Automatic Download of updates on Win8 machines* - GP name: *DisableAutoDownloadWin8* - GP path: *Windows Components\Store* - GP ADMX file name: *WindowsStore.admx* @@ -173,7 +173,7 @@ If you disable or do not configure this setting the Store application will offer ADMX Info: -- GP English name: *Turn off the offer to update to the latest version of Windows* +- GP Friendly name: *Turn off the offer to update to the latest version of Windows* - GP name: *DisableOSUpgrade_1* - GP path: *Windows Components\Store* - GP ADMX file name: *WindowsStore.admx* @@ -244,7 +244,7 @@ If you disable or do not configure this setting the Store application will offer ADMX Info: -- GP English name: *Turn off the offer to update to the latest version of Windows* +- GP Friendly name: *Turn off the offer to update to the latest version of Windows* - GP name: *DisableOSUpgrade_2* - GP path: *Windows Components\Store* - GP ADMX file name: *WindowsStore.admx* @@ -315,7 +315,7 @@ If you disable or don't configure this setting, access to the Store application ADMX Info: -- GP English name: *Turn off the Store application* +- GP Friendly name: *Turn off the Store application* - GP name: *RemoveWindowsStore_1* - GP path: *Windows Components\Store* - GP ADMX file name: *WindowsStore.admx* @@ -386,7 +386,7 @@ If you disable or don't configure this setting, access to the Store application ADMX Info: -- GP English name: *Turn off the Store application* +- GP Friendly name: *Turn off the Store application* - GP name: *RemoveWindowsStore_2* - GP path: *Windows Components\Store* - GP ADMX file name: *WindowsStore.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md index 29981fc6c6..bff41ec699 100644 --- a/windows/client-management/mdm/policy-csp-admx-wininit.md +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -96,7 +96,7 @@ If you disable or do not configure this policy setting, the system creates the n ADMX Info: -- GP English name: *Turn off legacy remote shutdown interface* +- GP Friendly name: *Turn off legacy remote shutdown interface* - GP name: *DisableNamedPipeShutdownPolicyDescription* - GP path: *Windows Components\Shutdown Options* - GP ADMX file name: *WinInit.admx* @@ -165,7 +165,7 @@ If you disable or do not configure this policy setting, the local setting is use ADMX Info: -- GP English name: *Require use of fast startup* +- GP Friendly name: *Require use of fast startup* - GP name: *Hiberboot* - GP path: *System\Shutdown* - GP ADMX file name: *WinInit.admx* @@ -234,7 +234,7 @@ If you disable or do not configure this policy setting, the default timeout valu ADMX Info: -- GP English name: *Timeout for hung logon sessions during shutdown* +- GP Friendly name: *Timeout for hung logon sessions during shutdown* - GP name: *ShutdownTimeoutHungSessionsDescription* - GP path: *Windows Components\Shutdown Options* - GP ADMX file name: *WinInit.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index 1867096ce5..357f16b165 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -108,7 +108,7 @@ If you disable this setting or do not configure it, the setting is ignored and t ADMX Info: -- GP English name: *Custom User Interface* +- GP Friendly name: *Custom User Interface* - GP name: *CustomShell* - GP path: *System* - GP ADMX file name: *WinLogon.admx* @@ -179,7 +179,7 @@ If you disable or do not configure this setting, messages about the previous log ADMX Info: -- GP English name: *Display information about previous logons during user logon* +- GP Friendly name: *Display information about previous logons during user logon* - GP name: *DisplayLastLogonInfoDescription* - GP path: *Windows Components\Windows Logon Options* - GP ADMX file name: *WinLogon.admx* @@ -252,7 +252,7 @@ If you disable or do not configure this setting, users receive warnings before t ADMX Info: -- GP English name: *Remove logon hours expiration warnings* +- GP Friendly name: *Remove logon hours expiration warnings* - GP name: *LogonHoursNotificationPolicyDescription* - GP path: *Windows Components\Windows Logon Options* - GP ADMX file name: *WinLogon.admx* @@ -326,7 +326,7 @@ If you disable or do not configure this setting, the system takes no action when ADMX Info: -- GP English name: *Set action to take when logon hours expire* +- GP Friendly name: *Set action to take when logon hours expire* - GP name: *LogonHoursPolicyDescription* - GP path: *Windows Components\Windows Logon Options* - GP ADMX file name: *WinLogon.admx* @@ -396,7 +396,7 @@ If disabled or not configured, no popup will be displayed to the user. ADMX Info: -- GP English name: *Report when logon server was not available during user logon* +- GP Friendly name: *Report when logon server was not available during user logon* - GP name: *ReportCachedLogonPolicyDescription* - GP path: *Windows Components\Windows Logon Options* - GP ADMX file name: *WinLogon.admx* @@ -470,7 +470,7 @@ If you disable or do not configure this setting, only Ease of Access application ADMX Info: -- GP English name: *Disable or enable software Secure Attention Sequence* +- GP Friendly name: *Disable or enable software Secure Attention Sequence* - GP name: *SoftwareSASGeneration* - GP path: *Windows Components\Windows Logon Options* - GP ADMX file name: *WinLogon.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md index afef9cf403..30d6f460e5 100644 --- a/windows/client-management/mdm/policy-csp-admx-winsrv.md +++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md @@ -94,7 +94,7 @@ By default, such applications are automatically terminated if they attempt to ca ADMX Info: -- GP English name: *Turn off automatic termination of applications that block or cancel shutdown* +- GP Friendly name: *Turn off automatic termination of applications that block or cancel shutdown* - GP name: *AllowBlockingAppsAtShutdown* - GP path: *System\Shutdown Options* - GP ADMX file name: *Winsrv.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md index 8dc6686b17..83fdd75390 100644 --- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md +++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md @@ -98,7 +98,7 @@ If this policy setting is enabled, a drop-down list box presenting possible cost ADMX Info: -- GP English name: *Set Cost* +- GP Friendly name: *Set Cost* - GP name: *IncludeCmdLine* - GP path: *Network\WLAN Service\WLAN Media Cost* - GP ADMX file name: *wlansvc.admx* @@ -167,7 +167,7 @@ If this policy setting is disabled or is not configured, by default Push Button ADMX Info: -- GP English name: *Require PIN pairing* +- GP Friendly name: *Require PIN pairing* - GP name: *SetPINEnforced* - GP path: *Network\Wireless Display* - GP ADMX file name: *wlansvc.admx* @@ -236,7 +236,7 @@ If this policy setting is disabled or is not configured, by default Push Button ADMX Info: -- GP English name: *Prefer PIN pairing* +- GP Friendly name: *Prefer PIN pairing* - GP name: *SetPINPreferred* - GP path: *Network\Wireless Display* - GP ADMX file name: *wlansvc.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md index 99ac55e97e..6538f66279 100644 --- a/windows/client-management/mdm/policy-csp-admx-wpn.md +++ b/windows/client-management/mdm/policy-csp-admx-wpn.md @@ -107,7 +107,7 @@ If you do not configure this policy setting, voice and video calls will be allow ADMX Info: -- GP English name: *Turn off calls during Quiet Hours* +- GP Friendly name: *Turn off calls during Quiet Hours* - GP name: *NoCallsDuringQuietHours* - GP path: *Start Menu and Taskbar\Notifications* - GP ADMX file name: *WPN.admx* @@ -178,7 +178,7 @@ No reboots or service restarts are required for this policy setting to take effe ADMX Info: -- GP English name: *Turn off toast notifications on the lock screen* +- GP Friendly name: *Turn off toast notifications on the lock screen* - GP name: *NoLockScreenToastNotification* - GP path: *Start Menu and Taskbar\Notifications* - GP ADMX file name: *WPN.admx* @@ -249,7 +249,7 @@ If you do not configure this policy setting, Quiet Hours are enabled by default ADMX Info: -- GP English name: *Turn off Quiet Hours* +- GP Friendly name: *Turn off Quiet Hours* - GP name: *NoQuietHours* - GP path: *Start Menu and Taskbar\Notifications* - GP ADMX file name: *WPN.admx* @@ -324,7 +324,7 @@ No reboots or service restarts are required for this policy setting to take effe ADMX Info: -- GP English name: *Turn off toast notifications* +- GP Friendly name: *Turn off toast notifications* - GP name: *NoToastNotification* - GP path: *Start Menu and Taskbar\Notifications* - GP ADMX file name: *WPN.admx* @@ -395,7 +395,7 @@ If you do not configure this policy setting, a default value will be used, which ADMX Info: -- GP English name: *Set the time Quiet Hours begins each day* +- GP Friendly name: *Set the time Quiet Hours begins each day* - GP name: *QuietHoursDailyBeginMinute* - GP path: *Start Menu and Taskbar\Notifications* - GP ADMX file name: *WPN.admx* @@ -466,7 +466,7 @@ If you do not configure this policy setting, a default value will be used, which ADMX Info: -- GP English name: *Set the time Quiet Hours ends each day* +- GP Friendly name: *Set the time Quiet Hours ends each day* - GP name: *QuietHoursDailyEndMinute* - GP path: *Start Menu and Taskbar\Notifications* - GP ADMX file name: *WPN.admx* diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index eb4a7086d1..87aec967af 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -84,7 +84,7 @@ If policy is enabled and the client machine is Azure Active Directory joined, th ADMX Info: -- GP English name: *Set a default associations configuration file* +- GP Friendly name: *Set a default associations configuration file* - GP name: *DefaultAssociationsConfiguration* - GP element: *DefaultAssociationsConfiguration_TextBox* - GP path: *File Explorer* @@ -204,7 +204,7 @@ If you do not configure this policy setting, the default behavior depends on the ADMX Info: -- GP English name: *Configure web-to-app linking with app URI handlers* +- GP Friendly name: *Configure web-to-app linking with app URI handlers* - GP name: *EnableAppUriHandlers* - GP path: *System/Group Policy* - GP ADMX file name: *GroupPolicy.admx* diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 9bbbdcc162..983dc1cc33 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -118,7 +118,7 @@ Most restricted value is 0. ADMX Info: -- GP English name: *Allow all trusted apps to install* +- GP Friendly name: *Allow all trusted apps to install* - GP name: *AppxDeploymentAllowAllTrustedApps* - GP path: *Windows Components/App Package Deployment* - GP ADMX file name: *AppxPackageManager.admx* @@ -188,7 +188,7 @@ Most restricted value is 0. ADMX Info: -- GP English name: *Turn off Automatic Download and Install of updates* +- GP Friendly name: *Turn off Automatic Download and Install of updates* - GP name: *DisableAutoInstall* - GP path: *Windows Components/Store* - GP ADMX file name: *WindowsStore.admx* @@ -256,7 +256,7 @@ Most restricted value is 0. ADMX Info: -- GP English name: *Allows development of Windows Store apps and installing them from an integrated development environment (IDE)* +- GP Friendly name: *Allows development of Windows Store apps and installing them from an integrated development environment (IDE)* - GP name: *AllowDevelopmentWithoutDevLicense* - GP path: *Windows Components/App Package Deployment* - GP ADMX file name: *AppxPackageManager.admx* @@ -328,7 +328,7 @@ Most restricted value is 0. ADMX Info: -- GP English name: *Enables or disables Windows Game Recording and Broadcasting* +- GP Friendly name: *Enables or disables Windows Game Recording and Broadcasting* - GP name: *AllowGameDVR* - GP path: *Windows Components/Windows Game Recording and Broadcasting* - GP ADMX file name: *GameDVR.admx* @@ -395,7 +395,7 @@ The following list shows the supported values: ADMX Info: -- GP English name: *Allow a Windows app to share application data between users* +- GP Friendly name: *Allow a Windows app to share application data between users* - GP name: *AllowSharedLocalAppData* - GP path: *Windows Components/App Package Deployment* - GP ADMX file name: *AppxPackageManager.admx* @@ -469,7 +469,7 @@ If you disable or do not configure this policy, all users will be able to initia ADMX Info: -- GP English name: *Prevent non-admin users from installing packaged Windows apps* +- GP Friendly name: *Prevent non-admin users from installing packaged Windows apps* - GP name: *BlockNonAdminUserInstall* - GP path: *Windows Components/App Package Deployment* - GP ADMX file name: *AppxPackageManager.admx* @@ -539,7 +539,7 @@ Added in Windows 10, version 1607. Boolean value that disables the launch of al ADMX Info: -- GP English name: *Disable all apps from Microsoft Store* +- GP Friendly name: *Disable all apps from Microsoft Store* - GP name: *DisableStoreApps* - GP path: *Windows Components/Store* - GP ADMX file name: *WindowsStore.admx* @@ -684,7 +684,7 @@ This policy setting is designed for less restrictive environments. It can be use ADMX Info: -- GP English name: *Allow user control over installs* +- GP Friendly name: *Allow user control over installs* - GP name: *EnableUserControl* - GP path: *Windows Components/Windows Installer* - GP ADMX file name: *MSI.admx* @@ -756,7 +756,7 @@ Caution: Skilled users can take advantage of the permissions this policy setting ADMX Info: -- GP English name: *Always install with elevated privileges* +- GP Friendly name: *Always install with elevated privileges* - GP name: *AlwaysInstallElevated* - GP path: *Windows Components/Windows Installer* - GP ADMX file name: *MSI.admx* @@ -823,7 +823,7 @@ Most restricted value is 1. ADMX Info: -- GP English name: *Only display the private store within the Microsoft Store* +- GP Friendly name: *Only display the private store within the Microsoft Store* - GP name: *RequirePrivateStoreOnly* - GP path: *Windows Components/Store* - GP ADMX file name: *WindowsStore.admx* @@ -891,7 +891,7 @@ Most restricted value is 1. ADMX Info: -- GP English name: *Prevent users' app data from being stored on non-system volumes* +- GP Friendly name: *Prevent users' app data from being stored on non-system volumes* - GP name: *RestrictAppDataToSystemVolume* - GP path: *Windows Components/App Package Deployment* - GP ADMX file name: *AppxPackageManager.admx* @@ -959,7 +959,7 @@ Most restricted value is 1. ADMX Info: -- GP English name: *Disable installing Windows apps on non-system volumes* +- GP Friendly name: *Disable installing Windows apps on non-system volumes* - GP name: *DisableDeploymentToNonSystemVolumes* - GP path: *Windows Components/App Package Deployment* - GP ADMX file name: *AppxPackageManager.admx* diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index 2a224f8bfe..5985ed58aa 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -90,7 +90,7 @@ If you disable or do not configure this policy setting, users will need to sign ADMX Info: -- GP English name: *Allow Microsoft accounts to be optional* +- GP Friendly name: *Allow Microsoft accounts to be optional* - GP name: *AppxRuntimeMicrosoftAccountsOptional* - GP path: *Windows Components/App runtime* - GP ADMX file name: *AppXRuntime.admx* diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 63cdb4036d..08865e0dd4 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -167,7 +167,7 @@ This policy setting allows you to enable or disable Microsoft Application Virtua ADMX Info: -- GP English name: *Enable App-V Client* +- GP Friendly name: *Enable App-V Client* - GP name: *EnableAppV* - GP path: *System/App-V* - GP ADMX file name: *appv.admx* @@ -233,7 +233,7 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj ADMX Info: -- GP English name: *Enable Dynamic Virtualization* +- GP Friendly name: *Enable Dynamic Virtualization* - GP name: *Virtualization_JITVEnable* - GP path: *System/App-V/Virtualization* - GP ADMX file name: *appv.admx* @@ -299,7 +299,7 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv ADMX Info: -- GP English name: *Enable automatic cleanup of unused appv packages* +- GP Friendly name: *Enable automatic cleanup of unused appv packages* - GP name: *PackageManagement_AutoCleanupEnable* - GP path: *System/App-V/PackageManagement* - GP ADMX file name: *appv.admx* @@ -365,7 +365,7 @@ Enables scripts defined in the package manifest of configuration files that shou ADMX Info: -- GP English name: *Enable Package Scripts* +- GP Friendly name: *Enable Package Scripts* - GP name: *Scripting_Enable_Package_Scripts* - GP path: *System/App-V/Scripting* - GP ADMX file name: *appv.admx* @@ -431,7 +431,7 @@ Enables a UX to display to the user when a publishing refresh is performed on th ADMX Info: -- GP English name: *Enable Publishing Refresh UX* +- GP Friendly name: *Enable Publishing Refresh UX* - GP name: *Enable_Publishing_Refresh_UX* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -507,7 +507,7 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t ADMX Info: -- GP English name: *Reporting Server* +- GP Friendly name: *Reporting Server* - GP name: *Reporting_Server_Policy* - GP path: *System/App-V/Reporting* - GP ADMX file name: *appv.admx* @@ -573,7 +573,7 @@ Specifies the file paths relative to %userprofile% that do not roam with a user' ADMX Info: -- GP English name: *Roaming File Exclusions* +- GP Friendly name: *Roaming File Exclusions* - GP name: *Integration_Roaming_File_Exclusions* - GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* @@ -639,7 +639,7 @@ Specifies the registry paths that do not roam with a user profile. Example usage ADMX Info: -- GP English name: *Roaming Registry Exclusions* +- GP Friendly name: *Roaming Registry Exclusions* - GP name: *Integration_Roaming_Registry_Exclusions* - GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* @@ -705,7 +705,7 @@ Specifies how new packages should be loaded automatically by App-V on a specific ADMX Info: -- GP English name: *Specify what to load in background (aka AutoLoad)* +- GP Friendly name: *Specify what to load in background (aka AutoLoad)* - GP name: *Steaming_Autoload* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -771,7 +771,7 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package ADMX Info: -- GP English name: *Enable Migration Mode* +- GP Friendly name: *Enable Migration Mode* - GP name: *Client_Coexistence_Enable_Migration_mode* - GP path: *System/App-V/Client Coexistence* - GP ADMX file name: *appv.admx* @@ -837,7 +837,7 @@ Specifies the location where symbolic links are created to the current version o ADMX Info: -- GP English name: *Integration Root User* +- GP Friendly name: *Integration Root User* - GP name: *Integration_Root_User* - GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* @@ -903,7 +903,7 @@ Specifies the location where symbolic links are created to the current version o ADMX Info: -- GP English name: *Integration Root Global* +- GP Friendly name: *Integration Root Global* - GP name: *Integration_Root_Global* - GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* @@ -987,7 +987,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: -- GP English name: *Publishing Server 1 Settings* +- GP Friendly name: *Publishing Server 1 Settings* - GP name: *Publishing_Server1_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -1071,7 +1071,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: -- GP English name: *Publishing Server 2 Settings* +- GP Friendly name: *Publishing Server 2 Settings* - GP name: *Publishing_Server2_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -1155,7 +1155,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: -- GP English name: *Publishing Server 3 Settings* +- GP Friendly name: *Publishing Server 3 Settings* - GP name: *Publishing_Server3_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -1239,7 +1239,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: -- GP English name: *Publishing Server 4 Settings* +- GP Friendly name: *Publishing Server 4 Settings* - GP name: *Publishing_Server4_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -1323,7 +1323,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D ADMX Info: -- GP English name: *Publishing Server 5 Settings* +- GP Friendly name: *Publishing Server 5 Settings* - GP name: *Publishing_Server5_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* @@ -1389,7 +1389,7 @@ Specifies the path to a valid certificate in the certificate store. ADMX Info: -- GP English name: *Certificate Filter For Client SSL* +- GP Friendly name: *Certificate Filter For Client SSL* - GP name: *Streaming_Certificate_Filter_For_Client_SSL* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1455,7 +1455,7 @@ This setting controls whether virtualized applications are launched on Windows 8 ADMX Info: -- GP English name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection* +- GP Friendly name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection* - GP name: *Streaming_Allow_High_Cost_Launch* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1521,7 +1521,7 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP ADMX Info: -- GP English name: *Location Provider* +- GP Friendly name: *Location Provider* - GP name: *Streaming_Location_Provider* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1587,7 +1587,7 @@ Specifies directory where all new applications and updates will be installed. ADMX Info: -- GP English name: *Package Installation Root* +- GP Friendly name: *Package Installation Root* - GP name: *Streaming_Package_Installation_Root* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1653,7 +1653,7 @@ Overrides source location for downloading package content. ADMX Info: -- GP English name: *Package Source Root* +- GP Friendly name: *Package Source Root* - GP name: *Streaming_Package_Source_Root* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1719,7 +1719,7 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio ADMX Info: -- GP English name: *Reestablishment Interval* +- GP Friendly name: *Reestablishment Interval* - GP name: *Streaming_Reestablishment_Interval* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1785,7 +1785,7 @@ Specifies the number of times to retry a dropped session. ADMX Info: -- GP English name: *Reestablishment Retries* +- GP Friendly name: *Reestablishment Retries* - GP name: *Streaming_Reestablishment_Retries* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1851,7 +1851,7 @@ Specifies that streamed package contents will be not be saved to the local hard ADMX Info: -- GP English name: *Shared Content Store (SCS) mode* +- GP Friendly name: *Shared Content Store (SCS) mode* - GP name: *Streaming_Shared_Content_Store_Mode* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1917,7 +1917,7 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming ADMX Info: -- GP English name: *Enable Support for BranchCache* +- GP Friendly name: *Enable Support for BranchCache* - GP name: *Streaming_Support_Branch_Cache* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -1983,7 +1983,7 @@ Verifies Server certificate revocation status before streaming using HTTPS. ADMX Info: -- GP English name: *Verify certificate revocation list* +- GP Friendly name: *Verify certificate revocation list* - GP name: *Streaming_Verify_Certificate_Revocation_List* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* @@ -2049,7 +2049,7 @@ Specifies a list of process paths (may contain wildcards) which are candidates f ADMX Info: -- GP English name: *Virtual Component Process Allow List* +- GP Friendly name: *Virtual Component Process Allow List* - GP name: *Virtualization_JITVAllowList* - GP path: *System/App-V/Virtualization* - GP ADMX file name: *appv.admx* diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index e808f11e13..aa15e81d84 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -98,7 +98,7 @@ If you do not configure this policy setting, Windows marks file attachments with ADMX Info: -- GP English name: *Do not preserve zone information in file attachments* +- GP Friendly name: *Do not preserve zone information in file attachments* - GP name: *AM_MarkZoneOnSavedAtttachments* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* @@ -170,7 +170,7 @@ If you do not configure this policy setting, Windows hides the check box and Unb ADMX Info: -- GP English name: *Hide mechanisms to remove zone information* +- GP Friendly name: *Hide mechanisms to remove zone information* - GP name: *AM_RemoveZoneInfo* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index 73c539f766..5d063b5378 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -255,7 +255,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Account Lockout* +- GP Friendly name: *Audit Account Lockout* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* @@ -329,7 +329,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser GP Info: -- GP English name: *Audit Group Membership* +- GP Friendly name: *Audit Group Membership* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* @@ -405,7 +405,7 @@ Volume: High. GP Info: -- GP English name: *Audit IPsec Extended Mode* +- GP Friendly name: *Audit IPsec Extended Mode* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* @@ -480,7 +480,7 @@ Volume: High. GP Info: -- GP English name: *Audit IPsec Main Mode* +- GP Friendly name: *Audit IPsec Main Mode* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* @@ -554,7 +554,7 @@ Volume: High. GP Info: -- GP English name: *Audit IPsec Quick Mode* +- GP Friendly name: *Audit IPsec Quick Mode* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* @@ -629,7 +629,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Logoff* +- GP Friendly name: *Audit Logoff* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* @@ -707,7 +707,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser GP Info: -- GP English name: *Audit Logon* +- GP Friendly name: *Audit Logon* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* @@ -781,7 +781,7 @@ Volume: Medium or High on NPS and IAS server. No volume on other computers. GP Info: -- GP English name: *Audit Network Policy Server* +- GP Friendly name: *Audit Network Policy Server* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* @@ -861,7 +861,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Other Logon Logoff Events* +- GP Friendly name: *Audit Other Logon Logoff Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* @@ -935,7 +935,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Special Logon* +- GP Friendly name: *Audit Special Logon* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* @@ -1011,7 +1011,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser GP Info: -- GP English name: *Audit User Device Claims* +- GP Friendly name: *Audit User Device Claims* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Logon/Logoff* @@ -1085,7 +1085,7 @@ Volume: High on domain controllers. GP Info: -- GP English name: *Audit Credential Validation* +- GP Friendly name: *Audit Credential Validation* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon* @@ -1160,7 +1160,7 @@ Volume: High on Kerberos Key Distribution Center servers. GP Info: -- GP English name: *Audit Kerberos Authentication Service* +- GP Friendly name: *Audit Kerberos Authentication Service* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon* @@ -1235,7 +1235,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Kerberos Service Ticket Operations* +- GP Friendly name: *Audit Kerberos Service Ticket Operations* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon* @@ -1308,7 +1308,7 @@ Currently, there are no events in this subcategory. GP Info: -- GP English name: *Audit Other Account Logon Events* +- GP Friendly name: *Audit Other Account Logon Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon* @@ -1385,7 +1385,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Application Group Management* +- GP Friendly name: *Audit Application Group Management* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management* @@ -1460,7 +1460,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Computer Account Management* +- GP Friendly name: *Audit Computer Account Management* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management* @@ -1541,7 +1541,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Distribution Group Management* +- GP Friendly name: *Audit Distribution Group Management* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management* @@ -1621,7 +1621,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Other Account Management Events* +- GP Friendly name: *Audit Other Account Management Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management* @@ -1699,7 +1699,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Security Group Management* +- GP Friendly name: *Audit Security Group Management* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management* @@ -1781,7 +1781,7 @@ Volume: Low. GP Info: -- GP English name: *Audit User Account Management* +- GP Friendly name: *Audit User Account Management* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Management* @@ -1854,7 +1854,7 @@ Volume: High. GP Info: -- GP English name: *Audit Detailed Directory Service Replication* +- GP Friendly name: *Audit Detailed Directory Service Replication* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/DS Access* @@ -1930,7 +1930,7 @@ Volume: High on domain controllers. None on client computers. GP Info: -- GP English name: *Audit Directory Service Access* +- GP Friendly name: *Audit Directory Service Access* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/DS Access* @@ -2012,7 +2012,7 @@ Volume: High on domain controllers only. GP Info: -- GP English name: *Audit Directory Service Changes* +- GP Friendly name: *Audit Directory Service Changes* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/DS Access* @@ -2090,7 +2090,7 @@ Volume: Medium on domain controllers. None on client computers. GP Info: -- GP English name: *Audit Directory Service Replication* +- GP Friendly name: *Audit Directory Service Replication* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/DS Access* @@ -2165,7 +2165,7 @@ Volume: Low. GP Info: -- GP English name: *Audit DPAPI Activity* +- GP Friendly name: *Audit DPAPI Activity* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking* @@ -2239,7 +2239,7 @@ Volume: Low. GP Info: -- GP English name: *Audit PNP Activity* +- GP Friendly name: *Audit PNP Activity* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking* @@ -2313,7 +2313,7 @@ Volume: Depends on how the computer is used. GP Info: -- GP English name: *Audit Process Creation* +- GP Friendly name: *Audit Process Creation* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking* @@ -2387,7 +2387,7 @@ Volume: Depends on how the computer is used. GP Info: -- GP English name: *Audit Process Termination* +- GP Friendly name: *Audit Process Termination* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking* @@ -2461,7 +2461,7 @@ Volume: High on RPC servers. GP Info: -- GP English name: *Audit RPC Events* +- GP Friendly name: *Audit RPC Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking* @@ -2532,7 +2532,7 @@ Volume: High. GP Info: -- GP English name: *Audit Token Right Adjusted* +- GP Friendly name: *Audit Token Right Adjusted* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Detailed Tracking* @@ -2609,7 +2609,7 @@ Volume: Depends on the applications that are generating them. GP Info: -- GP English name: *Audit Application Generated* +- GP Friendly name: *Audit Application Generated* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -2687,7 +2687,7 @@ Volume: Potentially high on a file server when the proposed policy differs signi GP Info: -- GP English name: *Audit Central Access Policy Staging* +- GP Friendly name: *Audit Central Access Policy Staging* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -2777,7 +2777,7 @@ Volume: Medium or Low on computers running Active Directory Certificate Services GP Info: -- GP English name: *Audit Certification Services* +- GP Friendly name: *Audit Certification Services* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -2853,7 +2853,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc GP Info: -- GP English name: *Audit Detailed File Share* +- GP Friendly name: *Audit Detailed File Share* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -2929,7 +2929,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc GP Info: -- GP English name: *Audit File Share* +- GP Friendly name: *Audit File Share* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -3006,7 +3006,7 @@ Volume: Depends on how the file system SACLs are configured. GP Info: -- GP English name: *Audit File System* +- GP Friendly name: *Audit File System* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -3091,7 +3091,7 @@ Volume: High. GP Info: -- GP English name: *Audit Filtering Platform Connection* +- GP Friendly name: *Audit Filtering Platform Connection* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -3163,7 +3163,7 @@ Volume: High. GP Info: -- GP English name: *Audit Filtering Platform Packet Drop* +- GP Friendly name: *Audit Filtering Platform Packet Drop* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -3240,7 +3240,7 @@ Volume: Depends on how SACLs are configured. GP Info: -- GP English name: *Audit Handle Manipulation* +- GP Friendly name: *Audit Handle Manipulation* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -3315,7 +3315,7 @@ Volume: High if auditing access of global system objects is enabled. GP Info: -- GP English name: *Audit Kernel Object* +- GP Friendly name: *Audit Kernel Object* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -3397,7 +3397,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Other Object Access Events* +- GP Friendly name: *Audit Other Object Access Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -3474,7 +3474,7 @@ Volume: Depends on how registry SACLs are configured. GP Info: -- GP English name: *Audit Registry* +- GP Friendly name: *Audit Registry* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -3548,7 +3548,7 @@ If you do not configure this policy setting, no audit event is generated when an GP Info: -- GP English name: *Audit Removable Storage* +- GP Friendly name: *Audit Removable Storage* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -3632,7 +3632,7 @@ Volume: High on domain controllers. For information about reducing the amount of GP Info: -- GP English name: *Audit SAM* +- GP Friendly name: *Audit SAM* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access* @@ -3720,7 +3720,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Authentication Policy Change* +- GP Friendly name: *Audit Authentication Policy Change* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change* @@ -3800,7 +3800,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Authorization Policy Change* +- GP Friendly name: *Audit Authorization Policy Change* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change* @@ -3879,7 +3879,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Filtering Platform Policy Change* +- GP Friendly name: *Audit Filtering Platform Policy Change* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change* @@ -3961,7 +3961,7 @@ Volume: Low. GP Info: -- GP English name: *Audit MPSSVC Rule Level Policy Change* +- GP Friendly name: *Audit MPSSVC Rule Level Policy Change* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change* @@ -4039,7 +4039,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Other Policy Change Events* +- GP Friendly name: *Audit Other Policy Change Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change* @@ -4122,7 +4122,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Policy Change* +- GP Friendly name: *Audit Policy Change* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Policy Change* @@ -4228,7 +4228,7 @@ Volume: Very High. GP Info: -- GP English name: *Audit Non Sensitive Privilege Use* +- GP Friendly name: *Audit Non Sensitive Privilege Use* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Privilege Use* @@ -4298,7 +4298,7 @@ Not used. GP Info: -- GP English name: *Audit Other Privilege Use Events* +- GP Friendly name: *Audit Other Privilege Use Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Privilege Use* @@ -4387,7 +4387,7 @@ Volume: High. GP Info: -- GP English name: *Audit Sensitive Privilege Use* +- GP Friendly name: *Audit Sensitive Privilege Use* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Privilege Use* @@ -4467,7 +4467,7 @@ Volume: Low. GP Info: -- GP English name: *Audit IPsec Driver* +- GP Friendly name: *Audit IPsec Driver* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System* @@ -4542,7 +4542,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Other System Events* +- GP Friendly name: *Audit Other System Events* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System* @@ -4617,7 +4617,7 @@ Volume: Low. GP Info: -- GP English name: *Audit Security State Change* +- GP Friendly name: *Audit Security State Change* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System* @@ -4694,7 +4694,7 @@ Volume: Low. Security system extension events are generated more often on a doma GP Info: -- GP English name: *Audit Security System Extension* +- GP Friendly name: *Audit Security System Extension* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System* @@ -4771,7 +4771,7 @@ Volume: Low. GP Info: -- GP English name: *Audit System Integrity* +- GP Friendly name: *Audit System Integrity* - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/System* diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 1b75bd9a6b..490bc43255 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -344,7 +344,7 @@ In the next major release of Windows 10, the default for this policy for consume ADMX Info: -- GP English name: *Allow companion device for secondary authentication* +- GP Friendly name: *Allow companion device for secondary authentication* - GP name: *MSSecondaryAuthFactor_AllowSecondaryAuthenticationDevice* - GP path: *Windows Components/Microsoft Secondary Authentication Factor* - GP ADMX file name: *DeviceCredential.admx* diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 15b769497e..0eca05d2bb 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -97,7 +97,7 @@ If you disable or do not configure this policy setting, AutoPlay is enabled for ADMX Info: -- GP English name: *Disallow Autoplay for non-volume devices* +- GP Friendly name: *Disallow Autoplay for non-volume devices* - GP name: *NoAutoplayfornonVolume* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* @@ -177,7 +177,7 @@ If you disable or not configure this policy setting, Windows Vista or later will ADMX Info: -- GP English name: *Set the default behavior for AutoRun* +- GP Friendly name: *Set the default behavior for AutoRun* - GP name: *NoAutorun* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* @@ -258,7 +258,7 @@ Note: This policy setting appears in both the Computer Configuration and User Co ADMX Info: -- GP English name: *Turn off Autoplay* +- GP Friendly name: *Turn off Autoplay* - GP name: *Autorun* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index 2bcc10ea45..02abb3111c 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -114,7 +114,7 @@ Consider using this setting to prevent BITS transfers from competing for network ADMX Info: -- GP English name: *Limit the maximum network bandwidth for BITS background transfers* +- GP Friendly name: *Limit the maximum network bandwidth for BITS background transfers* - GP name: *BITS_MaxBandwidth* - GP element: *BITS_BandwidthLimitSchedTo* - GP path: *Network/Background Intelligent Transfer Service (BITS)* @@ -197,7 +197,7 @@ Consider using this setting to prevent BITS transfers from competing for network ADMX Info: -- GP English name: *Limit the maximum network bandwidth for BITS background transfers* +- GP Friendly name: *Limit the maximum network bandwidth for BITS background transfers* - GP name: *BITS_MaxBandwidth* - GP element: *BITS_BandwidthLimitSchedFrom* - GP path: *Network/Background Intelligent Transfer Service (BITS)* @@ -280,7 +280,7 @@ Consider using this setting to prevent BITS transfers from competing for network ADMX Info: -- GP English name: *Limit the maximum network bandwidth for BITS background transfers* +- GP Friendly name: *Limit the maximum network bandwidth for BITS background transfers* - GP name: *BITS_MaxBandwidth* - GP element: *BITS_MaxTransferRateText* - GP path: *Network/Background Intelligent Transfer Service (BITS)* @@ -358,7 +358,7 @@ For example, you can specify that background jobs are by default to transfer onl ADMX Info: -- GP English name: *Set default download behavior for BITS jobs on costed networks* +- GP Friendly name: *Set default download behavior for BITS jobs on costed networks* - GP name: *BITS_SetTransferPolicyOnCostedNetwork* - GP element: *BITS_TransferPolicyNormalPriorityValue* - GP path: *Network/Background Intelligent Transfer Service (BITS)* @@ -436,7 +436,7 @@ For example, you can specify that foreground jobs are by default to transfer onl ADMX Info: -- GP English name: *Set default download behavior for BITS jobs on costed networks* +- GP Friendly name: *Set default download behavior for BITS jobs on costed networks* - GP name: *BITS_SetTransferPolicyOnCostedNetwork* - GP element: *BITS_TransferPolicyForegroundPriorityValue* - GP path: *Network/Background Intelligent Transfer Service (BITS)* @@ -517,7 +517,7 @@ If you disable or do not configure this policy setting, the default value of 90 ADMX Info: -- GP English name: *Timeout for inactive BITS jobs* +- GP Friendly name: *Timeout for inactive BITS jobs* - GP name: *BITS_Job_Timeout* - GP element: *BITS_Job_Timeout_Time* - GP path: *Network/Background Intelligent Transfer Service (BITS)* diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index ca1ff0bcbb..14cd612597 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -248,7 +248,7 @@ ms.localizationpriority: medium ADMX Info: -- GP English name: *Allow Address bar drop-down list suggestions* +- GP Friendly name: *Allow Address bar drop-down list suggestions* - GP name: *AllowAddressBarDropdown* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -317,7 +317,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Configure Autofill* +- GP Friendly name: *Configure Autofill* - GP name: *AllowAutofill* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -397,7 +397,7 @@ To verify AllowAutofill is set to 0 (not allowed): ADMX Info: -- GP English name: *Allow configuration updates for the Books Library* +- GP Friendly name: *Allow configuration updates for the Books Library* - GP name: *AllowConfigurationUpdateForBooksLibrary* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -464,7 +464,7 @@ Supported values: ADMX Info: -- GP English name: *Configure cookies* +- GP Friendly name: *Configure cookies* - GP name: *Cookies* - GP element: *CookiesListBox* - GP path: *Windows Components/Microsoft Edge* @@ -546,7 +546,7 @@ To verify AllowCookies is set to 0 (not allowed): ADMX Info: -- GP English name: *Allow Developer Tools* +- GP Friendly name: *Allow Developer Tools* - GP name: *AllowDeveloperTools* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -614,7 +614,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Configure Do Not Track* +- GP Friendly name: *Configure Do Not Track* - GP name: *AllowDoNotTrack* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -694,7 +694,7 @@ To verify AllowDoNotTrack is set to 0 (not allowed): ADMX Info: -- GP English name: *Allow Extensions* +- GP Friendly name: *Allow Extensions* - GP name: *AllowExtensions* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -763,7 +763,7 @@ Supported values: ADMX Info: -- GP English name: *Allow Adobe Flash* +- GP Friendly name: *Allow Adobe Flash* - GP name: *AllowFlash* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -833,7 +833,7 @@ Supported values: ADMX Info: -- GP English name: *Configure the Adobe Flash Click-to-Run setting* +- GP Friendly name: *Configure the Adobe Flash Click-to-Run setting* - GP name: *AllowFlashClickToRun* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -904,7 +904,7 @@ Most restricted value: 1 ADMX Info: -- GP English name: *Allow FullScreen Mode* +- GP Friendly name: *Allow FullScreen Mode* - GP name: *AllowFullScreenMode* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -979,7 +979,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Allow InPrivate browsing* +- GP Friendly name: *Allow InPrivate browsing* - GP name: *AllowInPrivate* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -1052,7 +1052,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Allow Microsoft Compatibility List* +- GP Friendly name: *Allow Microsoft Compatibility List* - GP name: *AllowCVList* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -1122,7 +1122,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Configure Password Manager* +- GP Friendly name: *Configure Password Manager* - GP name: *AllowPasswordManager* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -1200,7 +1200,7 @@ To verify AllowPasswordManager is set to 0 (not allowed): ADMX Info: -- GP English name: *Configure Pop-up Blocker* +- GP Friendly name: *Configure Pop-up Blocker* - GP name: *AllowPopups* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -1280,7 +1280,7 @@ To verify AllowPopups is set to 0 (not allowed): ADMX Info: -- GP English name: *Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed* +- GP Friendly name: *Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed* - GP name: *AllowPrelaunch* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -1357,7 +1357,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Allow printing* +- GP Friendly name: *Allow printing* - GP name: *AllowPrinting* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -1434,7 +1434,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Allow Saving History* +- GP Friendly name: *Allow Saving History* - GP name: *AllowSavingHistory* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -1515,7 +1515,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Allow search engine customization* +- GP Friendly name: *Allow search engine customization* - GP name: *AllowSearchEngineCustomization* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -1584,7 +1584,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Configure search suggestions in Address bar* +- GP Friendly name: *Configure search suggestions in Address bar* - GP name: *AllowSearchSuggestionsinAddressBar* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -1656,7 +1656,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Allow sideloading of Extensions* +- GP Friendly name: *Allow sideloading of Extensions* - GP name: *AllowSideloadingOfExtensions* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -1731,7 +1731,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Configure Windows Defender SmartScreen* +- GP Friendly name: *Configure Windows Defender SmartScreen* - GP name: *AllowSmartScreen* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -1810,7 +1810,7 @@ To verify AllowSmartScreen is set to 0 (not allowed): ADMX Info: -- GP English name: *Allow Microsoft Edge to start and load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed* +- GP Friendly name: *Allow Microsoft Edge to start and load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed* - GP name: *AllowTabPreloading* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -1886,7 +1886,7 @@ Most restricted value: 1 ADMX Info: -- GP English name: *Allow web content on New Tab page* +- GP Friendly name: *Allow web content on New Tab page* - GP name: *AllowWebContentOnNewTabPage* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -1963,7 +1963,7 @@ Supported values: ADMX Info: -- GP English name: *Always show the Books Library in Microsoft Edge* +- GP Friendly name: *Always show the Books Library in Microsoft Edge* - GP name: *AlwaysEnableBooksLibrary* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -2034,7 +2034,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Allow clearing browsing data on exit* +- GP Friendly name: *Allow clearing browsing data on exit* - GP name: *AllowClearingBrowsingDataOnExit* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -2118,7 +2118,7 @@ To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set ADMX Info: -- GP English name: *Configure additional search engines* +- GP Friendly name: *Configure additional search engines* - GP name: *ConfigureAdditionalSearchEngines* - GP element: *ConfigureAdditionalSearchEngines_Prompt* - GP path: *Windows Components/Microsoft Edge* @@ -2189,7 +2189,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Configure Favorites Bar* +- GP Friendly name: *Configure Favorites Bar* - GP name: *ConfigureFavoritesBar* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -2265,7 +2265,7 @@ Supported values: ADMX Info: -- GP English name: *Configure Home Button* +- GP Friendly name: *Configure Home Button* - GP name: *ConfigureHomeButton* - GP element: *ConfigureHomeButtonDropdown* - GP path: *Windows Components/Microsoft Edge* @@ -2350,7 +2350,7 @@ For this policy to work, you must configure Microsoft Edge in assigned access; o ADMX Info: -- GP English name: *Configure kiosk mode* +- GP Friendly name: *Configure kiosk mode* - GP name: *ConfigureKioskMode* - GP element: *ConfigureKioskMode_TextBox* - GP path: *Windows Components/Microsoft Edge* @@ -2433,7 +2433,7 @@ You must set ConfigureKioskMode to enabled (1 - InPrivate public browsing) and c ADMX Info: -- GP English name: *Configure kiosk reset after idle timeout* +- GP Friendly name: *Configure kiosk reset after idle timeout* - GP name: *ConfigureKioskResetAfterIdleTimeout* - GP element: *ConfigureKioskResetAfterIdleTimeout_TextBox* - GP path: *Windows Components/Microsoft Edge* @@ -2516,7 +2516,7 @@ When you enable this policy and select an option, and also enter the URLs of the ADMX Info: -- GP English name: *Configure Open Microsoft Edge With* +- GP Friendly name: *Configure Open Microsoft Edge With* - GP name: *ConfigureOpenEdgeWith* - GP element: *ConfigureOpenEdgeWithListBox* - GP path: *Windows Components/Microsoft Edge* @@ -2598,7 +2598,7 @@ Supported values: ADMX Info: -- GP English name: *Configure collection of browsing data for Microsoft 365 Analytics* +- GP Friendly name: *Configure collection of browsing data for Microsoft 365 Analytics* - GP name: *ConfigureTelemetryForMicrosoft365Analytics* - GP element: *ZonesListBox* - GP path: *Data Collection and Preview Builds* @@ -2683,7 +2683,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Disable lockdown of Start pages* +- GP Friendly name: *Disable lockdown of Start pages* - GP name: *DisableLockdownOfStartPages* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -2752,7 +2752,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Allow extended telemetry for the Books tab* +- GP Friendly name: *Allow extended telemetry for the Books tab* - GP name: *EnableExtendedBooksTelemetry* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -2826,7 +2826,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Configure the Enterprise Mode Site List* +- GP Friendly name: *Configure the Enterprise Mode Site List* - GP name: *EnterpriseModeSiteList* - GP element: *EnterSiteListPrompt* - GP path: *Windows Components/Microsoft Edge* @@ -2965,7 +2965,7 @@ When you enable the Configure Open Microsoft Edge With policy and select an opti ADMX Info: -- GP English name: *Configure Start pages* +- GP Friendly name: *Configure Start pages* - GP name: *HomePages* - GP element: *HomePagesPrompt* - GP path: *Windows Components/Microsoft Edge* @@ -3036,7 +3036,7 @@ Supported values: ADMX Info: -- GP English name: *Prevent changes to Favorites on Microsoft Edge* +- GP Friendly name: *Prevent changes to Favorites on Microsoft Edge* - GP name: *LockdownFavorites* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -3105,7 +3105,7 @@ Most restricted value: 1 ADMX Info: -- GP English name: *Prevent access to the about:flags page in Microsoft Edge* +- GP Friendly name: *Prevent access to the about:flags page in Microsoft Edge* - GP name: *PreventAccessToAboutFlagsInMicrosoftEdge* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -3174,7 +3174,7 @@ Most restricted value: 1 ADMX Info: -- GP English name: *Prevent certificate error overrides* +- GP Friendly name: *Prevent certificate error overrides* - GP name: *PreventCertErrorOverrides* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -3250,7 +3250,7 @@ Most restricted value: 1 ADMX Info: -- GP English name: *Prevent the First Run webpage from opening on Microsoft Edge* +- GP Friendly name: *Prevent the First Run webpage from opening on Microsoft Edge* - GP name: *PreventFirstRunPage* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -3320,7 +3320,7 @@ Most restricted value: 1 ADMX Info: -- GP English name: *Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start* +- GP Friendly name: *Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start* - GP name: *PreventLiveTileDataCollection* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -3388,7 +3388,7 @@ Most restricted value: 1 ADMX Info: -- GP English name: *Prevent bypassing Windows Defender SmartScreen prompts for sites* +- GP Friendly name: *Prevent bypassing Windows Defender SmartScreen prompts for sites* - GP name: *PreventSmartScreenPromptOverride* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -3457,7 +3457,7 @@ Most restricted value: 1 ADMX Info: -- GP English name: *Prevent bypassing Windows Defender SmartScreen prompts for files* +- GP Friendly name: *Prevent bypassing Windows Defender SmartScreen prompts for files* - GP name: *PreventSmartScreenPromptOverrideForFiles* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -3525,7 +3525,7 @@ Most restricted value: 1 ADMX Info: -- GP English name: *Prevent turning off required extensions* +- GP Friendly name: *Prevent turning off required extensions* - GP name: *PreventTurningOffRequiredExtensions* - GP element: *PreventTurningOffRequiredExtensions_Prompt* - GP path: *Windows Components/Microsoft Edge* @@ -3603,7 +3603,7 @@ Supported values: ADMX Info: -- GP English name: *Prevent using Localhost IP address for WebRTC* +- GP Friendly name: *Prevent using Localhost IP address for WebRTC* - GP name: *HideLocalHostIPAddress* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -3688,7 +3688,7 @@ To define a default list of favorites: ADMX Info: -- GP English name: *Provision Favorites* +- GP Friendly name: *Provision Favorites* - GP name: *ConfiguredFavorites* - GP element: *ConfiguredFavoritesPrompt* - GP path: *Windows Components/Microsoft Edge* @@ -3754,7 +3754,7 @@ ADMX Info: ADMX Info: -- GP English name: *Send all intranet sites to Internet Explorer 11* +- GP Friendly name: *Send all intranet sites to Internet Explorer 11* - GP name: *SendIntranetTraffictoInternetExplorer* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -3831,7 +3831,7 @@ Most restricted value: 0 ADMX Info: -- GP English name: *Set default search engine* +- GP Friendly name: *Set default search engine* - GP name: *SetDefaultSearchEngine* - GP element: *SetDefaultSearchEngine_Prompt* - GP path: *Windows Components/Microsoft Edge* @@ -3902,7 +3902,7 @@ Most restricted value: 1 ADMX Info: -- GP English name: *Set Home Button URL* +- GP Friendly name: *Set Home Button URL* - GP name: *SetHomeButtonURL* - GP element: *SetHomeButtonURLPrompt* - GP path: *Windows Components/Microsoft Edge* @@ -3977,7 +3977,7 @@ Supported values: ADMX Info: -- GP English name: *Set New Tab page URL* +- GP Friendly name: *Set New Tab page URL* - GP name: *SetNewTabPageURL* - GP element: *SetNewTabPageURLPrompt* - GP path: *Windows Components/Microsoft Edge* @@ -4054,7 +4054,7 @@ Supported values: ADMX Info: -- GP English name: *Show message when opening sites in Internet Explorer* +- GP Friendly name: *Show message when opening sites in Internet Explorer* - GP name: *ShowMessageWhenOpeningSitesInInternetExplorer* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -4128,7 +4128,7 @@ With this policy, you can either allow (default) or suppress this notification. ADMX Info: -- GP English name: *Suppress Edge Deprecation Notification* +- GP Friendly name: *Suppress Edge Deprecation Notification* - GP name: *SuppressEdgeDeprecationNotification* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -4197,7 +4197,7 @@ Supported values: ADMX Info: -- GP English name: *Keep favorites in sync between Internet Explorer and Microsoft Edge* +- GP Friendly name: *Keep favorites in sync between Internet Explorer and Microsoft Edge* - GP name: *SyncFavoritesBetweenIEAndMicrosoftEdge* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -4276,7 +4276,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro ADMX Info: -- GP English name: *Unlock Home Button* +- GP Friendly name: *Unlock Home Button* - GP name: *UnlockHomeButton* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* @@ -4350,7 +4350,7 @@ Supported values: ADMX Info: -- GP English name: *Allow a shared Books folder* +- GP Friendly name: *Allow a shared Books folder* - GP name: *UseSharedFolderForBooks* - GP path: *Windows Components/Microsoft Edge* - GP ADMX file name: *MicrosoftEdge.admx* diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 93e5c5d6cf..22a1a37ce3 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -81,7 +81,7 @@ Most restricted value is 0. ADMX Info: -- GP English name: *Allow Use of Camera* +- GP Friendly name: *Allow Use of Camera* - GP name: *L_AllowCamera* - GP path: *Windows Components/Camera* - GP ADMX file name: *Camera.admx* diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index ccd0ab26c1..7e776b0469 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -103,7 +103,7 @@ If an app is open when this Group Policy object is applied on a device, employee ADMX Info: -- GP English name: *Let Windows apps access cellular data* +- GP Friendly name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_Enum* - GP path: *Network/WWAN Service/Cellular Data Access* @@ -171,7 +171,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N ADMX Info: -- GP English name: *Let Windows apps access cellular data* +- GP Friendly name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_ForceAllowTheseApps_List* - GP path: *Network/WWAN Service/Cellular Data Access* @@ -231,7 +231,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N ADMX Info: -- GP English name: *Let Windows apps access cellular data* +- GP Friendly name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_ForceDenyTheseApps_List* - GP path: *Network/WWAN Service/Cellular Data Access* @@ -291,7 +291,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N ADMX Info: -- GP English name: *Let Windows apps access cellular data* +- GP Friendly name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_UserInControlOfTheseApps_List* - GP path: *Network/WWAN Service/Cellular Data Access* @@ -361,7 +361,7 @@ If this policy setting is disabled or is not configured, the link to the per-app ADMX Info: -- GP English name: *Set Per-App Cellular Access UI Visibility* +- GP Friendly name: *Set Per-App Cellular Access UI Visibility* - GP name: *ShowAppCellularAccessUI* - GP path: *Network/WWAN Service/WWAN UI Settings* - GP ADMX file name: *wwansvc.admx* diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 9e0b691757..90a5286d6f 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -243,7 +243,7 @@ Most restricted value is 0. ADMX Info: -- GP English name: *Prohibit connection to roaming Mobile Broadband networks* +- GP Friendly name: *Prohibit connection to roaming Mobile Broadband networks* - GP name: *WCM_DisableRoaming* - GP path: *Network/Windows Connection Manager* - GP ADMX file name: *WCM.admx* @@ -658,7 +658,7 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi ADMX Info: -- GP English name: *Turn off printing over HTTP* +- GP Friendly name: *Turn off printing over HTTP* - GP name: *DisableHTTPPrinting_2* - GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* @@ -732,7 +732,7 @@ If you disable or do not configure this policy setting, users can download print ADMX Info: -- GP English name: *Turn off downloading of print drivers over HTTP* +- GP Friendly name: *Turn off downloading of print drivers over HTTP* - GP name: *DisableWebPnPDownload_2* - GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* @@ -806,7 +806,7 @@ See the documentation for the web publishing and online ordering wizards for mor ADMX Info: -- GP English name: *Turn off Internet download for Web publishing and online ordering wizards* +- GP Friendly name: *Turn off Internet download for Web publishing and online ordering wizards* - GP name: *ShellPreventWPWDownload_2* - GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* @@ -867,7 +867,7 @@ Value type is integer. ADMX Info: -- GP English name: *Turn off Windows Network Connectivity Status Indicator active tests* +- GP Friendly name: *Turn off Windows Network Connectivity Status Indicator active tests* - GP name: *NoActiveProbe* - GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* @@ -935,7 +935,7 @@ If you enable this policy, Windows only allows access to the specified UNC paths ADMX Info: -- GP English name: *Hardened UNC Paths* +- GP Friendly name: *Hardened UNC Paths* - GP name: *Pol_HardenedPaths* - GP path: *Network/Network Provider* - GP ADMX file name: *networkprovider.admx* @@ -1007,7 +1007,7 @@ If you disable this setting or do not configure it, the user will be able to cre ADMX Info: -- GP English name: *Prohibit installation and configuration of Network Bridge on your DNS domain network* +- GP Friendly name: *Prohibit installation and configuration of Network Bridge on your DNS domain network* - GP name: *NC_AllowNetBridge_NLA* - GP path: *Network/Network Connections* - GP ADMX file name: *NetworkConnections.admx* diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 89e4817ce7..cf333911ba 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -100,7 +100,7 @@ To configure Windows Hello for Business, use the Administrative Template policie ADMX Info: -- GP English name: *Turn on convenience PIN sign-in* +- GP Friendly name: *Turn on convenience PIN sign-in* - GP name: *AllowDomainPINLogon* - GP path: *System/Logon* - GP ADMX file name: *credentialproviders.admx* @@ -172,7 +172,7 @@ Note that the user's domain password will be cached in the system vault when usi ADMX Info: -- GP English name: *Turn off picture password sign-in* +- GP Friendly name: *Turn off picture password sign-in* - GP name: *BlockDomainPicturePassword* - GP path: *System/Logon* - GP ADMX file name: *credentialproviders.admx* diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md index 71447f45ab..d4806508e7 100644 --- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md +++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md @@ -92,7 +92,7 @@ If you disable or do not configure this policy setting, Restricted Administratio ADMX Info: -- GP English name: *Remote host allows delegation of non-exportable credentials* +- GP Friendly name: *Remote host allows delegation of non-exportable credentials* - GP name: *AllowProtectedCreds* - GP path: *System/Credentials Delegation* - GP ADMX file name: *CredSsp.admx* diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 5ccf34a12e..5fdff42127 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -98,7 +98,7 @@ The policy applies to all Windows components and applications that use the Windo ADMX Info: -- GP English name: *Do not display the password reveal button* +- GP Friendly name: *Do not display the password reveal button* - GP name: *DisablePasswordReveal* - GP path: *Windows Components/Credential User Interface* - GP ADMX file name: *credui.admx* @@ -168,7 +168,7 @@ If you disable this policy setting, users will always be required to type a user ADMX Info: -- GP English name: *Enumerate administrator accounts on elevation* +- GP Friendly name: *Enumerate administrator accounts on elevation* - GP name: *EnumerateAdministrators* - GP path: *Windows Components/Credential User Interface* - GP ADMX file name: *credui.admx* diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index b141d4387b..88e34b4df9 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -82,7 +82,7 @@ Allows or disallows the Federal Information Processing Standard (FIPS) policy. ADMX Info: -- GP English name: *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing* +- GP Friendly name: *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index cb540b3415..652bf56c3c 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -112,7 +112,7 @@ If this policy setting is disabled or is not configured, the cost of 4G connecti ADMX Info: -- GP English name: *Set 4G Cost* +- GP Friendly name: *Set 4G Cost* - GP name: *SetCost4G* - GP path: *Network/WWAN Service/WWAN Media Cost* - GP ADMX file name: *wwansvc.admx* diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index f70dd9c0e5..c7445826de 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -203,7 +203,7 @@ Allows or disallows scanning of archives. ADMX Info: -- GP English name: *Scan archive files* +- GP Friendly name: *Scan archive files* - GP name: *Scan_DisableArchiveScanning* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -273,7 +273,7 @@ Allows or disallows Windows Defender Behavior Monitoring functionality. ADMX Info: -- GP English name: *Turn on behavior monitoring* +- GP Friendly name: *Turn on behavior monitoring* - GP name: *RealtimeProtection_DisableBehaviorMonitoring* - GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -343,7 +343,7 @@ To best protect your PC, Windows Defender will send information to Microsoft abo ADMX Info: -- GP English name: *Join Microsoft MAPS* +- GP Friendly name: *Join Microsoft MAPS* - GP name: *SpynetReporting* - GP element: *SpynetReporting* - GP path: *Windows Components/Microsoft Defender Antivirus/MAPS* @@ -414,7 +414,7 @@ Allows or disallows scanning of email. ADMX Info: -- GP English name: *Turn on e-mail scanning* +- GP Friendly name: *Turn on e-mail scanning* - GP name: *Scan_DisableEmailScanning* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -484,7 +484,7 @@ Allows or disallows a full scan of mapped network drives. ADMX Info: -- GP English name: *Run full scan on mapped network drives* +- GP Friendly name: *Run full scan on mapped network drives* - GP name: *Scan_DisableScanningMappedNetworkDrivesForFullScan* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -554,7 +554,7 @@ Allows or disallows a full scan of removable drives. During a quick scan, remova ADMX Info: -- GP English name: *Scan removable drives* +- GP Friendly name: *Scan removable drives* - GP name: *Scan_DisableRemovableDriveScanning* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -624,7 +624,7 @@ Allows or disallows Windows Defender IOAVP Protection functionality. ADMX Info: -- GP English name: *Scan all downloaded files and attachments* +- GP Friendly name: *Scan all downloaded files and attachments* - GP name: *RealtimeProtection_DisableIOAVProtection* - GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -756,7 +756,7 @@ Allows or disallows Windows Defender On Access Protection functionality. ADMX Info: -- GP English name: *Monitor file and program activity on your computer* +- GP Friendly name: *Monitor file and program activity on your computer* - GP name: *RealtimeProtection_DisableOnAccessProtection* - GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -826,7 +826,7 @@ Allows or disallows Windows Defender Realtime Monitoring functionality. ADMX Info: -- GP English name: *Turn off real-time protection* +- GP Friendly name: *Turn off real-time protection* - GP name: *DisableRealtimeMonitoring* - GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -896,7 +896,7 @@ Allows or disallows a scanning of network files. ADMX Info: -- GP English name: *Scan network files* +- GP Friendly name: *Scan network files* - GP name: *Scan_DisableScanningNetworkFiles* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* - GP ADMX file name: *WindowsDefender.admx* @@ -1028,7 +1028,7 @@ Allows or disallows user access to the Windows Defender UI. If disallowed, all W ADMX Info: -- GP English name: *Enable headless UI mode* +- GP Friendly name: *Enable headless UI mode* - GP name: *UX_Configuration_UILockdown* - GP path: *Windows Components/Microsoft Defender Antivirus/Client Interface* - GP ADMX file name: *WindowsDefender.admx* @@ -1100,7 +1100,7 @@ Value type is string. ADMX Info: -- GP English name: *Exclude files and paths from Attack Surface Reduction Rules* +- GP Friendly name: *Exclude files and paths from Attack Surface Reduction Rules* - GP name: *ExploitGuard_ASR_ASROnlyExclusions* - GP element: *ExploitGuard_ASR_ASROnlyExclusions* - GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Attack Surface Reduction* @@ -1168,7 +1168,7 @@ Value type is string. ADMX Info: -- GP English name: *Configure Attack Surface Reduction rules* +- GP Friendly name: *Configure Attack Surface Reduction rules* - GP name: *ExploitGuard_ASR_Rules* - GP element: *ExploitGuard_ASR_Rules* - GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Attack Surface Reduction* @@ -1235,7 +1235,7 @@ The default value is 50. ADMX Info: -- GP English name: *Specify the maximum percentage of CPU utilization during a scan* +- GP Friendly name: *Specify the maximum percentage of CPU utilization during a scan* - GP name: *Scan_AvgCPULoadFactor* - GP element: *Scan_AvgCPULoadFactor* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -1312,7 +1312,7 @@ OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/CheckForSignaturesBeforeRunni ADMX Info: -- GP English name: *Check for the latest virus and spyware definitions before running a scheduled scan* +- GP Friendly name: *Check for the latest virus and spyware definitions before running a scheduled scan* - GP name: *CheckForSignaturesBeforeRunningScan* - GP element: *CheckForSignaturesBeforeRunningScan* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -1392,7 +1392,7 @@ For more information about specific values that are supported, see the Microsoft ADMX Info: -- GP English name: *Select cloud protection level* +- GP Friendly name: *Select cloud protection level* - GP name: *MpEngine_MpCloudBlockLevel* - GP element: *MpCloudBlockLevel* - GP path: *Windows Components/Microsoft Defender Antivirus/MpEngine* @@ -1471,7 +1471,7 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se ADMX Info: -- GP English name: *Configure extended cloud check* +- GP Friendly name: *Configure extended cloud check* - GP name: *MpEngine_MpBafsExtendedTimeout* - GP element: *MpBafsExtendedTimeout* - GP path: *Windows Components/Microsoft Defender Antivirus/MpEngine* @@ -1534,7 +1534,7 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app ADMX Info: -- GP English name: *Configure allowed applications* +- GP Friendly name: *Configure allowed applications* - GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications* - GP element: *ExploitGuard_ControlledFolderAccess_AllowedApplications* - GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access* @@ -1597,7 +1597,7 @@ Added in Windows 10, version 1709. This policy settings allows adding user-speci ADMX Info: -- GP English name: *Configure protected folders* +- GP Friendly name: *Configure protected folders* - GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders* - GP element: *ExploitGuard_ControlledFolderAccess_ProtectedFolders* - GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access* @@ -1664,7 +1664,7 @@ The default value is 0, which keeps items in quarantine, and does not automatica ADMX Info: -- GP English name: *Configure removal of items from Quarantine folder* +- GP Friendly name: *Configure removal of items from Quarantine folder* - GP name: *Quarantine_PurgeItemsAfterDelay* - GP element: *Quarantine_PurgeItemsAfterDelay* - GP path: *Windows Components/Microsoft Defender Antivirus/Quarantine* @@ -1739,7 +1739,7 @@ OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/DisableCatchupFullScan ADMX Info: -- GP English name: *Turn on catch-up full scan* +- GP Friendly name: *Turn on catch-up full scan* - GP name: *Scan_DisableCatchupFullScan* - GP element: *Scan_DisableCatchupFullScan* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -1819,7 +1819,7 @@ OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/DisableCatchupQuickScan ADMX Info: -- GP English name: *Turn on catch-up quick scan* +- GP Friendly name: *Turn on catch-up quick scan* - GP name: *Scan_DisableCatchupQuickScan* - GP element: *Scan_DisableCatchupQuickScan* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -1891,7 +1891,7 @@ Added in Windows 10, version 1709. This policy enables setting the state (On/Off ADMX Info: -- GP English name: *Configure Controlled folder access* +- GP Friendly name: *Configure Controlled folder access* - GP name: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess* - GP element: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess* - GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Controlled Folder Access* @@ -1968,7 +1968,7 @@ Supported values: ADMX Info: -- GP English name: *Configure low CPU priority for scheduled scans* +- GP Friendly name: *Configure low CPU priority for scheduled scans* - GP name: *Scan_LowCpuPriority* - GP element: *Scan_LowCpuPriority* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -2046,7 +2046,7 @@ If you do not configure this policy, network blocking will be disabled by defaul ADMX Info: -- GP English name: *Prevent users and apps from accessing dangerous websites* +- GP Friendly name: *Prevent users and apps from accessing dangerous websites* - GP name: *ExploitGuard_EnableNetworkProtection* - GP element: *ExploitGuard_EnableNetworkProtection* - GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender Exploit Guard/Network Protection* @@ -2118,7 +2118,7 @@ Allows an administrator to specify a list of file type extensions to ignore duri ADMX Info: -- GP English name: *Path Exclusions* +- GP Friendly name: *Path Exclusions* - GP name: *Exclusions_Paths* - GP element: *Exclusions_PathsList* - GP path: *Windows Components/Microsoft Defender Antivirus/Exclusions* @@ -2182,7 +2182,7 @@ Allows an administrator to specify a list of directory paths to ignore during a ADMX Info: -- GP English name: *Extension Exclusions* +- GP Friendly name: *Extension Exclusions* - GP name: *Exclusions_Extensions* - GP element: *Exclusions_ExtensionsList* - GP path: *Windows Components/Microsoft Defender Antivirus/Exclusions* @@ -2252,7 +2252,7 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E ADMX Info: -- GP English name: *Process Exclusions* +- GP Friendly name: *Process Exclusions* - GP name: *Exclusions_Processes* - GP element: *Exclusions_ProcessesList* - GP path: *Windows Components/Microsoft Defender Antivirus/Exclusions* @@ -2319,7 +2319,7 @@ Added in Windows 10, version 1607. Specifies the level of detection for potenti ADMX Info: -- GP English name: *Configure detection for potentially unwanted applications* +- GP Friendly name: *Configure detection for potentially unwanted applications* - GP name: *Root_PUAProtection* - GP element: *Root_PUAProtection* - GP path: *Windows Components/Microsoft Defender Antivirus* @@ -2394,7 +2394,7 @@ Controls which sets of files should be monitored. ADMX Info: -- GP English name: *Configure monitoring for incoming and outgoing file and program activity* +- GP Friendly name: *Configure monitoring for incoming and outgoing file and program activity* - GP name: *RealtimeProtection_RealtimeScanDirection* - GP element: *RealtimeProtection_RealtimeScanDirection* - GP path: *Windows Components/Microsoft Defender Antivirus/Real-time Protection* @@ -2466,7 +2466,7 @@ Selects whether to perform a quick scan or full scan. ADMX Info: -- GP English name: *Specify the scan type to use for a scheduled scan* +- GP Friendly name: *Specify the scan type to use for a scheduled scan* - GP name: *Scan_ScanParameters* - GP element: *Scan_ScanParameters* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -2546,7 +2546,7 @@ The default value is 120 ADMX Info: -- GP English name: *Specify the time for a daily quick scan* +- GP Friendly name: *Specify the time for a daily quick scan* - GP name: *Scan_ScheduleQuickScantime* - GP element: *Scan_ScheduleQuickScantime* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -2617,7 +2617,7 @@ Selects the day that the Windows Defender scan should run. ADMX Info: -- GP English name: *Specify the day of the week to run a scheduled scan* +- GP Friendly name: *Specify the day of the week to run a scheduled scan* - GP name: *Scan_ScheduleDay* - GP element: *Scan_ScheduleDay* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -2704,7 +2704,7 @@ The default value is 120. ADMX Info: -- GP English name: *Specify the time of day to run a scheduled scan* +- GP Friendly name: *Specify the time of day to run a scheduled scan* - GP name: *Scan_ScheduleTime* - GP element: *Scan_ScheduleTime* - GP path: *Windows Components/Microsoft Defender Antivirus/Scan* @@ -2783,7 +2783,7 @@ OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFallbackOrder ADMX Info: -- GP English name: *Define the order of sources for downloading definition updates* +- GP Friendly name: *Define the order of sources for downloading definition updates* - GP name: *SignatureUpdate_FallbackOrder* - GP element: *SignatureUpdate_FallbackOrder* - GP path: *Windows Components/Microsoft Defender Antivirus/Signature Updates* @@ -2862,7 +2862,7 @@ OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFileSharesSour ADMX Info: -- GP English name: *Define file shares for downloading definition updates* +- GP Friendly name: *Define file shares for downloading definition updates* - GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources* - GP element: *SignatureUpdate_DefinitionUpdateFileSharesSources* - GP path: *Windows Components/Microsoft Defender Antivirus/Signature Updates* @@ -2942,7 +2942,7 @@ OMA-URI Path: ./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateInterval ADMX Info: -- GP English name: *Specify the interval to check for definition updates* +- GP Friendly name: *Specify the interval to check for definition updates* - GP name: *SignatureUpdate_SignatureUpdateInterval* - GP element: *SignatureUpdate_SignatureUpdateInterval* - GP path: *Windows Components/Microsoft Defender Antivirus/Signature Updates* @@ -3010,7 +3010,7 @@ Checks for the user consent level in Windows Defender to send data. If the requi ADMX Info: -- GP English name: *Send file samples when further analysis is required* +- GP Friendly name: *Send file samples when further analysis is required* - GP name: *SubmitSamplesConsent* - GP element: *SubmitSamplesConsent* - GP path: *Windows Components/Microsoft Defender Antivirus/MAPS* @@ -3101,7 +3101,7 @@ The following list shows the supported values for possible actions: ADMX Info: -- GP English name: *Specify threat alert levels at which default action should not be taken when detected* +- GP Friendly name: *Specify threat alert levels at which default action should not be taken when detected* - GP name: *Threats_ThreatSeverityDefaultAction* - GP element: *Threats_ThreatSeverityDefaultActionList* - GP path: *Windows Components/Microsoft Defender Antivirus/Threats* diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 1031aada9c..a1644a0373 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -172,7 +172,7 @@ The default value is 10. ADMX Info: -- GP English name: *Absolute Max Cache Size (in GB)* +- GP Friendly name: *Absolute Max Cache Size (in GB)* - GP name: *AbsoluteMaxCacheSize* - GP element: *AbsoluteMaxCacheSize* - GP path: *Windows Components/Delivery Optimization* @@ -236,7 +236,7 @@ Added in Windows 10, version 1703. Specifies whether the device is allowed to p ADMX Info: -- GP English name: *Enable Peer Caching while the device connects via VPN* +- GP Friendly name: *Enable Peer Caching while the device connects via VPN* - GP name: *AllowVPNPeerCaching* - GP element: *AllowVPNPeerCaching* - GP path: *Windows Components/Delivery Optimization* @@ -306,7 +306,7 @@ One or more values can be added as either fully qualified domain names (FQDN) or ADMX Info: -- GP English name: *Cache Server Hostname* +- GP Friendly name: *Cache Server Hostname* - GP name: *CacheHost* - GP element: *CacheHost* - GP path: *Windows Components/Delivery Optimization* @@ -376,7 +376,7 @@ This policy allows you to configure one or more Delivery Optimization in Network ADMX Info: -- GP English name: *Cache Server Hostname Source* +- GP Friendly name: *Cache Server Hostname Source* - GP name: *CacheHostSource* - GP element: *CacheHostSource* - GP path: *Windows Components/Delivery Optimization* @@ -457,7 +457,7 @@ After the max delay is reached, the download will resume using HTTP, either down ADMX Info: -- GP English name: *Delay background download from http (in secs)* +- GP Friendly name: *Delay background download from http (in secs)* - GP name: *DelayBackgroundDownloadFromHttp* - GP element: *DelayBackgroundDownloadFromHttp* - GP path: *Windows Components/Delivery Optimization* @@ -520,7 +520,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT ADMX Info: -- GP English name: *Delay Background download Cache Server fallback (in seconds)* +- GP Friendly name: *Delay Background download Cache Server fallback (in seconds)* - GP name: *DelayCacheServerFallbackBackground* - GP element: *DelayCacheServerFallbackBackground* - GP path: *Windows Components/Delivery Optimization* @@ -593,7 +593,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT ADMX Info: -- GP English name: *Delay Foreground download Cache Server fallback (in seconds)* +- GP Friendly name: *Delay Foreground download Cache Server fallback (in seconds)* - GP name: *DelayCacheServerFallbackForeground* - GP element: *DelayCacheServerFallbackForeground* - GP path: *Windows Components/Delivery Optimization* @@ -667,7 +667,7 @@ The recommended value is 1 minute (60). ADMX Info: -- GP English name: *Delay Foreground download from http (in secs)* +- GP Friendly name: *Delay Foreground download from http (in secs)* - GP name: *DelayForegroundDownloadFromHttp* - GP element: *DelayForegroundDownloadFromHttp* - GP path: *Windows Components/Delivery Optimization* @@ -739,7 +739,7 @@ Specifies the download method that Delivery Optimization can use in downloads of ADMX Info: -- GP English name: *Download Mode* +- GP Friendly name: *Download Mode* - GP name: *DownloadMode* - GP element: *DownloadMode* - GP path: *Windows Components/Delivery Optimization* @@ -816,7 +816,7 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this ADMX Info: -- GP English name: *Group ID* +- GP Friendly name: *Group ID* - GP name: *GroupId* - GP element: *GroupId* - GP path: *Windows Components/Delivery Optimization* @@ -886,7 +886,7 @@ Starting with Windows 10, version 1903, you can use the Azure Active Directory ( ADMX Info: -- GP English name: *Select the source of Group IDs* +- GP Friendly name: *Select the source of Group IDs* - GP name: *GroupIdSource* - GP element: *GroupIdSource* - GP path: *Windows Components/Delivery Optimization* @@ -958,7 +958,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts ADMX Info: -- GP English name: *Maximum Background Download Bandwidth (in KB/s)* +- GP Friendly name: *Maximum Background Download Bandwidth (in KB/s)* - GP name: *MaxBackgroundDownloadBandwidth* - GP element: *MaxBackgroundDownloadBandwidth* - GP path: *Windows Components/Delivery Optimization* @@ -1024,7 +1024,7 @@ The default value is 259200 seconds (3 days). ADMX Info: -- GP English name: *Max Cache Age (in seconds)* +- GP Friendly name: *Max Cache Age (in seconds)* - GP name: *MaxCacheAge* - GP element: *MaxCacheAge* - GP path: *Windows Components/Delivery Optimization* @@ -1090,7 +1090,7 @@ The default value is 20. ADMX Info: -- GP English name: *Max Cache Size (percentage)* +- GP Friendly name: *Max Cache Size (percentage)* - GP name: *MaxCacheSize* - GP element: *MaxCacheSize* - GP path: *Windows Components/Delivery Optimization* @@ -1175,7 +1175,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts ADMX Info: -- GP English name: *Maximum Foreground Download Bandwidth (in KB/s)* +- GP Friendly name: *Maximum Foreground Download Bandwidth (in KB/s)* - GP name: *MaxForegroundDownloadBandwidth* - GP element: *MaxForegroundDownloadBandwidth* - GP path: *Windows Components/Delivery Optimization* @@ -1260,7 +1260,7 @@ The default value is 500. ADMX Info: -- GP English name: *Minimum Background QoS (in KB/s)* +- GP Friendly name: *Minimum Background QoS (in KB/s)* - GP name: *MinBackgroundQos* - GP element: *MinBackgroundQos* - GP path: *Windows Components/Delivery Optimization* @@ -1325,7 +1325,7 @@ The default value is 0. The value 0 (zero) means "not limited" and the cloud ser ADMX Info: -- GP English name: *Allow uploads while the device is on battery while under set Battery level (percentage)* +- GP Friendly name: *Allow uploads while the device is on battery while under set Battery level (percentage)* - GP name: *MinBatteryPercentageAllowedToUpload* - GP element: *MinBatteryPercentageAllowedToUpload* - GP path: *Windows Components/Delivery Optimization* @@ -1394,7 +1394,7 @@ The default value is 32 GB. ADMX Info: -- GP English name: *Minimum disk size allowed to use Peer Caching (in GB)* +- GP Friendly name: *Minimum disk size allowed to use Peer Caching (in GB)* - GP name: *MinDiskSizeAllowedToPeer* - GP element: *MinDiskSizeAllowedToPeer* - GP path: *Windows Components/Delivery Optimization* @@ -1460,7 +1460,7 @@ The default value is 100 MB. ADMX Info: -- GP English name: *Minimum Peer Caching Content File Size (in MB)* +- GP Friendly name: *Minimum Peer Caching Content File Size (in MB)* - GP name: *MinFileSizeToCache* - GP element: *MinFileSizeToCache* - GP path: *Windows Components/Delivery Optimization* @@ -1526,7 +1526,7 @@ The default value is 4 GB. ADMX Info: -- GP English name: *Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB)* +- GP Friendly name: *Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB)* - GP name: *MinRAMAllowedToPeer* - GP element: *MinRAMAllowedToPeer* - GP path: *Windows Components/Delivery Optimization* @@ -1592,7 +1592,7 @@ By default, %SystemDrive% is used to store the cache. ADMX Info: -- GP English name: *Modify Cache Drive* +- GP Friendly name: *Modify Cache Drive* - GP name: *ModifyCacheDrive* - GP element: *ModifyCacheDrive* - GP path: *Windows Components/Delivery Optimization* @@ -1660,7 +1660,7 @@ The default value is 20. ADMX Info: -- GP English name: *Monthly Upload Data Cap (in GB)* +- GP Friendly name: *Monthly Upload Data Cap (in GB)* - GP name: *MonthlyUploadDataCap* - GP element: *MonthlyUploadDataCap* - GP path: *Windows Components/Delivery Optimization* @@ -1722,7 +1722,7 @@ Note that downloads from LAN peers will not be throttled even when this policy i ADMX Info: -- GP English name: *Maximum Background Download Bandwidth (percentage)* +- GP Friendly name: *Maximum Background Download Bandwidth (percentage)* - GP name: *PercentageMaxBackgroundBandwidth* - GP element: *PercentageMaxBackgroundBandwidth* - GP path: *Windows Components/Delivery Optimization* @@ -1797,7 +1797,7 @@ Note that downloads from LAN peers will not be throttled even when this policy i ADMX Info: -- GP English name: *Maximum Foreground Download Bandwidth (percentage)* +- GP Friendly namee: *Maximum Foreground Download Bandwidth (percentage)* - GP name: *PercentageMaxForegroundBandwidth* - GP element: *PercentageMaxForegroundBandwidth* - GP path: *Windows Components/Delivery Optimization* @@ -1860,7 +1860,7 @@ Option 1 (Subnet mask) applies to both Download Mode LAN (1) and Group (2). ADMX Info: -- GP English name: *Select a method to restrict Peer Selection* +- GP Friendly name: *Select a method to restrict Peer Selection* - GP name: *RestrictPeerSelectionBy* - GP element: *RestrictPeerSelectionBy* - GP path: *Windows Components/Delivery Optimization* @@ -1933,7 +1933,7 @@ Added in Windows 10, version 1803. Specifies the maximum background downloa ADMX Info: -- GP English name: *Set Business Hours to Limit Background Download Bandwidth* +- GP Friendly name: *Set Business Hours to Limit Background Download Bandwidth* - GP name: *SetHoursToLimitBackgroundDownloadBandwidth* - GP path: *Windows Components/Delivery Optimization* - GP ADMX file name: *DeliveryOptimization.admx* @@ -2007,7 +2007,7 @@ Added in Windows 10, version 1803. Specifies the maximum foreground downloa ADMX Info: -- GP English name: *Set Business Hours to Limit Foreground Download Bandwidth* +- GP Friendly name: *Set Business Hours to Limit Foreground Download Bandwidth* - GP name: *SetHoursToLimitForegroundDownloadBandwidth* - GP path: *Windows Components/Delivery Optimization* - GP ADMX file name: *DeliveryOptimization.admx* diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index dfbed26745..9a3bcc48ee 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -90,7 +90,7 @@ If you enable this setting, users are unable to type a new location in the Targe ADMX Info: -- GP English name: *Prohibit User from manually redirecting Profile Folders* +- GP Friendly name: *Prohibit User from manually redirecting Profile Folders* - GP name: *DisablePersonalDirChange* - GP path: *Desktop* - GP ADMX file name: *desktop.admx* diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index 64e37f5868..157279f8f5 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -95,7 +95,7 @@ For more information about System Guard, see [Introducing Windows Defender Syste ADMX Info: -- GP English name: *Turn On Virtualization Based Security* +- GP Friendly name: *Turn On Virtualization Based Security* - GP name: *VirtualizationBasedSecurity* - GP element: *SystemGuardDrop* - GP path: *System/Device Guard* @@ -164,7 +164,7 @@ Added in Windows 10, version 1709. Turns on virtualization based security(VBS) a ADMX Info: -- GP English name: *Turn On Virtualization Based Security* +- GP Friendly name: *Turn On Virtualization Based Security* - GP name: *VirtualizationBasedSecurity* - GP path: *System/Device Guard* - GP ADMX file name: *DeviceGuard.admx* @@ -230,7 +230,7 @@ Added in Windows 10, version 1709. This setting lets users turn on Credential Gu ADMX Info: -- GP English name: *Turn On Virtualization Based Security* +- GP Friendly name: *Turn On Virtualization Based Security* - GP name: *VirtualizationBasedSecurity* - GP element: *CredentialIsolationDrop* - GP path: *System/Device Guard* @@ -298,7 +298,7 @@ Added in Windows 10, version 1709. Specifies the platform security level at the ADMX Info: -- GP English name: *Turn On Virtualization Based Security* +- GP Friendly name: *Turn On Virtualization Based Security* - GP name: *VirtualizationBasedSecurity* - GP element: *RequirePlatformSecurityFeaturesDrop* - GP path: *System/Device Guard* diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 62ce04adc6..9d7aa06011 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -129,7 +129,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv ADMX Info: -- GP English name: *Allow installation of devices that match any of these device IDs* +- GP Friendly name: *Allow installation of devices that match any of these device IDs* - GP name: *DeviceInstall_IDs_Allow* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* @@ -253,7 +253,7 @@ Peripherals can be specified by their [device instance ID](/windows-hardware/dri ADMX Info: -- GP English name: *Allow installation of devices that match any of these device instance IDs* +- GP Friendly name: *Allow installation of devices that match any of these device instance IDs* - GP name: *DeviceInstall_Instance_IDs_Allow* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* @@ -376,7 +376,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv ADMX Info: -- GP English name: *Allow installation of devices using drivers that match these device setup classes* +- GP Friendly name: *Allow installation of devices using drivers that match these device setup classes* - GP name: *DeviceInstall_Classes_Allow* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* @@ -509,7 +509,7 @@ If you disable or do not configure this policy setting, the default evaluation i ADMX Info: -- GP English name: *Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria* +- GP Friendly name: *Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria* - GP name: *DeviceInstall_Allow_Deny_Layered* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* @@ -618,7 +618,7 @@ If you disable or do not configure this policy setting, the setting in the Devic ADMX Info: -- GP English name: *Prevent device metadata retrieval from the Internet* +- GP Friendly name: *Prevent device metadata retrieval from the Internet* - GP name: *DeviceMetadata_PreventDeviceMetadataFromNetwork* - GP path: *System/Device Installation* - GP ADMX file name: *DeviceSetup.admx* @@ -700,7 +700,7 @@ If you disable or do not configure this policy setting, Windows is allowed to in ADMX Info: -- GP English name: *Prevent installation of devices not described by other policy settings* +- GP Friendly name: *Prevent installation of devices not described by other policy settings* - GP name: *DeviceInstall_Unspecified_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* @@ -817,7 +817,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv ADMX Info: -- GP English name: *Prevent installation of devices that match any of these device IDs* +- GP Friendly name: *Prevent installation of devices that match any of these device IDs* - GP name: *DeviceInstall_IDs_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* @@ -934,7 +934,7 @@ Peripherals can be specified by their [device instance ID](/windows-hardware/dri ADMX Info: -- GP English name: *Prevent installation of devices that match any of these device instance IDs* +- GP Friendly name: *Prevent installation of devices that match any of these device instance IDs* - GP name: *DeviceInstall_Instance_IDs_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* @@ -1064,7 +1064,7 @@ Peripherals can be specified by their [hardware identity](/windows-hardware/driv ADMX Info: -- GP English name: *Prevent installation of devices using drivers that match these device setup classes* +- GP Friendly name: *Prevent installation of devices using drivers that match these device setup classes* - GP name: *DeviceInstall_Classes_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 730e173e27..b394ffb753 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -969,7 +969,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor GP Info: -- GP English name: *Minimum password age* +- GP Friendly name: *Minimum password age* - GP path: *Windows Settings/Security Settings/Account Policies/Password Policy* @@ -1037,7 +1037,7 @@ If you enable this setting, users will no longer be able to enable or disable lo ADMX Info: -- GP English name: *Prevent enabling lock screen camera* +- GP Friendly name: *Prevent enabling lock screen camera* - GP name: *CPL_Personalization_NoLockScreenCamera* - GP path: *Control Panel/Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* @@ -1107,7 +1107,7 @@ If you enable this setting, users will no longer be able to modify slide show se ADMX Info: -- GP English name: *Prevent enabling lock screen slide show* +- GP Friendly name: *Prevent enabling lock screen slide show* - GP name: *CPL_Personalization_NoLockScreenSlideshow* - GP path: *Control Panel/Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 82dbb630ae..12a6952ffa 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -91,7 +91,7 @@ This policy allows you to disable Per-Process System DPI for a semicolon-separat ADMX Info: -- GP English name: *Configure Per-Process System DPI settings* +- GP Friendly name: *Configure Per-Process System DPI settings* - GP name: *DisplayPerProcessSystemDpiSettings* - GP element: *DisplayDisablePerProcessSystemDpiSettings* - GP path: *System/Display* @@ -159,12 +159,12 @@ Per Process System DPI will not work for all applications as some older desktop In some cases, you may see some unexpected behavior in some desktop applications that have Per-Process System DPI applied. If that happens, Per Process System DPI should be disabled. -Enabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or do not configure this setting, Per Process System DPI will not apply to any processes on the system. +Enabling this setting lets you specify the system-wide default for desktop applications and per-application overrides. If you disable or do not configure this setting. Per Process System DPI will not apply to any processes on the system. ADMX Info: -- GP English name: *Configure Per-Process System DPI settings* +- GP Friendly name: *Configure Per-Process System DPI settings* - GP name: *DisplayPerProcessSystemDpiSettings* - GP element: *DisplayGlobalPerProcessSystemDpiSettings* - GP path: *System/Display* @@ -231,7 +231,7 @@ This policy allows you to enable Per-Process System DPI for a semicolon-separate ADMX Info: -- GP English name: *Configure Per-Process System DPI settings* +- GP Friendly name: *Configure Per-Process System DPI settings* - GP name: *DisplayPerProcessSystemDpiSettings* - GP element: *DisplayEnablePerProcessSystemDpiSettings* - GP path: *System/Display* @@ -299,7 +299,7 @@ If GDI DPI Scaling is configured to both turn off and turn on an application, th ADMX Info: -- GP English name: *Turn off GdiDPIScaling for applications* +- GP Friendly name: *Turn off GdiDPIScaling for applications* - GP name: *DisplayTurnOffGdiDPIScaling* - GP element: *DisplayTurnOffGdiDPIScalingPrompt* - GP path: *System/Display* @@ -309,10 +309,10 @@ ADMX Info: To validate on Desktop, do the following: -1. Configure the setting for an app which has GDI DPI scaling enabled via MDM or any other supported mechanisms. +1. Configure the setting for an app, which has GDI DPI scaling enabled via MDM or any other supported mechanisms. 2. Run the app and observe blurry text. - +Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address.
@@ -374,7 +374,7 @@ If GDI DPI Scaling is configured to both turn off and turn on an application, th ADMX Info: -- GP English name: *Turn on GdiDPIScaling for applications* +- GP Friendly name: *Turn on GdiDPIScaling for applications* - GP name: *DisplayTurnOnGdiDPIScaling* - GP element: *DisplayTurnOnGdiDPIScalingPrompt* - GP path: *System/Display* @@ -384,7 +384,7 @@ ADMX Info: To validate on Desktop, do the following: -1. Configure the setting for an app which uses GDI. +1. Configure the setting for an app, which uses GDI. 2. Run the app and observe crisp text. diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md index 24279ffb4d..2ca5164a50 100644 --- a/windows/client-management/mdm/policy-csp-dmaguard.md +++ b/windows/client-management/mdm/policy-csp-dmaguard.md @@ -93,7 +93,7 @@ Supported values: ADMX Info: -- GP English name: *Enumeration policy for external devices incompatible with Kernel DMA Protection* +- GP Friendly name: *Enumeration policy for external devices incompatible with Kernel DMA Protection* - GP name: *DmaGuardEnumerationPolicy* - GP path: *System/Kernel DMA Protection* - GP ADMX file name: *dmaguard.admx* diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 18cce493eb..7d2b8ebb1e 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -86,7 +86,7 @@ Added in Windows 10, version 2004. This policy setting allows you to control whe ADMX Info: -- GP English name: *Allow Graphing Calculator* +- GP Friendly name: *Allow Graphing Calculator* - GP name: *AllowGraphingCalculator* - GP path: *Windows Components/Calculator* - GP ADMX file name: *Programs.admx* @@ -203,7 +203,7 @@ Added in Windows 10, version 1709. Allows IT Admins to prevent user installatio ADMX Info: -- GP English name: *Prevent addition of printers* +- GP Friendly name: *Prevent addition of printers* - GP name: *NoAddPrinter* - GP path: *Control Panel/Printers* - GP ADMX file name: *Printing.admx* diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index b4f27cc7c0..a24a91ef51 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -112,7 +112,7 @@ If you disable or do not configure this policy setting, then the default consent ADMX Info: -- GP English name: *Customize consent settings* +- GP Friendly name: *Customize consent settings* - GP name: *WerConsentCustomize_2* - GP path: *Windows Components/Windows Error Reporting/Consent* - GP ADMX file name: *ErrorReporting.admx* @@ -182,7 +182,7 @@ If you disable or do not configure this policy setting, the Turn off Windows Err ADMX Info: -- GP English name: *Disable Windows Error Reporting* +- GP Friendly name: *Disable Windows Error Reporting* - GP name: *WerDisable_2* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -256,7 +256,7 @@ See also the Configure Error Reporting policy setting. ADMX Info: -- GP English name: *Display Error Notification* +- GP Friendly name: *Display Error Notification* - GP name: *PCH_ShowUI* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -326,7 +326,7 @@ If you disable or do not configure this policy setting, then consent policy sett ADMX Info: -- GP English name: *Do not send additional data* +- GP Friendly name: *Do not send additional data* - GP name: *WerNoSecondLevelData_2* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -396,7 +396,7 @@ If you disable or do not configure this policy setting, Windows Error Reporting ADMX Info: -- GP English name: *Prevent display of the user interface for critical errors* +- GP Friendly name: *Prevent display of the user interface for critical errors* - GP name: *WerDoNotShowUI* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index d86bd44edc..43366ce6ff 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -101,7 +101,7 @@ Note: Old events may or may not be retained according to the "Backup log automat ADMX Info: -- GP English name: *Control Event Log behavior when the log file reaches its maximum size* +- GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size* - GP name: *Channel_Log_Retention_1* - GP path: *Windows Components/Event Log Service/Application* - GP ADMX file name: *eventlog.admx* @@ -171,7 +171,7 @@ If you disable or do not configure this policy setting, the maximum size of the ADMX Info: -- GP English name: *Specify the maximum log file size (KB)* +- GP Friendly name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_1* - GP path: *Windows Components/Event Log Service/Application* - GP ADMX file name: *eventlog.admx* @@ -241,7 +241,7 @@ If you disable or do not configure this policy setting, the maximum size of the ADMX Info: -- GP English name: *Specify the maximum log file size (KB)* +- GP Friendly name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_2* - GP path: *Windows Components/Event Log Service/Security* - GP ADMX file name: *eventlog.admx* @@ -311,7 +311,7 @@ If you disable or do not configure this policy setting, the maximum size of the ADMX Info: -- GP English name: *Specify the maximum log file size (KB)* +- GP Friendly name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_4* - GP path: *Windows Components/Event Log Service/System* - GP ADMX file name: *eventlog.admx* diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 90192d37ac..ff50ae9cb0 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -152,7 +152,7 @@ Value type is integer. Supported values: ADMX Info: -- GP English name: *Allow Clipboard History* +- GP Friendly name: *Allow Clipboard History* - GP name: *AllowClipboardHistory* - GP path: *System/OS Policies* - GP ADMX file name: *OSPolicy.admx* @@ -229,7 +229,7 @@ Most restricted value is 0. ADMX Info: -- GP English name: *Allow Cortana* +- GP Friendly name: *Allow Cortana* - GP name: *AllowCortana* - GP path: *Windows Components/Search* - GP ADMX file name: *Search.admx* @@ -361,7 +361,7 @@ When Find My Device is off, the device and its location are not registered and t ADMX Info: -- GP English name: *Turn On/Off Find My Device* +- GP Friendly name: *Turn On/Off Find My Device* - GP name: *FindMy_AllowFindMyDeviceConfig* - GP path: *Windows Components/Find My Device* - GP ADMX file name: *FindMy.admx* @@ -642,7 +642,7 @@ Most restricted value is 0. ADMX Info: -- GP English name: *Do not use diagnostic data for tailored experiences* +- GP Friendly name: *Do not use diagnostic data for tailored experiences* - GP name: *DisableTailoredExperiencesWithDiagnosticData* - GP path: *Windows Components/Cloud Content* - GP ADMX file name: *CloudContent.admx* @@ -712,7 +712,7 @@ Specifies whether to allow app and content suggestions from third-party software ADMX Info: -- GP English name: *Do not suggest third-party content in Windows spotlight* +- GP Friendly name: *Do not suggest third-party content in Windows spotlight* - GP name: *DisableThirdPartySuggestions* - GP path: *Windows Components/Cloud Content* - GP ADMX file name: *CloudContent.admx* @@ -785,7 +785,7 @@ Most restricted value is 0. ADMX Info: -- GP English name: *Turn off Microsoft consumer experiences* +- GP Friendly name: *Turn off Microsoft consumer experiences* - GP name: *DisableWindowsConsumerFeatures* - GP path: *Windows Components/Cloud Content* - GP ADMX file name: *CloudContent.admx* @@ -857,7 +857,7 @@ Most restricted value is 0. ADMX Info: -- GP English name: *Turn off all Windows spotlight features* +- GP Friendly name: *Turn off all Windows spotlight features* - GP name: *DisableWindowsSpotlightFeatures* - GP path: *Windows Components/Cloud Content* - GP ADMX file name: *CloudContent.admx* @@ -928,7 +928,7 @@ Most restricted value is 0. ADMX Info: -- GP English name: *Turn off Windows Spotlight on Action Center* +- GP Friendly name: *Turn off Windows Spotlight on Action Center* - GP name: *DisableWindowsSpotlightOnActionCenter* - GP path: *Windows Components/Cloud Content* - GP ADMX file name: *CloudContent.admx* @@ -998,7 +998,7 @@ Added in Windows 10, version 1803. This policy allows IT admins to turn off Sugg ADMX Info: -- GP English name: *Turn off Windows Spotlight on Settings* +- GP Friendly name: *Turn off Windows Spotlight on Settings* - GP name: *DisableWindowsSpotlightOnSettings* - GP path: *Windows Components/Cloud Content* - GP ADMX file name: *CloudContent.admx* @@ -1070,7 +1070,7 @@ Most restricted value is 0. ADMX Info: -- GP English name: *Turn off the Windows Welcome Experience* +- GP Friendly name: *Turn off the Windows Welcome Experience* - GP name: *DisableWindowsSpotlightWindowsWelcomeExperience* - GP path: *Windows Components/Cloud Content* - GP ADMX file name: *CloudContent.admx* @@ -1136,7 +1136,7 @@ Enables or disables Windows Tips / soft landing. ADMX Info: -- GP English name: *Do not show Windows tips* +- GP Friendly name: *Do not show Windows tips* - GP name: *DisableSoftLanding* - GP path: *Windows Components/Cloud Content* - GP ADMX file name: *CloudContent.admx* @@ -1264,7 +1264,7 @@ Allows IT admins to specify whether spotlight should be used on the user's lock ADMX Info: -- GP English name: *Configure Windows spotlight on lock screen* +- GP Friendly name: *Configure Windows spotlight on lock screen* - GP name: *ConfigureWindowsSpotlight* - GP path: *Windows Components/Cloud Content* - GP ADMX file name: *CloudContent.admx* @@ -1333,7 +1333,7 @@ If you disable or do not configure this policy setting, Windows experiences will ADMX Info: -- GP English name: *Turn off cloud optimized content* +- GP Friendly name: *Turn off cloud optimized content* - GP name: *DisableCloudOptimizedContent* - GP path: *Windows Components/Cloud Content* - GP ADMX file name: *CloudContent.admx* @@ -1403,7 +1403,7 @@ If you disable or do not configure this policy setting, users can control how of ADMX Info: -- GP English name: *Do not show feedback notifications* +- GP Friendly name: *Do not show feedback notifications* - GP name: *DoNotShowFeedbackNotifications* - GP path: *Data Collection and Preview Builds* - GP ADMX file name: *FeedbackNotifications.admx* @@ -1472,7 +1472,7 @@ Related policy: ADMX Info: -- GP English name: *Do not sync browser settings* +- GP Friendly name: *Do not sync browser settings* - GP name: *DisableWebBrowserSettingSync* - GP path: *Windows Components/Sync your settings* - GP ADMX file name: *SettingSync.admx* @@ -1567,7 +1567,7 @@ Related policy: ADMX Info: -- GP English name: *Prevent users from turning on browser syncing* +- GP Friendly name: *Prevent users from turning on browser syncing* - GP name: *PreventUsersFromTurningOnBrowserSyncing* - GP path: *Windows Components/Sync your settings* - GP ADMX file name: *SettingSync.admx* @@ -1664,7 +1664,7 @@ If you do not configure this policy setting, the lock option is shown in the Use ADMX Info: -- GP English name: *Show lock in the user tile menu* +- GP Friendly name: *Show lock in the user tile menu* - GP name: *ShowLockOption* - GP path: *File Explorer* - GP ADMX file name: *WindowsExplorer.admx* diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 80e9be3716..e192bd9e82 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -81,7 +81,7 @@ The system settings require a reboot; the application settings do not require a ADMX Info: -- GP English name: *Use a common set of exploit protection settings* +- GP Friendly name: *Use a common set of exploit protection settings* - GP name: *ExploitProtection_Name* - GP element: *ExploitProtection_Name* - GP path: *Windows Components/Windows Defender Exploit Guard/Exploit Protection* diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index 58b2bf5175..82dce114b4 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -89,7 +89,7 @@ Disabling data execution prevention can allow certain legacy plug-in application ADMX Info: -- GP English name: *Turn off Data Execution Prevention for Explorer* +- GP Friendly name: *Turn off Data Execution Prevention for Explorer* - GP name: *NoDataExecutionPrevention* - GP path: *File Explorer* - GP ADMX file name: *Explorer.admx* @@ -155,7 +155,7 @@ Disabling heap termination on corruption can allow certain legacy plug-in applic ADMX Info: -- GP English name: *Turn off heap termination on corruption* +- GP Friendly name: *Turn off heap termination on corruption* - GP name: *NoHeapTerminationOnCorruption* - GP path: *File Explorer* - GP ADMX file name: *Explorer.admx* diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index dea9168e36..615be07c90 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -85,7 +85,7 @@ The docked mode is especially useful in Kiosk mode where you do not expect the e ADMX Info: -- GP English name: *Handwriting Panel Default Mode Docked* +- GP Friendly name: *Handwriting Panel Default Mode Docked* - GP name: *PanelDefaultModeDocked* - GP path: *Windows Components/Handwriting* - GP ADMX file name: *Handwriting.admx* diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 5760215ef8..8222726809 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -863,7 +863,7 @@ If you disable or do not configure this policy setting, the user can configure t ADMX Info: -- GP English name: *Add a specific list of search providers to the user's list of search providers* +- GP Friendly name: *Add a specific list of search providers to the user's list of search providers* - GP name: *AddSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -934,7 +934,7 @@ If you disable or do not configure this policy setting, ActiveX Filtering is not ADMX Info: -- GP English name: *Turn on ActiveX Filtering* +- GP Friendly name: *Turn on ActiveX Filtering* - GP name: *TurnOnActiveXFiltering* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1011,7 +1011,7 @@ If you disable this policy setting, the list is deleted. The 'Deny all add-ons u ADMX Info: -- GP English name: *Add-on List* +- GP Friendly name: *Add-on List* - GP name: *AddonManagement_AddOnList* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -1083,7 +1083,7 @@ If you do not configure this setting, the user has the freedom of turning on Aut ADMX Info: -- GP English name: *Turn on the auto-complete feature for user names and passwords on forms* +- GP Friendly name: *Turn on the auto-complete feature for user names and passwords on forms* - GP name: *RestrictFormSuggestPW* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1154,7 +1154,7 @@ If you disable or do not configure this policy setting, the user can choose whet ADMX Info: -- GP English name: *Turn on certificate address mismatch warning* +- GP Friendly name: *Turn on certificate address mismatch warning* - GP name: *IZ_PolicyWarnCertMismatch* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1229,7 +1229,7 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th ADMX Info: -- GP English name: *Allow deleting browsing history on exit* +- GP Friendly name: *Allow deleting browsing history on exit* - GP name: *DBHDisableDeleteOnExit* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* @@ -1302,7 +1302,7 @@ If you do not configure this policy, users will be able to turn on or turn off E ADMX Info: -- GP English name: *Turn on Enhanced Protected Mode* +- GP Friendly name: *Turn on Enhanced Protected Mode* - GP name: *Advanced_EnableEnhancedProtectedMode* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -1375,7 +1375,7 @@ If you do not configure this policy setting, users can change the Suggestions se ADMX Info: -- GP English name: *Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar* +- GP Friendly name: *Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar* - GP name: *AllowServicePoweredQSA* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1457,7 +1457,7 @@ If you disable or don't configure this policy setting, the menu option won't app ADMX Info: -- GP English name: *Let users turn on and use Enterprise Mode from the Tools menu* +- GP Friendly name: *Let users turn on and use Enterprise Mode from the Tools menu* - GP name: *EnterpriseModeEnable* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1528,7 +1528,7 @@ If you disable or don't configure this policy setting, Internet Explorer opens a ADMX Info: -- GP English name: *Use the Enterprise Mode IE website list* +- GP Friendly name: *Use the Enterprise Mode IE website list* - GP name: *EnterpriseModeSiteList* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1600,7 +1600,7 @@ If you disable this policy, system defaults will be used. ADMX Info: -- GP English name: *Allow fallback to SSL 3.0 (Internet Explorer)* +- GP Friendly name: *Allow fallback to SSL 3.0 (Internet Explorer)* - GP name: *Advanced_EnableSSL3Fallback* - GP path: *Windows Components/Internet Explorer/Security Features* - GP ADMX file name: *inetres.admx* @@ -1671,7 +1671,7 @@ If you disable or do not configure this policy setting, the user can add and rem ADMX Info: -- GP English name: *Use Policy List of Internet Explorer 7 sites* +- GP Friendly name: *Use Policy List of Internet Explorer 7 sites* - GP name: *CompatView_UsePolicyList* - GP path: *Windows Components/Internet Explorer/Compatibility View* - GP ADMX file name: *inetres.admx* @@ -1744,7 +1744,7 @@ If you do not configure this policy setting, Internet Explorer uses an Internet ADMX Info: -- GP English name: *Turn on Internet Explorer Standards Mode for local intranet* +- GP Friendly name: *Turn on Internet Explorer Standards Mode for local intranet* - GP name: *CompatView_IntranetSites* - GP path: *Windows Components/Internet Explorer/Compatibility View* - GP ADMX file name: *inetres.admx* @@ -1821,7 +1821,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP English name: *Internet Zone Template* +- GP Friendly name: *Internet Zone Template* - GP name: *IZ_PolicyInternetZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1898,7 +1898,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP English name: *Intranet Zone Template* +- GP Friendly name: *Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1975,7 +1975,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP English name: *Local Machine Zone Template* +- GP Friendly name: *Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2052,7 +2052,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP English name: *Locked-Down Internet Zone Template* +- GP Friendly name: *Locked-Down Internet Zone Template* - GP name: *IZ_PolicyInternetZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2129,7 +2129,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP English name: *Locked-Down Intranet Zone Template* +- GP Friendly name: *Locked-Down Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2206,7 +2206,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP English name: *Locked-Down Local Machine Zone Template* +- GP Friendly name: *Locked-Down Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2283,7 +2283,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP English name: *Locked-Down Restricted Sites Zone Template* +- GP Friendly name: *Locked-Down Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2354,7 +2354,7 @@ If you disable or do not configure this policy setting, Internet Explorer does n ADMX Info: -- GP English name: *Go to an intranet site for a one-word entry in the Address bar* +- GP Friendly name: *Go to an intranet site for a one-word entry in the Address bar* - GP name: *UseIntranetSiteForOneWordEntry* - GP path: *Windows Components/Internet Explorer/Internet Settings/Advanced settings/Browsing* - GP ADMX file name: *inetres.admx* @@ -2426,7 +2426,7 @@ For more information, see [https://go.microsoft.com/fwlink/?linkid=2102115](/dep ADMX Info: -- GP English name: *Allow "Save Target As" in Internet Explorer mode* +- GP Friendly name: *Allow "Save Target As" in Internet Explorer mode* - GP name: *AllowSaveTargetAsInIEMode* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2518,7 +2518,7 @@ The list is a set of pairs of strings. Each string is separated by F000. Each pa ADMX Info: -- GP English name: *Site to Zone Assignment List* +- GP Friendly name: *Site to Zone Assignment List* - GP name: *IZ_Zonemaps* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2616,7 +2616,7 @@ If you do not configure this policy, users can choose to run or install files wi ADMX Info: -- GP English name: *Allow software to run or install even if the signature is invalid* +- GP Friendly name: *Allow software to run or install even if the signature is invalid* - GP name: *Advanced_InvalidSignatureBlock* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -2689,7 +2689,7 @@ If you do not configure this policy setting, the user can turn on and turn off t ADMX Info: -- GP English name: *Turn on Suggested Sites* +- GP Friendly name: *Turn on Suggested Sites* - GP name: *EnableSuggestedSites* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2766,7 +2766,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP English name: *Trusted Sites Zone Template* +- GP Friendly name: *Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2843,7 +2843,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP English name: *Locked-Down Trusted Sites Zone Template* +- GP Friendly name: *Locked-Down Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2920,7 +2920,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: -- GP English name: *Restricted Sites Zone Template* +- GP Friendly name: *Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2993,7 +2993,7 @@ If you do not configure this policy setting, Internet Explorer will not check se ADMX Info: -- GP English name: *Check for server certificate revocation* +- GP Friendly name: *Check for server certificate revocation* - GP name: *Advanced_CertificateRevocation* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -3066,7 +3066,7 @@ If you do not configure this policy, Internet Explorer will not check the digita ADMX Info: -- GP English name: *Check for signatures on downloaded programs* +- GP Friendly name: *Check for signatures on downloaded programs* - GP name: *Advanced_DownloadSignatures* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -3156,7 +3156,7 @@ If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge ADMX Info: -- GP English name: *Configure which channel of Microsoft Edge to use for opening redirected sites* +- GP Friendly name: *Configure which channel of Microsoft Edge to use for opening redirected sites* - GP name: *NeedEdgeBrowser* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -3433,7 +3433,7 @@ If you do not configure this policy setting, Internet Explorer requires consiste ADMX Info: -- GP English name: *Internet Explorer Processes* +- GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_5* - GP path: *Windows Components/Internet Explorer/Security Features/Consistent Mime Handling* - GP ADMX file name: *inetres.admx* @@ -3504,7 +3504,7 @@ If you disable or do not configure this setting, IE continues to download update ADMX Info: -- GP English name: *Turn off automatic download of the ActiveX VersionList* +- GP Friendly name: *Turn off automatic download of the ActiveX VersionList* - GP name: *VersionListAutomaticDownloadDisable* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -3588,7 +3588,7 @@ Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny ADMX Info: -- GP English name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects* +- GP Friendly name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects* - GP name: *DisableFlashInIE* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -3659,7 +3659,7 @@ If you disable or do not configure this policy setting, the user can bypass Wind ADMX Info: -- GP English name: *Prevent bypassing SmartScreen Filter warnings* +- GP Friendly name: *Prevent bypassing SmartScreen Filter warnings* - GP name: *DisableSafetyFilterOverride* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -3730,7 +3730,7 @@ If you disable or do not configure this policy setting, the user can bypass Wind ADMX Info: -- GP English name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet* +- GP Friendly name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet* - GP name: *DisableSafetyFilterOverrideForAppRepUnknown* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -3801,7 +3801,7 @@ If you disable or do not configure this policy setting, the user can use the Com ADMX Info: -- GP English name: *Turn off Compatibility View* +- GP Friendly name: *Turn off Compatibility View* - GP name: *CompatView_DisableList* - GP path: *Windows Components/Internet Explorer/Compatibility View* - GP ADMX file name: *inetres.admx* @@ -3883,7 +3883,7 @@ If you disable or do not configure this policy setting, a user can set the numbe ADMX Info: -- GP English name: *Disable "Configuring History"* +- GP Friendly name: *Disable "Configuring History"* - GP name: *RestrictHistory* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* @@ -3954,7 +3954,7 @@ If you disable or do not configure this policy setting, the crash detection feat ADMX Info: -- GP English name: *Turn off Crash Detection* +- GP Friendly name: *Turn off Crash Detection* - GP name: *AddonManagement_RestrictCrashDetection* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -4027,7 +4027,7 @@ If you do not configure this policy setting, the user can choose to participate ADMX Info: -- GP English name: *Prevent participation in the Customer Experience Improvement Program* +- GP Friendly name: *Prevent participation in the Customer Experience Improvement Program* - GP name: *SQM_DisableCEIP* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -4102,7 +4102,7 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th ADMX Info: -- GP English name: *Prevent deleting websites that the user has visited* +- GP Friendly name: *Prevent deleting websites that the user has visited* - GP name: *DBHDisableDeleteHistory* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* @@ -4173,7 +4173,7 @@ If you disable or do not configure this policy setting, the user can set the Fee ADMX Info: -- GP English name: *Prevent downloading of enclosures* +- GP Friendly name: *Prevent downloading of enclosures* - GP name: *Disable_Downloading_of_Enclosures* - GP path: *Windows Components/RSS Feeds* - GP ADMX file name: *inetres.admx* @@ -4246,7 +4246,7 @@ Note: SSL 2.0 is off by default and is no longer supported starting with Windows ADMX Info: -- GP English name: *Turn off encryption support* +- GP Friendly name: *Turn off encryption support* - GP name: *Advanced_SetWinInetProtocols* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -4317,7 +4317,7 @@ If you disable or do not configure this policy setting, the user can synchronize ADMX Info: -- GP English name: *Turn off background synchronization for feeds and Web Slices* +- GP Friendly name: *Turn off background synchronization for feeds and Web Slices* - GP name: *Disable_Background_Syncing* - GP path: *Windows Components/RSS Feeds* - GP ADMX file name: *inetres.admx* @@ -4403,7 +4403,7 @@ If you disable or do not configure this policy setting, Internet Explorer may ru ADMX Info: -- GP English name: *Prevent running First Run wizard* +- GP Friendly name: *Prevent running First Run wizard* - GP name: *NoFirstRunCustomise* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -4478,7 +4478,7 @@ If you don't configure this setting, users can turn this behavior on or off, usi ADMX Info: -- GP English name: *Turn off the flip ahead with page prediction feature* +- GP Friendly name: *Turn off the flip ahead with page prediction feature* - GP name: *Advanced_DisableFlipAhead* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -4551,7 +4551,7 @@ If you do not configure this policy setting, browser geolocation support can be ADMX Info: -- GP English name: *Turn off browser geolocation* +- GP Friendly name: *Turn off browser geolocation* - GP name: *GeolocationDisable* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -4632,7 +4632,7 @@ If you disable or do not configure this policy setting, the Home page box is ena ADMX Info: -- GP English name: *Disable changing home page settings* +- GP Friendly name: *Disable changing home page settings* - GP name: *RestrictHomePage* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -4708,7 +4708,7 @@ If you disable, or do not configure this policy, all sites are opened using the ADMX Info: -- GP English name: *Disable Internet Explorer 11 as a standalone browser* +- GP Friendly name: *Disable Internet Explorer 11 as a standalone browser* - GP name: *DisableInternetExplorerApp* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -4797,7 +4797,7 @@ If you disable or do not configure this policy setting, the user can choose to i ADMX Info: -- GP English name: *Prevent ignoring certificate errors* +- GP Friendly name: *Prevent ignoring certificate errors* - GP name: *NoCertError* - GP path: *Windows Components/Internet Explorer/Internet Control Panel* - GP ADMX file name: *inetres.admx* @@ -4872,7 +4872,7 @@ If you do not configure this policy setting, InPrivate Browsing can be turned on ADMX Info: -- GP English name: *Turn off InPrivate Browsing* +- GP Friendly name: *Turn off InPrivate Browsing* - GP name: *DisableInPrivateBrowsing* - GP path: *Windows Components/Internet Explorer/Privacy* - GP ADMX file name: *inetres.admx* @@ -4947,7 +4947,7 @@ If you don't configure this policy setting, users can turn this feature on or of ADMX Info: -- GP English name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows* +- GP Friendly name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows* - GP name: *Advanced_EnableEnhancedProtectedMode64Bit* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -5018,7 +5018,7 @@ If you disable or do not configure this policy setting, the user can configure p ADMX Info: -- GP English name: *Prevent changing proxy settings* +- GP Friendly name: *Prevent changing proxy settings* - GP name: *RestrictProxy* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -5089,7 +5089,7 @@ If you disable or do not configure this policy setting, the user can change the ADMX Info: -- GP English name: *Prevent changing the default search provider* +- GP Friendly name: *Prevent changing the default search provider* - GP name: *NoSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -5162,7 +5162,7 @@ Note: If the “Disable Changing Home Page Settings” policy is enabled, the us ADMX Info: -- GP English name: *Disable changing secondary home page settings* +- GP Friendly name: *Disable changing secondary home page settings* - GP name: *SecondaryHomePages* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -5233,7 +5233,7 @@ If you disable or do not configure this policy setting, the feature is turned on ADMX Info: -- GP English name: *Turn off the Security Settings Check feature* +- GP Friendly name: *Turn off the Security Settings Check feature* - GP name: *Disable_Security_Settings_Check* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -5305,7 +5305,7 @@ This policy is intended to help the administrator maintain version control for I ADMX Info: -- GP English name: *Disable Periodic Check for Internet Explorer software updates* +- GP Friendly name: *Disable Periodic Check for Internet Explorer software updates* - GP name: *NoUpdateCheck* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -5378,7 +5378,7 @@ If you do not configure this policy setting, users can choose to turn the auto-c ADMX Info: -- GP English name: *Turn off the auto-complete feature for web addresses* +- GP Friendly name: *Turn off the auto-complete feature for web addresses* - GP name: *RestrictWebAddressSuggest* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -5464,7 +5464,7 @@ If you disable or do not configure this policy setting, Internet Explorer notifi ADMX Info: -- GP English name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled* +- GP Friendly name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled* - GP name: *Advanced_DisableEPMCompat* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -5540,7 +5540,7 @@ Also, see the "Security zones: Use only machine settings" policy. ADMX Info: -- GP English name: *Security Zones: Do not allow users to add/delete sites* +- GP Friendly name: *Security Zones: Do not allow users to add/delete sites* - GP name: *Security_zones_map_edit* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -5616,7 +5616,7 @@ Also, see the "Security zones: Use only machine settings" policy. ADMX Info: -- GP English name: *Security Zones: Do not allow users to change policies* +- GP Friendly name: *Security Zones: Do not allow users to change policies* - GP name: *Security_options_edit* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -5689,7 +5689,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T ADMX Info: -- GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* +- GP Friendly name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* - GP name: *VerMgmtDisable* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -5766,7 +5766,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T ADMX Info: -- GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains* +- GP Friendly name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains* - GP name: *VerMgmtDomainAllowlist* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -5839,7 +5839,7 @@ If you do not configure this policy setting, users choose whether to force local ADMX Info: -- GP English name: *Intranet Sites: Include all local (intranet) sites not listed in other zones* +- GP Friendly name: *Intranet Sites: Include all local (intranet) sites not listed in other zones* - GP name: *IZ_IncludeUnspecifiedLocalSites* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -5912,7 +5912,7 @@ If you do not configure this policy setting, users choose whether network paths ADMX Info: -- GP English name: *Intranet Sites: Include all network paths (UNCs)* +- GP Friendly name: *Intranet Sites: Include all network paths (UNCs)* - GP name: *IZ_UNCAsIntranet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -5985,7 +5985,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: -- GP English name: *Access data sources across domains* +- GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6058,7 +6058,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP English name: *Automatic prompting for ActiveX controls* +- GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6129,7 +6129,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP English name: *Automatic prompting for file downloads* +- GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6204,7 +6204,7 @@ If you do not configure this policy setting, a script can perform a clipboard op ADMX Info: -- GP English name: *Allow cut, copy or paste operations from the clipboard via script* +- GP Friendly name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6277,7 +6277,7 @@ If you do not configure this policy setting, users can drag files or copy and pa ADMX Info: -- GP English name: *Allow drag and drop or copy and paste files* +- GP Friendly name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6350,7 +6350,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP English name: *Allow font downloads* +- GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6423,7 +6423,7 @@ If you do not configure this policy setting, Web sites from less privileged zone ADMX Info: -- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6496,7 +6496,7 @@ If you do not configure this policy setting, the user can decide whether to load ADMX Info: -- GP English name: *Allow loading of XAML files* +- GP Friendly name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6569,7 +6569,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi ADMX Info: -- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6640,7 +6640,7 @@ If you disable this policy setting, the user does not see the per-site ActiveX p ADMX Info: -- GP English name: *Allow only approved domains to use ActiveX controls without prompt* +- GP Friendly name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6711,7 +6711,7 @@ If you disable this policy setting, the TDC Active X control will run from all s ADMX Info: -- GP English name: *Allow only approved domains to use the TDC ActiveX control* +- GP Friendly name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6784,7 +6784,7 @@ If you do not configure this policy setting, the possible harmful actions contai ADMX Info: -- GP English name: *Allow script-initiated windows without size or position constraints* +- GP Friendly name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6857,7 +6857,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP English name: *Allow scripting of Internet Explorer WebBrowser controls* +- GP Friendly name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6930,7 +6930,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP English name: *Allow scriptlets* +- GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7005,7 +7005,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP English name: *Turn on SmartScreen Filter scan* +- GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7076,7 +7076,7 @@ If you disable or do not configure this policy setting, script is not allowed to ADMX Info: -- GP English name: *Allow updates to status bar via script* +- GP Friendly name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7149,7 +7149,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP English name: *Userdata persistence* +- GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7224,7 +7224,7 @@ If you do not configure or disable this policy setting, VBScript is prevented fr ADMX Info: -- GP English name: *Allow VBScript to run in Internet Explorer* +- GP Friendly name: *Allow VBScript to run in Internet Explorer* - GP name: *IZ_PolicyAllowVBScript_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7297,7 +7297,7 @@ If you don't configure this policy setting, Internet Explorer always checks with ADMX Info: -- GP English name: *Don't run antimalware programs against ActiveX controls* +- GP Friendly name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7370,7 +7370,7 @@ If you do not configure this policy setting, users are queried whether to downlo ADMX Info: -- GP English name: *Download signed ActiveX controls* +- GP Friendly name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7443,7 +7443,7 @@ If you do not configure this policy setting, users cannot run unsigned controls. ADMX Info: -- GP English name: *Download unsigned ActiveX controls* +- GP Friendly name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7514,7 +7514,7 @@ If you disable this policy setting, the XSS Filter is turned off for sites in th ADMX Info: -- GP English name: *Turn on Cross-Site Scripting Filter* +- GP Friendly name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7589,7 +7589,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no ADMX Info: -- GP English name: *Enable dragging of content from different domains across windows* +- GP Friendly name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7664,7 +7664,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting ADMX Info: -- GP English name: *Enable dragging of content from different domains within a window* +- GP Friendly name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7737,7 +7737,7 @@ If you do not configure this policy setting, the MIME Sniffing Safety Feature wi ADMX Info: -- GP English name: *Enable MIME Sniffing* +- GP Friendly name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7810,7 +7810,7 @@ If you do not configure this policy setting, the user can turn on or turn off Pr ADMX Info: -- GP English name: *Turn on Protected Mode* +- GP Friendly name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7883,7 +7883,7 @@ If you do not configure this policy setting, the user can choose whether path in ADMX Info: -- GP English name: *Include local path when user is uploading files to a server* +- GP Friendly name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -7958,7 +7958,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP English name: *Initialize and script ActiveX controls not marked as safe* +- GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -8078,7 +8078,7 @@ If you do not configure this policy setting, the permission is set to High Safet ADMX Info: -- GP English name: *Java permissions* +- GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -8151,7 +8151,7 @@ If you do not configure this policy setting, users are queried to choose whether ADMX Info: -- GP English name: *Launching applications and files in an IFRAME* +- GP Friendly name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -8232,7 +8232,7 @@ If you do not configure this policy setting, logon is set to Automatic logon onl ADMX Info: -- GP English name: *Logon options* +- GP Friendly name: *Logon options* - GP name: *IZ_PolicyLogon_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -8305,7 +8305,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP English name: *Navigate windows and frames across different domains* +- GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -8378,7 +8378,7 @@ If you do not configure this policy setting, Internet Explorer will execute sign ADMX Info: -- GP English name: *Run .NET Framework-reliant components signed with Authenticode* +- GP Friendly name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -8451,7 +8451,7 @@ If you do not configure this policy setting, the user can configure how the comp ADMX Info: -- GP English name: *Show security warning for potentially unsafe files* +- GP Friendly name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -8524,7 +8524,7 @@ If you do not configure this policy setting, most unwanted pop-up windows are pr ADMX Info: -- GP English name: *Use Pop-up Blocker* +- GP Friendly name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -8597,7 +8597,7 @@ If you do not configure this policy setting, users are queried to choose whether ADMX Info: -- GP English name: *Access data sources across domains* +- GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -8670,7 +8670,7 @@ If you do not configure this policy setting, users will receive a prompt when a ADMX Info: -- GP English name: *Automatic prompting for ActiveX controls* +- GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -8741,7 +8741,7 @@ If you disable or do not configure this setting, users will receive a file downl ADMX Info: -- GP English name: *Automatic prompting for file downloads* +- GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -8814,7 +8814,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP English name: *Allow font downloads* +- GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -8887,7 +8887,7 @@ If you do not configure this policy setting, Web sites from less privileged zone ADMX Info: -- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -8960,7 +8960,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi ADMX Info: -- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -9033,7 +9033,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP English name: *Allow scriptlets* +- GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -9108,7 +9108,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP English name: *Turn on SmartScreen Filter scan* +- GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -9181,7 +9181,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP English name: *Userdata persistence* +- GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -9254,7 +9254,7 @@ If you don't configure this policy setting, Internet Explorer won't check with y ADMX Info: -- GP English name: *Don't run antimalware programs against ActiveX controls* +- GP Friendly name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -9329,7 +9329,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP English name: *Initialize and script ActiveX controls not marked as safe* +- GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -9408,7 +9408,7 @@ If you do not configure this policy setting, the permission is set to Medium Saf ADMX Info: -- GP English name: *Java permissions* +- GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -9481,7 +9481,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP English name: *Navigate windows and frames across different domains* +- GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -9562,7 +9562,7 @@ For more information on how to use this policy together with other related polic ADMX Info: -- GP English name: *Keep all Intranet Sites in Internet Explorer* +- GP Friendly name: *Keep all Intranet Sites in Internet Explorer* - GP name: *KeepIntranetSitesInInternetExplorer* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -9653,7 +9653,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: -- GP English name: *Access data sources across domains* +- GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -9726,7 +9726,7 @@ If you do not configure this policy setting, users will receive a prompt when a ADMX Info: -- GP English name: *Automatic prompting for ActiveX controls* +- GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -9797,7 +9797,7 @@ If you disable or do not configure this setting, users will receive a file downl ADMX Info: -- GP English name: *Automatic prompting for file downloads* +- GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -9870,7 +9870,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP English name: *Allow font downloads* +- GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -9943,7 +9943,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -10016,7 +10016,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -10089,7 +10089,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP English name: *Allow scriptlets* +- GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -10164,7 +10164,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP English name: *Turn on SmartScreen Filter scan* +- GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -10237,7 +10237,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP English name: *Userdata persistence* +- GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -10310,7 +10310,7 @@ If you don't configure this policy setting, Internet Explorer won't check with y ADMX Info: -- GP English name: *Don't run antimalware programs against ActiveX controls* +- GP Friendly name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -10385,7 +10385,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: -- GP English name: *Initialize and script ActiveX controls not marked as safe* +- GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -10464,7 +10464,7 @@ If you do not configure this policy setting, the permission is set to Medium Saf ADMX Info: -- GP English name: *Java permissions* +- GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -10537,7 +10537,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP English name: *Navigate windows and frames across different domains* +- GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -10610,7 +10610,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: -- GP English name: *Access data sources across domains* +- GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -10683,7 +10683,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP English name: *Automatic prompting for ActiveX controls* +- GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -10754,7 +10754,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP English name: *Automatic prompting for file downloads* +- GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -10827,7 +10827,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP English name: *Allow font downloads* +- GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -10900,7 +10900,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -10973,7 +10973,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -11046,7 +11046,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP English name: *Allow scriptlets* +- GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -11121,7 +11121,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP English name: *Turn on SmartScreen Filter scan* +- GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -11194,7 +11194,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP English name: *Userdata persistence* +- GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -11269,7 +11269,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP English name: *Initialize and script ActiveX controls not marked as safe* +- GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -11348,7 +11348,7 @@ If you do not configure this policy setting, Java applets are disabled. ADMX Info: -- GP English name: *Java permissions* +- GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -11421,7 +11421,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP English name: *Navigate windows and frames across different domains* +- GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -11500,7 +11500,7 @@ If you do not configure this policy setting, Java applets are disabled. ADMX Info: -- GP English name: *Java permissions* +- GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -11573,7 +11573,7 @@ If you do not configure this policy setting, users are queried to choose whether ADMX Info: -- GP English name: *Access data sources across domains* +- GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -11646,7 +11646,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP English name: *Automatic prompting for ActiveX controls* +- GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -11717,7 +11717,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP English name: *Automatic prompting for file downloads* +- GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -11790,7 +11790,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP English name: *Allow font downloads* +- GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -11863,7 +11863,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -11936,7 +11936,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -12009,7 +12009,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP English name: *Allow scriptlets* +- GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -12084,7 +12084,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP English name: *Turn on SmartScreen Filter scan* +- GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -12157,7 +12157,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP English name: *Userdata persistence* +- GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -12232,7 +12232,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP English name: *Initialize and script ActiveX controls not marked as safe* +- GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -12305,7 +12305,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP English name: *Navigate windows and frames across different domains* +- GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -12378,7 +12378,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: -- GP English name: *Access data sources across domains* +- GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -12451,7 +12451,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP English name: *Automatic prompting for ActiveX controls* +- GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -12522,7 +12522,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP English name: *Automatic prompting for file downloads* +- GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -12595,7 +12595,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP English name: *Allow font downloads* +- GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -12668,7 +12668,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -12741,7 +12741,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -12814,7 +12814,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP English name: *Allow scriptlets* +- GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -12889,7 +12889,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP English name: *Turn on SmartScreen Filter scan* +- GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -12962,7 +12962,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP English name: *Userdata persistence* +- GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -13037,7 +13037,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP English name: *Initialize and script ActiveX controls not marked as safe* +- GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -13116,7 +13116,7 @@ If you do not configure this policy setting, Java applets are disabled. ADMX Info: -- GP English name: *Java permissions* +- GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -13189,7 +13189,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP English name: *Navigate windows and frames across different domains* +- GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -13262,7 +13262,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: -- GP English name: *Access data sources across domains* +- GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -13335,7 +13335,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP English name: *Automatic prompting for ActiveX controls* +- GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -13406,7 +13406,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP English name: *Automatic prompting for file downloads* +- GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -13479,7 +13479,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: -- GP English name: *Allow font downloads* +- GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -13552,7 +13552,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -13625,7 +13625,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -13698,7 +13698,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP English name: *Allow scriptlets* +- GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -13773,7 +13773,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP English name: *Turn on SmartScreen Filter scan* +- GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -13846,7 +13846,7 @@ If you do not configure this policy setting, users cannot preserve information i ADMX Info: -- GP English name: *Userdata persistence* +- GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -13921,7 +13921,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP English name: *Initialize and script ActiveX controls not marked as safe* +- GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14000,7 +14000,7 @@ If you do not configure this policy setting, Java applets are disabled. ADMX Info: -- GP English name: *Java permissions* +- GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14073,7 +14073,7 @@ If you do not configure this policy setting, users cannot open other windows and ADMX Info: -- GP English name: *Navigate windows and frames across different domains* +- GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14146,7 +14146,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: -- GP English name: *Access data sources across domains* +- GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14219,7 +14219,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP English name: *Automatic prompting for ActiveX controls* +- GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14290,7 +14290,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP English name: *Automatic prompting for file downloads* +- GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14363,7 +14363,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP English name: *Allow font downloads* +- GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14436,7 +14436,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14509,7 +14509,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14582,7 +14582,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP English name: *Allow scriptlets* +- GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14657,7 +14657,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP English name: *Turn on SmartScreen Filter scan* +- GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14730,7 +14730,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP English name: *Userdata persistence* +- GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14805,7 +14805,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP English name: *Initialize and script ActiveX controls not marked as safe* +- GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14884,7 +14884,7 @@ If you do not configure this policy setting, Java applets are disabled. ADMX Info: -- GP English name: *Java permissions* +- GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -14957,7 +14957,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP English name: *Navigate windows and frames across different domains* +- GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -15030,7 +15030,7 @@ If you do not configure this policy setting, the MK Protocol is prevented for Fi ADMX Info: -- GP English name: *Internet Explorer Processes* +- GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_3* - GP path: *Windows Components/Internet Explorer/Security Features/MK Protocol Security Restriction* - GP ADMX file name: *inetres.admx* @@ -15103,7 +15103,7 @@ If you do not configure this policy setting, MIME sniffing will never promote a ADMX Info: -- GP English name: *Internet Explorer Processes* +- GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_6* - GP path: *Windows Components/Internet Explorer/Security Features/Mime Sniffing Safety Feature* - GP ADMX file name: *inetres.admx* @@ -15174,7 +15174,7 @@ If you disable or do not configure this policy setting, users can select their p ADMX Info: -- GP English name: *Specify default behavior for a new tab* +- GP Friendly name: *Specify default behavior for a new tab* - GP name: *NewTabAction* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -15261,7 +15261,7 @@ If you do not configure this policy setting, the Notification bar will be displa ADMX Info: -- GP English name: *Internet Explorer Processes* +- GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_10* - GP path: *Windows Components/Internet Explorer/Security Features/Notification bar* - GP ADMX file name: *inetres.admx* @@ -15332,7 +15332,7 @@ If you disable or do not configure this policy setting, the user is prompted to ADMX Info: -- GP English name: *Prevent managing SmartScreen Filter* +- GP Friendly name: *Prevent managing SmartScreen Filter* - GP name: *Disable_Managing_Safety_Filter_IE9* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -15403,7 +15403,7 @@ If you disable or do not configure this policy setting, ActiveX controls can be ADMX Info: -- GP English name: *Prevent per-user installation of ActiveX controls* +- GP Friendly name: *Prevent per-user installation of ActiveX controls* - GP name: *DisablePerUserActiveXInstall* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -15476,7 +15476,7 @@ If you do not configure this policy setting, any zone can be protected from zone ADMX Info: -- GP English name: *Internet Explorer Processes* +- GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_9* - GP path: *Windows Components/Internet Explorer/Security Features/Protection From Zone Elevation* - GP ADMX file name: *inetres.admx* @@ -15549,7 +15549,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T ADMX Info: -- GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer* +- GP Friendly name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer* - GP name: *VerMgmtDisableRunThisTime* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -15622,7 +15622,7 @@ If you do not configure this policy setting, the user's preference will be used ADMX Info: -- GP English name: *Internet Explorer Processes* +- GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_11* - GP path: *Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install* - GP ADMX file name: *inetres.admx* @@ -15695,7 +15695,7 @@ If you do not configure this policy setting, the user's preference determines wh ADMX Info: -- GP English name: *Internet Explorer Processes* +- GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_12* - GP path: *Windows Components/Internet Explorer/Security Features/Restrict File Download* - GP ADMX file name: *inetres.admx* @@ -15768,7 +15768,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: -- GP English name: *Access data sources across domains* +- GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -15841,7 +15841,7 @@ If you do not configure this policy setting, script code on pages in the zone is ADMX Info: -- GP English name: *Allow active scripting* +- GP Friendly name: *Allow active scripting* - GP name: *IZ_PolicyActiveScripting_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -15914,7 +15914,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: -- GP English name: *Automatic prompting for ActiveX controls* +- GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -15985,7 +15985,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: -- GP English name: *Automatic prompting for file downloads* +- GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -16058,7 +16058,7 @@ If you do not configure this policy setting, binary and script behaviors are not ADMX Info: -- GP English name: *Allow binary and script behaviors* +- GP Friendly name: *Allow binary and script behaviors* - GP name: *IZ_PolicyBinaryBehaviors_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -16133,7 +16133,7 @@ If you do not configure this policy setting, a script cannot perform a clipboard ADMX Info: -- GP English name: *Allow cut, copy or paste operations from the clipboard via script* +- GP Friendly name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -16206,7 +16206,7 @@ If you do not configure this policy setting, users are queried to choose whether ADMX Info: -- GP English name: *Allow drag and drop or copy and paste files* +- GP Friendly name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -16279,7 +16279,7 @@ If you do not configure this policy setting, files are prevented from being down ADMX Info: -- GP English name: *Allow file downloads* +- GP Friendly name: *Allow file downloads* - GP name: *IZ_PolicyFileDownload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -16352,7 +16352,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: -- GP English name: *Allow font downloads* +- GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -16425,7 +16425,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: -- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -16498,7 +16498,7 @@ If you do not configure this policy setting, the user can decide whether to load ADMX Info: -- GP English name: *Allow loading of XAML files* +- GP Friendly name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -16571,7 +16571,7 @@ If you do not configure this policy setting, a user's browser that loads a page ADMX Info: -- GP English name: *Allow META REFRESH* +- GP Friendly name: *Allow META REFRESH* - GP name: *IZ_PolicyAllowMETAREFRESH_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -16644,7 +16644,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -16715,7 +16715,7 @@ If you disable this policy setting, the user does not see the per-site ActiveX p ADMX Info: -- GP English name: *Allow only approved domains to use ActiveX controls without prompt* +- GP Friendly name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -16786,7 +16786,7 @@ If you disable this policy setting, the TDC Active X control will run from all s ADMX Info: -- GP English name: *Allow only approved domains to use the TDC ActiveX control* +- GP Friendly name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -16859,7 +16859,7 @@ If you do not configure this policy setting, the possible harmful actions contai ADMX Info: -- GP English name: *Allow script-initiated windows without size or position constraints* +- GP Friendly name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -16932,7 +16932,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP English name: *Allow scripting of Internet Explorer WebBrowser controls* +- GP Friendly name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17005,7 +17005,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP English name: *Allow scriptlets* +- GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17080,7 +17080,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP English name: *Turn on SmartScreen Filter scan* +- GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17151,7 +17151,7 @@ If you disable or do not configure this policy setting, script is not allowed to ADMX Info: -- GP English name: *Allow updates to status bar via script* +- GP Friendly name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17224,7 +17224,7 @@ If you do not configure this policy setting, users cannot preserve information i ADMX Info: -- GP English name: *Userdata persistence* +- GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17299,7 +17299,7 @@ If you do not configure or disable this policy setting, VBScript is prevented fr ADMX Info: -- GP English name: *Allow VBScript to run in Internet Explorer* +- GP Friendly name: *Allow VBScript to run in Internet Explorer* - GP name: *IZ_PolicyAllowVBScript_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17372,7 +17372,7 @@ If you don't configure this policy setting, Internet Explorer always checks with ADMX Info: -- GP English name: *Don't run antimalware programs against ActiveX controls* +- GP Friendly name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17445,7 +17445,7 @@ If you do not configure this policy setting, signed controls cannot be downloade ADMX Info: -- GP English name: *Download signed ActiveX controls* +- GP Friendly name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17518,7 +17518,7 @@ If you do not configure this policy setting, users cannot run unsigned controls. ADMX Info: -- GP English name: *Download unsigned ActiveX controls* +- GP Friendly name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17589,7 +17589,7 @@ If you disable this policy setting, the XSS Filter is turned off for sites in th ADMX Info: -- GP English name: *Turn on Cross-Site Scripting Filter* +- GP Friendly name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17664,7 +17664,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or do no ADMX Info: -- GP English name: *Enable dragging of content from different domains across windows* +- GP Friendly name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17739,7 +17739,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting ADMX Info: -- GP English name: *Enable dragging of content from different domains within a window* +- GP Friendly name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17812,7 +17812,7 @@ If you do not configure this policy setting, the actions that may be harmful can ADMX Info: -- GP English name: *Enable MIME Sniffing* +- GP Friendly name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17885,7 +17885,7 @@ If you do not configure this policy setting, the user can choose whether path in ADMX Info: -- GP English name: *Include local path when user is uploading files to a server* +- GP Friendly name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -17960,7 +17960,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: -- GP English name: *Initialize and script ActiveX controls not marked as safe* +- GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -18039,7 +18039,7 @@ If you do not configure this policy setting, Java applets are disabled. ADMX Info: -- GP English name: *Java permissions* +- GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -18112,7 +18112,7 @@ If you do not configure this policy setting, users are prevented from running ap ADMX Info: -- GP English name: *Launching applications and files in an IFRAME* +- GP Friendly name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -18193,7 +18193,7 @@ If you do not configure this policy setting, logon is set to Prompt for username ADMX Info: -- GP English name: *Logon options* +- GP Friendly name: *Logon options* - GP name: *IZ_PolicyLogon_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -18266,7 +18266,7 @@ If you do not configure this policy setting, users cannot open other windows and ADMX Info: -- GP English name: *Navigate windows and frames across different domains* +- GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -18341,7 +18341,7 @@ If you do not configure this policy setting, controls and plug-ins are prevented ADMX Info: -- GP English name: *Run ActiveX controls and plugins* +- GP Friendly name: *Run ActiveX controls and plugins* - GP name: *IZ_PolicyRunActiveXControls_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -18414,7 +18414,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: -- GP English name: *Run .NET Framework-reliant components signed with Authenticode* +- GP Friendly name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -18489,7 +18489,7 @@ If you do not configure this policy setting, script interaction is prevented fro ADMX Info: -- GP English name: *Script ActiveX controls marked safe for scripting* +- GP Friendly name: *Script ActiveX controls marked safe for scripting* - GP name: *IZ_PolicyScriptActiveXMarkedSafe_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -18564,7 +18564,7 @@ If you do not configure this policy setting, scripts are prevented from accessin ADMX Info: -- GP English name: *Scripting of Java applets* +- GP Friendly name: *Scripting of Java applets* - GP name: *IZ_PolicyScriptingOfJavaApplets_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -18637,7 +18637,7 @@ If you do not configure this policy setting, the user can configure how the comp ADMX Info: -- GP English name: *Show security warning for potentially unsafe files* +- GP Friendly name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -18710,7 +18710,7 @@ If you do not configure this policy setting, the user can turn on or turn off Pr ADMX Info: -- GP English name: *Turn on Protected Mode* +- GP Friendly name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -18783,7 +18783,7 @@ If you do not configure this policy setting, most unwanted pop-up windows are pr ADMX Info: -- GP English name: *Use Pop-up Blocker* +- GP Friendly name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -18856,7 +18856,7 @@ If you do not configure this policy setting, popup windows and other restriction ADMX Info: -- GP English name: *Internet Explorer Processes* +- GP Friendly name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_8* - GP path: *Windows Components/Internet Explorer/Security Features/Scripted Window Security Restrictions* - GP ADMX file name: *inetres.admx* @@ -18927,7 +18927,7 @@ If you disable or do not configure this policy setting, the user can configure h ADMX Info: -- GP English name: *Restrict search providers to a specific list* +- GP Friendly name: *Restrict search providers to a specific list* - GP name: *SpecificSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -19001,7 +19001,7 @@ Also, see the "Security zones: Do not allow users to change policies" policy. ADMX Info: -- GP English name: *Security Zones: Use only machine settings* +- GP Friendly name: *Security Zones: Use only machine settings* - GP name: *Security_HKLM_only* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -19075,7 +19075,7 @@ If you disable, or not configure this setting, then it opens all sites based on ADMX Info: -- GP English name: *Send all sites not included in the Enterprise Mode Site List to Microsoft Edge* +- GP Friendly name: *Send all sites not included in the Enterprise Mode Site List to Microsoft Edge* - GP name: *RestrictInternetExplorer* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -19166,7 +19166,7 @@ If you disable or do not configure this policy setting, ActiveX controls, includ ADMX Info: -- GP English name: *Specify use of ActiveX Installer Service for installation of ActiveX controls* +- GP Friendly name: *Specify use of ActiveX Installer Service for installation of ActiveX controls* - GP name: *OnlyUseAXISForActiveXInstall* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -19239,7 +19239,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: -- GP English name: *Access data sources across domains* +- GP Friendly name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -19312,7 +19312,7 @@ If you do not configure this policy setting, users will receive a prompt when a ADMX Info: -- GP English name: *Automatic prompting for ActiveX controls* +- GP Friendly name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -19383,7 +19383,7 @@ If you disable or do not configure this setting, users will receive a file downl ADMX Info: -- GP English name: *Automatic prompting for file downloads* +- GP Friendly name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -19456,7 +19456,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: -- GP English name: *Allow font downloads* +- GP Friendly name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -19529,7 +19529,7 @@ If you do not configure this policy setting, a warning is issued to the user tha ADMX Info: -- GP English name: *Web sites in less privileged Web content zones can navigate into this zone* +- GP Friendly name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -19602,7 +19602,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi ADMX Info: -- GP English name: *Run .NET Framework-reliant components not signed with Authenticode* +- GP Friendly name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -19675,7 +19675,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: -- GP English name: *Allow scriptlets* +- GP Friendly name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -19750,7 +19750,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: -- GP English name: *Turn on SmartScreen Filter scan* +- GP Friendly name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -19823,7 +19823,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: -- GP English name: *Userdata persistence* +- GP Friendly name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -19896,7 +19896,7 @@ If you don't configure this policy setting, Internet Explorer won't check with y ADMX Info: -- GP English name: *Don't run antimalware programs against ActiveX controls* +- GP Friendly name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -19971,7 +19971,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: -- GP English name: *Initialize and script ActiveX controls not marked as safe* +- GP Friendly name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -20050,7 +20050,7 @@ If you do not configure this policy setting, the permission is set to Low Safety ADMX Info: -- GP English name: *Java permissions* +- GP Friendly name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -20123,7 +20123,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: -- GP English name: *Navigate windows and frames across different domains* +- GP Friendly name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index b5331fa661..2b2391edc6 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -104,7 +104,7 @@ If you disable or do not configure this policy setting, the Kerberos client does ADMX Info: -- GP English name: *Use forest search order* +- GP Friendly name: *Use forest search order* - GP name: *ForestSearch* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -173,7 +173,7 @@ If you disable or do not configure this policy setting, the client devices will ADMX Info: -- GP English name: *Kerberos client support for claims, compound authentication and Kerberos armoring* +- GP Friendly name: *Kerberos client support for claims, compound authentication and Kerberos armoring* - GP name: *EnableCbacAndArmor* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -247,7 +247,7 @@ If you disable or do not configure this policy setting, the client computers in ADMX Info: -- GP English name: *Fail authentication requests when Kerberos armoring is not available* +- GP Friendly name: *Fail authentication requests when Kerberos armoring is not available* - GP name: *ClientRequireFast* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -317,7 +317,7 @@ If you disable or do not configure this policy setting, the Kerberos client requ ADMX Info: -- GP English name: *Require strict KDC validation* +- GP Friendly name: *Require strict KDC validation* - GP name: *ValidateKDC* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -391,7 +391,7 @@ Note: This policy setting configures the existing MaxTokenSize registry value in ADMX Info: -- GP English name: *Set maximum Kerberos SSPI context token buffer size* +- GP Friendly name: *Set maximum Kerberos SSPI context token buffer size* - GP name: *MaxTokenSize* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md index bb03f10884..f7c4cf4015 100644 --- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md @@ -85,7 +85,7 @@ Insecure guest logons are used by file servers to allow unauthenticated access t ADMX Info: -- GP English name: *Enable insecure guest logons* +- GP Friendly name: *Enable insecure guest logons* - GP name: *Pol_EnableInsecureGuestLogons* - GP path: *Network/Lanman Workstation* - GP ADMX file name: *LanmanWorkstation.admx* diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index bfef6090cc..3bc05c7260 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -82,7 +82,7 @@ Added in Windows 10, version 1607. Enables or Disable Windows license reactivat ADMX Info: -- GP English name: *Control Device Reactivation for Retail devices* +- GP Friendly name: *Control Device Reactivation for Retail devices* - GP name: *AllowWindowsEntitlementReactivation* - GP path: *Windows Components/Software Protection Platform* - GP ADMX file name: *AVSValidationGP.admx* @@ -148,7 +148,7 @@ Added in Windows 10, version 1607. Enabling this setting prevents this computer ADMX Info: -- GP English name: *Turn off KMS Client Online AVS Validation* +- GP Friendly name: *Turn off KMS Client Online AVS Validation* - GP name: *NoAcquireGT* - GP path: *Windows Components/Software Protection Platform* - GP ADMX file name: *AVSValidationGP.admx* diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 0d4580ee4b..c004295d70 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -224,7 +224,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *Accounts: Block Microsoft accounts* +- GP Friendly name: *Accounts: Block Microsoft accounts* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -302,7 +302,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *Accounts: Limit local account use of blank passwords to console logon only* +- GP Friendly name: *Accounts: Limit local account use of blank passwords to console logon only* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -371,7 +371,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *Accounts: Rename administrator account* +- GP Friendly name: *Accounts: Rename administrator account* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -434,7 +434,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *Accounts: Rename guest account* +- GP Friendly name: *Accounts: Rename guest account* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -498,7 +498,7 @@ Disabling this policy may tempt users to try and physically remove the laptop fr GP Info: -- GP English name: *Devices: Allow undock without having to log on* +- GP Friendly name: *Devices: Allow undock without having to log on* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -562,7 +562,7 @@ Default: This policy is not defined and only Administrators have this ability. GP Info: -- GP English name: *Devices: Allowed to format and eject removable media* +- GP Friendly name: *Devices: Allowed to format and eject removable media* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -628,7 +628,7 @@ This setting does not affect the ability to add a local printer. This setting do GP Info: -- GP English name: *Devices: Prevent users from installing printer drivers* +- GP Friendly name: *Devices: Prevent users from installing printer drivers* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -691,7 +691,7 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l GP Info: -- GP English name: *Devices: Restrict CD-ROM access to locally logged-on user only* +- GP Friendly name: *Devices: Restrict CD-ROM access to locally logged-on user only* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -751,7 +751,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *Interactive logon: Display user information when the session is locked* +- GP Friendly name: *Interactive logon: Display user information when the session is locked* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -824,7 +824,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *Interactive logon: Don't display last signed-in* +- GP Friendly name: *Interactive logon: Don't display last signed-in* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -897,7 +897,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *Interactive logon: Don't display username at sign-in* +- GP Friendly name: *Interactive logon: Don't display username at sign-in* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -971,7 +971,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *Interactive logon: Do not require CTRL+ALT+DEL* +- GP Friendly name: *Interactive logon: Do not require CTRL+ALT+DEL* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1040,7 +1040,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *Interactive logon: Machine inactivity limit* +- GP Friendly name: *Interactive logon: Machine inactivity limit* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1109,7 +1109,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *Interactive logon: Message text for users attempting to log on* +- GP Friendly name: *Interactive logon: Message text for users attempting to log on* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1172,7 +1172,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *Interactive logon: Message title for users attempting to log on* +- GP Friendly name: *Interactive logon: Message title for users attempting to log on* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1251,7 +1251,7 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol GP Info: -- GP English name: *Interactive logon: Smart card removal behavior* +- GP Friendly name: *Interactive logon: Smart card removal behavior* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1327,7 +1327,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. GP Info: -- GP English name: *Microsoft network client: Digitally sign communications (if server agrees)* +- GP Friendly name: *Microsoft network client: Digitally sign communications (if server agrees)* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1390,7 +1390,7 @@ Default: Disabled. GP Info: -- GP English name: *Microsoft network client: Send unencrypted password to third-party SMB servers* +- GP Friendly name: *Microsoft network client: Send unencrypted password to third-party SMB servers* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1459,7 +1459,7 @@ Default:This policy is not defined, which means that the system treats it as 15 GP Info: -- GP English name: *Microsoft network server: Amount of idle time required before suspending session* +- GP Friendly name: *Microsoft network server: Amount of idle time required before suspending session* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1556,7 +1556,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. GP Info: -- GP English name: *Microsoft network server: Digitally sign communications (always)* +- GP Friendly name: *Microsoft network server: Digitally sign communications (always)* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1636,7 +1636,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. GP Info: -- GP English name: *Microsoft network server: Digitally sign communications (if client agrees)* +- GP Friendly name: *Microsoft network server: Digitally sign communications (if client agrees)* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1709,7 +1709,7 @@ This policy has no impact on domain controllers. GP Info: -- GP English name: *Network access: Do not allow anonymous enumeration of SAM accounts* +- GP Friendly name: *Network access: Do not allow anonymous enumeration of SAM accounts* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1772,7 +1772,7 @@ Default: Disabled. GP Info: -- GP English name: *Network access: Do not allow anonymous enumeration of SAM accounts and shares* +- GP Friendly name: *Network access: Do not allow anonymous enumeration of SAM accounts and shares* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1835,7 +1835,7 @@ Default: Enabled. GP Info: -- GP English name: *Network access: Restrict anonymous access to Named Pipes and Shares* +- GP Friendly name: *Network access: Restrict anonymous access to Named Pipes and Shares* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1898,7 +1898,7 @@ This policy is supported on at least Windows Server 2016. GP Info: -- GP English name: *Network access: Restrict clients allowed to make remote calls to SAM* +- GP Friendly name: *Network access: Restrict clients allowed to make remote calls to SAM* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -1959,7 +1959,7 @@ When a service connects with the device identity, signing and encryption are sup GP Info: -- GP English name: *Network security: Allow Local System to use computer identity for NTLM* +- GP Friendly name: *Network security: Allow Local System to use computer identity for NTLM* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2027,7 +2027,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *Network security: Allow PKU2U authentication requests to this computer to use online identities.* +- GP Friendly name: *Network security: Allow PKU2U authentication requests to this computer to use online identities.* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2101,7 +2101,7 @@ This setting can affect the ability of computers running Windows 2000 Server, Wi GP Info: -- GP English name: *Network security: Do not store LAN Manager hash value on next password change* +- GP Friendly name: *Network security: Do not store LAN Manager hash value on next password change* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2184,7 +2184,7 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send GP Info: -- GP English name: *Network security: LAN Manager authentication level* +- GP Friendly name: *Network security: LAN Manager authentication level* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2252,7 +2252,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption. GP Info: -- GP English name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) clients* +- GP Friendly name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) clients* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2320,7 +2320,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption GP Info: -- GP English name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) servers* +- GP Friendly name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) servers* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2385,7 +2385,7 @@ The naming format for servers on this exception list is the fully qualified doma GP Info: -- GP English name: *Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication* +- GP Friendly name: *Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2464,7 +2464,7 @@ This policy is supported on at least Windows 7 or Windows Server 2008 R2. GP Info: -- GP English name: *Network security: Restrict NTLM: Audit Incoming NTLM Traffic* +- GP Friendly name: *Network security: Restrict NTLM: Audit Incoming NTLM Traffic* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2543,7 +2543,7 @@ This policy is supported on at least Windows 7 or Windows Server 2008 R2. GP Info: -- GP English name: *Network security: Restrict NTLM: Incoming NTLM traffic* +- GP Friendly name: *Network security: Restrict NTLM: Incoming NTLM traffic* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2622,7 +2622,7 @@ This policy is supported on at least Windows 7 or Windows Server 2008 R2. GP Info: -- GP English name: *Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers* +- GP Friendly name: *Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2699,7 +2699,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *Shutdown: Allow system to be shut down without having to log on* +- GP Friendly name: *Shutdown: Allow system to be shut down without having to log on* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2770,7 +2770,7 @@ Default: Disabled. GP Info: -- GP English name: *Shutdown: Clear virtual memory pagefile* +- GP Friendly name: *Shutdown: Clear virtual memory pagefile* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2837,7 +2837,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop* +- GP Friendly name: *User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2920,7 +2920,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode* +- GP Friendly name: *User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -2980,7 +2980,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *User Account Control: Behavior of the elevation prompt for standard users* +- GP Friendly name: *User Account Control: Behavior of the elevation prompt for standard users* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -3053,7 +3053,7 @@ Disabled: Application installation packages are not detected and prompted for el GP Info: -- GP English name: *User Account Control: Detect application installations and prompt for elevation* +- GP Friendly name: *User Account Control: Detect application installations and prompt for elevation* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -3118,7 +3118,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *User Account Control: Only elevate executables that are signed and validated* +- GP Friendly name: *User Account Control: Only elevate executables that are signed and validated* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -3190,7 +3190,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *User Account Control: Only elevate UIAccess applications that are installed in secure locations* +- GP Friendly name: *User Account Control: Only elevate UIAccess applications that are installed in secure locations* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -3258,7 +3258,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *User Account Control: Run all administrators in Admin Approval Mode* +- GP Friendly name: *User Account Control: Run all administrators in Admin Approval Mode* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -3323,7 +3323,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *User Account Control: Switch to the secure desktop when prompting for elevation* +- GP Friendly name: *User Account Control: Switch to the secure desktop when prompting for elevation* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -3388,7 +3388,7 @@ The options are: GP Info: -- GP English name: *User Account Control: Admin Approval Mode for the Built-in Administrator account* +- GP Friendly name: *User Account Control: Admin Approval Mode for the Built-in Administrator account* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* @@ -3449,7 +3449,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. GP Info: -- GP English name: *User Account Control: Virtualize file and registry write failures to per-user locations* +- GP Friendly name: *User Account Control: Virtualize file and registry write failures to per-user locations* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index bc065532ed..774ac1a21f 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -81,7 +81,7 @@ The easiest way to verify the policy is to restart the explorer process or to re ADMX Info: -- GP English name: *Allow edge swipe* +- GP Friendly name: *Allow edge swipe* - GP name: *AllowEdgeSwipe* - GP path: *Windows Components/Edge UI* - GP ADMX file name: *EdgeUI.admx* diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 34c246f134..ce0ddd9868 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -145,7 +145,7 @@ After the policy is applied, you can verify the settings in the user interface i ADMX Info: -- GP English name: *Turn off Automatic Download and Update of Map Data* +- GP Friendly name: *Turn off Automatic Download and Update of Map Data* - GP name: *TurnOffAutoUpdate* - GP path: *Windows Components/Maps* - GP ADMX file name: *WinMaps.admx* diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 43fe8e0e47..8b8b95188e 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -79,7 +79,7 @@ Added in Windows 10, version 1607. Enables text message back up and restore and ADMX Info: -- GP English name: *Allow Message Service Cloud Sync* +- GP Friendly name: *Allow Message Service Cloud Sync* - GP name: *AllowMessageSync* - GP path: *Windows Components/Messaging* - GP ADMX file name: *messaging.admx* diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 9b9c05d03d..cdf909411f 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -40,6 +40,19 @@ manager: dansimp +Steps to use this policy correctly: + +1. Create a device configuration profile for kiosk targeting Azure AD groups and assign it to HoloLens device(s). +1. Create a custom OMA URI based device configuration that sets this policy value to desired number of days (> 0) and assign it to HoloLens device(s). + 1. The URI value should be entered in OMA-URI text box as ./Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays + 1. The value can be between min / max allowed. +1. Enroll HoloLens devices and verify both configurations get applied to the device. +1. Let Azure AD user 1 sign-in when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created. +1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days. +1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point here is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted. + +> [!NOTE] +> Until step 4 is performed for a Azure AD user will experience failure behavior mentioned similar to “disconnected” environments.
diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md index fd1e3372e8..9c58b25ef3 100644 --- a/windows/client-management/mdm/policy-csp-multitasking.md +++ b/windows/client-management/mdm/policy-csp-multitasking.md @@ -95,7 +95,7 @@ This policy only applies to the Alt+Tab switcher. When the policy is not enabled ADMX Info: -- GP English name: *Configure the inclusion of Edge tabs into Alt-Tab* +- GP Friendly name: *Configure the inclusion of Edge tabs into Alt-Tab* - GP name: *BrowserAltTabBlowout* - GP path: *Windows Components/Multitasking* - GP ADMX file name: *Multitasking.admx* diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index e438503509..8646c8830d 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -100,7 +100,7 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to ADMX Info: -- GP English name: *Enterprise resource domains hosted in the cloud* +- GP Friendly name: *Enterprise resource domains hosted in the cloud* - GP name: *WF_NetIsolation_EnterpriseCloudResources* - GP element: *WF_NetIsolation_EnterpriseCloudResourcesBox* - GP path: *Network/Network Isolation* @@ -160,7 +160,7 @@ Sets the enterprise IP ranges that define the computers in the enterprise networ ADMX Info: -- GP English name: *Private network ranges for apps* +- GP Friendly name: *Private network ranges for apps* - GP name: *WF_NetIsolation_PrivateSubnet* - GP element: *WF_NetIsolation_PrivateSubnetBox* - GP path: *Network/Network Isolation* @@ -233,7 +233,7 @@ Integer value that tells the client to accept the configured list and not to use ADMX Info: -- GP English name: *Subnet definitions are authoritative* +- GP Friendly name: *Subnet definitions are authoritative* - GP name: *WF_NetIsolation_Authoritative_Subnet* - GP path: *Network/Network Isolation* - GP ADMX file name: *NetworkIsolation.admx* @@ -292,7 +292,7 @@ This is the comma-separated list of internal proxy servers. For example "157.54. ADMX Info: -- GP English name: *Intranet proxy servers for apps* +- GP Friendly name: *Intranet proxy servers for apps* - GP name: *WF_NetIsolation_Intranet_Proxies* - GP element: *WF_NetIsolation_Intranet_ProxiesBox* - GP path: *Network/Network Isolation* @@ -413,7 +413,7 @@ This is a comma-separated list of proxy servers. Any server on this list is cons ADMX Info: -- GP English name: *Internet proxy servers for apps* +- GP Friendly name: *Internet proxy servers for apps* - GP name: *WF_NetIsolation_Domain_Proxies* - GP element: *WF_NetIsolation_Domain_ProxiesBox* - GP path: *Network/Network Isolation* @@ -473,7 +473,7 @@ Integer value that tells the client to accept the configured list of proxies and ADMX Info: -- GP English name: *Proxy definitions are authoritative* +- GP Friendly name: *Proxy definitions are authoritative* - GP name: *WF_NetIsolation_Authoritative_Proxies* - GP path: *Network/Network Isolation* - GP ADMX file name: *NetworkIsolation.admx* @@ -532,7 +532,7 @@ List of domain names that can used for work or personal resource. ADMX Info: -- GP English name: *Domains categorized as both work and personal* +- GP Friendly name: *Domains categorized as both work and personal* - GP name: *WF_NetIsolation_NeutralResources* - GP element: *WF_NetIsolation_NeutralResourcesBox* - GP path: *Network/Network Isolation* diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 34f3bd6b74..b9cb69c43d 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -96,7 +96,7 @@ No reboots or service restarts are required for this policy setting to take effe ADMX Info: -- GP English name: *Turn off notifications network usage* +- GP Friendly name: *Turn off notifications network usage* - GP name: *NoCloudNotification* - GP path: *Start Menu and Taskbar/Notifications* - GP ADMX file name: *WPN.admx* @@ -170,7 +170,7 @@ No reboot or service restart is required for this policy to take effect. ADMX Info: -- GP English name: *Turn off notification mirroring* +- GP Friendly name: *Turn off notification mirroring* - GP name: *NoNotificationMirroring* - GP path: *Start Menu and Taskbar/Notifications* - GP ADMX file name: *WPN.admx* @@ -242,7 +242,7 @@ No reboots or service restarts are required for this policy setting to take effe ADMX Info: -- GP English name: *Turn off tile notifications* +- GP Friendly name: *Turn off tile notifications* - GP name: *NoTileNotification* - GP path: *Start Menu and Taskbar/Notifications* - GP ADMX file name: *WPN.admx* diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index e710db1e1b..c9c793a619 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -153,7 +153,7 @@ If you disable this policy setting, standby states (S1-S3) are not allowed. ADMX Info: -- GP English name: *Allow standby states (S1-S3) when sleeping (on battery)* +- GP Friendly name: *Allow standby states (S1-S3) when sleeping (on battery)* - GP name: *AllowStandbyStatesDC_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -223,7 +223,7 @@ If you disable this policy setting, standby states (S1-S3) are not allowed. ADMX Info: -- GP English name: *Allow standby states (S1-S3) when sleeping (plugged in)* +- GP Friendly name: *Allow standby states (S1-S3) when sleeping (plugged in)* - GP name: *AllowStandbyStatesAC_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -295,7 +295,7 @@ If the user has configured a slide show to run on the lock screen when the machi ADMX Info: -- GP English name: *Turn off the display (on battery)* +- GP Friendly name: *Turn off the display (on battery)* - GP name: *VideoPowerDownTimeOutDC_2* - GP path: *System/Power Management/Video and Display Settings* - GP ADMX file name: *power.admx* @@ -367,7 +367,7 @@ If the user has configured a slide show to run on the lock screen when the machi ADMX Info: -- GP English name: *Turn off the display (plugged in)* +- GP Friendly name: *Turn off the display (plugged in)* - GP name: *VideoPowerDownTimeOutAC_2* - GP path: *System/Power Management/Video and Display Settings* - GP ADMX file name: *power.admx* @@ -431,7 +431,7 @@ If you disable or do not configure this policy setting, users control this setti ADMX Info: -- GP English name: *Energy Saver Battery Threshold (on battery)* +- GP Friendly name: *Energy Saver Battery Threshold (on battery)* - GP name: *EsBattThresholdDC* - GP element: *EnterEsBattThreshold* - GP path: *System/Power Management/Energy Saver Settings* @@ -504,7 +504,7 @@ If you disable or do not configure this policy setting, users control this setti ADMX Info: -- GP English name: *Energy Saver Battery Threshold (plugged in)* +- GP Friendly name: *Energy Saver Battery Threshold (plugged in)* - GP name: *EsBattThresholdAC* - GP element: *EnterEsBattThreshold* - GP path: *System/Power Management/Energy Saver Settings* @@ -586,7 +586,7 @@ If the user has configured a slide show to run on the lock screen when the machi ADMX Info: -- GP English name: *Specify the system hibernate timeout (on battery)* +- GP Friendly name: *Specify the system hibernate timeout (on battery)* - GP name: *DCHibernateTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -658,7 +658,7 @@ If the user has configured a slide show to run on the lock screen when the machi ADMX Info: -- GP English name: *Specify the system hibernate timeout (plugged in)* +- GP Friendly name: *Specify the system hibernate timeout (plugged in)* - GP name: *ACHibernateTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -728,7 +728,7 @@ If you disable this policy setting, the user is not prompted for a password when ADMX Info: -- GP English name: *Require a password when a computer wakes (on battery)* +- GP Friendly name: *Require a password when a computer wakes (on battery)* - GP name: *DCPromptForPasswordOnResume_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -798,7 +798,7 @@ If you disable this policy setting, the user is not prompted for a password when ADMX Info: -- GP English name: *Require a password when a computer wakes (plugged in)* +- GP Friendly name: *Require a password when a computer wakes (plugged in)* - GP name: *ACPromptForPasswordOnResume_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -861,7 +861,7 @@ If you disable this policy setting or do not configure it, users can see and cha ADMX Info: -- GP English name: *Select the lid switch action (on battery)* +- GP Friendly name: *Select the lid switch action (on battery)* - GP name: *DCSystemLidAction_2* - GP element: *SelectDCSystemLidAction* - GP path: *System/Power Management/Button Settings* @@ -940,7 +940,7 @@ If you disable this policy setting or do not configure it, users can see and cha ADMX Info: -- GP English name: *Select the lid switch action (plugged in)* +- GP Friendly name: *Select the lid switch action (plugged in)* - GP name: *ACSystemLidAction_2* - GP element: *SelectACSystemLidAction* - GP path: *System/Power Management/Button Settings* @@ -1019,7 +1019,7 @@ If you disable this policy setting or do not configure it, users can see and cha ADMX Info: -- GP English name: *Select the Power button action (on battery)* +- GP Friendly name: *Select the Power button action (on battery)* - GP name: *DCPowerButtonAction_2* - GP element: *SelectDCPowerButtonAction* - GP path: *System/Power Management/Button Settings* @@ -1098,7 +1098,7 @@ If you disable this policy setting or do not configure it, users can see and cha ADMX Info: -- GP English name: *Select the Power button action (plugged in)* +- GP Friendly name: *Select the Power button action (plugged in)* - GP name: *ACPowerButtonAction_2* - GP element: *SelectACPowerButtonAction* - GP path: *System/Power Management/Button Settings* @@ -1177,7 +1177,7 @@ If you disable this policy setting or do not configure it, users can see and cha ADMX Info: -- GP English name: *Select the Sleep button action (on battery)* +- GP Friendly name: *Select the Sleep button action (on battery)* - GP name: *DCSleepButtonAction_2* - GP element: *SelectDCSleepButtonAction* - GP path: *System/Power Management/Button Settings* @@ -1256,7 +1256,7 @@ If you disable this policy setting or do not configure it, users can see and cha ADMX Info: -- GP English name: *Select the Sleep button action (plugged in)* +- GP Friendly name: *Select the Sleep button action (plugged in)* - GP name: *ACSleepButtonAction_2* - GP element: *SelectACSleepButtonAction* - GP path: *System/Power Management/Button Settings* @@ -1344,7 +1344,7 @@ If the user has configured a slide show to run on the lock screen when the machi ADMX Info: -- GP English name: *Specify the system sleep timeout (on battery)* +- GP Friendly name: *Specify the system sleep timeout (on battery)* - GP name: *DCStandbyTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -1416,7 +1416,7 @@ If the user has configured a slide show to run on the lock screen when the machi ADMX Info: -- GP English name: *Specify the system sleep timeout (plugged in)* +- GP Friendly name: *Specify the system sleep timeout (plugged in)* - GP name: *ACStandbyTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -1479,7 +1479,7 @@ If you set this policy setting to 1 or do not configure this policy setting, use ADMX Info: -- GP English name: *Turn off hybrid sleep (on battery)* +- GP Friendly name: *Turn off hybrid sleep (on battery)* - GP name: *DCStandbyWithHiberfileEnable_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -1555,7 +1555,7 @@ If you set this policy setting to 1 or do not configure this policy setting, use ADMX Info: -- GP English name: *Turn off hybrid sleep (plugged in)* +- GP Friendly name: *Turn off hybrid sleep (plugged in)* - GP name: *ACStandbyWithHiberfileEnable_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -1633,7 +1633,7 @@ If the user has configured a slide show to run on the lock screen when the machi ADMX Info: -- GP English name: *Specify the unattended sleep timeout (on battery)* +- GP Friendly name: *Specify the unattended sleep timeout (on battery)* - GP name: *UnattendedSleepTimeOutDC* - GP element: *EnterUnattendedSleepTimeOut* - GP path: *System/Power Management/Sleep Settings* @@ -1709,7 +1709,7 @@ If the user has configured a slide show to run on the lock screen when the machi ADMX Info: -- GP English name: *Specify the unattended sleep timeout (plugged in)* +- GP Friendly name: *Specify the unattended sleep timeout (plugged in)* - GP name: *UnattendedSleepTimeOutAC* - GP element: *EnterUnattendedSleepTimeOut* - GP path: *System/Power Management/Sleep Settings* diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index e93f27025d..90268db913 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -109,7 +109,7 @@ If you disable this policy setting: ADMX Info: -- GP English name: *Point and Print Restrictions* +- GP Friendly name: *Point and Print Restrictions* - GP name: *PointAndPrint_Restrictions_Win7* - GP path: *Printers* - GP ADMX file name: *Printing.admx* @@ -204,7 +204,7 @@ If you disable this policy setting: ADMX Info: -- GP English name: *Point and Print Restrictions* +- GP Friendly name: *Point and Print Restrictions* - GP name: *PointAndPrint_Restrictions* - GP path: *Control Panel/Printers* - GP ADMX file name: *Printing.admx* @@ -276,7 +276,7 @@ Note: This settings takes priority over the setting "Automatically publish new p ADMX Info: -- GP English name: *Allow printers to be published* +- GP Friendly name: *Allow printers to be published* - GP name: *PublishPrinters* - GP path: *Printers* - GP ADMX file name: *Printing2.admx* diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 5e96138d2c..f8c10ffd3f 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -2083,7 +2083,7 @@ For further details on how to customize the Start layout, please see [Customize ADMX Info: -- GP English name: *Start Layout* +- GP Friendly name: *Start Layout* - GP name: *LockedStartLayout* - GP path: *Start Menu and Taskbar* - GP ADMX file name: *StartMenu.admx* diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index 77c69597e9..e1e54793b4 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -109,7 +109,7 @@ If audio input is enabled, a user will be able to disable audio input from their ADMX Info: -- GP English Name: *Allow audio input in Windows Sandbox* +- GP Friendly name: *Allow audio input in Windows Sandbox* - GP name: *AllowAudioInput* - GP path: *Windows Components/Windows Sandbox* - GP ADMX file name: *WindowsSandbox.admx* @@ -194,7 +194,7 @@ If clipboard sharing is enabled, a user will be able to disable clipboard sharin ADMX Info: -- GP English Name: *Allow clipboard sharing with Windows Sandbox* +- GP Friendly name: *Allow clipboard sharing with Windows Sandbox* - GP name: *AllowClipboardRedirection* - GP path: *Windows Components/Windows Sandbox* - GP ADMX file name: *WindowsSandbox.admx* @@ -279,7 +279,7 @@ If networking is enabled, a user will be able to disable networking from their o ADMX Info: -- GP English Name: *Allow networking in Windows Sandbox* +- GP Friendly name: *Allow networking in Windows Sandbox* - GP name: *AllowNetworking* - GP path: *Windows Components/Windows Sandbox* - GP ADMX file name: *WindowsSandbox.admx* @@ -362,7 +362,7 @@ If printer sharing is enabled, a user will be able to disable printer sharing fr ADMX Info: -- GP English Name: *Allow printer sharing with Windows Sandbox* +- GP Friendly name: *Allow printer sharing with Windows Sandbox* - GP name: *AllowPrinterRedirection* - GP path: *Windows Components/Windows Sandbox* - GP ADMX file name: *WindowsSandbox.admx* @@ -449,7 +449,7 @@ If vGPU is enabled, a user will be able to disable vGPU support from their own c ADMX Info: -- GP English Name: *Allow vGPU sharing for Windows Sandbox* +- GP Friendly name: *Allow vGPU sharing for Windows Sandbox* - GP name: *AllowVGPU* - GP path: *Windows Components/Windows Sandbox* - GP ADMX file name: *WindowsSandbox.admx* @@ -535,7 +535,7 @@ If video input is enabled, users will be able to disable video input from their ADMX Info: -- GP English Name: *Allow video input in Windows Sandbox* +- GP Friendly name: *Allow video input in Windows Sandbox* - GP name: *AllowVideoInput* - GP path: *Windows Components/Windows Sandbox* - GP ADMX file name: *WindowsSandbox.admx* diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 58e9f7e4b9..b1b0988561 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -334,7 +334,7 @@ Value type is integer. ADMX Info: -- GP English name: *Don't allow this PC to be projected to* +- GP Friendly name: *Don't allow this PC to be projected to* - GP name: *AllowProjectionToPC* - GP path: *Windows Components/Connect* - GP ADMX file name: *WirelessDisplay.admx* @@ -520,7 +520,7 @@ Value type is integer. ADMX Info: -- GP English name: *Require pin for pairing* +- GP Friendly name: *Require pin for pairing* - GP name: *RequirePinForPairing* - GP path: *Windows Components/Connect* - GP ADMX file name: *WirelessDisplay.admx* diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 9755457f60..7c0a2bd53f 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -295,7 +295,7 @@ SurfaceHub

The data type is boolean. Supported operation is Get and Replace. **InBoxApps/Welcome/CurrentBackgroundPath** -

Background image for the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image. +

Download location for image to be used as the background during user sessions and on the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.

The data type is string. Supported operation is Get and Replace. @@ -316,12 +316,12 @@ SurfaceHub

Invitations to collaborate from the Whiteboard app are not allowed.

The data type is boolean. Supported operation is Get and Replace. - + **InBoxApps/Whiteboard/SigninDisabled**

Sign-ins from the Whiteboard app are not allowed.

The data type is boolean. Supported operation is Get and Replace. - + **InBoxApps/Whiteboard/TelemeteryDisabled**

Telemetry collection from the Whiteboard app is not allowed. @@ -571,7 +571,7 @@ SurfaceHub

If this setting is true, the device account will be used for proxy authentication. If false, a separate account will be used.

The data type is boolean. Supported operation is Get and Replace. - + **Properties/ProxyServers**

Added in KB4499162 for Windows 10, version 1703. Specifies FQDNs of proxy servers to provide device account credentials to before any user interaction (if AllowAutoProxyAuth is enabled). This is a semi-colon separated list of server names, without any additional prefixes (e.g. https://). diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index 793835661a..183335b55e 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -481,7 +481,7 @@ For a spreadsheet of Group Policy settings included in Windows 10 and Windows Se ## New MDM policies -Mobile device management (MDM) for Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile includes settings from Windows Phone 8.1, plus new or enhanced settings for Windows 10, such as: +Mobile device management (MDM) for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education includes settings from Windows Phone 8.1, plus new or enhanced settings for Windows 10, such as: - Defender (Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education only) diff --git a/windows/client-management/toc.yml b/windows/client-management/toc.yml index 633939454a..faba5b0483 100644 --- a/windows/client-management/toc.yml +++ b/windows/client-management/toc.yml @@ -55,6 +55,12 @@ items: items: - name: Collect data using Network Monitor href: troubleshoot-tcpip-netmon.md + - name: "Part 1: TCP/IP performance overview" + href: /troubleshoot/windows-server/networking/overview-of-tcpip-performance + - name: "Part 2: TCP/IP performance underlying network issues" + href: /troubleshoot/windows-server/networking/troubleshooting-tcpip-performance-underlying-network + - name: "Part 3: TCP/IP performance known issues" + href: /troubleshoot/windows-server/networking/tcpip-performance-known-issues - name: Troubleshoot TCP/IP connectivity href: troubleshoot-tcpip-connectivity.md - name: Troubleshoot port exhaustion diff --git a/windows/client-management/troubleshoot-tcpip.md b/windows/client-management/troubleshoot-tcpip.md index 48a95cd4e0..1ffd3f1dc2 100644 --- a/windows/client-management/troubleshoot-tcpip.md +++ b/windows/client-management/troubleshoot-tcpip.md @@ -17,6 +17,9 @@ manager: dansimp In these topics, you will learn how to troubleshoot common problems in a TCP/IP network environment. - [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md) +- [Part 1: TCP/IP performance overview](/troubleshoot/windows-server/networking/overview-of-tcpip-performance) +- [Part 2: TCP/IP performance underlying network issues](/troubleshoot/windows-server/networking/troubleshooting-tcpip-performance-underlying-network) +- [Part 3: TCP/IP performance known issues](/troubleshoot/windows-server/networking/tcpip-performance-known-issues) - [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md) - [Troubleshoot port exhaustion issues](troubleshoot-tcpip-port-exhaust.md) - [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md) diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md index 3b6738986f..3ed83421c9 100644 --- a/windows/client-management/troubleshoot-windows-freeze.md +++ b/windows/client-management/troubleshoot-windows-freeze.md @@ -145,7 +145,7 @@ If the computer is no longer frozen and now is running in a good state, use the Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file or verify that the file was created correctly. You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid. -- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk) +- [Using DumpChk](/windows-hardware/drivers/debugger/dumpchk) - [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk) Learn how to use Dumpchk.exe to check your dump files: diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md deleted file mode 100644 index dda6ed1f76..0000000000 --- a/windows/client-management/windows-10-mobile-and-mdm.md +++ /dev/null @@ -1,1090 +0,0 @@ ---- -title: Windows 10 Mobile deployment and management guide (Windows 10) -description: This guide helps IT professionals plan for and deploy Windows 10 Mobile devices. -ms.assetid: 6CAA1004-CB65-4FEC-9B84-61AAD2125E5E -ms.reviewer: -manager: dansimp -ms.author: dansimp -keywords: Mobile, diagnostic data, BYOD, MDM -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: mobile, devices, security -ms.localizationpriority: medium -author: dansimp -ms.date: -ms.topic: article ---- - -# Windows 10 Mobile deployment and management guide - -**Applies to:** -- Windows 10 Mobile, version 1511 and Windows 10 Mobile, version 1607 - -This guide helps IT professionals plan for and deploy Windows 10 Mobile devices. - -Employees increasingly depend on smartphones to complete daily work tasks, but these devices introduce unique management and security challenges. Whether providing corporate devices or allowing people to use their personal devices, IT needs to deploy and manage mobile devices and apps quickly to meet business goals. However, they also need to ensure that the apps and data on those mobile devices are protected against cybercrime or loss. Windows 10 Mobile helps organizations directly address these challenges with robust, flexible, built-in mobile device and app management technologies. -Windows 10 supports end-to-end device lifecycle management to give companies control over their devices, data, and apps. Devices can easily be incorporated into standard lifecycle practices, from device enrollment, configuration, and application management to maintenance, monitoring, and retirement, by using a comprehensive mobile device management solution. - -**In this article** -- [Deploy](#deploy) -- [Configure](#configure) -- [Apps](#apps) -- [Manage](#manage) -- [Retire](#retire) - - -## Deploy - -Windows 10 Mobile has a built-in device management client to deploy, configure, maintain, and support smartphones. Common to all editions of the Windows 10 operating system, including desktop, mobile, and Internet of Things (IoT), this client provides a single interface through which mobile device management (MDM) solutions can manage any device that runs Windows 10. Because the MDM client integrates with identity management, the effort required to manage devices throughout the lifecycle is greatly reduced. -Windows 10 includes comprehensive MDM capabilities that can be managed by Microsoft management solutions, such as Microsoft Intune or Microsoft Endpoint Configuration Manager, as well as many third-party MDM solutions. There is no need to install an additional, custom MDM app to enroll devices and bring them under MDM control. All MDM system vendors have equal access to Windows 10 Mobile device management application programming interfaces (APIs), giving IT organizations the freedom to select the system that best fits their management requirements, whether Microsoft Intune or a third-party MDM product. For more information about Windows 10 Mobile device management APIs, see [Mobile device management](./mdm/index.md). - -### Deployment scenarios - -*Applies to: Corporate and personal devices* - -The built-in MDM client is common to all editions of the Windows 10 operating system, including desktop, mobile, and Internet of Things (IoT). The client provides a single interface through which you can manage any device that runs Windows 10. The client has two important roles: device enrollment in an MDM system and device management. - -Organizations typically have two scenarios to consider when it comes to device deployment: Bring Your Own (BYO) personal devices and Choose Your Own (CYO) company-owned devices. In both cases, the device must be enrolled in an MDM system, which would configure it with settings appropriate for the organization and the employee. -Windows 10 Mobile device management capabilities support both personal devices used in the BYO scenario and corporate devices used in the CYO scenario. The operating system offers a flexible approach to registering devices with directory services and MDM systems. IT organizations can provision comprehensive device-configuration profiles based on their business needs to control and protect mobile business data. Apps can be provisioned easily to personal or corporate devices through the Microsoft Store for Business, or by using their MDM system, which can also work with the Microsoft Store for Business for public store apps. -Knowing who owns the device and what the employee uses it for are the major factors in determining your management strategy and which controls your organization should put in place. Whether personal devices, corporate devices, or a mixture of the two, deployment processes and configuration policies may differ. - -For **personal devices**, companies need to be able to manage corporate apps and data on the device without impeding the employee’s ability to personalize it to meet their individual needs. The employee owns the device and corporate policy allows them to use it for both business and personal purposes, with the ability to add personal apps at their discretion. The main concern with personal devices is how organizations can prevent corporate data from being compromised, while still keeping personal data private and under the sole control of the employee. This requires that the device be able to support separation of apps and data with strict control of business and personal data traffic. - -For **corporate devices**, organizations have a lot more control. IT can provide a selected list of supported device models to employees, or they can directly purchase and preconfigure them. Because devices are owned by the company, employees can be limited as to how much they can personalize these devices. Security and privacy concerns may be easier to navigate, because the device falls entirely under existing company policy. - -### Device enrollment - -*Applies to: Corporate and personal devices* - -The way in which personal and corporate devices are enrolled into an MDM system differs. Your operations team should consider these differences when determining which approach is best for mobile workers in your organization. - -**Device initialization and enrollment considerations** - - ----- - - - - - - - - - - - - - - - - - - - - - - -
Personal devicesCorporate devices
OwnershipEmployeeOrganization
Device Initialization - -In the out-of-box experience (OOBE), the first time the employee starts the device, they are requested to add a cloud identity to the device.The primary identity on the device is a personal identity. Personal devices are initiated with a Microsoft Account (MSA), which uses a personal email address. The primary identity on the device is an organizational identity. Corporate devices are initialized with an organizational account (account@corporatedomain.ext). -Initialization of a device with a corporate account is unique to Windows 10. No other mobile platform currently offers this capability. The default option is to use an Azure Active Directory (Azure AD) organizational identity. -Skipping the account setup in OOBE results in the creation of a local account. The only option to add a cloud account later is to add an MSA, putting this device into a personal device deployment scenario. To start over, the device must be reset. -
Device Enrollment - -Enrolling devices in an MDM system helps control and protect corporate data while keeping workers productive. Device enrollment can be initiated by employees. They can add an Azure account as a secondary account to the Windows 10 Mobile device. Provided the MDM system is registered with your Azure AD, the device is automatically enrolled in the MDM system when the user adds an Azure AD account as a secondary account (MSA+Azure AD+MDM). If your organization does not have Azure AD, the employee’s device is automatically enrolled into your organization’s MDM system (MSA+MDM). -MDM enrollment can also be initiated with a provisioning package. This option enables IT to offer easy-to-use self-service enrollment of personal devices. Provisioning is currently only supported for MDM-only enrollment (MSA+MDM). -The user initiates MDM enrollment by joining the device to the Azure AD instance of their organization. The device is automatically enrolled in the MDM system when the device registers in Azure AD. This requires your MDM system to be registered with your Azure AD (Azure AD+MDM).
- -Microsoft recommends Azure AD registration and automatic MDM enrollment for corporate devices (Azure AD+MDM) and personal devices (MSA+Azure AD+MDM). This requires Azure AD Premium. - -### Identity management - -*Applies to: Corporate and personal devices* - -Employees can use only one account to initialize a device so it’s imperative that your organization controls which account is enabled first. The account chosen determines who controls the device and influences your management capabilities. - -> [!NOTE] -> Why must the user add an account to the device in OOBE? Windows 10 Mobile are single user devices and the user accounts give access to a number of default cloud services that enhance the productivity and entertainment value of the phone for the user. Such services are: Store for downloading apps, Groove for music and entertainment, Xbox for gaming, and so on. Both an [MSA](https://www.microsoft.com/account/) and an [Azure AD account](https://www.microsoft.com/server-cloud/products/azure-active-directory/?WT.srch=1&WT.mc_id=SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=azure%20ad&utm_campaign=Enterprise_Mobility_Suite) provide access to these services. - -The following table describes the impact of identity choice on device management characteristics of the personal and corporate device scenarios. - -**Identity choice considerations for device management** - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Personal identityWork identity
First account on the deviceMicrosoft AccountAzure AD account
Ease of enrollmentEmployees use their Microsoft Account to activate the device. Then, they use their Azure AD account (organizational identity) to register the device in Azure AD and enroll it with the company’s MDM solution (MSA+Azure AD+MDM).Employees use their Azure AD account to register the device in Azure AD and automatically enroll it with the organization’s MDM solution (Azure AD+MDM – requires Azure AD Premium).
Credential managementEmployees sign in to the device with Microsoft Account credentials. -Users cannot sign in to devices with Azure AD credentials, even if they add the credentials after initial activation with a Microsoft Account. -Employees sign in to the device with Azure AD credentials. -IT can block the addition of a personal identity, such as an MSA or Google Account. IT controls all devices access policies, without limitations. -
Ability to block the use of a personal identity on the deviceNoYes
User settings and data roaming across multiple Windows devicesUser and app settings roam across all devices activated with the same personal identity through OneDrive.If the device is activated with an MSA, then adds an Azure AD account, user an app settings roam. If you add your MSA to an Azure AD-joined device, this is not the case. Microsoft is investigating Enterprise roaming for a future release.
Level of controlOrganizations can apply most of the available restrictive policies to devices and disable the Microsoft account. You can prevent users from reclaiming full control over their devices by unenrolling them from the organization’s MDM solution or resetting the device. Legal limitations may apply. For more information, contact your legal department.Organizations are free to apply any restrictive policies to devices to bring them in line with corporate standards and compliance regulations. They can also prevent the user from unenrolling the device from the enterprise.
Information ProtectionYou can apply policies to help protect and contain corporate apps and data on the devices and prevent intellectual property leaks, but still provide employees with full control over personal activities like downloading and installing apps and games.Companies can block personal use of devices. Using organizational identities to initialize devices gives organizations complete control over devices and allows them to prevent personalization.
App purchasesEmployees can purchase and install apps from the Store using a personal credit card.Employees can install apps from your Store for Business. Employees cannot install or purchase app from the Store without the addition of an MSA.
- - -> [!NOTE] -> In the context of [Windows-as-a-Service](/windows/deployment/update/), differentiation of MDM capabilities may change in the future. - -### Infrastructure choices - -*Applies to: Corporate and personal devices* - -For both personal and corporate deployment scenarios, an MDM system is the essential infrastructure required to deploy and manage Windows 10 Mobile devices. An Azure AD Premium subscription is recommended as an identity provider and required to support certain capabilities. Windows 10 Mobile allows you to have a pure cloud-based infrastructure or a hybrid infrastructure that combines Azure AD identity management with an on-premises management system to manage devices. Microsoft now also supports a pure on-premises solution to manage Windows 10 Mobile devices with [Configuration Manager](/mem/configmgr/mdm/understand/what-happened-to-hybrid). - -**Azure Active Directory** -Azure AD is a cloud-based directory service that provides identity and access management. You can integrate it with existing on-premises directories to create a hybrid identity solution. Organizations that use Microsoft Office 365 or Intune are already using Azure AD, which has three editions: Free Basic, and Premium (see [Azure Active Directory editions](/azure/active-directory/fundamentals/active-directory-whatis)). All editions support Azure AD device registration, but the Premium edition is required to enable MDM auto-enrollment and conditional access based on device state. - -**Mobile Device Management** -Microsoft [Intune](https://www.microsoft.com/server-cloud/products/microsoft-intune/overview.aspx), part of the Enterprise Mobility + Security, is a cloud-based MDM system that manages devices off premises. Intune uses Azure AD for identity management so employees use the same credentials to enroll devices in Intune that they use to sign into Microsoft 365. Intune supports devices that run other operating systems, such as iOS and Android, to provide a complete MDM solution. -Multiple MDM systems support Windows 10 and most support personal and corporate device deployment scenarios. Most industry-leading MDM vendors already support integration with Azure AD. You can find the MDM vendors that support Azure AD in [Azure Marketplace](https://azure.microsoft.com/marketplace/). If your organization doesn’t use Azure AD, the user must use an MSA during OOBE before enrolling the device in your MDM using a corporate account. - -> [!NOTE] -> Although not covered in this guide, you can use Exchange ActiveSync (EAS) to manage mobile devices instead of using a full-featured MDM system. EAS is available in Microsoft Exchange Server 2010 or later and Microsoft 365. -In addition, Microsoft recently added MDM capabilities powered by Intune to Microsoft 365, called Basic Mobility and Security for Microsoft 365. Basic Mobility and Security for Microsoft 365 supports mobile devices only, such as those running Windows 10 Mobile, iOS, and Android. Basic Mobility and Security for Microsoft 365 offers a subset of the management capabilities found in Intune, including the ability to remotely wipe a device, block a device from accessing Exchange Server email, and configure device policies (e.g., passcode requirements). For more information, see [Overview of Basic Mobility and Security for Microsoft 365](/microsoft-365/admin/basic-mobility-security/overview). - -**Cloud services** -On mobile devices that run Windows 10 Mobile, users can easily connect to cloud services that provide user notifications and collect diagnostic and usage data. Windows 10 Mobile enables organizations to manage how devices consume these cloud services. - -**Windows Push Notification Services** -The Windows Push Notification Services enable software developers to send toast, tile, badge, and raw updates from their cloud services. It provides a mechanism to deliver updates to users in a power-efficient and dependable way. -However, push notifications can affect battery life so the battery saver in Windows 10 Mobile limits background activity on the devices to extend battery life. Users can configure battery saver to turn on automatically when the battery drops below a set threshold. Windows 10 Mobile disables the receipt of push notifications to save energy when battery saver is on. -However, there is an exception to this behavior. In Windows 10 Mobile, the Always allowed battery saver setting (found in the Settings app) allows apps to receive push notifications even when battery saver is on. Users can manually configure this list, or IT can use the MDM system to configure the battery saver settings URI scheme in Windows 10 Mobile (ms-settings:batterysaver-settings). - -For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](/windows/device-security/windows-10-mobile-security-guide). - -**Windows Update for Business** -Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing updates. - -**Microsoft Store for Business** -The Microsoft Store for Business is the place where IT administrators can find, acquire, manage, and distribute apps to Windows 10 devices. This includes both internal line-of-business (LOB) apps, as well as commercially available third-party apps. - -## Configure - -MDM administrators can define and implement policy settings on any personal or corporate device enrolled in an MDM system. The configuration settings you use depend on the deployment scenario, and corporate devices offer IT the broadest range of control. - -> [!NOTE] -> This guide helps IT professionals understand management options available for the Windows 10 Mobile OS. Please consult your MDM system documentation to understand how these policies are enabled by your MDM vendor. -Not all MDM systems support every setting described in this guide. Some support custom policies through OMA-URI XML files. See [Microsoft Intune support for Custom Policies](/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#custom-uri-settings-for-windows-10-devices). Naming conventions may also vary among MDM vendors. - -### Account profile - -*Applies to: Corporate devices* - -Enforcing what accounts employees can use on a corporate device is important for avoiding data leaks and protecting privacy. Limiting the device to just one account controlled by the organization reduces the risk of a data breach. However, you can choose to allow employees to add a personal Microsoft Account or other consumer email accounts. - -- **Allow Microsoft Account** Specifies whether users are allowed to add a Microsoft Account to the device and use this account to authenticate to cloud services, such as purchasing apps in Microsoft Store, Xbox, or Groove. -- **Allow Adding Non-Microsoft Accounts** Specifies whether users are allowed to add email accounts other than a Microsoft Account. - -### Email accounts - -*Applies to: Corporate and personal devices* - -Email and associated calendar and contacts are the primary apps that users access on their smartphones. Configuring them properly is key to the success of any mobility program. In both corporate and personal device deployment scenarios, these email account settings get deployed immediately after enrollment. Using your corporate MDM system, you can define corporate email account profiles, deploy them to devices, and manage inbox policies. - -- Most corporate email systems leverage **Exchange ActiveSync (EAS)**. For more details on configuring EAS email profiles, see the [Exchange ActiveSync CSP](./mdm/activesync-csp.md). -- **Simple Mail Transfer Protocol (SMTP)** email accounts can also be configured with your MDM system. For more detailed information on SMTP email profile configuration, see the [Email CSP](./mdm/email2-csp.md). Microsoft Intune does not currently support the creation of an SMTP email profile. - -### Device Lock restrictions - -*Applies to: Corporate and personal devices* - -It’s common practice to protect a device that contains corporate information with a passcode when it is not in use. As a best practice, Microsoft recommends that you implement a device lock policy for Windows 10 Mobile devices for securing apps and data. You can use a complex password or numeric PIN to lock devices. Introduced with Windows 10, [Windows Hello](https://windows.microsoft.com/en-us/windows-10/getstarted-what-is-hello) allows you to use a PIN, a companion device (like Microsoft band), or biometrics to validate your identity to unlock Windows 10 Mobile devices. - -> [!NOTE] -> When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multifactor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. -To use Windows Hello with biometrics, specialized hardware, including fingerprint reader, illuminated IR sensor, or other biometric sensors is required. Hardware-based protection of the Windows Hello credentials requires TPM 1.2 or greater; if no TPM exists or is configured, credentials/keys protection will be software-based. -Companion devices must be paired with a Windows 10 PC using Bluetooth. To use a Windows Hello companion device that enables the user to roam with their Windows Hello credentials requires the Pro or Enterprise edition of Windows 10. - -Most of the device lock restriction policies have been available through Exchange ActiveSync and MDM since Windows Phone 7 and are still available today for Windows 10 Mobile. If you are deploying Windows 10 devices in a personal device deployment scenario, these settings would apply: - -- **Device Password Enabled** Specifies whether users are required to use a device lock password. -- **Allow Simple Device Password** Specifies whether users can use a simple password (for example, 1111 or 1234). -- **Alphanumeric Device Password Required** Specifies whether users need to use an alphanumeric password. When configured, Windows prompts the user with a full device keyboard to enter a complex password. When not configured, the user can enter a numeric PIN on the keyboard. -- **Min Device Password Complex Characters** The number of password element types (uppercase letters, lowercase letters, numbers, or punctuation) required to create strong passwords. -- **Device Password History** The number of passwords Windows 10 Mobile remembers in the password history. (Users cannot reuse passwords in the history to create new passwords.) -- **Min Device Password Length** The minimum number of characters required to create new passwords. -- **Max Inactivity Time Device Lock** The number of minutes of inactivity before devices are locked and require a password to unlock. -- **Allow Idle Return Without Password** Specifies whether users are required to re-authenticate when their devices return from a sleep state before the inactivity time was reached. -- **Max Device Password Failed Attempts** The number of authentication failures allowed before a device is wiped. (A value of zero disables device wipe functionality.) -- **Screen Timeout While Locked** The number of minutes before the lock screen times out. (This policy influences device power management.) -- **Allow Screen Timeout While Locked User Configuration** Specifies whether users can manually configure screen timeout while the device is on the lock screen. (Windows 10 Mobile ignores the **Screen Timeout While Locked** setting if you disable this setting.) - -Settings related to Windows Hello would be important device lock settings to configure if you are deploying devices using the corporate deployment scenario. -Microsoft made it a requirement for all users to create a numeric passcode as part of Azure AD Join. This policy default requires users to select a four-digit passcode, but this can be configured with an Azure AD-registered MDM system to whatever passcode complexity your organization desires. If you are using Azure AD with an automatic MDM enrollment mechanism, these policy settings are automatically applied during device enrollment. - -You may notice that some of the settings are very similar, specifically those related to passcode length, history, expiration, and complexity. If you set the policy in multiple places, both policies are applied, with the strongest policy retained. Read [PassportForWork CSP](./mdm/passportforwork-csp.md), [DeviceLock CSP](./mdm/devicelock-csp.md) (Windows Phone 8.1), and [Policy CSP](./mdm/policy-configuration-service-provider.md) for more detailed information. - -### Prevent changing of settings - -*Applies to: Corporate devices* - -Employees are usually allowed to change certain personal device settings that you may want to lock down on corporate devices. Employees can interactively adjust certain settings of the phone through the settings applets. Using MDM, you can limit what users are allowed to change, including: - -- **Allow Your Account** Specifies whether users are allowed to change account configuration in the **Your Email and Accounts** panel in Settings -- **Allow VPN** Specifies whether users are allowed to change VPN settings -- **Allow Data Sense** Specifies whether users are allowed to change Data Sense settings -- **Allow Date Time** Specifies whether users are allowed to change data and time setting -- **Allow Edit Device Name** Specifies whether users are allowed to change the device name -- **Allow Speech Model Update** Specifies whether the device receives updates to the speech recognition and speech synthesis models (to improve accuracy and performance) - -### Hardware restrictions - -*Applies to: Corporate devices* - -Windows 10 Mobile devices use state-of-the-art technology that includes popular hardware features such as cameras, global positioning system (GPS) sensors, microphones, speakers, near-field communication (NFC) radios, storage card slots, USB interfaces, Bluetooth interfaces, cellular radios, and Wi-Fi. You can use hardware restrictions to control the availability of these features. - -The following is a list of the MDM settings that Windows 10 Mobile supports to configure hardware restrictions: - -> [!NOTE] -> Some of these hardware restrictions provide connectivity and assist in data protection. - -- **Allow NFC:** Specifies whether the NFC radio is enabled -- **Allow USB Connection:** Specifies whether the USB connection is enabled (doesn’t affect USB charging) -- **Allow Bluetooth:** Specifies whether users can enable and use the Bluetooth radio on their devices -- **Allow Bluetooth Advertising:** Specifies whether the device can act as a source for Bluetooth advertisements and be discoverable to other devices -- **Allow Bluetooth Discoverable Mode:** Specifies whether the device can discover other devices (such as headsets) -- **Allow Bluetooth pre-pairing** Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device -- **Bluetooth Services Allowed List:** The list of Bluetooth services and profiles to which the device can connect -- **Set Bluetooth Local Device Name:** The local Bluetooth device name -- **Allow Camera:** Specifies whether the camera is enabled -- **Allow Storage Card:** Specifies whether the storage card slot is enabled -- **Allow Voice Recording:** Specifies whether the user can use the microphone to create voice recordings -- **Allow Location:** Specifies whether the device can use the GPS sensor or other methods to determine location so applications can use location information - -### Certificates - -*Applies to: Personal and corporate devices* - -Certificates help improve security by providing account authentication, Wi-Fi authentication, VPN encryption, and SSL encryption of web content. Although users can manage certificates on devices manually, it’s a best practice to use your MDM system to manage those certificates throughout their entire lifecycle – from enrollment through renewal and revocation. -To install certificates manually, you can post them on Microsoft Edge website or send them directly by using email, which is ideal for testing purposes. -Using Simple Certificate Enrollment Protocol (SCEP) and MDM systems, certificate management is completely transparent and requires no user intervention, helping improve user productivity, and reduce support calls. Your MDM system can automatically deploy these certificates to the devices’ certificate stores after you enroll the device, as long as the MDM system supports the SCEP or Personal Information Exchange (PFX). The MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired. -In addition to SCEP certificate management, Windows 10 Mobile supports deployment of PFX certificates. The table below lists the Windows 10 Mobile PFX certificate deployment settings. -For more detailed information about MDM certificate management, see [Client Certificate Install CSP](./mdm/clientcertificateinstall-csp.md) and [Install digital certificates on Windows 10 Mobile](/windows/access-protection/installing-digital-certificates-on-windows-10-mobile). -Use the Allow Manual Root Certificate Installation setting to prevent users from manually installing root and intermediate CA certificates intentionally or accidentally. - -> [!NOTE] -> To diagnose certificate-related issues on Windows 10 Mobile devices, use the free Certificates app in Microsoft Store. This Windows 10 Mobile app can help you: -> - View a summary of all personal certificates -> - View the details of individual certificates -> - View the certificates used for VPN, Wi-Fi, and email authentication -> - Identify which certificates may have expired -> - Verify the certificate path and confirm that you have the correct intermediate and root CA certificates -> - View the certificate keys stored in the device TPM - -### Wi-Fi profiles - -*Applies to: Corporate and personal devices* - -Wi-Fi is used on mobile devices as much as, or more than, cellular data connections. Most corporate Wi-Fi networks require certificates and other complex information to restrict and secure user access. This advanced Wi-Fi information is difficult for typical users to configure, but MDM systems can fully configure these Wi-Fi profiles without user intervention. -You can create multiple Wi-Fi profiles in your MDM system. The Windows 10 Mobile Wi-Fi connection profile settings that can be configured by administrators include: - -- **SSID** The case-sensitive name of the Wi-Fi network Service Set Identifier -- **Security type** The type of security the Wi-Fi network uses; can be one of the following authentication types: - - Open 802.11 - - Shared 802.11 - - WPA-Enterprise 802.11 - - WPA-Personal 802.11 - - WPA2-Enterprise 802.11 - - WPA2-Personal 802.11 -- **Authentication encryption** The type of encryption the authentication uses; can be one of the following encryption methods: - - None (no encryption) - - Wired Equivalent Privacy - - Temporal Key Integrity Protocol - - Advanced Encryption Standard (AES) -- **Extensible Authentication Protocol Transport Layer Security (EAP-TLS)** WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use EAP-TLS with certificates for authentication -- **Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MSCHAPv2)** WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use PEAP-MSCHAPv2 with a user name and password for authentication -- **Shared key** WPA-Personal 802.11 and WPA2-Personal 802.11 security types can use a shared key for authentication. -- **Proxy** The configuration of any network proxy that the Wi-Fi connection requires (to specify the proxy server, use its fully qualified domain name [FQDN], Internet Protocol version 4 [IPv4] address, IP version 6 [IPv6] address, or IPvFuture address) -- **Disable Internet connectivity checks** Whether the Wi-Fi connection should check for Internet connectivity -- **Proxy auto-configuration URL** A URL that specifies the proxy auto-configuration file -- **Enable Web Proxy Auto-Discovery Protocol (WPAD)** Specifies whether WPAD is enabled - -In addition, you can set the following device wide Wi-Fi settings: -- **Allow Auto Connect to Wi-Fi Sense Hotspots** Specifies whether the device automatically detects and connects to Wi-Fi networks -- **Allow Manual Wi-Fi Configuration** Specifies whether the user can manually configure Wi-Fi settings -- **Allow Wi-Fi** Specifies whether the Wi-Fi hardware is enabled -- **Allow Internet Sharing** Allows or disallows Internet sharing -- **WLAN Scan Mode** Specifies how actively the device scans for Wi-Fi networks - -For more detailed information about Wi-Fi connection profile settings, see [Wi-Fi CSP](./mdm/wifi-csp.md) and [Policy CSP](./mdm/policy-configuration-service-provider.md). - -### APN profiles - -*Applies to: Corporate devices* - -An Access Point Name (APN) defines network paths for cellular data connectivity. Typically, you define just one APN for a device in collaboration with a mobile operator, but you can define multiple APNs if your company uses multiple mobile operators. -An APN provides a private connection to the corporate network that is unavailable to other companies on the mobile operator network. -You can define and deploy APN profiles in MDM systems that configure cellular data connectivity for Windows 10 Mobile. Devices running Windows 10 Mobile can have only one APN profile. The following lists the MDM settings that Windows 10 Mobile supports for APN profiles: - -- **APN name** The APN name -- *IP connection type* The IP connection type; set to one of the following values: - - IPv4 only - - IPv6 only - - IPv4 and IPv6 concurrently - - IPv6 with IPv4 provided by 46xlat -- **LTE attached** Specifies whether the APN should be attached as part of an LTE Attach -- **APN class ID** The globally unique identifier that defines the APN class to the modem -- **APN authentication type** The APN authentication type; set to one of the following values: - - None - - Auto - - PAP - - CHAP - - MSCHAPv2 -- **User name** The user account when users select Password Authentication Protocol (PAP), CHAP, or MSCHAPv2 authentication in APN authentication type -- **Password** The password for the user account specified in User name -- **Integrated circuit card ID** The integrated circuit card ID associated with the cellular connection profile -- **Always on** Specifies whether the connection manager automatically attempts to connect to the APN when it is available -- **Connection enabled** Specifies whether the APN connection is enabled -- **Allow user control** Allows users to connect with other APNs than the enterprise APN -- **Hide view** Specifies whether the cellular UX allows the user to view enterprise APNs - -For more detailed information about APN settings, see [APN CSP](./mdm/enterpriseapn-csp.md). - -### Proxy - -*Applies to: Corporate devices* - -The following lists the Windows 10 Mobile settings for managing APN proxy settings for Windows 10 Mobile device connectivity: - -- **Connection name** Specifies the name of the connection the proxy is associated with (this is the APN name of a configured connection) -- **Bypass Local** Specifies whether the proxy should be bypassed when local hosts are accessed by the device -- **Enable** Specifies whether the proxy is enabled -- **Exception** Specifies a semi-colon delimited list of external hosts which should bypass the proxy when accessed -- **User Name** Specifies the username used to connect to the proxy -- **Password** Specifies the password used to connect to the proxy -- **Server** Specifies the name of the proxy server -- **Proxy connection type** The proxy connection type, supporting: Null proxy, HTTP, WAP, SOCKS4 -- **Port** The port number of the proxy connection - -For more details on proxy settings, see [CM_ProxyEntries CSP](./mdm/cm-proxyentries-csp.md). - -### VPN - -*Applies to: Corporate and personal devices* - -Organizations often use a VPN to control access to apps and resources on their company’s intranet. In addition to native Microsoft Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Internet Key Exchange Protocol version 2 (IKEv2) VPNs, Windows 10 Mobile supports SSL VPN connections, which require a downloadable plugin from the Microsoft Store and are specific to the VPN vendor of your choice. These plugins work like apps and can be installed directly from the Microsoft Store using your MDM system (see App Management). - -You can create and provision multiple VPN connection profiles and then deploy them to managed devices that run Windows 10 Mobile. -To create a VPN profile that uses native Windows 10 Mobile VPN protocols (such as IKEv2, PPTP, or L2TP), you can use the following settings: - -- **VPN Servers** The VPN server for the VPN profile -- **Routing policy type** The type of routing policy the VPN profile uses can be set to one of the following values: - - Split tunnel: Only network traffic destined to the intranet goes through the VPN connection - - Force tunnel: All traffic goes through the VPN connection -- **Tunneling protocol type** The tunneling protocol used for VPN profiles that use native Windows 10 Mobile VPN protocols can be one the following values: PPTP, L2TP, IKEv2, Automatic -- **User authentication method** The user authentication method for the VPN connection can have a value of EAP or MSChapv2 (Windows 10 Mobile does not support the value MSChapv2 for IKEv2-based VPN connections) -- **Machine certificate** The machine certificate used for IKEv2-based VPN connections -- **EAP configuration** To create a single sign-on experience for VPN users using certificate authentication, you need to create an Extensible Authentication Protocol (EAP) configuration XML file and include it in the VPN profile -- **L2tpPsk** The pre-shared key used for an L2TP connection -- **Cryptography Suite** Enable the selection of cryptographic suite attributes used for IPsec tunneling - -> [!NOTE] -> The easiest way to create a profile for a single sign-on experience with an EAP configuration XML is through the rasphone tool on a Windows 10 PC. Once you run the rasphone.exe, the configuration wizard walks you through the necessary steps. For step-by-step instructions on creating the EAP configuration XML blob, see EAP configuration. You can use the resulting XML blob in the MDM system to create the VPN profile on Windows 10 Mobile phone. If you have multiple certificates on the devices, you may want to configure filtering conditions for automatic certificate selection, so the employee does not need to select an authentication certificate every time the VPN is turned on. See this article for details. Windows 10 for PCs and Windows 10 Mobile have the same VPN client. - -Microsoft Store–based VPN plugins for the VPN connection allow you to create a VPN plugin profile with the following attributes: - -- **VPN server** A comma-separated list of VPN servers; you can specify the servers with a URL, fully qualified host name, or IP address -- **Custom configuration** An HTML-encoded XML blob for SSL–VPN plugin–specific configuration information (such as authentication information) that the plugin provider requires -- **Microsoft Store VPN plugin family name** Specifies the Microsoft Store package family name for the Microsoft Store–based VPN plugin - -In addition, you can specify per VPN profile: - -- **App Trigger List** You can add an App Trigger List to every VPN profile. The app specified in the list automatically triggers the VPN profile for intranet connectivity. When multiple VPN profiles are needed to serve multiple apps, the operating system automatically establishes the VPN connection when the user switches between apps. Only one VPN connection at a time can be active. In the event the device drops the VPN connection, Windows 10 Mobile automatically reconnects to the VPN without user intervention. -- **Route List** List of routes to be added to the routing table for the VPN interface. This is required for split tunneling cases where the VPN server site has more subnets that the default subnet based on the IP assigned to the interface. -- **Domain Name Information List** Name Resolution Policy Table (NRPT) rules for the VPN profile. -- **Traffic Filter List** Specifies a list of rules. Only traffic that matches these rules can be sent via the VPN Interface. -- **DNS suffixes** A comma-separated list of DNS suffixes for the VPN connection. Any DNS suffixes in this list are automatically added to Suffix Search List. -- **Proxy** Any post-connection proxy support required for the VPN connection; including Proxy server name and Automatic proxy configuration URL. Specifies the URL for automatically retrieving proxy server settings. -- **Always on connection** Windows 10 Mobile features always-on VPN, which makes it possible to automatically start a VPN connection when a user signs in. The VPN stays connected until the user manually disconnects it. -- **Remember credentials** Specifies whether the VPN connection caches credentials. -- **Trusted network detection** A comma-separated list of trusted networks that causes the VPN not to connect when the intranet is directly accessible (Wi-Fi). -- **Enterprise Data Protection Mode ID** Enterprise ID, which is an optional field that allows the VPN to automatically trigger based on an app defined with a Windows Information Protection policy. -- **Device Compliance** To set up Azure AD-based Conditional Access for VPN and allow that SSO with a certificate different from the VPN Authentication certificate for Kerberos Authentication in the case of Device Compliance. -- **Lock Down VPN profile** A Lock Down VPN profile has the following characteristics: - - It is an always-on VPN profile. - - It can never be disconnected. - - If the VPN profile is not connected, the user has no network connectivity. - - No other VPN profiles can be connected or modified. -- **ProfileXML** In case your MDM system does not support all the VPN settings you want to configure, you can create an XML file that defines the VPN profile you want to apply to all the fields you require. - -For more details about VPN profiles, see [VPNv2 CSP](./mdm/vpnv2-csp.md). - -Some device-wide settings for managing VPN connections can help you manage VPNs over cellular data connections, which in turn helps reduce costs associated with roaming or data plan charges: -- **Allow VPN** Specifies whether users can change VPN settings -- **Allow VPN Over Cellular** Specifies whether users can establish VPN connections over cellular networks -- **Allow VPN Over Cellular when Roaming** Specifies whether users can establish VPN connections over cellular networks when roaming - -### Storage management - -*Applies to: Corporate and personal devices* - -Protecting the apps and data stored on a device is critical to device security. One method for helping protect your apps and data is to encrypt internal device storage. The [device encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) in Windows 10 Mobile helps protect corporate data against unauthorized access, even when an unauthorized user has physical possession of the device. - -Windows 10 Mobile also has the ability to install apps on a secure digital (SD) card. The operating system stores apps on a partition specifically designated for that purpose. This feature is always on so you don’t need to set a policy explicitly to enable it. - -The SD card is uniquely paired with a device. No other devices can see the apps or data on the encrypted partition, but they can access the data stored on the unencrypted partition of the SD card, such as music or photos. This gives users the flexibility to use an SD card while still protecting the confidential apps and data on it. - -You can disable the **Allow Storage Card** setting if you wish to prevent users from using SD cards entirely. If you choose not to encrypt storage, you can help protect your corporate apps and data by using the Restrict app data to the system volume and Restrict apps to the system volume settings. These help ensure that users cannot copy your apps and data to SD cards. - -Here is a list of MDM storage management settings that Windows 10 Mobile provides: - -- **Allow Storage Card** Specifies whether the use of storage cards for data storage is allowed -- **Require Device Encryption** Specifies whether internal storage is encrypted (when a device is encrypted, you cannot use a policy to turn encryption off) -- **Encryption method** Specifies the BitLocker drive encryption method and cipher strength; can be one of the following values: - - AES-Cipher Block Chaining (CBC) 128-bit - - AES-CBC 256-bit - - XEX-based tweaked-codebook mode with cipher text stealing (XTS)–AES (XTS-AES) 128-bit (this is the default) - - XTS-AES-256-bit -- **Allow Federal Information Processing Standard (FIPS) algorithm policy** Specifies whether the device allows or disallows the FIPS algorithm policy -- **SSL cipher suites** Specifies a list of the allowed cryptographic cipher algorithms for SSL connections -- **Restrict app data to the system volume** Specifies whether app data is restricted to the system drive -- **Restrict apps to the system volume** Specifies whether apps are restricted to the system drive - - -## Apps - -*Applies to: Corporate and personal devices* - -User productivity on mobile devices is often driven by apps. - -Windows 10 makes it possible to develop apps that work seamlessly across multiple devices using the Universal Windows Platform (UWP) for Windows apps. UWP converges the application platform for all devices running Windows 10 so that apps run without modification on all editions of Windows 10. This saves developers both time and resources, helping deliver apps to mobile users more quickly and efficiently. This write-once, run-anywhere model also boosts user productivity by providing a consistent, familiar app experience on any device type. - -For compatibility with existing apps, Windows Phone 8.1 apps still run on Windows 10 Mobile devices, easing the migration to the newest platform. Microsoft recommend migrating your apps to UWP to take full advantage of the improvements in Windows 10 Mobile. In addition, bridges have been developed to easily and quickly update existing Windows Phone 8.1 (Silverlight) and iOS apps to the UWP. - -Microsoft also made it easier for organizations to license and purchase UWP apps via Microsoft Store for Business and deploy them to employee devices using the Microsoft Store, or an MDM system, that can be integrated with the Microsoft Store for Business. Putting apps into the hands of mobile workers is critical, but you also need an efficient way to ensure those apps comply with corporate policies for data security. - -To learn more about Universal Windows apps, see the [Guide to Universal Windows Platform (UWP) apps](/windows/uwp/get-started/universal-application-platform-guide) for additional information, or take this [Quick Start Challenge: Universal Windows Apps in Visual Studio](https://mva.microsoft.com/en-US/training-courses/quick-start-challenge-universal-windows-apps-in-visual-studio-14477?l=Be2FMfgmB_505192797). Also, see [Porting apps to Windows 10](/windows/uwp/porting/). - -### Microsoft Store for Business: Sourcing the right app - -*Applies to: Corporate and personal devices* - -The first step in app management is to obtain the apps your users need. You can develop your own apps or source your apps from the Microsoft Store. With Windows Phone 8.1, an MSA was needed to acquire and install apps from the Microsoft Store. With the Microsoft Store for Business, Microsoft enables organizations to acquire apps for employees from a private store with the Microsoft Store, without the need for MSAs on Windows 10 devices. - -Microsoft Store for Business is a web portal that allows IT administrators to find, acquire, manage, and distribute apps to Windows 10 devices. - -Azure AD authenticated managers have access to Microsoft Store for Business functionality and settings, and store managers can create a private category of apps that are specific and private to their organization. (You can get more details about what specific Azure AD accounts have access to Microsoft Store for Business here). Microsoft Store for Business enables organizations to purchase app licenses for their organization and make apps available to their employees. In addition to commercially available apps, your developers can publish line-of-business (LOB) apps to Microsoft Store for Business by request. You can also integrate their Microsoft Store for Business subscriptions with their MDM systems, so the MDM system can distribute and manage apps from Microsoft Store for Business. - -Microsoft Store for Business supports app distribution under two licensing models: online and offline. - -The online model (store-managed) is the recommended method, and supports both personal device and corporate device management scenarios. To install online apps, the device must have Internet access at the time of installation. On corporate devices, an employee can be authenticated with an Azure AD account to install online apps. On personal devices, an employee must register their device with Azure AD to be able to install corporate licensed online apps. -Corporate device users can find company licensed apps in the Store app on their phone in a private catalog. When an MDM system is associated with the Store for Business, IT administrators can present Store apps within the MDM system App Catalog where users can find and install their desired apps. IT administrators can also push required apps directly to employee devices without the employee’s intervention. - -Employees with personal devices can install apps licensed by their organization using the Store app on their device. They can use either the Azure AD account or Microsoft Account within the Store app if they wish to purchase personal apps. If you allow employees with corporate devices to add a secondary Microsoft Account (MSA), the Store app on the device provides a unified method for installing personal and corporate apps. - -Online licensed apps do not need to be transferred or downloaded from the Microsoft Store to the MDM system to be distributed and managed. When an employee chooses a company-owned app, it's automatically installed from the cloud. Also, apps are automatically updated when a new version is available or can be removed if needed. When an app is removed from a device by the MDM system or the user, Microsoft Store for Business reclaims the license so it can be used for another user or on another device. - -To distribute an app offline (organization-managed), the app must be downloaded from the Microsoft Store for Business. This can be accomplished in the Microsoft Store for Business portal by an authorized administrator. Offline licensing requires the app developer to opt-in to the licensing model, as the Microsoft Store is no longer able to track licenses for the developer. If the app developer doesn’t allow download of the app from Microsoft Store, then you must obtain the files directly from the developer or use the online licensing method. - -To install acquired Microsoft Store or LOB apps offline on a Windows 10 Mobile device, IT administrators can use an MDM system. The MDM system distributes the app packages that you downloaded from Microsoft Store (also called sideloading) to Windows 10 Mobile devices. Support for offline app distribution depends on the MDM system you are using, so consult your MDM vendor documentation for details. You can fully automate the app deployment process so that no user intervention is required. - -Microsoft Store apps or LOB apps that have been uploaded to the Microsoft Store for Business are automatically trusted on all Windows devices, as they are cryptographically signed with Microsoft Store certificates. LOB apps that are uploaded to the Microsoft Store for Business are private to your organization and are never visible to other companies or consumers. If you do not want to upload your LOB apps, you have to establish trust for the app on your devices. To establish this trust, you’ll need to generate a signing certificate with your Public Key Infrastructure and add your chain of trust to the trusted certificates on the device (see the certificates section). You can install up to 20 self-signed LOB apps per device with Windows 10 Mobile. To install more than 20 apps on a device, you can purchase a signing certificate from a trusted public Certificate Authority, or upgrade your devices to Windows 10 edition. - -For more information, see [Microsoft Store for Business](/microsoft-store/index). - -### Managing apps - -*Applies to: Corporate devices* - -IT administrators can control which apps are allowed to be installed on Windows 10 Mobile devices and how they should be kept up-to-date. - -Windows 10 Mobile includes AppLocker, which enables administrators to create allowlists or disallow lists of apps from the Microsoft Store. This capability extends to built-in apps, as well, such as Xbox, Groove, text messaging, email, and calendar, etc. The ability to allow or deny apps helps to ensure that people use their mobile devices for their intended purposes. However, it is not always an easy approach to find a balance between what employees need or request and security concerns. Creating allowlists or disallow lists also requires keeping up with the changing app landscape in the Microsoft Store. - -For more information, see [AppLocker CSP](./mdm/applocker-csp.md). - -In addition to controlling which apps are allowed, IT professionals can also implement additional app management settings on Windows 10 Mobile, using an MDM: - -- **Allow All Trusted Apps** Specifies whether users can sideload apps on the device. -- **Allow App Store Auto Update** Specifies whether automatic updates of apps from Microsoft Store are allowed. -- **Allow Developer Unlock** Specifies whether developer unlock is allowed. -- **Allow Shared User App Data** Specifies whether multiple users of the same app can share data. -- **Allow Store** Specifies whether Microsoft Store app is allowed to run. This completely blocks the user from installing apps from the Store, but still allows app distribution through an MDM system. -- **Application Restrictions** An XML blob that defines the app restrictions for a device. The XML blob can contain an app allowlist or deny list. You can allow or deny apps based on their app ID or publisher. See AppLocker above. -- **Disable Store Originated Apps** Disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded before the policy was applied. -- **Require Private Store Only** Specifies whether the private store is exclusively available to users in the Store app on the device. If enabled, only the private store is available. If disabled, the retail catalog and private store are both available. -- **Restrict App Data to System Volume** Specifies whether app data is allowed only on the system drive or can be stored on an SD card. -- **Restrict App to System Volume** Specifies whether app installation is allowed only to the system drive or can be installed on an SD card. -- **Start screen layout** An XML blob used to configure the Start screen (for more information, see [Start layout for Windows 10 Mobile](/windows/configuration/mobile-devices/start-layout-xml-mobile)). - -Find more details on application management options in the [Policy CSP](./mdm/policy-configuration-service-provider.md). - -### Data leak prevention - -*Applies to: Corporate and personal devices* - -One of the biggest challenges in protecting corporate information on mobile devices is keeping that data separate from personal data. Most solutions available to create this data separation require users to login in with a separate username and password to a container that stores all corporate apps and data, an experience that degrades user productivity. - -Windows 10 Mobile includes Windows Information Protection to transparently keep corporate data protected and personal data private. It automatically tags personal and corporate data and applies policies for those apps that can access data classified as corporate. This includes when data is at rest on local or removable storage. Because corporate data is always protected, users cannot copy it to public locations like social media or personal email. - -Windows Information Protection works with all apps, which are classified into two categories: enlightened and unenlightened. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on policies. Corporate data is encrypted at all times and any attempt to copy/paste or share this information with non-corporate apps or users fails. Unenlightened apps consider all data corporate and encrypt everything by default. - -Any app developed on the UWA platform can be enlightened. Microsoft has made a concerted effort to enlighten several of its most popular apps, including: -- Microsoft Edge -- Microsoft People -- Mobile Office apps (Word, Excel, PowerPoint, and OneNote) -- Outlook Mail and Calendar -- Microsoft Photos -- Microsoft OneDrive -- Groove Music -- Microsoft Movies & TV -- Microsoft Messaging - -The following table lists the settings that can be configured for Windows Information Protection: -- **Enforcement level*** Set the enforcement level for information protection: - - Off (no protection) - - Silent mode (encrypt and audit only) - - Override mode (encrypt, prompt, and audit) - - Block mode (encrypt, block, and audit) -- **Enterprise protected domain names*** A list of domains used by the enterprise for its user identities. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. -- **Allow user decryption** Allows the user to decrypt files. If not allowed, the user is not able to remove protection from enterprise content through the OS or app user experience. -- **Require protection under lock configuration** Specifies whether the protection under lock feature (also known as encrypt under PIN) should be configured. -- **Data recovery certificate*** Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent (DRA) certificate for encrypting file system (EFS), only delivered through MDM instead of Group Policy. -- **Revoke on unenroll** Specifies whether to revoke the information protection keys when a device unenrolls from the management service. -- **RMS template ID for information protection** Allows the IT admin to configure the details about who has access to RMS-protected files and for how long. -- **Allow Azure RMS for information protection** Specifies whether to allow Azure RMS encryption for information protection. -- **Show information protection icons** Determines whether overlays are added to icons for information protection secured files in web browser and enterprise-only app tiles in the **Start** menu. -- **Status** A read-only bit mask that indicates the current state of information protection on the device. The MDM service can use this value to determine the current overall state of information protection. -- **Enterprise IP Range*** The enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers is considered part of the enterprise and protected. -- **Enterprise Network Domain Names*** the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device is considered enterprise data and is protected. -- **Enterprise Cloud Resources** A list of Enterprise resource domains hosted in the cloud that need to be protected. - -* Mandatory Windows Information Protection policies. To make Windows Information Protection functional, AppLocker and network isolation settings (specifically Enterprise IP Range and Enterprise Network Domain Names) must be configured. This defines the source of all corporate data that needs protection and also ensures data written to these locations won’t be encrypted by the user’s encryption key so that others in the company can access it. - -For more information on Windows Information Protection, see the [EnterpriseDataProtection CSP](./mdm/enterprisedataprotection-csp.md) and the following in-depth article series [Protect your enterprise data using Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip). - -### Managing user activities - -*Applies to: Corporate devices* - -On corporate devices, some user activities expose corporate data to unnecessary risk. For example, users might create a screen capture of corporate information out of an internal LOB app. To mitigate the risk, you can restrict the Windows 10 Mobile user experience to help protect corporate data and prevent data leaks. The following demonstrates those capabilities that can be used to help prevent data leaks: - -- **Allow copy and paste** Specifies whether users can copy and paste content -- **Allow Cortana** Specifies whether users can use Cortana on the device (where available) -- **Allow device discovery** Specifies whether the device discovery user experience is available on the lock screen (for example, controlling whether a device could discover a projector [or other devices] when the lock screen is displayed) -- **Allow input personalization** Specifies whether personally identifiable information can leave the device or be saved locally (e.g., Cortana learning, inking, dictation) -- **Allow manual MDM unenrollment** Specifies whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system) -- **Allow screen capture** Specifies whether users are allowed to capture screenshots on the device -- **Allow SIM error dialog prompt** Specifies whether to display a dialog prompt when no SIM card is installed -- **Allow sync my settings** Specifies whether the user experience settings are synchronized between devices (works with Microsoft accounts only) -- **Allow toasts notifications above lock screen** Specifies whether users are able to view toast notification on the device lock screen -- **Allow voice recording** Specifies whether users are allowed to perform voice recordings -- **Do Not Show Feedback Notifications** Prevents devices from showing feedback questions from Microsoft -- **Allow Task Switcher** Allows or disallows task switching on the device to prevent visibility of App screen tombstones in the task switcher -- **Enable Offline Maps Auto Update** Disables the automatic download and update of map data -- **Allow Offline Maps Download Over Metered Connection** Allows the download and update of map data over metered connections - -You can find more details on the experience settings in Policy CSP. - -### Microsoft Edge - -*Applies to: Corporate and personal devices* - -MDM systems also give you the ability to manage Microsoft Edge on mobile devices. Microsoft Edge is the only browser available on Windows 10 Mobile devices. It differs slightly from the desktop version as it does not support Flash or Extensions. Edge is also an excellent PDF viewer as it can be managed and integrates with Windows Information Protection. - -The following settings for Microsoft Edge on Windows 10 Mobile can be managed: - -- **Allow Browser** Specifies whether users can run Microsoft Edge on the device -- **Allow Do Not Track headers** Specifies whether Do Not Track headers are allowed -- **Allow InPrivate** Specifies whether users can use InPrivate browsing -- **Allow Password Manager** Specifies whether users can use Password Manager to save and manage passwords locally -- **Allow Search Suggestions in Address Bar** Specifies whether search suggestions are shown in the address bar -- **Allow Windows Defender SmartScreen** Specifies whether Windows Defender SmartScreen is enabled -- **Cookies** Specifies whether cookies are allowed -- **Favorites** Configure Favorite URLs -- **First Run URL** The URL to open when a user launches Microsoft Edge for the first time -- **Prevent Windows Defender SmartScreen Prompt Override** Specifies whether users can override the Windows Defender SmartScreen warnings for URLs -- **Prevent Smart Screen Prompt Override for Files** Specifies whether users can override the Windows Defender SmartScreen warnings for files - -## Manage - -In enterprise IT environments, the need for security and cost control must be balanced against the desire to provide users with the latest technologies. Since cyberattacks have become an everyday occurrence, it is important to properly maintain the state of your Windows 10 Mobile devices. IT needs to control configuration settings, keeping them from drifting out of compliance, as well as enforce which devices can access internal applications. Windows 10 Mobile delivers the mobile operations management capabilities necessary to ensure that devices are in compliance with corporate policy. - -### Servicing options - -#### A streamlined update process - -*Applies to: Corporate and personal devices* - -Microsoft has streamlined the Windows product engineering and release cycle so new features, experiences, and functionality demanded by the market can be delivered more quickly than ever before. Microsoft plans to deliver two Feature Updates per year (12-month period). Feature Updates establish a Current Branch or CB, and have an associated version. - - ----- - - - - - - - - - - - - - - - - - - - - - - -
BranchVersionRelease Date
Current Branch1511November 2015
Current Branch for Business1511March 2016
Current Branch1607July 2016
- -Microsoft also delivers and installs monthly updates for security and stability directly to Windows 10 Mobile devices. These Quality Updates, released under Microsoft control via Windows Update, are available for all devices running Windows 10 Mobile. Windows 10 Mobile devices consume Feature Updates and Quality Updates as part of the same standard update process. - -Quality Updates are usually smaller than Feature Updates, but the installation process and experience is very similar, though larger updates take more time to install. Enterprise customers can manage the update experience and process on Windows 10 Mobile devices using an MDM system, after upgrading the devices to Enterprise edition. In most cases, policies to manage the update process apply to both feature and quality updates. - -Microsoft aspires to update Windows 10 Mobile devices with the latest updates automatically and without being disruptive for all customers. Out-of-the-box, a Windows 10 Mobile device uses Auto Scan to search for available updates. However, depending on the device’s network and power status, update methods and timing may vary. - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Network connectionDescriptionAuto ScanAuto DownloadAuto InstallAuto Restart
Wi-FiDevice is connected to a personal or corporate Wi-Fi network (no data charges)YesYes/td> -YesYes – outside of Active Hours (forced restart after 7 days if user postpones restart)
CellularDevice is only connected to a cellular network (standard data charges apply)Skips a daily scan if scan was successfully completed in the last 5 daysOnly occurs if update package is small and does not exceed the mobile operator data limit.YesIdem
Cellular -- RoamingDevice is only connected to a cellular network and roaming charges applyNoNoNoIdem
- -#### Keeping track of updates releases - -*Applies to: Corporate and Personal devices* - -Microsoft publishes new feature updates for Windows 10 and Windows 10 Mobile on a regular basis. The [Windows release information page](https://technet.microsoft.com/windows/release-info) is designed to help you determine if your devices are current with the latest Windows 10 feature and quality updates. The release information published on this page, covers both Windows 10 for PCs and Windows 10 Mobile. In addition, the [Windows update history page](https://windows.microsoft.com/en-us/windows-10/update-history-windows-10) helps you understand what these updates are about. - -> [!NOTE] -> We invite IT Professionals to participate in the Windows Insider Program to test updates before they are officially released to make Windows 10 Mobile even better. If you find any issues, please send us feedback by using the Feedback Hub. - -#### Windows as a Service - -*Applies to: Corporate and Personal devices* - -Microsoft created a new way to deliver and install updates to Windows 10 Mobile directly to devices without Mobile Operator approval. This capability helps to simplify update deployments and ongoing management, broadens the base of employees who can be kept current with the latest Windows features and experiences, and lowers total cost of ownership for organizations who no longer have to manage updates to keep devices secure. - -Update availability depends on what servicing option you choose for the device. These servicing options are outlined in the following chart. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Servicing optionAvailability of new features for installationMinimum length of servicing lifetimeKey benefitsSupported editions
Windows Insider BuildsAs appropriate during development cycle, released to Windows Insiders onlyVariable, until the next Insider build is released to Windows InsidersAllows Insiders to test new feature and application compatibility before a Feature Update is released/td> -Mobile
Current Branch (CB)Immediately after the Feature Update is published to Windows Update by MicrosoftMicrosoft typically releases two Feature Updates per 12-month period (approximately every four months, though it can potentially be longer)Makes new features available to users as soon as possible
Current Branch for Business (CBB)A minimum of four months after the corresponding Feature Update is first published to Windows Update by MicrosoftA minimum of four months, though it potentially can be longerNoProvides additional time to test new feature before deployment
- -#### Enterprise edition - -*Applies to: Corporate devices* - -While Windows 10 Mobile provides updates directly to user devices from Windows Update, there are many organizations that want to track, test, and schedule updates to corporate devices. To support these requirements, we created the Windows 10 edition. - -Upgrading to Windows 10 edition provides additional device and app management capabilities for organizations that want to: -- **Defer, approve and deploy feature and quality updates:** Windows 10 Mobile devices get updates directly from Windows Update. If you want to curate updates prior to deploying them, an upgrade to Windows 10 edition is required. Once Enterprise edition is enabled, the phone can be set to the Current Branch for Business servicing option, giving IT additional time to test updates before they are released. -- **Deploy an unlimited number of self-signed LOB apps to a single device:** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organization’s certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device. To deploy more than 20 self-signed LOB apps, Windows 10 is required. -- **Set the diagnostic data level:** Microsoft collects diagnostic data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the diagnostic data level so that only diagnostic information required to keep devices secured is gathered. - -To learn more about diagnostic, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization). - -To activate Windows 10 Mobile Enterprise, use your MDM system or a provisioning package to inject the Windows 10 Enterprise license on a Windows 10 Mobile device. Licenses can be obtained from the Volume Licensing portal. For testing purposes, you can obtain a licensing file from the MSDN download center. A valid MSDN subscription is required. - -For more information on updating a device to Enterprise edition, see [WindowsLicensing CSP](./mdm/windowslicensing-csp.md). - -> [!NOTE] -> We recommend using Enterprise edition only on corporate devices. Once a device has been upgraded, it cannot be downgraded. Even a device wipe or reset will not remove the enterprise license from personal devices. - -#### Deferring and approving updates with MDM - -*Applies to: Corporate devices with Enterprise edition* - -Once a device is upgraded to Windows 10 Mobile Enterprise edition, you can manage devices that receive updates from Windows Update (or Windows Update for Business) with a set of update policies. - -To control Feature Updates, you will need to move your devices to the Current Branch for Business (CBB) servicing option. A device that subscribes to CBB will wait for the next CBB to be published by Microsoft Update. While the device will wait for Feature Updates until the next CBB, Quality Updates will still be received by the device. - -To control monthly Quality Update additional deferral policies, need to be set to your desired deferral period. When Quality Updates are available for your Windows 10 Mobile devices from Windows Update, these updates will not install until your deferral period lapses. This gives IT Professionals some time to test the impact of the updates on devices and apps. - -Before updates are distributed and installed, you may want to test them for issues or application compatibility. IT pros have the ability require updates to be approved. This enables the MDM administrator to select and approve specific updates to be installed on a device and accept the EULA associated with the update on behalf of the user. Please remember that on Windows 10 Mobile all updates are packaged as a “OS updates” and never as individual fixes. - -You may want to choose to handle Quality Updates and Feature Updates in the same way and not wait for the next CBB to be released to your devices. This streamlines the release of updates using the same process for approval and release. You can apply different deferral period by type of update. In version 1607 Microsoft added additional policy settings to enable more granularity to control over updates. - -Once updates are being deployed to your devices, you may want to pause the rollout of updates to enterprise devices. -For example, after you start rolling out a quality update, certain phone models are adversely impacted or users are reporting a specific LOB app is not connecting and updating a database. Problems can occur that did not surface during initial testing. -IT professionals can pause updates to investigate and remediate unexpected issues. - -The following table summarizes applicable update policy settings by version of Windows 10 Mobile. All policy settings are backward compatible, and will be maintained in future Feature Updates. Consult the documentation of your MDM system to understand support for these settings in your MDM. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - -
Activity (Policy)Version 1511 settingsVersion 1607 settings
Subscribe device to CBB, to defer Feature UpdatesRequireDeferUpgrade - -Defers Feature Update until next CBB release. Device receives quality updates from Current Branch for Business (CBB). -Defers feature update for minimum of 4 months after Current Branch was release.BranchReadinessLevel - -Defers Feature Update until next CBB release. Device receives quality updates from Current Branch for Business (CBB). -Defers feature update for minimum of 4 months after Current Branch was release.
Defer UpdatesDeferUpdatePeriod - -Defer Quality Updates for 4 weeks or 28 daysDeferQualityUpdatePeriodInDays - -Defer Feature and Quality Updates for up to 30 days.
Approve UpdatesRequireUpdateApproval - -RequireUpdateApproval - -
Pause Update rollout once an approved update is being deployed, pausing the rollout of the update.PauseDeferrals - -Pause Feature Updates for up to 35 daysPauseQualityUpdates - -Pause Feature Updates for up to 35 days
- -#### Managing the update experience - -*Applies to: Corporate devices with Enterprise edition* - -Set update client experience with [Allowautomaticupdate](./mdm/policy-configuration-service-provider.md) policy for your employees. This allows the IT Pro to influence the way the update client on the devices behaves when scanning, downloading, and installing updates. - -This can include: -- Notifying users prior to downloading updates. -- Automatically downloading updates, and then notifying users to schedule a restart (this is the default behavior if this policy is not configured). -- Automatically downloading and restarting devices with user notification. -- Automatically downloading and restarting devices at a specified time. -- Automatically downloading and restarting devices without user interaction. -- Turning off automatic updates. This option should be used only for systems under regulatory compliance. The device does not receive any updates. - -In addition, in version 1607, you can configure when the update is applied to the employee device to ensure updates installs or reboots don’t interrupt business or worker productivity. Update installs and reboots can be scheduled [outside of active hours](./mdm/policy-configuration-service-provider.md) (supported values are 0-23, where 0 is 12am, 1 is 1am, and so on) or on a specific [day of the week](./mdm/policy-configuration-service-provider.md) (supported values are 0-7, where 0 is every day, 1 is Sunday, 2 is Monday, and so on). - -#### Managing the source of updates with MDM - -*Applies to: Corporate devices with Enterprise edition* - -Although Windows 10 Enterprise enables IT administrators to defer installation of new updates from Windows Update, enterprises may also want additional control over update processes. With this in mind, Microsoft created Windows Update for Business. Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing updates. If you are using a MDM system, the use of Windows Update for Business is not a requirement, as you can manage these features from your MDM system. - -For more information, see [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb). - -IT administrators can specify where the device gets updates from with AllowUpdateService. This could be Microsoft Update, Windows Update for Business, or Windows Server Update Services (WSUS). - -#### Managing Updates with Windows Update Server - -*Applies to: Corporate devices with Enterprise edition* - -When using WSUS, set **UpdateServiceUrl** to allow the device to check for updates from a WSUS server instead of Windows Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet, usually handheld devices used for task completion, or other Windows IoT devices. - -For more information, see [managing updates with Windows Server Update Services (WSUS)](/windows/deployment/deploy-whats-new). - -#### Querying the device update status - -*Applies to: Personal and corporate devices* - -In addition to configuring how Windows 10 Mobile Enterprise obtains updates, the MDM administrator can query devices for Windows 10 Mobile update information so that update status can be checked against a list of approved updates: - -The device update status query provides an overview of: -- Installed updates: A list of updates that are installed on the device. -- Installable updates: A list of updates that are available for installation. -- Failed updates: A list of updates that failed during installation, including indication of why the update failed. -- Pending reboot: A list of updates that require a restart to complete update installation. -- Last successful scan time: The last time a successful update scan was completed. -- Defer upgrade: Whether the upgrade is deferred until the next update cycle. - -### Device health - -*Applies to: Personal and corporate devices* - -Device Health Attestation (DHA) is another line of defense that is new to Windows 10 Mobile. It can be used to remotely detect devices that lack a secure configuration or have vulnerabilities that could allow them to be easily exploited by sophisticated attacks. - -Windows 10 Mobile makes it easy to integrate with Microsoft Intune or third-party MDM solutions for an overall view of device health and compliance. Using these solutions together, you can detect jailbroken devices, monitor device compliance, generate compliance reports, alert users or administrators to issues, initiate corrective action, and manage conditional access to resources like Office 365 or VPN. - -The first version of DHA was released in June 2015 for Windows 10 devices that supported TPM 2.0 and operated in an enterprise cloud-based topology. In the Windows 10 anniversary release, DHA capabilities are extended to legacy devices that support TPM 1.2, hybrid, and on-premises environments that have access to the Internet or operate in an air-gapped network. - -The health attestation feature is based on Open Mobile Alliance (OMA) standards. IT managers can use DHA to validate devices that: -- Run Windows 10 operating system (mobile phone or PC) -- Support Trusted Module Platform (TPM 1.2 or 2.0) in discrete of firmware format -- Are managed by a DHA-enabled device management solution (Intune or third-party MDM) -- Operate in cloud, hybrid, on-premises, and BYOD scenarios - -DHA-enabled device management solutions help IT managers create a unified security bar across all managed Windows 10 Mobile devices. This allows IT managers to: -- Collect hardware attested data (highly assured) data remotely -- Monitor device health compliance and detect devices that are vulnerable or could be exploited by sophisticated attacks -- Take actions against potentially compromised devices, such as: -- Trigger corrective actions remotely so offending device is inaccessible (lock, wipe, or brick the device) -- Prevent the device from getting access to high-value assets (conditional access) -- Trigger further investigation and monitoring (route the device to a honeypot for further monitoring) -- Simply alert the user or the admin to fix the issue - -> [!NOTE] -> Windows Device Health Attestation Service can be used for conditional access scenarios that may be enabled by Mobile Device Management solutions (such as Microsoft Intune) and other types of management systems (such as SCCM) purchased separately. - -For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](/windows/device-security/windows-10-mobile-security-guide). - -This is a list of attributes that are supported by DHA and can trigger the corrective actions mentioned above: -- **Attestation Identity Key (AIK) present** Indicates that an AIK is present (i.e., the device can be trusted more than a device without an AIK). -- **Data Execution Prevention (DEP) enabled** Specifies whether a DEP policy is enabled for the device, indicating that the device can be trusted more than a device without a DEP policy. -- **BitLocker status** BitLocker helps protect the storage on the device. A device with BitLocker can be trusted more than a device without BitLocker. -- **Secure Boot enabled** Specifies whether Secure Boot is enabled on the device. A device with Secure Boot enabled can be trusted more than a device without Secure Boot. Secure Boot is always enabled on Windows 10 Mobile devices. -- **Code integrity enabled** Specifies whether the code integrity of a drive or system file is validated each time it’s loaded into memory. A device with code integrity enabled can be trusted more than a device without code integrity. -- **Safe mode** Specifies whether Windows is running in safe mode. A device that is running Windows in safe mode isn’t as trustworthy as a device running in standard mode. -- **Boot debug enabled** Specifies whether the device has boot debug enabled. A device that has boot debug enabled is less secure (trusted) than a device without boot debug enabled. -- **OS kernel debugging enabled** Specifies whether the device has operating system kernel debugging enabled. A device that has operating system kernel debugging enabled is less secure (trusted) than a device with operating system kernel debugging disabled. -- **Test signing enabled** Specifies whether test signing is disabled. A device that has test signing disabled is more trustworthy than a device that has test signing enabled. -- **Boot Manager Version** The version of the Boot Manager running on the device. The HAS can check this version to determine whether the most current Boot Manager is running, which is more secure (trusted). -- **Code integrity version** Specifies the version of code that is performing integrity checks during the boot sequence. The HAS can check this version to determine whether the most current version of code is running, which is more secure (trusted). -- **Secure Boot Configuration Policy (SBCP) present** Specifies whether the hash of the custom SBCP is present. A device with an SBCP hash present is more trustworthy than a device without an SBCP hash. -- **Boot cycle allowlist** The view of the host platform between boot cycles as defined by the manufacturer compared to a published allowlist. A device that complies with the allowlist is more trustworthy (secure) than a device that is noncompliant. - -#### Example scenario - -Windows 10 mobile has protective measures that work together and integrate with Microsoft Intune or third-party Mobile Device Management (MDM) solutions. IT administrators can monitor and verify compliance to ensure corporate resources are protected end-to–end with the security and trust rooted in the physical hardware of the device. - -Here is what occurs when a smartphone is turned on: -1. Windows 10 Secure Boot protects the boot sequence, enables the device to boot into a defined and trusted configuration, and loads a factory trusted boot loader. -2. Windows 10 Trusted Boot takes control, verifies the digital signature of the Windows kernel, and the components are loaded and executed during the Windows startup process. -3. In parallel to Steps 1 and 2, Windows 10 Mobile TPM (Trusted Platform Modules – measured boot) runs independently in a hardware-protected security zone (isolated from boot execution path monitors boot activities) to create an integrity protected and tamper evident audit trail - signed with a secret that is only accessible by TPM. -4. Devices managed by a DHA-enabled MDM solution send a copy of this audit trail to Microsoft Health Attestation Service (HAS) in a protected, tamper-resistant, and tamper-evident communication channel. -5. Microsoft HAS reviews the audit trails, issues an encrypted/signed report, and forwards it to the device. -6. IT managers can use a DHA-enabled MDM solution to review the report in a protected, tamper-resistant and tamper-evident communication channel. They can assess if a device is running in a compliant (healthy) state, allow access, or trigger corrective action aligned with security needs and enterprise policies. - -### Asset reporting - -*Applies to: Corporate devices with Enterprise edition* - -Device inventory helps organizations better manage devices because it provides in-depth information about those devices. MDM systems collect inventory information remotely and provide reporting capabilities to analyze device resources and information. This data informs IT about the current hardware and software resources of the device (such as installed updates). - -The following list shows examples of the Windows 10 Mobile software and hardware information that a device inventory provides. In addition to this information, the MDM system can read any of the configuration settings described in this guide: - -- **Installed enterprise apps** List of the enterprise apps installed on the device -- **Device name** The device name configured for the device -- **Firmware version** Version of firmware installed on the device -- **Operating system version** Version of the operating system installed on the device -- **Device local time** Local time on the device -- **Processor type** Processor type for the device -- **Device model** Model of the device as defined by the manufacturer -- **Device manufacturer** Manufacturer of the device -- **Device processor architecture** Processor architecture for the device -- **Device language** Language in use on the device -- **Phone number** Phone number assigned to the device -- **Roaming status** Indicates whether the device has a roaming cellular connection -- **International mobile equipment identity (IMEI) and international mobile subscriber identity (IMSI)** Unique identifiers for the cellular connection for the phone (Global System for Mobile Communications networks identify valid devices by using the IMEI, and all cellular networks use the IMSI to identify the device and user) -- **Wi-Fi IP address** IPv4 and IPv6 addresses currently assigned to the Wi-Fi adapter in the device -- **Wi-Fi media access control (MAC) address** MAC address assigned to the Wi-Fi adapter in the device -- **Wi-Fi DNS suffix and subnet mask** DNS suffix and IP subnet mask assigned to the Wi-Fi adapter in the device -- **Secure Boot state** Indicates whether Secure Boot is enabled -- **Enterprise encryption policy compliance** Indicates whether the device is encrypted - -### Manage diagnostic data - -*Applies to: Corporate devices with Windows 10 Mobile Enterprise edition* - -Microsoft uses diagnostics, performance, and usage data from Windows devices to help inform decisions and focus efforts to provide the most robust and valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Diagnostic data helps keep Windows devices healthy, improve the operating system, and personalize features and services. - -You can control the level of data that diagnostic data systems collect. To configure devices, specify one of these levels in the Allow Telemetry setting with your MDM system. - -For more information, see [Configure Windows diagnostic data in Your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization). - -> [!NOTE] -> Diagnostic data can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition. - -### Remote assistance - -*Applies to: Personal and corporate devices* - -The remote assistance features in Windows 10 Mobile help resolve issues that users might encounter even when the help desk does not have physical access to the device. These features include: -- **Remote lock** Support personnel can remotely lock a device. This ability can help when a user loses his or her mobile device and can retrieve it, but not immediately (such as leaving the device at a customer site). -- **Remote PIN reset** Support personnel can remotely reset the PIN, which helps when users forget their PIN and are unable to access their device. No corporate or user data is lost and users are able to quickly gain access to their devices. -- **Remote ring** Support personnel can remotely make devices ring. This ability can help users locate misplaced devices and, in conjunction with the Remote Lock feature, help ensure that unauthorized users are unable to access the device if they find it. -- **Remote find** Support personnel can remotely locate a device on a map, which helps identify the geographic location of the device. Remote find parameters can be configured via phone settings (see table below). The remote find feature returns the most current latitude, longitude, and altitude of the device. - -**Remote assistance policies** -- **Desired location accuracy** The desired accuracy as a radius value in meters; has a value between 1 and 1,000 meters -- **Maximum remote find** Maximum length of time in minutes that the server will accept a successful remote find; has a value between 0 and 1,000 minutes -- **Remote find timeout** The number of seconds devices should wait for a remote find to finish; has a value between 0 and 1,800 seconds - -These remote management features help organizations reduce the IT effort required to manage devices. They also help users quickly regain use of their device should they misplace it or forget the device password. - -> [!NOTE] -> Microsoft does not provide build-in remote control software, but works with partners to deliver these capabilities and services. With version 1607, remote assistant and control applications are available in the Microsoft Store. - -## Retire - -*Applies to: Corporate and Personal devices* - -Device retirement is the last phase of the device lifecycle, which in today’s business environment averages about 18 months. After that time period, employees want the productivity and performance improvements that come with the latest hardware. It’s important that devices being replaced with newer models are securely retired since you don’t want any company data to remain on discarded devices that could compromise the confidentiality of your data. This is typically not a problem with corporate devices, but it can be more challenging in a personal device scenario. You need to be able to selectively wipe all corporate data without impacting personal apps and data on the device. IT also needs a way to adequately support users who need to wipe devices that are lost or stolen. - -Windows 10 Mobile IT supports device retirement in both personal and corporate scenarios, allowing IT to be confident that corporate data remains confidential and user privacy is protected. - -> [!NOTE] -> All these MDM capabilities are in addition to the device’s software and hardware factory reset features, which employees can use to restore devices to their factory configuration. - -**Personal devices:** Windows 10 mobile supports the USA regulatory requirements for a “kill switch” in case your phone is lost or stolen. Reset protection is a free service on account.microsoft.com that helps ensure that the phone cannot be easily reset and reused. All you need to do to turn on **Reset Protection** is sign in with your Microsoft account and accept the recommended settings. To manually turn it on, you can find it under Settings > Updates & security > Find my phone. At this point, Reset Protection is only available with an MSA, not with Azure AD account. It is also only available in the USA and not in other regions of the world. - -If you choose to completely wipe a device when lost or when an employee leaves the company, make sure you obtain consent from the user and follow any local legislation that protects the user’s personal data. - -A better option than wiping the entire device is to use Windows Information Protection to clean corporate-only data from a personal device. As explained in the Apps chapter, all corporate data is tagged and when the device is unenrolled from your MDM system of your choice, all enterprise encrypted data, apps, settings and profiles are immediately removed from the device without affecting the employee’s existing personal data. A user can initiate unenrollment via the settings screen or unenrollment action can be taken by IT from within the MDM management console. Unenrollment is a management event and is reported to the MDM system. - -**Corporate device:** You can certainly remotely expire the user’s encryption key in case of device theft, but please remember that also makes the encrypted data on other Windows devices unreadable for the user. A better approach for retiring a discarded or lost device is to execute a full device wipe. The help desk or device users can initiate a full device wipe. When the wipe is complete, Windows 10 Mobile returns the device to a clean state and restarts the OOBE process. - -**Settings for personal or corporate device retirement** -- **Allow manual MDM unenrollment** Specifies whether users are allowed to delete the workplace account (unenroll the device from the MDM system) -- **Allow user to reset phone** Specifies whether users are allowed to use Settings or hardware key combinations to return the device to factory defaults - - -## Related topics - -- [Mobile device management](./mdm/index.md) -- [Enterprise Mobility + Security](https://go.microsoft.com/fwlink/p/?LinkId=723984) -- [Overview of Mobile Device Management for Office 365](/microsoft-365/admin/basic-mobility-security/overview) -- [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=722910) - - -## Revision History - -- November 2015 Updated for Windows 10 Mobile (version 1511) -- August 2016 Updated for Windows 10 Mobile Anniversary Update (version 1607) diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md index 1931dbec5e..bfc7cfa6f3 100644 --- a/windows/configuration/ue-v/uev-prepare-for-deployment.md +++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md @@ -169,7 +169,7 @@ In general, you can synchronize settings that meet the following criteria: If you’ve decided that you need to synchronize settings for custom applications, use this checklist to determine which applications you’ll include. -| | **Description** | +|   | **Description** | |-------|--------------------------| | ![Checklist box](images/uev-checklist-box.gif) | Does this application contain settings that the user can customize? | | ![Checklist box](images/uev-checklist-box.gif) | Is it important for the user that these settings are synchronized? | diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 048a630323..d61509c788 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -273,7 +273,7 @@ href: upgrade/windows-10-upgrade-paths.md - name: Deploy Windows 10 with Microsoft 365 href: deploy-m365.md - - name: Understanding the Unified Update Platform + - name: Understand the Unified Update Platform href: update/windows-update-overview.md - name: Servicing stack updates href: update/servicing-stack-updates.md @@ -321,57 +321,69 @@ - name: Active Directory-Based Activation Overview href: volume-activation/active-directory-based-activation-overview.md - name: Install and Configure VAMT - href: volume-activation/install-configure-vamt.md - - name: VAMT Requirements - href: volume-activation/vamt-requirements.md - - name: Install VAMT - href: volume-activation/install-vamt.md - - name: Configure Client Computers - href: volume-activation/configure-client-computers-vamt.md + items: + - name: Overview + href: volume-activation/install-configure-vamt.md + - name: VAMT Requirements + href: volume-activation/vamt-requirements.md + - name: Install VAMT + href: volume-activation/install-vamt.md + - name: Configure Client Computers + href: volume-activation/configure-client-computers-vamt.md - name: Add and Manage Products - href: volume-activation/add-manage-products-vamt.md - - name: Add and Remove Computers - href: volume-activation/add-remove-computers-vamt.md - - name: Update Product Status - href: volume-activation/update-product-status-vamt.md - - name: Remove Products - href: volume-activation/remove-products-vamt.md + items: + - name: Overview + href: volume-activation/add-manage-products-vamt.md + - name: Add and Remove Computers + href: volume-activation/add-remove-computers-vamt.md + - name: Update Product Status + href: volume-activation/update-product-status-vamt.md + - name: Remove Products + href: volume-activation/remove-products-vamt.md - name: Manage Product Keys - href: volume-activation/manage-product-keys-vamt.md - - name: Add and Remove a Product Key - href: volume-activation/add-remove-product-key-vamt.md - - name: Install a Product Key - href: volume-activation/install-product-key-vamt.md - - name: Install a KMS Client Key - href: volume-activation/install-kms-client-key-vamt.md + items: + - name: Overview + href: volume-activation/manage-product-keys-vamt.md + - name: Add and Remove a Product Key + href: volume-activation/add-remove-product-key-vamt.md + - name: Install a Product Key + href: volume-activation/install-product-key-vamt.md + - name: Install a KMS Client Key + href: volume-activation/install-kms-client-key-vamt.md - name: Manage Activations - href: volume-activation/manage-activations-vamt.md - - name: Perform Online Activation - href: volume-activation/online-activation-vamt.md - - name: Perform Proxy Activation - href: volume-activation/proxy-activation-vamt.md - - name: Perform KMS Activation - href: volume-activation/kms-activation-vamt.md - - name: Perform Local Reactivation - href: volume-activation/local-reactivation-vamt.md - - name: Activate an Active Directory Forest Online - href: volume-activation/activate-forest-vamt.md - - name: Activate by Proxy an Active Directory Forest - href: volume-activation/activate-forest-by-proxy-vamt.md + items: + - name: Overview + href: volume-activation/manage-activations-vamt.md + - name: Run Online Activation + href: volume-activation/online-activation-vamt.md + - name: Run Proxy Activation + href: volume-activation/proxy-activation-vamt.md + - name: Run KMS Activation + href: volume-activation/kms-activation-vamt.md + - name: Run Local Reactivation + href: volume-activation/local-reactivation-vamt.md + - name: Activate an Active Directory Forest Online + href: volume-activation/activate-forest-vamt.md + - name: Activate by Proxy an Active Directory Forest + href: volume-activation/activate-forest-by-proxy-vamt.md - name: Manage VAMT Data - href: volume-activation/manage-vamt-data.md - - name: Import and Export VAMT Data - href: volume-activation/import-export-vamt-data.md - - name: Use VAMT in Windows PowerShell - href: volume-activation/use-vamt-in-windows-powershell.md + items: + - name: Overview + href: volume-activation/manage-vamt-data.md + - name: Import and Export VAMT Data + href: volume-activation/import-export-vamt-data.md + - name: Use VAMT in Windows PowerShell + href: volume-activation/use-vamt-in-windows-powershell.md - name: VAMT Step-by-Step Scenarios - href: volume-activation/vamt-step-by-step.md - - name: "Scenario 1: Online Activation" - href: volume-activation/scenario-online-activation-vamt.md - - name: "Scenario 2: Proxy Activation" - href: volume-activation/scenario-proxy-activation-vamt.md - - name: "Scenario 3: KMS Client Activation" - href: volume-activation/scenario-kms-activation-vamt.md + items: + - name: Overview + href: volume-activation/vamt-step-by-step.md + - name: "Scenario 1: Online Activation" + href: volume-activation/scenario-online-activation-vamt.md + - name: "Scenario 2: Proxy Activation" + href: volume-activation/scenario-proxy-activation-vamt.md + - name: "Scenario 3: KMS Client Activation" + href: volume-activation/scenario-kms-activation-vamt.md - name: VAMT Known Issues href: volume-activation/vamt-known-issues.md @@ -486,67 +498,75 @@ - name: Application Compatibility Toolkit (ACT) Technical Reference items: - name: SUA User's Guide - href: planning/sua-users-guide.md - - name: Using the SUA Wizard - href: planning/using-the-sua-wizard.md - - name: Using the SUA Tool - href: planning/using-the-sua-tool.md - - name: Tabs on the SUA Tool Interface - href: planning/tabs-on-the-sua-tool-interface.md - - name: Showing Messages Generated by the SUA Tool - href: planning/showing-messages-generated-by-the-sua-tool.md - - name: Applying Filters to Data in the SUA Tool - href: planning/applying-filters-to-data-in-the-sua-tool.md - - name: Fixing Applications by Using the SUA Tool - href: planning/fixing-applications-by-using-the-sua-tool.md + items: + - name: Overview + href: planning/sua-users-guide.md + - name: Use the SUA Wizard + href: planning/using-the-sua-wizard.md + - name: Use the SUA Tool + href: planning/using-the-sua-tool.md + - name: Tabs on the SUA Tool Interface + href: planning/tabs-on-the-sua-tool-interface.md + - name: Show Messages Generated by the SUA Tool + href: planning/showing-messages-generated-by-the-sua-tool.md + - name: Apply Filters to Data in the SUA Tool + href: planning/applying-filters-to-data-in-the-sua-tool.md + - name: Fix apps using the SUA Tool + href: planning/fixing-applications-by-using-the-sua-tool.md - name: Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista href: planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md - name: Compatibility Administrator User's Guide - href: planning/compatibility-administrator-users-guide.md - - name: Using the Compatibility Administrator Tool - href: planning/using-the-compatibility-administrator-tool.md - - name: Available Data Types and Operators in Compatibility Administrator - href: planning/available-data-types-and-operators-in-compatibility-administrator.md - - name: Searching for Fixed Applications in Compatibility Administrator - href: planning/searching-for-fixed-applications-in-compatibility-administrator.md - - name: Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator - href: planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md - - name: Creating a Custom Compatibility Fix in Compatibility Administrator - href: planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md - - name: Creating a Custom Compatibility Mode in Compatibility Administrator - href: planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md - - name: Creating an AppHelp Message in Compatibility Administrator - href: planning/creating-an-apphelp-message-in-compatibility-administrator.md - - name: Viewing the Events Screen in Compatibility Administrator - href: planning/viewing-the-events-screen-in-compatibility-administrator.md - - name: Enabling and Disabling Compatibility Fixes in Compatibility Administrator - href: planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md - - name: Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator - href: planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md - - name: Managing Application-Compatibility Fixes and Custom Fix Databases - href: planning/managing-application-compatibility-fixes-and-custom-fix-databases.md - - name: Understanding and Using Compatibility Fixes - href: planning/understanding-and-using-compatibility-fixes.md - - name: Compatibility Fix Database Management Strategies and Deployment - href: planning/compatibility-fix-database-management-strategies-and-deployment.md - - name: Testing Your Application Mitigation Packages - href: planning/testing-your-application-mitigation-packages.md - - name: Using the Sdbinst.exe Command-Line Tool - href: planning/using-the-sdbinstexe-command-line-tool.md + items: + - name: Overview + href: planning/compatibility-administrator-users-guide.md + - name: Use the Compatibility Administrator Tool + href: planning/using-the-compatibility-administrator-tool.md + - name: Available Data Types and Operators in Compatibility Administrator + href: planning/available-data-types-and-operators-in-compatibility-administrator.md + - name: Search for Fixed Applications in Compatibility Administrator + href: planning/searching-for-fixed-applications-in-compatibility-administrator.md + - name: Search for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator + href: planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md + - name: Create a Custom Compatibility Fix in Compatibility Administrator + href: planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md + - name: Create a Custom Compatibility Mode in Compatibility Administrator + href: planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md + - name: Create an AppHelp Message in Compatibility Administrator + href: planning/creating-an-apphelp-message-in-compatibility-administrator.md + - name: View the Events Screen in Compatibility Administrator + href: planning/viewing-the-events-screen-in-compatibility-administrator.md + - name: Enable and Disable Compatibility Fixes in Compatibility Administrator + href: planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md + - name: Install and Uninstall Custom Compatibility Databases in Compatibility Administrator + href: planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md + - name: Manage Application-Compatibility Fixes and Custom Fix Databases + items: + - name: Overview + href: planning/managing-application-compatibility-fixes-and-custom-fix-databases.md + - name: Understand and Use Compatibility Fixes + href: planning/understanding-and-using-compatibility-fixes.md + - name: Compatibility Fix Database Management Strategies and Deployment + href: planning/compatibility-fix-database-management-strategies-and-deployment.md + - name: Test Your Application Mitigation Packages + href: planning/testing-your-application-mitigation-packages.md + - name: Use the Sdbinst.exe Command-Line Tool + href: planning/using-the-sdbinstexe-command-line-tool.md - name: Volume Activation - href: volume-activation/volume-activation-windows-10.md - - name: Plan for volume activation - href: volume-activation/plan-for-volume-activation-client.md - - name: Activate using Key Management Service - href: volume-activation/activate-using-key-management-service-vamt.md - - name: Activate using Active Directory-based activation - href: volume-activation/activate-using-active-directory-based-activation-client.md - - name: Activate clients running Windows 10 - href: volume-activation/activate-windows-10-clients-vamt.md - - name: Monitor activation - href: volume-activation/monitor-activation-client.md - - name: Use the Volume Activation Management Tool - href: volume-activation/use-the-volume-activation-management-tool-client.md + items: + - name: Overview + href: volume-activation/volume-activation-windows-10.md + - name: Plan for volume activation + href: volume-activation/plan-for-volume-activation-client.md + - name: Activate using Key Management Service + href: volume-activation/activate-using-key-management-service-vamt.md + - name: Activate using Active Directory-based activation + href: volume-activation/activate-using-active-directory-based-activation-client.md + - name: Activate clients running Windows 10 + href: volume-activation/activate-windows-10-clients-vamt.md + - name: Monitor activation + href: volume-activation/monitor-activation-client.md + - name: Use the Volume Activation Management Tool + href: volume-activation/use-the-volume-activation-management-tool-client.md - name: "Appendix: Information sent to Microsoft during activation " href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 02c175e81b..5eec9e233a 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -145,8 +145,8 @@ When you configure your MDT Build Lab deployment share, you can also add applica On **MDT01**: -1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC1902120058_en_US.exe) to **D:\\setup\\adobe** on MDT01. -2. Extract the .exe file that you downloaded to an .msi (ex: .\AcroRdrDC1902120058_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne). +1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC2100520060_en_US.exe) to **D:\\setup\\adobe** on MDT01. +2. Extract the .exe file that you downloaded to an .msi (ex: .\AcroRdrDC2100520060_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne). 3. In the Deployment Workbench, expand the **MDT Production** node and navigate to the **Applications** node. 4. Right-click the **Applications** node, and create a new folder named **Adobe**. @@ -316,7 +316,7 @@ On **MDT01**: ### For the HP EliteBook 8560w -For the HP EliteBook 8560w, you use HP SoftPaq Download Manager to get the drivers. The HP SoftPaq Download Manager can be accessed on the [HP Support site](https://go.microsoft.com/fwlink/p/?LinkId=619545). +For the HP EliteBook 8560w, you use HP Image Assistant to get the drivers. The HP Image Assistant can be accessed on the [HP Support site](https://ftp.ext.hp.com/pub/caps-softpaq/cmit/HPIA.html). In these steps, we assume you have downloaded and extracted the drivers for the HP EliteBook 8650w model to the **D:\\Drivers\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w** folder. diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md index 4250054f65..c1039d7404 100644 --- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md @@ -32,7 +32,7 @@ The procedures in this guide use the following names and infrastructure. For the purposes of this topic, we will use three server computers: **DC01**, **MDT01**, and **HV01**. - All servers are running Windows Server 2019. - You can use an earlier version of Windows Server with minor modifications to some procedures. - - Note: Although MDT supports Windows Server 2008 R2, at least Windows Server 2012 R2 or later is requried to perform the procedures in this guide. + - Note: Although MDT supports Windows Server 2008 R2, at least Windows Server 2012 R2 or later is required to perform the procedures in this guide. - **DC01** is a domain controller, DHCP server, and DNS server for contoso.com, representing the fictitious Contoso Corporation. - **MDT01** is a domain member server in contoso.com with a data (D:) drive that can store at least 200GB. MDT01 will host deployment shares and run the Windows Deployment Service. Optionally, MDT01 is also a WSUS server. - A second MDT server (**MDT02**) configured identically to MDT01 is optionally used to [build a distributed environment](build-a-distributed-environment-for-windows-10-deployment.md) for Windows 10 deployment. This server is located on a different subnet than MDT01 and has a different default gateway. @@ -147,21 +147,9 @@ Switch to **DC01** and perform the following procedures on **DC01**: To create the OU structure, you can use the Active Directory Users and Computers console (dsa.msc), or you can use Windows PowerShell. -To use Windows PowerShell, copy the following commands into a text file and save it as C:\Setup\Scripts\ou.ps1. Be sure that you are viewing file extensions and that you save the file with the .ps1 extension. +Copy the following list of OU names and paths into a CSV file and save it as `~\Setup\Scripts\oulist.csv`. -```powershell -$oulist = Import-csv -Path c:\oulist.txt -ForEach($entry in $oulist){ - $ouname = $entry.ouname - $oupath = $entry.oupath - New-ADOrganizationalUnit -Name $ouname -Path $oupath - Write-Host -ForegroundColor Green "OU $ouname is created in the location $oupath" -} -``` - -Next, copy the following list of OU names and paths into a text file and save it as C:\Setup\Scripts\oulist.txt - -```text +```csv OUName,OUPath Contoso,"DC=CONTOSO,DC=COM" Accounts,"OU=Contoso,DC=CONTOSO,DC=COM" @@ -175,11 +163,20 @@ Workstations,"OU=Computers,OU=Contoso,DC=CONTOSO,DC=COM" Security Groups,"OU=Groups,OU=Contoso,DC=CONTOSO,DC=COM" ``` -Lastly, open an elevated Windows PowerShell prompt on DC01 and run the ou.ps1 script: +Next, copy the following commands into a file and save it as `~\Setup\Scripts\ou.ps1`. Be sure that you are viewing file extensions and that you save the file with the `.ps1` extension. + +```powershell +Import-CSV -Path $home\Setup\Scripts\oulist.csv | ForEach-Object { + New-ADOrganizationalUnit -Name $_.ouname -Path $_.oupath + Write-Host -ForegroundColor Green "OU $($_.ouname) is created in the location $($_.oupath)" +} +``` + +Lastly, open an elevated Windows PowerShell prompt on DC01 and run the `ou.ps1` script: ```powershell Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force -Set-Location C:\Setup\Scripts +Set-Location $home\Setup\Scripts .\ou.ps1 ``` @@ -212,7 +209,7 @@ The final result of either method is shown below. The **MDT_BA** account will be When creating a reference image, you need an account for MDT. The MDT build account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. -To create an MDT build account, open an elevalted Windows PowerShell prompt on DC01 and enter the following (copy and paste the entire command, taking care to notice the scroll bar at the bottom). This command will create the MDT_BA user account and set the password to "pass@word1": +To create an MDT build account, open an elevated Windows PowerShell prompt on DC01 and enter the following (copy and paste the entire command, taking care to notice the scroll bar at the bottom). This command will create the MDT_BA user account and set the password to "pass@word1": ```powershell New-ADUser -Name MDT_BA -UserPrincipalName MDT_BA -path "OU=Service Accounts,OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM" -Description "MDT Build Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -PasswordNeverExpires $true -Enabled $true @@ -262,4 +259,4 @@ When you have completed all the steps in this section to prepare for deployment, The following sample files are also available to help automate some MDT deployment tasks. This guide does not use these files, but they are made available here so you can see how some tasks can be automated with Windows PowerShell. - [Gather.ps1](/samples/browse/?redirectedfrom=TechNet-Gallery). This sample Windows PowerShell script performs the MDT Gather process in a simulated MDT environment. This allows you to test the MDT gather process and check to see if it is working correctly without performing a full Windows deployment. - [Set-OUPermissions.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU. -- [MDTSample.zip](https://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT. \ No newline at end of file +- [MDTSample.zip](https://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT. diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md index 10b4e2c70d..1e06d44fd8 100644 --- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md +++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md @@ -49,7 +49,7 @@ As Table 1 shows, each combination of servicing channel and deployment group is ## Steps to manage updates for Windows 10 -| | | +|  |  | | --- | --- | | ![done](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) | | ![done](images/checklistdone.png) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index c41a64b71e..1533a56a9b 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -331,7 +331,7 @@ Now that you have the **All Windows 10 Upgrades** view, complete the following s ## Steps to manage updates for Windows 10 -| | | +|  |  | | --- | --- | | ![done](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) | | ![done](images/checklistdone.png) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | diff --git a/windows/deployment/update/waas-optimize-windows-10-updates.md b/windows/deployment/update/waas-optimize-windows-10-updates.md index 2629d7b79a..4a9c314c35 100644 --- a/windows/deployment/update/waas-optimize-windows-10-updates.md +++ b/windows/deployment/update/waas-optimize-windows-10-updates.md @@ -86,7 +86,7 @@ At this point, the download is complete and the update is ready to be installed. ## Steps to manage updates for Windows 10 -| | | +|  |  | | --- | --- | | ![done](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) | | ![done](images/checklistdone.png) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 6a2e87ff0e..d34bb385f6 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -182,7 +182,7 @@ With all these options, which an organization chooses depends on the resources, ## Steps to manage updates for Windows 10 -| | | +|  |  | | --- | --- | | ![done](images/checklistdone.png) | Learn about updates and servicing channels (this topic) | | ![to do](images/checklistbox.gif) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md index 182ef97bfa..51430aba0c 100644 --- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md @@ -162,7 +162,7 @@ Administrators can disable the "Check for updates" option for users by enabling ## Steps to manage updates for Windows 10 -| | | +|  |  | | --- | --- | | ![done](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) | | ![done](images/checklistdone.png) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index c53b3b38d5..a9e7039ffb 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -50,7 +50,7 @@ Each time Microsoft releases a Windows 10 feature update, the IT department shou ## Steps to manage updates for Windows 10 -| | | +|  |  | | --- | --- | | ![done](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) | | ![done](images/checklistdone.png) | Prepare servicing strategy for Windows 10 updates (this topic) | diff --git a/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md b/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md index 8d2dad79dd..fd07fae01c 100644 --- a/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md +++ b/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md @@ -108,7 +108,3 @@ Some enterprises may want to block their users from installing the Windows 10 Mo http://windowsphone.com/s?appid=fbe47e4f-7769-4103-910e-dca8c43e0b07 For more information about how to do this, see [Try it out: restrict Windows Phone 8.1 apps](/previous-versions/windows/it-pro/windows-phone/cc182269(v=technet.10)). - -## Related topics - -[Windows 10 Mobile and mobile device management](/windows/client-management/windows-10-mobile-and-mdm) \ No newline at end of file diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index 1179220486..603113f920 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -46,9 +46,9 @@ This guide provides end-to-end instructions to install and configure Microsoft E Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed. -|||| -|--- |--- |--- | + |Topic|Description|Time| +|--- |--- |--- | |[Install prerequisites](#install-prerequisites)|Install prerequisite Windows Server roles and features, download, install and configure SQL Server, configure firewall rules, and install the Windows ADK.|60 minutes| |[Install Microsoft Endpoint Configuration Manager](#install-microsoft-endpoint-configuration-manager)|Download Microsoft Endpoint Configuration Manager, configure prerequisites, and install the package.|45 minutes| |[Download MDOP and install DaRT](#download-mdop-and-install-dart)|Download the Microsoft Desktop Optimization Pack 2015 and install DaRT 10.|15 minutes| diff --git a/windows/deployment/windows-10-pro-in-s-mode.md b/windows/deployment/windows-10-pro-in-s-mode.md index b9533e33af..dfe970649c 100644 --- a/windows/deployment/windows-10-pro-in-s-mode.md +++ b/windows/deployment/windows-10-pro-in-s-mode.md @@ -26,7 +26,7 @@ A number of other transformations are possible depending on which version and ed -| If a device is running this version of Windows 10 | and this edition of Windows 10 | then you can switch or convert it to this edition of Windows 10 by these methods: | | | +| If a device is running this version of Windows 10 | and this edition of Windows 10 | then you can switch or convert it to this edition of Windows 10 by these methods: |   |  | |-------------|---------------------|-----------------------------------|-------------------------------|--------------------------------------------| | | | **Store for Education** (switch/convert all devices in your tenant) | **Microsoft Store** (switch/convert one device at a time) | **Intune** (switch/convert any number of devices selected by admin) | | **Windows 10, version 1709** | Pro in S mode | Pro EDU | Pro | Not by this method | diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index 86e8ebcf13..826c5527fe 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -52,7 +52,7 @@ Starting in Windows 10, version 1903 and newer, both the **Out-of-Box-Experience In an upcoming release of Windows 10, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they are upgraded, the device settings will be evaluated to be at the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that leverage enhanced data collection may not work properly. For a list of services, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data). Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change. For a list of steps, see [Configure a Windows 11 device to limit crash dumps and logs](#configure-a-windows-11-device-to-limit-crash-dumps-and-logs). For more information on services that rely on Enhanced diagnostic data, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data). -Additionally, you will see the following policy changes in an upcoming release of Windows 10: +Additionally, you will see the following policy changes in an upcoming release of Windows Holographic, version 21H1 (HoloLens 2), Windows Server 2022 and Windows 11: | Policy type | Current policy | Renamed policy | | --- | --- | --- | diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index ec30cea998..9b9c40977d 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -3716,7 +3716,7 @@ This security group was introduced in Windows Server 2012, and it has not chang

Well-Known SID/RID

-

S-1-5-21-<domain>-1000

+

S-1-5-21-<domain>-<variable RID>

Type

@@ -3760,4 +3760,4 @@ This security group was introduced in Windows Server 2012, and it has not chang - [Special Identities](special-identities.md) -- [Access Control Overview](access-control.md) \ No newline at end of file +- [Access Control Overview](access-control.md) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md index 703848eaf3..5d76d6be7c 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md @@ -21,16 +21,33 @@ ms.reviewer: **Applies to** - Windows 10 - Windows Server 2016 +- Windows Server 2019 Windows Defender Credential Guard has certain application requirements. Windows Defender Credential Guard blocks specific authentication capabilities. Therefore applications that require such capabilities will not function when it is enabled. For further information, see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements). The following known issue has been fixed in the [Cumulative Security Update for November 2017](https://support.microsoft.com/help/4051033): -- Scheduled tasks with stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message:
- "Task Scheduler failed to log on ‘\Test’ .
- Failure occurred in ‘LogonUserExEx’ .
+- Scheduled tasks with domain user stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message:
+ "Task Scheduler failed to log on ‘\Test’.
+ Failure occurred in ‘LogonUserExEx’.
User Action: Ensure the credentials for the task are correctly specified.
- Additional Data: Error Value: 2147943726. 2147943726 : ERROR\_LOGON\_FAILURE (The user name or password is incorrect)." + Additional Data: Error Value: 2147943726. 2147943726: ERROR\_LOGON\_FAILURE (The user name or password is incorrect)." +- When enabling NTLM audit on the domain controller, an Event ID 8004 with an indecipherable username format is logged. For example: + > Log Name: Microsoft-Windows-NTLM/Operational + Source: Microsoft-Windows-Security-Netlogon + Event ID: 8004 + Task Category: Auditing NTLM + Level: Information + Description: + Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller. + Secure Channel name: \ + User name: + @@CyBAAAAUBQYAMHArBwUAMGAoBQZAQGA1BAbAUGAyBgOAQFAhBwcAsGA6AweAgDA2AQQAMEAwAANAgDA1AQLAIEADBQRAADAtAANAYEA1AwQA0CA5AAOAMEAyAQLAYDAxAwQAEDAEBwMAMEAwAgMAMDACBgRA0HA + Domain name: NULL + + - This event stems from a scheduled task running under local user context with the [Cumulative Security Update for November 2017](https://support.microsoft.com/topic/november-27-2017-kb4051033-os-build-14393-1914-447b6b88-e75d-0a24-9ab9-5dcda687aaf4) or later and happens when Credential Guard is enabled. + - The username appears in an unusual format because local accounts aren’t protected by Credential Guard. The task also fails to execute. + - As a workaround, run the scheduled task under a domain user or the computer's SYSTEM account. The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017: @@ -107,4 +124,4 @@ Windows Defender Credential Guard is not supported by either these products, pro This is not a comprehensive list. Check whether your product vendor, product version, or computer system, supports Windows Defender Credential Guard on systems that run Windows 10 or specific versions of Windows 10. Specific computer system models may be incompatible with Windows Defender Credential Guard. - Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements. \ No newline at end of file + Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements. diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 717d082664..476aed7683 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -82,6 +82,7 @@ For errors listed in this table, contact Microsoft Support for assistance. |-------------|---------| | 0X80072F0C | Unknown | | 0x80070057 | Invalid parameter or argument is passed. | +| 0x80090010 | NTE_PERM | | 0x80090020 | NTE\_FAIL | | 0x80090027 | Caller provided a wrong parameter. If third-party code receives this error, they must change their code. | | 0x8009002D | NTE\_INTERNAL\_ERROR | @@ -110,4 +111,4 @@ For errors listed in this table, contact Microsoft Support for assistance. - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md) - [Windows Hello and password changes](hello-and-password-changes.md) - [Event ID 300 - Windows Hello successfully created](hello-event-300.md) -- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) \ No newline at end of file +- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md deleted file mode 100644 index e91ce1f65c..0000000000 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: How Windows Hello for Business works - Device Registration -description: Explains registration, authentication, key material, and infrastructure for Windows Hello for Business. -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -audience: ITPro -author: mapalko -ms.author: mapalko -manager: dansimp -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium -ms.date: 08/19/2018 -ms.reviewer: ---- -# Windows Hello for Business and Device Registration - -**Applies to:** -- Windows 10 - -Device Registration is a prerequisite to Windows Hello for Business provisioning. Device registration occurs regardless of a cloud, hybrid, or on-premises deployments. For cloud and hybrid deployments, devices register with Azure Active Directory. For on-premises deployments, devices registered with the enterprise device registration service hosted by Active Directory Federation Services (AD FS). - -[Azure AD joined in Managed environments](#azure-ad-joined-in-managed-environments)
-[Azure AD joined in Federated environments](#azure-ad-joined-in-federated-environments)
-[Hybrid Azure AD joined in Managed environments](#hybrid-azure-ad-joined-in-managed-environments)
-[Hybrid Azure AD joined in Federated environments](#hybrid-azure-ad-joined-in-federated-environments)
- -## Azure AD joined in Managed environments -![Azure AD joined in Managed environments](images/howitworks/devreg-aadj-managed.png) - -| Phase | Description | -| :----: | :----------- | -|A | The most common way Azure AD joined devices register with Azure is during the out-of-box-experience (OOBE) where it loads the Azure AD join web application in the Cloud Experience Host (CXH) application. The application sends a GET request to the Azure OpenID configuration endpoint to discover authorization endpoints. Azure returns the OpenID configuration, which includes the authorization endpoints, to application as JSON document.| -|B | The application builds a sign-in request for the authorization end point and collects user credentials.| -|C | After the user provides their user name (in UPN format), the application sends a GET request to Azure to discover corresponding realm information for the user. This determines if the environment is managed or federated. Azure returns the information in a JSON object. The application determines the environment is managed (non-federated).
The last step in this phase has the application create an authentication buffer and if in OOBE, temporarily caches it for automatic sign-in at the end of OOBE. The application POSTs the credentials to Azure Active Directory where they are validated. Azure Active Directory returns an ID token with claims.| -|D | The application looks for MDM terms of use (the mdm_tou_url claim). If present, the application retrieves the terms of use from the claim's value, present the contents to the user, and waits for the user to accept the terms of use. This step is optional and skipped if the claim is not present or if the claim value is empty.| -|E | The application sends a device registration discovery request to the Azure Device Registration Service (ADRS). Azure DRS returns a discovery data document, which returns tenant specific URIs to complete device registration.| -|F | The application creates TPM bound (preferred) RSA 2048 bit key-pair known as the device key (dkpub/dkpriv). The application create a certificate request using dkpub and the public key and signs the certificate request with using dkpriv. Next, the application derives second key pair from the TPM's storage root key. This is the transport key (tkpub/tkpriv).| -|G | The application sends a device registration request to Azure DRS that includes the ID token, certificate request, tkpub, and attestation data. Azure DRS validates the ID token, creates a device ID, and creates a certificate based on the included certificate request. Azure DRS then writes a device object in Azure Active Directory and sends the device ID and the device certificate to the client.| -|H | Device registration completes by receiving the device ID and the device certificate from Azure DRS. The device ID is saved for future reference (viewable from dsregcmd.exe /status), and the device certificate is installed in the Personal store of the computer. With device registration complete, the process continues with MDM enrollment.| - -[Return to top](#windows-hello-for-business-and-device-registration) -## Azure AD joined in Federated environments -![Azure AD joined in Managed environments](images/howitworks/devreg-aadj-federated.png) - -| Phase | Description | -| :----: | :----------- | -|A | The most common way Azure AD joined devices register with Azure is during the out-of-box-experience (OOBE) where it loads the Azure AD join web application in the Cloud Experience Host (CXH) application. The application sends a GET request to the Azure OpenID configuration endpoint to discover authorization endpoints. Azure returns the OpenID configuration, which includes the authorization endpoints, to application as JSON document.| -|B | The application builds a sign-in request for the authorization end point and collects user credentials.| -|C | After the user provides their user name (in UPN format), the application sends a GET request to Azure to discover corresponding realm information for the user. This determines if the environment is managed or federated. Azure returns the information in a JSON object. The application determines the environment is federated.
The application redirects to the AuthURL value (on-premises STS sign-in page) in the returned JSON realm object. The application collects credentials through the STS web page.| -|D | The application POST the credential to the on-premises STS, which may require additional factors of authentication. The on-premises STS authenticates the user and returns a token. The application POSTs the token to Azure Active Directory for authentication. Azure Active Directory validates the token and returns an ID token with claims.| -|E | The application looks for MDM terms of use (the mdm_tou_url claim). If present, the application retrieves the terms of use from the claim's value, present the contents to the user, and waits for the user to accept the terms of use. This step is optional and skipped if the claim is not present or if the claim value is empty.| -|F | The application sends a device registration discovery request to the Azure Device Registration Service (ADRS). Azure DRS returns a discovery data document, which returns tenant specific URIs to complete device registration.| -|G | The application creates TPM bound (preferred) RSA 2048 bit key-pair known as the device key (dkpub/dkpriv). The application create a certificate request using dkpub and the public key and signs the certificate request with using dkpriv. Next, the application derives second key pair from the TPM's storage root key. This is the transport key (tkpub/tkpriv).| -|H | The application sends a device registration request to Azure DRS that includes the ID token, certificate request, tkpub, and attestation data. Azure DRS validates the ID token, creates a device ID, and creates a certificate based on the included certificate request. Azure DRS then writes a device object in Azure Active Directory and sends the device ID and the device certificate to the client.| -|I | Device registration completes by receiving the device ID and the device certificate from Azure DRS. The device ID is saved for future reference (viewable from dsregcmd.exe /status), and the device certificate is installed in the Personal store of the computer. With device registration complete, the process continues with MDM enrollment.| - -[Return to top](#windows-hello-for-business-and-device-registration) -## Hybrid Azure AD joined in Managed environments -![Hybrid Azure AD joined in Managed environments](images/howitworks/devreg-hybrid-haadj-managed.png) - -| Phase | Description | -| :----: | :----------- | -| A | The user signs in to a domain joined Windows 10 computers using domain credentials. This can be user name and password or smart card authentication. The user sign-in triggers the Automatic Device Join task. Note: the Automatic Device Join tasks is triggered on domain join as well as retried every hour. It does not solely depend on the user sign-in.| -|B | The task queries Active Directory using the LDAP protocol for the keywords attribute on service connection point stored in the configuration partition in Active Directory (CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=corp,DC=contoso,DC=com). The value returned in the keywords attribute determines if device registration is directed to Azure Device Registration Service (ADRS) or the enterprise device registration service hosted on-premises.| -|C | For the managed environment, the task creates an initial authentication credential in the form of a self-signed certificate. The task write the certificate to the userCertificate attribute on the computer object in Active Directory using LDAP. -|D |The computer cannot authenticate to Azure DRS until a device object representing the computer that includes the certificate on the userCertificate attribute is created in Azure Active Directory. Azure AD Connect detects an attribute change. On the next synchronization cycle, Azure AD Connect sends the userCertificate, object GUID, and computer SID to Azure DRS. Azure DRS uses the attribute information to create a device object in Azure Active Directory.| -|E | The Automatic Device Join task triggers with each user sign-in or every hour, and tries to authenticate the computer to Azure Active Directory using the corresponding private key of the public key in the userCertificate attribute. Azure Active Directory authenticates the computer and issues a ID token to the computer.| -|F | The task creates TPM bound (preferred) RSA 2048 bit key-pair known as the device key (dkpub/dkpriv). The application create a certificate request using dkpub and the public key and signs the certificate request with using dkpriv. Next, the application derives second key pair from the TPM's storage root key. This is the transport key (tkpub/tkpriv).| -|G | The task sends a device registration request to Azure DRS that includes the ID token, certificate request, tkpub, and attestation data. Azure DRS validates the ID token, creates a device ID, and creates a certificate based on the included certificate request. Azure DRS then updates the device object in Azure Active Directory and sends the device ID and the device certificate to the client.| -|H | Device registration completes by receiving the device ID and the device certificate from Azure DRS. The device ID is saved for future reference (viewable from dsregcmd.exe /status), and the device certificate is installed in the Personal store of the computer. With device registration complete, the task exits.| - -[Return to top](#windows-hello-for-business-and-device-registration) -## Hybrid Azure AD joined in Federated environments -![Hybrid Azure AD joined in Managed environments](images/howitworks/devreg-hybrid-haadj-federated.png) - -| Phase | Description | -| :----: | :----------- | -| A | The user signs in to a domain joined Windows 10 computers using domain credentials. This can be user name and password or smart card authentication. The user sign-in triggers the Automatic Device Join task. Note: the Automatic Device Join tasks is triggered on domain join as well as retried every hour. It does not solely depend on the user sign-in. | -|B | The task queries Active Directory using the LDAP protocol for the keywords attribute on service connection point stored in the configuration partition in Active Directory (CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=corp,DC=contoso,DC=com). The value returned in the keywords attribute determines if device registration is directed to Azure Device Registration Service (ADRS) or the enterprise device registration service hosted on-premises.| -|C | For the federated environments, the computer authenticates the enterprise device registration endpoint using Windows integrated authentication. The enterprise device registration service creates and returns a token that includes claims for the object GUID, computer SID, and domain joined state. The task submits the token and claims to Azure Active Directory where it is validated. Azure Active Directory returns an ID token to the running task. -|D | The application creates TPM bound (preferred) RSA 2048 bit key-pair known as the device key (dkpub/dkpriv). The application create a certificate request using dkpub and the public key and signs the certificate request with using dkpriv. Next, the application derives second key pair from the TPM's storage root key. This is the transport key (tkpub/tkpriv).| -|E | To provide SSO for on-premises federated application, the task requests an enterprise PRT from the on-premises STS. Windows Server 2016 running the Active Directory Federation Services role validate the request and return it the running task.| -|F | The task sends a device registration request to Azure DRS that includes the ID token, certificate request, tkpub, and attestation data. Azure DRS validates the ID token, creates a device ID, and creates a certificate based on the included certificate request. Azure DRS then writes a device object in Azure Active Directory and sends the device ID and the device certificate to the client. Device registration completes by receiving the device ID and the device certificate from Azure DRS. The device ID is saved for future reference (viewable from dsregcmd.exe /status), and the device certificate is installed in the Personal store of the computer. With device registration complete, the task exits.| -|G | If Azure AD Connect device write-back is enabled, Azure AD Connect requests updates from Azure Active Directory at its next synchronization cycle (device write-back is required for hybrid deployment using certificate trust). Azure Active Directory correlates the device object with a matching synchronized computer object. Azure AD Connect receives the device object that includes the object GUID and computer SID and writes the device object to Active Directory.| - -[Return to top](#windows-hello-for-business-and-device-registration) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index c9844c3d80..609a2a0954 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -34,7 +34,7 @@ Windows Hello for Business is a distributed system that uses several components Registration is a fundamental prerequisite for Windows Hello for Business. Without registration, Windows Hello for Business provisioning cannot start. Registration is where the device **registers** its identity with the identity provider. For cloud and hybrid deployments, the identity provider is Azure Active Directory and the device registers with the Azure Device Registration Service (ADRS). For on-premises deployments, the identity provider is Active Directory Federation Services (AD FS), and the device registers with the enterprise device registration service hosted on the federation servers (AD FS). -For more information read [how device registration works](hello-how-it-works-device-registration.md). +For more information read [how device registration works](/azure/active-directory/devices/device-registration-how-it-works). ### Provisioning diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index 60161ce7da..f0c08b1c66 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -17,8 +17,6 @@ href: hello-how-it-works.md - name: Technical Deep Dive items: - - name: Device Registration - href: hello-how-it-works-device-registration.md - name: Provisioning href: hello-how-it-works-provisioning.md - name: Authentication diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index b07187e9c4..c695b4b77c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -105,15 +105,15 @@ The following policies are used to support customized deployment scenarios in yo This policy setting allows users on devices that are compliant with Modern Standby or the Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for preboot authentication. -||| -|--- |--- | -|Policy description|With this policy setting, you can allow TPM-only protection for newer, more secure devices, such as devices that support Modern Standby or HSTI, while requiring PIN on older devices.| -|Introduced|Windows 10, version 1703| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|This setting overrides the **Require startup PIN with TPM** option of the [Require additional authentication at startup](#bkmk-unlockpol1) policy on compliant hardware.| -|When enabled|Users on Modern Standby and HSTI compliant devices will have the choice to turn on BitLocker without preboot authentication.| -|When disabled or not configured|The options of the [Require additional authentication at startup](#bkmk-unlockpol1) policy apply.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can allow TPM-only protection for newer, more secure devices, such as devices that support Modern Standby or HSTI, while requiring PIN on older devices.| +|**Introduced**|Windows 10, version 1703| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|This setting overrides the **Require startup PIN with TPM** option of the [Require additional authentication at startup](#bkmk-unlockpol1) policy on compliant hardware.| +|**When enabled**|Users on Modern Standby and HSTI compliant devices will have the choice to turn on BitLocker without preboot authentication.| +|**When disabled or not configured**|The options of the [Require additional authentication at startup](#bkmk-unlockpol1) policy apply.| **Reference** @@ -126,15 +126,15 @@ This policy controls a portion of the behavior of the Network Unlock feature in This policy is used in addition to the BitLocker Drive Encryption Network Unlock Certificate security policy (located in the **Public Key Policies** folder of Local Computer Policy) to allow systems that are connected to a trusted network to properly utilize the Network Unlock feature. -||| -|--- |--- | -|Policy description|With this policy setting, you can control whether a BitLocker-protected computer that is connected to a trusted local area network and joined to a domain can create and use network key protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|None| -|When enabled|Clients configured with a BitLocker Network Unlock certificate can create and use Network Key Protectors.| -|When disabled or not configured|Clients cannot create and use Network Key Protectors| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can control whether a BitLocker-protected computer that is connected to a trusted local area network and joined to a domain can create and use network key protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|None| +|**When enabled**|Clients configured with a BitLocker Network Unlock certificate can create and use Network Key Protectors.| +|**When disabled or not configured**|Clients cannot create and use Network Key Protectors| **Reference** @@ -149,15 +149,15 @@ For more information about Network Unlock, see [BitLocker: How to enable Network This policy setting is used to control which unlock options are available for operating system drives. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|If one authentication method is required, the other methods cannot be allowed. Use of BitLocker with a TPM startup key or with a TPM startup key and a PIN must be disallowed if the **Deny write access to removable drives not protected by BitLocker** policy setting is enabled.| -|When enabled|Users can configure advanced startup options in the BitLocker Setup Wizard.| -|When disabled or not configured|Users can configure only basic options on computers with a TPM.

Only one of the additional authentication options can be required at startup; otherwise, a policy error occurs.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|If one authentication method is required, the other methods cannot be allowed. Use of BitLocker with a TPM startup key or with a TPM startup key and a PIN must be disallowed if the **Deny write access to removable drives not protected by BitLocker** policy setting is enabled.| +|**When enabled**|Users can configure advanced startup options in the BitLocker Setup Wizard.| +|**When disabled or not configured**|Users can configure only basic options on computers with a TPM.

Only one of the additional authentication options can be required at startup; otherwise, a policy error occurs.| **Reference** @@ -197,15 +197,15 @@ There are four options for TPM-enabled computers or devices: This policy setting permits the use of enhanced PINs when you use an unlock method that includes a PIN. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure whether enhanced startup PINs are used with BitLocker.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|None| -|When enabled|All new BitLocker startup PINs that are set will be enhanced PINs. Existing drives that were protected by using standard startup PINs are not affected.| -|When disabled or not configured|Enhanced PINs will not be used.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure whether enhanced startup PINs are used with BitLocker.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|None| +|**When enabled**|All new BitLocker startup PINs that are set will be enhanced PINs. Existing drives that were protected by using standard startup PINs are not affected.| +|**When disabled or not configured**|Enhanced PINs will not be used.| **Reference** @@ -218,15 +218,15 @@ Enhanced startup PINs permit the use of characters (including uppercase and lowe This policy setting is used to set a minimum PIN length when you use an unlock method that includes a PIN. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure a minimum length for a TPM startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits, and it can have a maximum length of 20 digits. By default, the minimum PIN length is 6.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|None| -|When enabled|You can require that startup PINs set by users must have a minimum length you choose that is between 4 and 20 digits.| -|When disabled or not configured|Users can configure a startup PIN of any length between 6 and 20 digits.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure a minimum length for a TPM startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits, and it can have a maximum length of 20 digits. By default, the minimum PIN length is 6.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|None| +|**When enabled**|You can require that startup PINs set by users must have a minimum length you choose that is between 4 and 20 digits.| +|**When disabled or not configured**|Users can configure a startup PIN of any length between 6 and 20 digits.| **Reference** @@ -255,15 +255,15 @@ If the minimum PIN length is reduced from the default of six characters, then th This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI ports until a user signs in to Windows. -| | | -|---------|---------| -|Policy description|This setting helps prevent attacks that use external PCI-based devices to access BitLocker keys.| -|Introduced|Windows 10, version 1703| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| -|Conflicts|None| -|When enabled|Every time the user locks the scree, DMA will be blocked on hot pluggable PCI ports until the user signs in again.| -|When disabled or not configured|DMA is available on hot pluggable PCI devices if the device is turned on, regardless of whether a user is signed in.| +| |   | +|:---|:---| +|**Policy description**|This setting helps prevent attacks that use external PCI-based devices to access BitLocker keys.| +|**Introduced**|Windows 10, version 1703| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| +|**Conflicts**|None| +|**When enabled**|Every time the user locks the scree, DMA will be blocked on hot pluggable PCI ports until the user signs in again.| +|**When disabled or not configured**|DMA is available on hot pluggable PCI devices if the device is turned on, regardless of whether a user is signed in.| **Reference** @@ -273,15 +273,15 @@ This policy setting is only enforced when BitLocker or device encryption is enab This policy setting allows you to configure whether standard users are allowed to change the PIN or password that is used to protect the operating system drive. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure whether standard users are allowed to change the PIN or password used to protect the operating system drive.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|None| -|When enabled|Standard users are not allowed to change BitLocker PINs or passwords.| -|When disabled or not configured|Standard users are permitted to change BitLocker PINs or passwords.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure whether standard users are allowed to change the PIN or password used to protect the operating system drive.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|None| +|**When enabled**|Standard users are not allowed to change BitLocker PINs or passwords.| +|**When disabled or not configured**|Standard users are permitted to change BitLocker PINs or passwords.| **Reference** @@ -291,15 +291,15 @@ To change the PIN or password, the user must be able to provide the current PIN This policy controls how non-TPM based systems utilize the password protector. Used in conjunction with the **Password must meet complexity requirements** policy, this policy allows administrators to require password length and complexity for using the password protector. By default, passwords must be eight characters in length. Complexity configuration options determine how important domain connectivity is for the client. For the strongest password security, administrators should choose **Require password complexity** because it requires domain connectivity, and it requires that the BitLocker password meets the same password complexity requirements as domain sign-in passwords. -||| -|--- |--- | -|Policy description|With this policy setting, you can specify the constraints for passwords that are used to unlock operating system drives that are protected with BitLocker.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|Passwords cannot be used if FIPS-compliance is enabled.


**NOTE:** The **System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing** policy setting, which is located at **Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options** specifies whether FIPS-compliance is enabled.| -|When enabled|Users can configure a password that meets the requirements you define. To enforce complexity requirements for the password, select **Require complexity**.| -|When disabled or not configured|The default length constraint of 8 characters will apply to operating system drive passwords and no complexity checks will occur.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can specify the constraints for passwords that are used to unlock operating system drives that are protected with BitLocker.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|Passwords cannot be used if FIPS-compliance is enabled.


**NOTE:** The **System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing** policy setting, which is located at **Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options** specifies whether FIPS-compliance is enabled.| +|**When enabled**|Users can configure a password that meets the requirements you define. To enforce complexity requirements for the password, select **Require complexity**.| +|**When disabled or not configured**|The default length constraint of 8 characters will apply to operating system drive passwords and no complexity checks will occur.| **Reference** @@ -321,15 +321,15 @@ When this policy setting is enabled, you can set the option **Configure password This policy setting is used to control what unlock options are available for computers running Windows Server 2008 or Windows Vista. -||| -|--- |--- | -|Policy description|With this policy setting, you can control whether the BitLocker Setup Wizard on computers running Windows Vista or Windows Server 2008 can set up an additional authentication method that is required each time the computer starts.| -|Introduced|Windows Server 2008 and Windows Vista| -|Drive type|Operating system drives (Windows Server 2008 and Windows Vista)| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|If you choose to require an additional authentication method, other authentication methods cannot be allowed.| -|When enabled|The BitLocker Setup Wizard displays the page that allows the user to configure advanced startup options for BitLocker. You can further configure setting options for computers with or without a TPM.| -|When disabled or not configured|The BitLocker Setup Wizard displays basic steps that allow users to enable BitLocker on computers with a TPM. In this basic wizard, no additional startup key or startup PIN can be configured.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can control whether the BitLocker Setup Wizard on computers running Windows Vista or Windows Server 2008 can set up an additional authentication method that is required each time the computer starts.| +|**Introduced**|Windows Server 2008 and Windows Vista| +|**Drive type**|Operating system drives (Windows Server 2008 and Windows Vista)| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|If you choose to require an additional authentication method, other authentication methods cannot be allowed.| +|**When enabled**|The BitLocker Setup Wizard displays the page that allows the user to configure advanced startup options for BitLocker. You can further configure setting options for computers with or without a TPM.| +|**When disabled or not configured**|The BitLocker Setup Wizard displays basic steps that allow users to enable BitLocker on computers with a TPM. In this basic wizard, no additional startup key or startup PIN can be configured.| **Reference** @@ -358,16 +358,16 @@ To hide the advanced page on a TPM-enabled computer or device, set these options This policy setting is used to require, allow, or deny the use of smart cards with fixed data drives. -||| -|--- |--- | -|Policy description|With this policy setting, you can specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Fixed data drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| -|Conflicts|To use smart cards with BitLocker, you may also need to modify the object identifier setting in the **Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance** policy setting to match the object identifier of your smart card certificates.| -|When enabled|Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the **Require use of smart cards on fixed data drives** check box.| -|When disabled|Users cannot use smart cards to authenticate their access to BitLocker-protected fixed data drives.| -|When not configured|Smart cards can be used to authenticate user access to a BitLocker-protected drive.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Fixed data drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| +|**Conflicts**|To use smart cards with BitLocker, you may also need to modify the object identifier setting in the **Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance** policy setting to match the object identifier of your smart card certificates.| +|**When enabled**|Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the **Require use of smart cards on fixed data drives** check box.| +|**When disabled**|Users cannot use smart cards to authenticate their access to BitLocker-protected fixed data drives.| +|**When not configured**|Smart cards can be used to authenticate user access to a BitLocker-protected drive.| **Reference** @@ -378,16 +378,16 @@ This policy setting is used to require, allow, or deny the use of smart cards wi This policy setting is used to require, allow, or deny the use of passwords with fixed data drives. -||| -|--- |--- | -|Policy description|With this policy setting, you can specify whether a password is required to unlock BitLocker-protected fixed data drives.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Fixed data drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| -|Conflicts|To use password complexity, the **Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements** policy setting must also be enabled.| -|When enabled|Users can configure a password that meets the requirements you define. To require the use of a password, select **Require password for fixed data drive**. To enforce complexity requirements on the password, select **Require complexity**.| -|When disabled|The user is not allowed to use a password.| -|When not configured|Passwords are supported with the default settings, which do not include password complexity requirements and require only 8 characters.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can specify whether a password is required to unlock BitLocker-protected fixed data drives.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Fixed data drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| +|**Conflicts**|To use password complexity, the **Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements** policy setting must also be enabled.| +|**When enabled**|Users can configure a password that meets the requirements you define. To require the use of a password, select **Require password for fixed data drive**. To enforce complexity requirements on the password, select **Require complexity**.| +|**When disabled**|The user is not allowed to use a password.| +|**When not configured**|Passwords are supported with the default settings, which do not include password complexity requirements and require only 8 characters.| **Reference** @@ -414,16 +414,16 @@ Enabling this policy setting requires that connectivity to a domain be establish This policy setting is used to require, allow, or deny the use of smart cards with removable data drives. -||| -|--- |--- | -|Policy description|With this policy setting, you can specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Removable data drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| -|Conflicts|To use smart cards with BitLocker, you may also need to modify the object identifier setting in the **Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance** policy setting to match the object identifier of your smart card certificates.| -|When enabled|Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the **Require use of smart cards on removable data drives** check box.| -|When disabled or not configured|Users are not allowed to use smart cards to authenticate their access to BitLocker-protected removable data drives.| -|When not configured|Smart cards are available to authenticate user access to a BitLocker-protected removable data drive.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Removable data drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| +|**Conflicts**|To use smart cards with BitLocker, you may also need to modify the object identifier setting in the **Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance** policy setting to match the object identifier of your smart card certificates.| +|**When enabled**|Smart cards can be used to authenticate user access to the drive. You can require smart card authentication by selecting the **Require use of smart cards on removable data drives** check box.| +|**When disabled or not configured**|Users are not allowed to use smart cards to authenticate their access to BitLocker-protected removable data drives.| +|**When not configured**|Smart cards are available to authenticate user access to a BitLocker-protected removable data drive.| **Reference** @@ -434,16 +434,17 @@ This policy setting is used to require, allow, or deny the use of smart cards wi This policy setting is used to require, allow, or deny the use of passwords with removable data drives. -||| -|--- |--- | -|Policy description|With this policy setting, you can specify whether a password is required to unlock BitLocker-protected removable data drives.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Removable data drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| -|Conflicts|To use password complexity, the **Password must meet complexity requirements** policy setting, which is located at **Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy** must also be enabled.| -|When enabled|Users can configure a password that meets the requirements you define. To require the use of a password, select **Require password for removable data drive**. To enforce complexity requirements on the password, select **Require complexity**.| -|When disabled|The user is not allowed to use a password.| -|When not configured|Passwords are supported with the default settings, which do not include password complexity requirements and require only 8 characters.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can specify whether a password is required to unlock BitLocker-protected removable data drives.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Removable data drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| +|**Conflicts**|To use password complexity, the **Password must meet complexity requirements** policy setting, which is located at **Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy** must also be enabled.| +|**When enabled**|Users can configure a password that meets the requirements you define. To require the use of a password, select **Require password for removable data drive**. To enforce complexity requirements on the password, select **Require complexity**.| +|**When disabled**|The user is not allowed to use a password.| +|**When not configured**|Passwords are supported with the default settings, which do not include password complexity requirements and require only 8 characters.| + **Reference** If you choose to allow the use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting to be effective, the Group Policy setting **Password must meet complexity requirements**, which is located at @@ -469,15 +470,15 @@ For information about this setting, see [System cryptography: Use FIPS-compliant This policy setting is used to determine what certificate to use with BitLocker. -||| -|--- |--- | -|Policy description|With this policy setting, you can associate an object identifier from a smart card certificate to a BitLocker-protected drive.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Fixed and removable data drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| -|Conflicts|None| -|When enabled|The object identifier that is specified in the **Object identifier** setting must match the object identifier in the smart card certificate.| -|When disabled or not configured|The default object identifier is used.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can associate an object identifier from a smart card certificate to a BitLocker-protected drive.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Fixed and removable data drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| +|**Conflicts**|None| +|**When enabled**|The object identifier that is specified in the **Object identifier** setting must match the object identifier in the smart card certificate.| +|**When disabled or not configured**|The default object identifier is used.| **Reference** @@ -494,15 +495,15 @@ The default object identifier is 1.3.6.1.4.1.311.67.1.1. This policy setting allows users to enable authentication options that require user input from the preboot environment even if the platform indicates a lack of preboot input capability. -||| -|--- |--- | -|Policy description|With this policy setting, you can allow users to enable authentication options that require user input from the preboot environment, even if the platform indicates a lack of preboot input capability.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Operating system drive| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drive| -|Conflicts|None| -|When enabled|Devices must have an alternative means of preboot input (such as an attached USB keyboard).| -|When disabled or not configured|The Windows Recovery Environment must be enabled on tablets to support entering the BitLocker recovery password.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can allow users to enable authentication options that require user input from the preboot environment, even if the platform indicates a lack of preboot input capability.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Operating system drive| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drive| +|**Conflicts**|None| +|**When enabled**|Devices must have an alternative means of preboot input (such as an attached USB keyboard).| +|**When disabled or not configured**|The Windows Recovery Environment must be enabled on tablets to support entering the BitLocker recovery password.| **Reference** @@ -522,15 +523,15 @@ If you do not enable this policy setting, the following options in the **Require This policy setting is used to require encryption of fixed drives prior to granting Write access. -||| -|--- |--- | -|Policy description|With this policy setting, you can set whether BitLocker protection is required for fixed data drives to be writable on a computer.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Fixed data drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| -|Conflicts|See the Reference section for a description of conflicts.| -|When enabled|All fixed data drives that are not BitLocker-protected are mounted as Read-only. If the drive is protected by BitLocker, it is mounted with Read and Write access.| -|When disabled or not configured|All fixed data drives on the computer are mounted with Read and Write access.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can set whether BitLocker protection is required for fixed data drives to be writable on a computer.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Fixed data drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| +|**Conflicts**|See the Reference section for a description of conflicts.| +|**When enabled**|All fixed data drives that are not BitLocker-protected are mounted as Read-only. If the drive is protected by BitLocker, it is mounted with Read and Write access.| +|**When disabled or not configured**|All fixed data drives on the computer are mounted with Read and Write access.| **Reference** @@ -550,15 +551,15 @@ Conflict considerations include: This policy setting is used to require that removable drives are encrypted prior to granting Write access, and to control whether BitLocker-protected removable drives that were configured in another organization can be opened with Write access. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure whether BitLocker protection is required for a computer to be able to write data to a removable data drive.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Removable data drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| -|Conflicts|See the Reference section for a description of conflicts.| -|When enabled|All removable data drives that are not BitLocker-protected are mounted as Read-only. If the drive is protected by BitLocker, it is mounted with Read and Write access.| -|When disabled or not configured|All removable data drives on the computer are mounted with Read and Write access.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure whether BitLocker protection is required for a computer to be able to write data to a removable data drive.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Removable data drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| +|**Conflicts**|See the Reference section for a description of conflicts.| +|**When enabled**|All removable data drives that are not BitLocker-protected are mounted as Read-only. If the drive is protected by BitLocker, it is mounted with Read and Write access.| +|**When disabled or not configured**|All removable data drives on the computer are mounted with Read and Write access.| **Reference** @@ -577,16 +578,16 @@ Conflict considerations include: This policy setting is used to prevent users from turning BitLocker on or off on removable data drives. -||| -|--- |--- | -|Policy description|With this policy setting, you can control the use of BitLocker on removable data drives.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Removable data drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| -|Conflicts|None| -|When enabled|You can select property settings that control how users can configure BitLocker.| -|When disabled|Users cannot use BitLocker on removable data drives.| -|When not configured|Users can use BitLocker on removable data drives.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can control the use of BitLocker on removable data drives.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Removable data drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| +|**Conflicts**|None| +|**When enabled**|You can select property settings that control how users can configure BitLocker.| +|**When disabled**|Users cannot use BitLocker on removable data drives.| +|**When not configured**|Users can use BitLocker on removable data drives.| **Reference** @@ -603,15 +604,15 @@ The options for choosing property settings that control how users can configure This policy setting is used to control the encryption method and cipher strength. -||| -|--- |--- | -|Policy description|With this policy setting, you can control the encryption method and strength for drives.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|All drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| -|Conflicts|None| -|When enabled|You can choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives.| -|When disabled or not configured|Beginning with Windows 10, version 1511, BitLocker uses the default encryption method of XTS-AES 128-bit or the encryption method that is specified by the setup script. Windows Phone does not support XTS; it uses AES-CBC 128-bit by default and supports AES-CBC 256-bit by policy.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can control the encryption method and strength for drives.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|All drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| +|**Conflicts**|None| +|**When enabled**|You can choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives.| +|**When disabled or not configured**|Beginning with Windows 10, version 1511, BitLocker uses the default encryption method of XTS-AES 128-bit or the encryption method that is specified by the setup script. Windows Phone does not support XTS; it uses AES-CBC 128-bit by default and supports AES-CBC 256-bit by policy.| **Reference** @@ -633,16 +634,16 @@ When this policy setting is disabled or not configured, BitLocker will use the d This policy controls how BitLocker reacts to systems that are equipped with encrypted drives when they are used as fixed data volumes. Using hardware-based encryption can improve the performance of drive operations that involve frequent reading or writing of data to the drive. -||| -|--- |--- | -|Policy description|With this policy setting, you can manage BitLocker’s use of hardware-based encryption on fixed data drives and to specify which encryption algorithms BitLocker can use with hardware-based encryption.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Fixed data drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| -|Conflicts|None| -|When enabled|You can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption. You can also specify whether you want to restrict the encryption algorithms and cipher suites that are used with hardware-based encryption.| -|When disabled|BitLocker cannot use hardware-based encryption with fixed data drives, and BitLocker software-based encryption is used by default when the drive in encrypted.| -|When not configured|BitLocker software-based encryption is used irrespective of hardware-based encryption ability.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can manage BitLocker’s use of hardware-based encryption on fixed data drives and to specify which encryption algorithms BitLocker can use with hardware-based encryption.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Fixed data drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| +|**Conflicts**|None| +|**When enabled**|You can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption. You can also specify whether you want to restrict the encryption algorithms and cipher suites that are used with hardware-based encryption.| +|**When disabled**|BitLocker cannot use hardware-based encryption with fixed data drives, and BitLocker software-based encryption is used by default when the drive in encrypted.| +|**When not configured**|BitLocker software-based encryption is used irrespective of hardware-based encryption ability.| **Reference** @@ -658,16 +659,16 @@ The encryption algorithm that is used by hardware-based encryption is set when t This policy controls how BitLocker reacts when encrypted drives are used as operating system drives. Using hardware-based encryption can improve the performance of drive operations that involve frequent reading or writing of data to the drive. -||| -|--- |--- | -|Policy description|With this policy setting, you can manage BitLocker’s use of hardware-based encryption on operating system drives and specify which encryption algorithms it can use with hardware-based encryption.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|None| -|When enabled|You can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption. You can also specify whether you want to restrict the encryption algorithms and cipher suites that are used with hardware-based encryption.| -|When disabled|BitLocker cannot use hardware-based encryption with operating system drives, and BitLocker software-based encryption is used by default when the drive in encrypted.| -|When not configured|BitLocker software-based encryption is used irrespective of hardware-based encryption ability.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can manage BitLocker’s use of hardware-based encryption on operating system drives and specify which encryption algorithms it can use with hardware-based encryption.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|None| +|**When enabled**|You can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption. You can also specify whether you want to restrict the encryption algorithms and cipher suites that are used with hardware-based encryption.| +|**When disabled**|BitLocker cannot use hardware-based encryption with operating system drives, and BitLocker software-based encryption is used by default when the drive in encrypted.| +|**When not configured**|BitLocker software-based encryption is used irrespective of hardware-based encryption ability.| **Reference** @@ -685,16 +686,16 @@ The encryption algorithm that is used by hardware-based encryption is set when t This policy controls how BitLocker reacts to encrypted drives when they are used as removable data drives. Using hardware-based encryption can improve the performance of drive operations that involve frequent reading or writing of data to the drive. -||| -|--- |--- | -|Policy description|With this policy setting, you can manage BitLocker’s use of hardware-based encryption on removable data drives and specify which encryption algorithms it can use with hardware-based encryption.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Removable data drive| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| -|Conflicts|None| -|When enabled|You can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption. You can also specify whether you want to restrict the encryption algorithms and cipher suites that are used with hardware-based encryption.| -|When disabled|BitLocker cannot use hardware-based encryption with removable data drives, and BitLocker software-based encryption is used by default when the drive in encrypted.| -|When not configured|BitLocker software-based encryption is used irrespective of hardware-based encryption ability.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can manage BitLocker’s use of hardware-based encryption on removable data drives and specify which encryption algorithms it can use with hardware-based encryption.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Removable data drive| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| +|**Conflicts**|None| +|**When enabled**|You can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption. You can also specify whether you want to restrict the encryption algorithms and cipher suites that are used with hardware-based encryption.| +|**When disabled**|BitLocker cannot use hardware-based encryption with removable data drives, and BitLocker software-based encryption is used by default when the drive in encrypted.| +|**When not configured**|BitLocker software-based encryption is used irrespective of hardware-based encryption ability.| **Reference** @@ -712,15 +713,15 @@ The encryption algorithm that is used by hardware-based encryption is set when t This policy controls whether fixed data drives utilize Used Space Only encryption or Full encryption. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page so no encryption selection displays to the user. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure the encryption type that is used by BitLocker.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Fixed data drive| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| -|Conflicts|None| -|When enabled|This policy defines the encryption type that BitLocker uses to encrypt drives, and the encryption type option is not presented in the BitLocker Setup Wizard.| -|When disabled or not configured|The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure the encryption type that is used by BitLocker.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Fixed data drive| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| +|**Conflicts**|None| +|**When enabled**|This policy defines the encryption type that BitLocker uses to encrypt drives, and the encryption type option is not presented in the BitLocker Setup Wizard.| +|**When disabled or not configured**|The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.| **Reference** @@ -735,15 +736,15 @@ For more information about the tool to manage BitLocker, see [Manage-bde](/windo This policy controls whether operating system drives utilize Full encryption or Used Space Only encryption. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page, so no encryption selection displays to the user. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure the encryption type that is used by BitLocker.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Operating system drive| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|None| -|When enabled|The encryption type that BitLocker uses to encrypt drives is defined by this policy, and the encryption type option is not presented in the BitLocker Setup Wizard.| -|When disabled or not configured|The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure the encryption type that is used by BitLocker.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Operating system drive| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|None| +|**When enabled**|The encryption type that BitLocker uses to encrypt drives is defined by this policy, and the encryption type option is not presented in the BitLocker Setup Wizard.| +|**When disabled or not configured**|The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.| **Reference** @@ -758,15 +759,15 @@ For more information about the tool to manage BitLocker, see [Manage-bde](/windo This policy controls whether fixed data drives utilize Full encryption or Used Space Only encryption. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page, so no encryption selection displays to the user. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure the encryption type that is used by BitLocker.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Removable data drive| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| -|Conflicts|None| -|When enabled|The encryption type that BitLocker uses to encrypt drives is defined by this policy, and the encryption type option is not presented in the BitLocker Setup Wizard.| -|When disabled or not configured|The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure the encryption type that is used by BitLocker.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Removable data drive| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| +|**Conflicts**|None| +|**When enabled**|The encryption type that BitLocker uses to encrypt drives is defined by this policy, and the encryption type option is not presented in the BitLocker Setup Wizard.| +|**When disabled or not configured**|The BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.| **Reference** @@ -781,15 +782,15 @@ For more information about the tool to manage BitLocker, see [Manage-bde](/windo This policy setting is used to configure recovery methods for operating system drives. -||| -|--- |--- | -|Policy description|With this policy setting, you can control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|You must disallow the use of recovery keys if the **Deny write access to removable drives not protected by BitLocker** policy setting is enabled.

When using data recovery agents, you must enable the **Provide the unique identifiers for your organization** policy setting.| -|When enabled|You can control the methods that are available to users to recover data from BitLocker-protected operating system drives.| -|When disabled or not configured|The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|You must disallow the use of recovery keys if the **Deny write access to removable drives not protected by BitLocker** policy setting is enabled.

When using data recovery agents, you must enable the **Provide the unique identifiers for your organization** policy setting.| +|**When enabled**|You can control the methods that are available to users to recover data from BitLocker-protected operating system drives.| +|**When disabled or not configured**|The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.| **Reference** @@ -815,15 +816,15 @@ Select the **Do not enable BitLocker until recovery information is stored in AD This policy setting is used to configure recovery methods for BitLocker-protected drives on computers running Windows Server 2008 or Windows Vista. -||| -|--- |--- | -|Policy description|With this policy setting, you can control whether the BitLocker Setup Wizard can display and specify BitLocker recovery options.| -|Introduced|Windows Server 2008 and Windows Vista| -|Drive type|Operating system drives and fixed data drives on computers running Windows Server 2008 and Windows Vista| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| -|Conflicts|This policy setting provides an administrative method of recovering data that is encrypted by BitLocker to prevent data loss due to lack of key information. If you choose the **Do not allow** option for both user recovery options, you must enable the **Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)** policy setting to prevent a policy error.| -|When enabled|You can configure the options that the Bitlocker Setup Wizard displays to users for recovering BitLocker encrypted data.| -|When disabled or not configured|The BitLocker Setup Wizard presents users with ways to store recovery options.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can control whether the BitLocker Setup Wizard can display and specify BitLocker recovery options.| +|**Introduced**|Windows Server 2008 and Windows Vista| +|**Drive type**|Operating system drives and fixed data drives on computers running Windows Server 2008 and Windows Vista| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| +|**Conflicts**|This policy setting provides an administrative method of recovering data that is encrypted by BitLocker to prevent data loss due to lack of key information. If you choose the **Do not allow** option for both user recovery options, you must enable the **Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)** policy setting to prevent a policy error.| +|**When enabled**|You can configure the options that the Bitlocker Setup Wizard displays to users for recovering BitLocker encrypted data.| +|**When disabled or not configured**|The BitLocker Setup Wizard presents users with ways to store recovery options.| **Reference** @@ -844,15 +845,15 @@ Saving the recovery password to a USB drive stores the 48-digit recovery passwor This policy setting is used to configure the storage of BitLocker recovery information in AD DS. This provides an administrative method of recovering data that is encrypted by BitLocker to prevent data loss due to lack of key information. -||| -|--- |--- | -|Policy description|With this policy setting, you can manage the AD DS backup of BitLocker Drive Encryption recovery information.| -|Introduced|Windows Server 2008 and Windows Vista| -|Drive type|Operating system drives and fixed data drives on computers running Windows Server 2008 and Windows Vista.| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| -|Conflicts|None| -|When enabled|BitLocker recovery information is automatically and silently backed up to AD DS when BitLocker is turned on for a computer.| -|When disabled or not configured|BitLocker recovery information is not backed up to AD DS.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can manage the AD DS backup of BitLocker Drive Encryption recovery information.| +|**Introduced**|Windows Server 2008 and Windows Vista| +|**Drive type**|Operating system drives and fixed data drives on computers running Windows Server 2008 and Windows Vista.| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| +|**Conflicts**|None| +|**When enabled**|BitLocker recovery information is automatically and silently backed up to AD DS when BitLocker is turned on for a computer.| +|**When disabled or not configured**|BitLocker recovery information is not backed up to AD DS.| **Reference** @@ -875,15 +876,15 @@ For more information about this setting, see [TPM Group Policy settings](/window This policy setting is used to configure the default folder for recovery passwords. -||| -|--- |--- | -|Policy description|With this policy setting, you can specify the default path that is displayed when the BitLocker Setup Wizard prompts the user to enter the location of a folder in which to save the recovery password.| -|Introduced|Windows Vista| -|Drive type|All drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| -|Conflicts|None| -|When enabled|You can specify the path that will be used as the default folder location when the user chooses the option to save the recovery password in a folder. You can specify a fully qualified path or include the target computer's environment variables in the path. If the path is not valid, the BitLocker Setup Wizard displays the computer's top-level folder view.| -|When disabled or not configured|The BitLocker Setup Wizard displays the computer's top-level folder view when the user chooses the option to save the recovery password in a folder.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can specify the default path that is displayed when the BitLocker Setup Wizard prompts the user to enter the location of a folder in which to save the recovery password.| +|**Introduced**|Windows Vista| +|**Drive type**|All drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| +|**Conflicts**|None| +|**When enabled**|You can specify the path that will be used as the default folder location when the user chooses the option to save the recovery password in a folder. You can specify a fully qualified path or include the target computer's environment variables in the path. If the path is not valid, the BitLocker Setup Wizard displays the computer's top-level folder view.| +|**When disabled or not configured**|The BitLocker Setup Wizard displays the computer's top-level folder view when the user chooses the option to save the recovery password in a folder.| **Reference** @@ -896,15 +897,15 @@ This policy setting is applied when you turn on BitLocker. This policy setting is used to configure recovery methods for fixed data drives. -||| -|--- |--- | -|Policy description|With this policy setting, you can control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Fixed data drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| -|Conflicts|You must disallow the use of recovery keys if the **Deny write access to removable drives not protected by BitLocker** policy setting is enabled.

When using data recovery agents, you must enable and configure the **Provide the unique identifiers for your organization** policy setting.| -|When enabled|You can control the methods that are available to users to recover data from BitLocker-protected fixed data drives.| -|When disabled or not configured|The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Fixed data drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| +|**Conflicts**|You must disallow the use of recovery keys if the **Deny write access to removable drives not protected by BitLocker** policy setting is enabled.

When using data recovery agents, you must enable and configure the **Provide the unique identifiers for your organization** policy setting.| +|**When enabled**|You can control the methods that are available to users to recover data from BitLocker-protected fixed data drives.| +|**When disabled or not configured**|The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.| **Reference** @@ -930,16 +931,15 @@ Select the **Do not enable BitLocker until recovery information is stored in AD This policy setting is used to configure recovery methods for removable data drives. -||| -|--- |--- | -|Policy description|With this policy setting, you can control how BitLocker-protected removable data drives are recovered in the absence of the required credentials.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Removable data drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| -|Conflicts|You must disallow the use of recovery keys if the **Deny write access to removable drives not protected by BitLocker** policy setting is enabled. -When using data recovery agents, you must enable and configure the **Provide the unique identifiers for your organization** policy setting.| -|When enabled|You can control the methods that are available to users to recover data from BitLocker-protected removable data drives.| -|When disabled or not configured|The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can control how BitLocker-protected removable data drives are recovered in the absence of the required credentials.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Removable data drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| +|**Conflicts**|You must disallow the use of recovery keys if the **Deny write access to removable drives not protected by BitLocker** policy setting is enabled.

When using data recovery agents, you must enable and configure the **Provide the unique identifiers for your organization** policy setting.| +|**When enabled**|You can control the methods that are available to users to recover data from BitLocker-protected removable data drives.| +|**When disabled or not configured**|The default recovery options are supported for BitLocker recovery. By default, a data recovery agent is allowed, the recovery options can be specified by the user (including the recovery password and recovery key), and recovery information is not backed up to AD DS.| **Reference** @@ -962,15 +962,15 @@ Select the **Do not enable BitLocker until recovery information is stored in AD This policy setting is used to configure the entire recovery message and to replace the existing URL that is displayed on the pre-boot recovery screen when the operating system drive is locked. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure the BitLocker recovery screen to display a customized message and URL.| -|Introduced|Windows 10| -|Drive type|Operating system drives| -|Policy path|Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ Configure pre-boot recovery message and URL| -|Conflicts|None| -|When enabled|The customized message and URL are displayed on the pre-boot recovery screen. If you have previously enabled a custom recovery message and URL and want to revert to the default message and URL, you must keep the policy setting enabled and select the **Use default recovery message and URL** option.| -|When disabled or not configured|If the setting has not been previously enabled the default pre-boot recovery screen is displayed for BitLocker recovery. If the setting previously was enabled and is subsequently disabled the last message in Boot Configuration Data (BCD) is displayed whether it was the default recovery message or the custom message.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure the BitLocker recovery screen to display a customized message and URL.| +|**Introduced**|Windows 10| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ Configure pre-boot recovery message and URL| +|**Conflicts**|None| +|**When enabled**|The customized message and URL are displayed on the pre-boot recovery screen. If you have previously enabled a custom recovery message and URL and want to revert to the default message and URL, you must keep the policy setting enabled and select the **Use default recovery message and URL** option.| +|**When disabled or not configured**|If the setting has not been previously enabled the default pre-boot recovery screen is displayed for BitLocker recovery. If the setting previously was enabled and is subsequently disabled the last message in Boot Configuration Data (BCD) is displayed whether it was the default recovery message or the custom message.| **Reference** @@ -992,15 +992,15 @@ Once you enable the setting you have three options: This policy controls how BitLocker-enabled system volumes are handled in conjunction with the Secure Boot feature. Enabling this feature forces Secure Boot validation during the boot process and verifies Boot Configuration Data (BCD) settings according to the Secure Boot policy. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure whether Secure Boot will be allowed as the platform integrity provider for BitLocker operating system drives.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|All drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|If you enable **Allow Secure Boot for integrity validation**, make sure the **Configure TPM platform validation profile for native UEFI firmware configurations** Group Policy setting is not enabled or include PCR 7 to allow BitLocker to use Secure Boot for platform or BCD integrity validation.

For more information about PCR 7, see [Platform Configuration Register (PCR)](#bkmk-pcr) in this topic.| -|When enabled or not configured|BitLocker uses Secure Boot for platform integrity if the platform is capable of Secure Boot-based integrity validation.| -|When disabled|BitLocker uses legacy platform integrity validation, even on systems that are capable of Secure Boot-based integrity validation.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure whether Secure Boot will be allowed as the platform integrity provider for BitLocker operating system drives.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|All drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|If you enable **Allow Secure Boot for integrity validation**, make sure the **Configure TPM platform validation profile for native UEFI firmware configurations** Group Policy setting is not enabled or include PCR 7 to allow BitLocker to use Secure Boot for platform or BCD integrity validation.

For more information about PCR 7, see [Platform Configuration Register (PCR)](#bkmk-pcr) in this topic.| +|**When enabled or not configured**|BitLocker uses Secure Boot for platform integrity if the platform is capable of Secure Boot-based integrity validation.| +|**When disabled**|BitLocker uses legacy platform integrity validation, even on systems that are capable of Secure Boot-based integrity validation.| **Reference** @@ -1014,15 +1014,15 @@ When this policy is enabled and the hardware is capable of using Secure Boot for This policy setting is used to establish an identifier that is applied to all drives that are encrypted in your organization. -||| -|--- |--- | -|Policy description|With this policy setting, you can associate unique organizational identifiers to a new drive that is enabled with BitLocker.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|All drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| -|Conflicts|Identification fields are required to manage certificate-based data recovery agents on BitLocker-protected drives. BitLocker manages and updates certificate-based data recovery agents only when the identification field is present on a drive and it is identical to the value that is configured on the computer.| -|When enabled|You can configure the identification field on the BitLocker-protected drive and any allowed identification field that is used by your organization.| -|When disabled or not configured|The identification field is not required.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can associate unique organizational identifiers to a new drive that is enabled with BitLocker.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|All drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| +|**Conflicts**|Identification fields are required to manage certificate-based data recovery agents on BitLocker-protected drives. BitLocker manages and updates certificate-based data recovery agents only when the identification field is present on a drive and it is identical to the value that is configured on the computer.| +|**When enabled**|You can configure the identification field on the BitLocker-protected drive and any allowed identification field that is used by your organization.| +|**When disabled or not configured**|The identification field is not required.| **Reference** @@ -1044,15 +1044,15 @@ Multiple values separated by commas can be entered in the identification and all This policy setting is used to control whether the computer's memory will be overwritten the next time the computer is restarted. -||| -|--- |--- | -|Policy description|With this policy setting, you can control computer restart performance at the risk of exposing BitLocker secrets.| -|Introduced|Windows Vista| -|Drive type|All drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| -|Conflicts|None| -|When enabled|The computer will not overwrite memory when it restarts. Preventing memory overwrite may improve restart performance, but it increases the risk of exposing BitLocker secrets.| -|When disabled or not configured|BitLocker secrets are removed from memory when the computer restarts.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can control computer restart performance at the risk of exposing BitLocker secrets.| +|**Introduced**|Windows Vista| +|**Drive type**|All drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| +|**Conflicts**|None| +|**When enabled**|The computer will not overwrite memory when it restarts. Preventing memory overwrite may improve restart performance, but it increases the risk of exposing BitLocker secrets.| +|**When disabled or not configured**|BitLocker secrets are removed from memory when the computer restarts.| **Reference** @@ -1062,15 +1062,15 @@ This policy setting is applied when you turn on BitLocker. BitLocker secrets inc This policy setting determines what values the TPM measures when it validates early boot components before it unlocks an operating system drive on a computer with a BIOS configuration or with UEFI firmware that has the Compatibility Support Module (CSM) enabled. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure how the computer's TPM security hardware secures the BitLocker encryption key.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|None| -|When enabled|You can configure the boot components that the TPM validates before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.| -|When disabled or not configured|The TPM uses the default platform validation profile or the platform validation profile that is specified by the setup script.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure how the computer's TPM security hardware secures the BitLocker encryption key.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|None| +|**When enabled**|You can configure the boot components that the TPM validates before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.| +|**When disabled or not configured**|The TPM uses the default platform validation profile or the platform validation profile that is specified by the setup script.| **Reference** @@ -1112,15 +1112,15 @@ The following list identifies all of the PCRs available: This policy setting determines what values the TPM measures when it validates early boot components before unlocking a drive on a computer running Windows Vista, Windows Server 2008, or Windows 7. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure how the computer's TPM security hardware secures the BitLocker encryption key.| -|Introduced|Windows Server 2008 and Windows Vista| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|None| -|When enabled|You can configure the boot components that the TPM validates before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.| -|When disabled or not configured|The TPM uses the default platform validation profile or the platform validation profile that is specified by the setup script.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure how the computer's TPM security hardware secures the BitLocker encryption key.| +|**Introduced**|Windows Server 2008 and Windows Vista| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|None| +|**When enabled**|You can configure the boot components that the TPM validates before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.| +|**When disabled or not configured**|The TPM uses the default platform validation profile or the platform validation profile that is specified by the setup script.| **Reference** @@ -1162,15 +1162,15 @@ The following list identifies all of the PCRs available: This policy setting determines what values the TPM measures when it validates early boot components before unlocking an operating system drive on a computer with native UEFI firmware configurations. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|Setting this policy with PCR 7 omitted, overrides the **Allow Secure Boot for integrity validation** Group Policy setting, and it prevents BitLocker from using Secure Boot for platform or Boot Configuration Data (BCD) integrity validation,

If your environments use TPM and Secure Boot for platform integrity checks, this policy should not be configured.

For more information about PCR 7, see [Platform Configuration Register (PCR)](#bkmk-pcr) in this topic.| -|When enabled|Before you turn on BitLocker, you can configure the boot components that the TPM validates before it unlocks access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.| -|When disabled or not configured|BitLocker uses the default platform validation profile or the platform validation profile that is specified by the setup script.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|Setting this policy with PCR 7 omitted, overrides the **Allow Secure Boot for integrity validation** Group Policy setting, and it prevents BitLocker from using Secure Boot for platform or Boot Configuration Data (BCD) integrity validation.

If your environments use TPM and Secure Boot for platform integrity checks, this policy should not be configured.

For more information about PCR 7, see [Platform Configuration Register (PCR)](#bkmk-pcr) in this topic.| +|**When enabled**|Before you turn on BitLocker, you can configure the boot components that the TPM validates before it unlocks access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive.| +|**When disabled or not configured**|BitLocker uses the default platform validation profile or the platform validation profile that is specified by the setup script.| **Reference** @@ -1210,16 +1210,16 @@ The following list identifies all of the PCRs available: This policy setting determines if you want platform validation data to refresh when Windows is started following a BitLocker recovery. A platform validation data profile consists of the values in a set of Platform Configuration Register (PCR) indices that range from 0 to 23. -||| -|--- |--- | -|Policy description|With this policy setting, you can control whether platform validation data is refreshed when Windows is started following a BitLocker recovery.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|None| -|When enabled|Platform validation data is refreshed when Windows is started following a BitLocker recovery.| -|When disabled|Platform validation data is not refreshed when Windows is started following a BitLocker recovery.| -|When not configured|Platform validation data is refreshed when Windows is started following a BitLocker recovery.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can control whether platform validation data is refreshed when Windows is started following a BitLocker recovery.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|None| +|**When enabled**|Platform validation data is refreshed when Windows is started following a BitLocker recovery.| +|**When disabled**|Platform validation data is not refreshed when Windows is started following a BitLocker recovery.| +|**When not configured**|Platform validation data is refreshed when Windows is started following a BitLocker recovery.| **Reference** @@ -1229,16 +1229,16 @@ For more information about the recovery process, see the [BitLocker recovery gui This policy setting determines specific Boot Configuration Data (BCD) settings to verify during platform validation. A platform validation uses the data in the platform validation profile, which consists of a set of Platform Configuration Register (PCR) indices that range from 0 to 23. -||| -|--- |--- | -|Policy description|With this policy setting, you can specify Boot Configuration Data (BCD) settings to verify during platform validation.| -|Introduced|Windows Server 2012 and Windows 8| -|Drive type|Operating system drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| -|Conflicts|When BitLocker is using Secure Boot for platform and Boot Configuration Data integrity validation, the **Use enhanced Boot Configuration Data validation profile** Group Policy setting is ignored (as defined by the **Allow Secure Boot for integrity validation** Group Policy setting).| -|When enabled|You can add additional BCD settings, exclude the BCD settings you specify, or combine inclusion and exclusion lists to create a customized BCD validation profile, which gives you the ability to verify those BCD settings.| -|When disabled|The computer reverts to a BCD profile validation similar to the default BCD profile that is used by Windows 7.| -|When not configured|The computer verifies the default BCD settings in Windows.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can specify Boot Configuration Data (BCD) settings to verify during platform validation.| +|**Introduced**|Windows Server 2012 and Windows 8| +|**Drive type**|Operating system drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +|**Conflicts**|When BitLocker is using Secure Boot for platform and Boot Configuration Data integrity validation, the **Use enhanced Boot Configuration Data validation profile** Group Policy setting is ignored (as defined by the **Allow Secure Boot for integrity validation** Group Policy setting).| +|**When enabled**|You can add additional BCD settings, exclude the BCD settings you specify, or combine inclusion and exclusion lists to create a customized BCD validation profile, which gives you the ability to verify those BCD settings.| +|**When disabled**|The computer reverts to a BCD profile validation similar to the default BCD profile that is used by Windows 7.| +|**When not configured**|The computer verifies the default BCD settings in Windows.| **Reference** @@ -1249,15 +1249,15 @@ This policy setting determines specific Boot Configuration Data (BCD) settings t This policy setting is used to control whether access to drives is allowed by using the BitLocker To Go Reader, and if the application is installed on the drive. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure whether fixed data drives that are formatted with the FAT file system can be unlocked and viewed on computers running Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2).| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Fixed data drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| -|Conflicts|None| -|When enabled and When not configured|Fixed data drives that are formatted with the FAT file system can be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have Read-only access to BitLocker-protected drives.| -|When disabled|Fixed data drives that are formatted with the FAT file system and are BitLocker-protected cannot be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2. BitLocker To Go Reader (bitlockertogo.exe) is not installed.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure whether fixed data drives that are formatted with the FAT file system can be unlocked and viewed on computers running Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2).| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Fixed data drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives| +|**Conflicts**|None| +|**When enabled and When not configured**|Fixed data drives that are formatted with the FAT file system can be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have Read-only access to BitLocker-protected drives.| +|**When disabled**|Fixed data drives that are formatted with the FAT file system and are BitLocker-protected cannot be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2. BitLocker To Go Reader (bitlockertogo.exe) is not installed.| **Reference** @@ -1270,15 +1270,15 @@ When this policy setting is enabled, select the **Do not install BitLocker To Go This policy setting controls access to removable data drives that are using the BitLocker To Go Reader and whether the BitLocker To Go Reader can be installed on the drive. -||| -|--- |--- | -|Policy description|With this policy setting, you can configure whether removable data drives that are formatted with the FAT file system can be unlocked and viewed on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2.| -|Introduced|Windows Server 2008 R2 and Windows 7| -|Drive type|Removable data drives| -|Policy path|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| -|Conflicts|None| -|When enabled and When not configured|Removable data drives that are formatted with the FAT file system can be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have Read-only access to BitLocker-protected drives.| -|When disabled|Removable data drives that are formatted with the FAT file system that are BitLocker-protected cannot be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2. BitLocker To Go Reader (bitlockertogo.exe) is not installed.| +| |   | +|:---|:---| +|**Policy description**|With this policy setting, you can configure whether removable data drives that are formatted with the FAT file system can be unlocked and viewed on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2.| +|**Introduced**|Windows Server 2008 R2 and Windows 7| +|**Drive type**|Removable data drives| +|**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives| +|**Conflicts**|None| +|**When enabled and When not configured**|Removable data drives that are formatted with the FAT file system can be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have Read-only access to BitLocker-protected drives.| +|**When disabled**|Removable data drives that are formatted with the FAT file system that are BitLocker-protected cannot be unlocked on computers running Windows Vista, Windows XP with SP3, or Windows XP with SP2. BitLocker To Go Reader (bitlockertogo.exe) is not installed.| **Reference** @@ -1291,15 +1291,15 @@ When this policy setting is enabled, select the **Do not install BitLocker To Go You can configure the Federal Information Processing Standard (FIPS) setting for FIPS compliance. As an effect of FIPS compliance, users cannot create or save a BitLocker password for recovery or as a key protector. The use of a recovery key is permitted. -||| -|--- |--- | -|Policy description|Notes| -|Introduced|Windows Server 2003 with SP1| -|Drive type|System-wide| -|Policy path|Local Policies\Security Options\System cryptography: **Use FIPS compliant algorithms for encryption, hashing, and signing**| -|Conflicts|Some applications, such as Terminal Services, do not support FIPS-140 on all operating systems.| -|When enabled|Users will be unable to save a recovery password to any location. This includes AD DS and network folders. In addition, you cannot use WMI or the BitLocker Drive Encryption Setup wizard to create a recovery password.| -|When disabled or not configured|No BitLocker encryption key is generated| +| |   | +|:---|:---| +|**Policy description**|Notes| +|**Introduced**|Windows Server 2003 with SP1| +|**Drive type**|System-wide| +|**Policy path**|Local Policies\Security Options\System cryptography: **Use FIPS compliant algorithms for encryption, hashing, and signing**| +|**Conflicts**|Some applications, such as Terminal Services, do not support FIPS-140 on all operating systems.| +|**When enabled**|Users will be unable to save a recovery password to any location. This includes AD DS and network folders. In addition, you cannot use WMI or the BitLocker Drive Encryption Setup wizard to create a recovery password.| +|**When disabled or not configured**|No BitLocker encryption key is generated| **Reference** diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 3261c5f549..5bbb8174ec 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -14,12 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 11/29/2018 --- # Trusted Platform Module Technology Overview **Applies to** +- Windows 11 - Windows 10 - Windows Server 2016 - Windows Server 2019 @@ -28,7 +28,7 @@ This topic for the IT professional describes the Trusted Platform Module (TPM) a ## Feature description -Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can: +[Trusted Platform Module (TPM)](/windows/security/information-protection/tpm/trusted-platform-module-top-node) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can: - Generate, store, and limit the use of cryptographic keys. @@ -54,13 +54,13 @@ Certificates can be installed or created on computers that are using the TPM. Af Automated provisioning in the TPM reduces the cost of TPM deployment in an enterprise. New APIs for TPM management can determine if TPM provisioning actions require physical presence of a service technician to approve TPM state change requests during the boot process. -Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry. +Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 and later editions or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry. The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md). ## New and changed functionality -For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module). +For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module) ## Device health attestation @@ -75,14 +75,14 @@ Some things that you can check on the device are: - Is SecureBoot supported and enabled? > [!NOTE] -> Windows 10, Windows Server 2016 and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected. +> Windows 11, Windows 10, Windows Server 2016, and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected. ## Supported versions for device health attestation -| TPM version | Windows 10 | Windows Server 2016 | Windows Server 2019 | -|-------------|-------------|---------------------|---------------------| -| TPM 1.2 | >= ver 1607 | >= ver 1607 | Yes | -| TPM 2.0 | Yes | Yes | Yes | +| TPM version | Windows 11 | Windows 10 | Windows Server 2016 | Windows Server 2019 | +|-------------|-------------|-------------|---------------------|---------------------| +| TPM 1.2 | | >= ver 1607 | >= ver 1607 | Yes | +| TPM 2.0 | Yes | Yes | Yes | Yes | ## Related topics diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 429cc12f93..1ede3ef4ed 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -17,7 +17,8 @@ ms.technology: mde # Enable virtualization-based protection of code integrity -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559) +**Applies to** +- Windows 10 This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10. Some applications, including device drivers, may be incompatible with HVCI. diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md index 21b9780bc2..4065b2122a 100644 --- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md @@ -18,7 +18,8 @@ ms.technology: mde # Baseline protections and additional qualifications for virtualization-based protection of code integrity -**Applies to** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559) +**Applies to** +- Windows 10 Computers must meet certain hardware, firmware, and software requirements in order to take advantage of all of the virtualization-based security (VBS) features in [Windows Defender Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md). Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats. diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md index 593984f0dc..d2ee8b1f7a 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md @@ -19,7 +19,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/) +- Windows 10 Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a Group Policy Object, which is linked to a domain, and then apply all those settings to every endpoint in the domain. diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml index 7a2cd61939..9ad53a26f5 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml @@ -17,7 +17,7 @@ metadata: title: Frequently asked questions - Microsoft Defender Application Guard summary: | - **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559) + This article lists frequently asked questions with answers for Microsoft Defender Application Guard (Application Guard). Questions span features, integration with the Windows operating system, and general configuration. diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index f3cbd518da..994ade09de 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -18,7 +18,7 @@ ms.technology: mde # Prepare to install Microsoft Defender Application Guard **Applies to:** -- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/) +- - Windows 10 ## Review system requirements diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 83850f5a21..de798293db 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -17,7 +17,8 @@ ms.technology: mde # Microsoft Defender Application Guard overview -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559) +**Applies to** +- Windows 10 Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md index a54f8667cd..fb162b5632 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md @@ -1,5 +1,5 @@ --- -title: System requirements for Microsoft Defender Application Guard (Windows 10) +title: System requirements for Microsoft Defender Application Guard description: Learn about the system requirements for installing and running Microsoft Defender Application Guard. ms.prod: m365-security ms.mktglfcycl: manage @@ -17,7 +17,8 @@ ms.technology: mde # System requirements for Microsoft Defender Application Guard -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559) +**Applies to** +- Windows 10 The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive. diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md index 9baa7baa78..74525211f8 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md @@ -19,7 +19,7 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/) +- Windows 10 We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization. diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index 2a578d07ab..2ec5067168 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -45,7 +45,7 @@ The Security Compliance Toolkit consists of: - Microsoft 365 Apps for enterprise, Version 2104 - Microsoft Edge security baseline - - Version 88 + - Version 92 - Windows Update security baseline - Windows 10 20H2 and below (October 2020 Update) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md index 4df87c418a..be2c2f115a 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 08/16/2021 ms.technology: mde --- @@ -35,7 +35,7 @@ This policy setting is dependent on the **Account lockout threshold** policy set - A user-defined number of minutes from 0 through 99,999 - Not defined -If [Account lockout threshold](account-lockout-threshold.md) is configured, after the specified number of failed attempts, the account will be locked out. If th **Account lockout duration** is set to 0, the account will remain locked until an administrator unlocks it manually. +If [Account lockout threshold](account-lockout-threshold.md) is configured, after the specified number of failed attempts, the account will be locked out. If the **Account lockout duration** is set to 0, the account will remain locked until an administrator unlocks it manually. It is advisable to set **Account lockout duration** to approximately 15 minutes. To specify that the account will never be locked out, set the **Account lockout threshold** value to 0. diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md index 7f98409069..66c3926643 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md @@ -89,12 +89,12 @@ Administrators can test whether applying the same restriction earlier versions o In other words, the hotfix in each KB article provides the necessary code and functionality, but you need to configure the restriction after you install the hotfix—no restrictions are enabled by default after the hotfix is installed on earlier versions of Windows. -| |Default SDDL |Translated SDDL| Comments +| |Default SDDL |Translated SDDL| Comments | |---|---|---|---| -|Windows Server 2016 (or later) domain controller (reading Active Directory)|“”|-|Everyone has read permissions to preserve compatibility.| -|Earlier domain controller |-|-|No access check is performed by default.| -|Windows 10, version 1607 (or later) non-domain controller|O:SYG:SYD:(A;;RC;;;BA)| Owner: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18)
Primary group: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18)
DACL:
• Revision: 0x02
• Size: 0x0020
• Ace Count: 0x001
• Ace[00]-------------------------
  AceType:0x00
  (ACCESS\_ALLOWED_ACE_TYPE)
  AceSize:0x0018
  InheritFlags:0x00
  Access Mask:0x00020000
  AceSid: BUILTIN\Administrators (Alias) (S-1-5-32-544)

  SACL: Not present |Grants RC access (READ_CONTROL, also known as STANDARD_RIGHTS_READ) only to members of the local (built-in) Administrators group. | -|Earlier non-domain controller |-|-|No access check is performed by default.| +|**Windows Server 2016 (or later) domain controller (reading Active Directory)**|“”|-|Everyone has read permissions to preserve compatibility.| +|**Earlier domain controller** |-|-|No access check is performed by default.| +|**Windows 10, version 1607 (or later) non-domain controller**|O:SYG:SYD:(A;;RC;;;BA)| Owner: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18)
Primary group: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18)
DACL:
• Revision: 0x02
• Size: 0x0020
• Ace Count: 0x001
• Ace[00]-------------------------
  AceType:0x00
  (ACCESS\_ALLOWED_ACE_TYPE)
  AceSize:0x0018
  InheritFlags:0x00
  Access Mask:0x00020000
  AceSid: BUILTIN\Administrators (Alias) (S-1-5-32-544)

  SACL: Not present |Grants RC access (READ_CONTROL, also known as STANDARD_RIGHTS_READ) only to members of the local (built-in) Administrators group. | +|**Earlier non-domain controller** |-|-|No access check is performed by default.| ## Policy management diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md index 5028f2de9f..15639fd8d3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -14,7 +14,7 @@ author: jsuther1974 ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.date: 07/15/2021 +ms.date: 08/10/2021 ms.technology: mde --- @@ -93,27 +93,86 @@ Currently, neither the AppLocker policy creation UI in GPO Editor nor the PowerS ``` -An example of a valid Managed Installer rule collection using Microsoft Endpoint Config Manager (MEMCM) is shown below. +An example of a valid Managed Installer rule collection, using Microsoft Endpoint Config Manager (MEMCM), MEM (Intune), Powershell, and PowerShell ISE, is shown below. Remove any rules that you do not wish to designate as a Managed Installer. ```xml - - + + + + - - + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + + + ``` - ### Enable service enforcement in AppLocker policy Since many installation processes rely on services, it is typically necessary to enable tracking of services. @@ -214,3 +273,32 @@ Ea Value Length: 7e ## Enabling managed installer logging events Refer to [Understanding Application Control Events](event-id-explanations.md#optional-intelligent-security-graph-isg-or-managed-installer-mi-diagnostic-events) for information on enabling optional managed installer diagnostic events. + +## Deploying the Managed Installer rule collection + +Once you've completed configuring your chosen Managed Installer, by specifying which option to use in the AppLocker policy, enabling the service enforcement of it, and by enabling the Managed Installer option in a WDAC policy, you'll need to deploy it. + +1. Use the following command to deploy the policy. + ```powershell + $policyFile= + @" + Raw_AppLocker_Policy_XML + "@ + Set-AppLockerPolicy -XmlPolicy $policyFile -Merge -ErrorAction SilentlyContinue + ``` + +2. Verify Deployment of the ruleset was successful + ```powershell + Get-AppLockerPolicy -Local + + Version RuleCollections RuleCollectionTypes + ------- --------------- ------------------- + 1 {0, 0, 0, 0...} {Appx, Dll, Exe, ManagedInstaller...} + ``` + Verify the output shows the ManagedInstaller rule set. + +3. Get the policy XML (optional) using PowerShell: + ```powershell + Get-AppLockerPolicy -Effective -Xml -ErrorVariable ev -ErrorAction SilentlyContinue + ``` + This command will show the raw XML to verify the individual rules that were set. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md index d9a41c8eff..f8b093734a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md @@ -45,7 +45,7 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind | 8028 | Audit script/MSI file generated by Windows LockDown Policy (WLDP) being called by the script hosts themselves. Note: there is no WDAC enforcement on third-party script hosts. | | 8029 | Block script/MSI file | | 8036| COM object was blocked. To learn more about COM object authorization, see [Allow COM object registration in a Windows Defender Application Control policy](allow-com-object-registration-in-windows-defender-application-control-policy.md). | -| 8038 | Signing information event correlated with either an 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files will generate a single 8038 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". | | +| 8038 | Signing information event correlated with either an 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files will generate a single 8038 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". | ## Optional Intelligent Security Graph (ISG) or Managed Installer (MI) diagnostic events @@ -117,7 +117,7 @@ A list of other relevant event IDs and their corresponding description. | Event ID | Description | |-------|------| -| 3001 | An unsigned driver was attempted to load on the system. | +| 3001 | An unsigned driver was attempted to load on the system. | | 3002 | Code Integrity could not verify the boot image as the page hash could not be found. | | 3004 | Code Integrity could not verify the file as the page hash could not be found. | | 3010 | The catalog containing the signature for the file under validation is invalid. | @@ -127,27 +127,27 @@ A list of other relevant event IDs and their corresponding description. | 3024 | Windows application control was unable to refresh the boot catalog file. | | 3026 | The catalog loaded is signed by a signing certificate that has been revoked by Microsoft and/or the certificate issuing authority. | | 3033 | The file under validation did not meet the requirements to pass the application control policy. | -| 3034 | The file under validation would not meet the requirements to pass the application control policy if the policy was enforced. The file was allowed since the policy is in audit mode. |  +| 3034 | The file under validation would not meet the requirements to pass the application control policy if the policy was enforced. The file was allowed since the policy is in audit mode. | | 3036 | The signed file under validation is signed by a code signing certificate that has been revoked by Microsoft or the certificate issuing authority. | -| 3064 | If the policy was enforced, a user mode DLL under validation would not meet the requirements to pass the application control policy. The DLL was allowed since the policy is in audit mode. |  -| 3065 | [Ignored] If the policy was enforced, a user mode DLL under validation would not meet the requirements to pass the application control policy. | +| 3064 | If the policy was enforced, a user mode DLL under validation would not meet the requirements to pass the application control policy. The DLL was allowed since the policy is in audit mode. | +| 3065 | [Ignored] If the policy was enforced, a user mode DLL under validation would not meet the requirements to pass the application control policy. | | 3074 | Page hash failure while hypervisor-protected code integrity was enabled. | | 3075 | This event monitors the performance of the Code Integrity policy check a file. | | 3079 | The file under validation did not meet the requirements to pass the application control policy. | | 3080 | If the policy was in enforced mode, the file under validation would not have met the requirements to pass the application control policy. | | 3081 | The file under validation did not meet the requirements to pass the application control policy. | -| 3082 | If the policy was in enforced mode, the non-WHQL driver would have been denied by the policy. | +| 3082 | If the policy was in enforced mode, the non-WHQL driver would have been denied by the policy. | | 3084 | Code Integrity will enforce the WHQL Required policy setting on this session. | | 3085 | Code Integrity will not enforce the WHQL Required policy setting on this session. | | 3086 | The file under validation does not meet the signing requirements for an isolated user mode (IUM) process. | -| 3095 | This Code Integrity policy cannot be refreshed and must be rebooted instead. | -| 3097 | The Code Integrity policy cannot be refreshed. | +| 3095 | This Code Integrity policy cannot be refreshed and must be rebooted instead. | +| 3097 | The Code Integrity policy cannot be refreshed. | | 3100 | The application control policy was refreshed but was unsuccessfully activated. Retry. | -| 3101 | Code Integrity started refreshing the policy. | -| 3102 | Code Integrity finished refreshing the policy. | -| 3103 | Code Integrity is ignoring the policy refresh. | -| 3104 | The file under validation does not meet the signing requirements for a PPL (protected process light) process. | -| 3105 | Code Integrity is attempting to refresh the policy. | +| 3101 | Code Integrity started refreshing the policy. | +| 3102 | Code Integrity finished refreshing the policy. | +| 3103 | Code Integrity is ignoring the policy refresh. | +| 3104 | The file under validation does not meet the signing requirements for a PPL (protected process light) process. | +| 3105 | Code Integrity is attempting to refresh the policy. | | 3108 | Windows mode change event was successful. | | 3110 | Windows mode change event was unsuccessful. | -| 3111 | The file under validation did not meet the hypervisor-protected code integrity (HVCI) policy. | +| 3111 | The file under validation did not meet the hypervisor-protected code integrity (HVCI) policy. | diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index d409657e10..f85b75d3ad 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -24,15 +24,15 @@ ms.date: - Windows 10 - Windows Server 2016 and above -Microsoft has strict requirements for code running in kernel. Consequently, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they are patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy which is applied to the following sets of devices: +Microsoft has strict requirements for code running in kernel. Consequently, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy, which is applied to the following sets of devices: - Hypervisor-protected code integrity (HVCI) enabled devices - Windows 10 in S mode (S mode) devices -Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It is recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events. +Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events. > [!Note] -> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. It is recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode. +> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. It's recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode. ```xml @@ -55,8 +55,6 @@ Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security - - @@ -315,7 +313,6 @@ Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security - @@ -425,7 +422,6 @@ Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security - diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index 5392e5253b..9ffbd067e1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -14,7 +14,7 @@ audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 ms.reviewer: isbrahm -ms.date: 05/03/2018 +ms.date: 08/12/2021 ms.technology: mde --- @@ -38,7 +38,7 @@ For example, to create a WDAC policy allowing **addin1.dll** and **addin2.dll** ```powershell $rule = New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' -$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' +$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin2.dll' -Level FileName -AppID '.\ERP2.exe' New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs ``` diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index 9ed555e0c8..78d50e3732 100644 --- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 05/25/2017 +ms.date: 08/16/2021 ms.technology: mde --- @@ -40,17 +40,15 @@ First, create the WMI filter and configure it to look for a specified version (o 1. Open the Group Policy Management console. -2. In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, and then click **WMI Filters**. +2. In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, and then select **WMI Filters**. -3. Click **Action**, and then click **New**. +3. Select **Action**, and then select **New**. -4. In the **Name** text box, type the name of the WMI filter. - - >**Note:**  Be sure to use a name that clearly indicates the purpose of the filter. Check to see if your organization has a naming convention. +4. In the **Name** text box, type the name of the WMI filter. Be sure to use a name that clearly indicates the purpose of the filter. Check to see if your organization has a naming convention. 5. In the **Description** text box, type a description for the WMI filter. For example, if the filter excludes domain controllers, you might consider stating that in the description. -6. Click **Add**. +6. Select **Add**. 7. Leave the **Namespace** value set to **root\\CIMv2**. @@ -66,7 +64,7 @@ First, create the WMI filter and configure it to look for a specified version (o ... where Version like "6.1%" or Version like "6.2%" ``` - To restrict the query to only clients or only servers, add a clause that includes the ProductType parameter. To filter for client operating systems only, such as Windows 8 or Windows 7, use only ProductType="1". For server operating systems that are not domain controllers, use ProductType="3". For domain controllers only, use ProductType="2". This is a useful distinction, because you often want to prevent your GPOs from being applied to the domain controllers on your network. + To restrict the query to only clients or only servers, add a clause that includes the ProductType parameter. To filter for client operating systems only, such as Windows 8 or Windows 7, use only ProductType="1". For server operating systems that are not domain controllers and for Windows 10 multi-session, use ProductType="3". For domain controllers only, use ProductType="2". This is a useful distinction, because you often want to prevent your GPOs from being applied to the domain controllers on your network. The following clause returns **true** for all devices that are not domain controllers: @@ -92,9 +90,9 @@ First, create the WMI filter and configure it to look for a specified version (o select * from Win32_OperatingSystem where Version like "10.%" and ProductType="3" ``` -9. Click **OK** to save the query to the filter. +9. Select **OK** to save the query to the filter. -10. Click **Save** to save your completed filter. +10. Select **Save** to save your completed filter. > [!NOTE] > If you're using multiple queries in the same WMI filter, these queries must all return **TRUE** for the filter requirements to be met and for the GPO to be applied. @@ -105,8 +103,8 @@ After you have created a filter with the correct query, link the filter to the G 1. Open the Group Policy Management console. -2. In the navigation pane, find and then click the GPO that you want to modify. +2. In the navigation pane, find and then select the GPO that you want to modify. 3. Under **WMI Filtering**, select the correct WMI filter from the list. -4. Click **Yes** to accept the filter. \ No newline at end of file +4. Select **Yes** to accept the filter. diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md index 5af0900b7e..2aebecdb11 100644 --- a/windows/whats-new/windows-11-plan.md +++ b/windows/whats-new/windows-11-plan.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.author: greglin -ms.date: 06/24/2021 +ms.date: 08/18/2021 ms.reviewer: manager: laurawi ms.localizationpriority: high @@ -39,7 +39,7 @@ If you are looking for ways to optimize your approach to deploying Windows 11, o As a first step, you will need to know which of your current devices meet the Windows 11 hardware requirements. Most devices purchased in the last 18-24 months will be compatible with Windows 11. Verify that your device meets or exceeds [Windows 11 requirements](windows-11-requirements.md) to ensure it is compatible. -Microsoft is currently developing analysis tools to help you evaluate your devices against the Windows 11 hardware requirements. When Windows 11 reaches general availability, end-users running Windows 10 Home, Pro, and Pro for Workstations will be able to use the **PC Health Check** app to determine their eligibility for Windows 11. End-users running Windows 10 Enterprise and Education editions should rely on their IT administrators to let them know when they are eligible for the upgrade.  +Microsoft is currently developing analysis tools to help you evaluate your devices against the Windows 11 hardware requirements. When Windows 11 reaches general availability, end-users running Windows 10 Home, Pro, and Pro for Workstations will be able to use the [PC Health Check](https://www.microsoft.com/windows/windows-11#pchealthcheck) app to determine their eligibility for Windows 11. End-users running Windows 10 Enterprise and Education editions should rely on their IT administrators to let them know when they are eligible for the upgrade.  Enterprise organizations looking to evaluate device readiness in their environments can expect this capability to be integrated into existing Microsoft tools, such as Endpoint analytics and Update Compliance. This capability will be available when Windows 11 is generally available. Microsoft is also working with software publishing partners to facilitate adding Windows 11 device support into their solutions.