Merge remote-tracking branch 'refs/remotes/origin/master' into atp-powerbi

2025-05-16 07:17:24 +00:00 · 2017-08-09 12:50:02 -07:00 · 2017-08-09 12:50:02 -07:00 · 891baf3009
commit 891baf3009
parent 661df57950 11c7c951f6
70 changed files with 498 additions and 180 deletions
--- a/windows/access-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/access-protection/credential-guard/credential-guard-known-issues.md
@ -33,25 +33,13 @@ The following known issues have been fixed by servicing releases made available
    - Windows 10 Version 1511: [KB4015219 (OS Build 10586.873)](https://support.microsoft.com/help/4015219)
    - Windows 10 Version 1507: [KB4015221 (OS Build 10240.17354)](https://support.microsoft.com/help/4015221)

+## Known issues involving third-party applications

+The following issue affects the Java GSS API. See the following Oracle bug database article: 

+-	[JDK-8161921: Windows 10 Credential Guard does not allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921)

-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+When Credential Guard is enabled on Windows 10, the Java GSS API will not authenticate. This is expected behavior because Credential Guard blocks specific application authentication capabilities and will not provide the TGT session key to applications regardless of registry key settings. For further information see [Application requirements](https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements).


 The following issue affects Cisco AnyConnect Secure Mobility Client:
--- a/windows/client-management/mdm/enterprisedataprotection-csp.md
+++ b/windows/client-management/mdm/enterprisedataprotection-csp.md
@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 08/09/2017
 ---

 # EnterpriseDataProtection CSP
@ -44,8 +44,8 @@ The following diagram shows the EnterpriseDataProtection CSP in tree format.

 -   0 (default) – Off / No protection (decrypts previously protected data).
 -   1 – Silent mode (encrypt and audit only).
-   2 – Override mode (encrypt, prompt, and audit).
-   3 – Block mode (encrypt, block, and audit).
+-   2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
+-   3 – Hides overrides (encrypt, prompt but hide overrides, and audit).

 <p style="margin-left: 20px">Supported operations are Add, Get, Replace and Delete. Value type is integer.

--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@ -1322,6 +1322,16 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <td style="vertical-align:top">[CM\_CellularEntries CSP](cm-cellularentries-csp.md)</td>
 <td style="vertical-align:top"><p>Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.</p>
 </td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)</td>
+<td style="vertical-align:top"><p>Updated the Settings/EDPEnforcementLevel values to the following:</p>
+<ul>
+<li> 0 (default) – Off / No protection (decrypts previously protected data).</li>
+<li>  1 – Silent mode (encrypt and audit only).</li>
+<li>  2 – Allow override mode (encrypt, prompt and allow overrides, and audit).</li>
+<li>  3 – Hides overrides (encrypt, prompt but hide overrides, and audit).</li>
+</ul>
+</td></tr>
 <tr class="even">
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
 <td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - AboveLock
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Accounts
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - ActiveXControls
@ -66,6 +66,7 @@ Note: Wild card characters cannot be used when specifying the host URLs.
 ADMX Info:  
 -   GP english name: *Approved Installation Sites for ActiveX Controls*
 -   GP name: *ApprovedActiveXInstallSites*
+-   GP path: *Windows Components/ActiveX Installer Service*
 -   GP ADMX file name: *ActiveXInstallService.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - ApplicationDefaults
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - ApplicationManagement
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - AppVirtualization
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - AttachmentManager
@ -66,6 +66,7 @@ If you do not configure this policy setting, Windows marks file attachments with
 ADMX Info:  
 -   GP english name: *Do not preserve zone information in file attachments*
 -   GP name: *AM_MarkZoneOnSavedAtttachments*
+-   GP path: *Windows Components/Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*

 <!--EndADMX-->
@ -117,6 +118,7 @@ If you do not configure this policy setting, Windows hides the check box and Unb
 ADMX Info:  
 -   GP english name: *Hide mechanisms to remove zone information*
 -   GP name: *AM_RemoveZoneInfo*
+-   GP path: *Windows Components/Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*

 <!--EndADMX-->
@ -168,6 +170,7 @@ If you do not configure this policy setting, Windows does not call the registere
 ADMX Info:  
 -   GP english name: *Notify antivirus programs when opening attachments*
 -   GP name: *AM_CallIOfficeAntiVirus*
+-   GP path: *Windows Components/Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Authentication
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Autoplay
@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, AutoPlay is enabled for
 ADMX Info:  
 -   GP english name: *Disallow Autoplay for non-volume devices*
 -   GP name: *NoAutoplayfornonVolume*
+-   GP path: *Windows Components/AutoPlay Policies*
 -   GP ADMX file name: *AutoPlay.admx*

 <!--EndADMX-->
@ -122,6 +123,7 @@ If you disable or not configure this policy setting, Windows Vista or later will
 ADMX Info:  
 -   GP english name: *Set the default behavior for AutoRun*
 -   GP name: *NoAutorun*
+-   GP path: *Windows Components/AutoPlay Policies*
 -   GP ADMX file name: *AutoPlay.admx*

 <!--EndADMX-->
@ -181,6 +183,7 @@ Note: This policy setting appears in both the Computer Configuration and User Co
 ADMX Info:  
 -   GP english name: *Turn off Autoplay*
 -   GP name: *Autorun*
+-   GP path: *Windows Components/AutoPlay Policies*
 -   GP ADMX file name: *AutoPlay.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Bitlocker
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Bluetooth
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Browser
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Camera
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Cellular
@ -58,6 +58,7 @@ ms.date: 07/14/2017
 ADMX Info:  
 -   GP english name: *Set Per-App Cellular Access UI Visibility*
 -   GP name: *ShowAppCellularAccessUI*
+-   GP path: *Network/WWAN Service/WWAN UI Settings*
 -   GP ADMX file name: *wwansvc.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Connectivity
@ -521,6 +521,7 @@ If you enable this policy, Windows only allows access to the specified UNC paths
 ADMX Info:  
 -   GP english name: *Hardened UNC Paths*
 -   GP name: *Pol_HardenedPaths*
+-   GP path: *Network/Network Provider*
 -   GP ADMX file name: *networkprovider.admx*

 <!--EndADMX-->
@ -564,6 +565,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Prohibit installation and configuration of Network Bridge on your DNS domain network*
 -   GP name: *NC_AllowNetBridge_NLA*
+-   GP path: *Network/Network Connections*
 -   GP ADMX file name: *NetworkConnections.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - CredentialProviders
@ -155,7 +155,7 @@ Added in Windows 10, version 1709. Boolean policy to disable the visibility of t
 The Windows 10 Automatic ReDeployment feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students.

 - 0 - Enable the visibility of the credentials for Windows 10 Automatic ReDeployment
- 1 - Disable visibility of the credentials for Windows 10 Automatic ReDeployment 
+- 1 - Disable visibility of the credentials for Windows 10 Automatic ReDeployment

 <!--EndDescription-->
 <!--EndPolicy-->
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - CredentialsUI
@ -68,6 +68,7 @@ The policy applies to all Windows components and applications that use the Windo
 ADMX Info:  
 -   GP english name: *Do not display the password reveal button*
 -   GP name: *DisablePasswordReveal*
+-   GP path: *Windows Components/Credential User Interface*
 -   GP ADMX file name: *credui.admx*

 <!--EndADMX-->
@ -117,6 +118,7 @@ If you disable this policy setting, users will always be required to type a user
 ADMX Info:  
 -   GP english name: *Enumerate administrator accounts on elevation*
 -   GP name: *EnumerateAdministrators*
+-   GP path: *Windows Components/Credential User Interface*
 -   GP ADMX file name: *credui.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Cryptography
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - DataProtection
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - DataUsage
@ -70,6 +70,7 @@ If this policy setting is disabled or is not configured, the cost of 3G connecti
 ADMX Info:  
 -   GP english name: *Set 3G Cost*
 -   GP name: *SetCost3G*
+-   GP path: *Network/WWAN Service/WWAN Media Cost*
 -   GP ADMX file name: *wwansvc.admx*

 <!--EndADMX-->
@ -125,6 +126,7 @@ If this policy setting is disabled or is not configured, the cost of 4G connecti
 ADMX Info:  
 -   GP english name: *Set 4G Cost*
 -   GP name: *SetCost4G*
+-   GP path: *Network/WWAN Service/WWAN Media Cost*
 -   GP ADMX file name: *wwansvc.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Defender
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - DeliveryOptimization
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Desktop
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - DeviceGuard
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - DeviceInstallation
@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, devices can be installed
 ADMX Info:  
 -   GP english name: *Prevent installation of devices that match any of these device IDs*
 -   GP name: *DeviceInstall_IDs_Deny*
+-   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*

 <!--EndADMX-->
@ -113,6 +114,7 @@ If you disable or do not configure this policy setting, Windows can install and
 ADMX Info:  
 -   GP english name: *Prevent installation of devices using drivers that match these device setup classes*
 -   GP name: *DeviceInstall_Classes_Deny*
+-   GP path: *System/Device Installation/Device Installation Restrictions*
 -   GP ADMX file name: *deviceinstallation.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - DeviceLock
@ -769,6 +769,7 @@ If you enable this setting, users will no longer be able to modify slide show se
 ADMX Info:  
 -   GP english name: *Prevent enabling lock screen slide show*
 -   GP name: *CPL_Personalization_NoLockScreenSlideshow*
+-   GP path: *Control Panel/Personalization*
 -   GP ADMX file name: *ControlPanelDisplay.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Display
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/27/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Education
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - EnterpriseCloudPrint
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - ErrorReporting
@ -123,6 +123,7 @@ If you disable or do not configure this policy setting, the Turn off Windows Err
 ADMX Info:  
 -   GP english name: *Disable Windows Error Reporting*
 -   GP name: *WerDisable_2*
+-   GP path: *Windows Components/Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*

 <!--EndADMX-->
@ -176,6 +177,7 @@ See also the Configure Error Reporting policy setting.
 ADMX Info:  
 -   GP english name: *Display Error Notification*
 -   GP name: *PCH_ShowUI*
+-   GP path: *Windows Components/Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*

 <!--EndADMX-->
@ -225,6 +227,7 @@ If you disable or do not configure this policy setting, then consent policy sett
 ADMX Info:  
 -   GP english name: *Do not send additional data*
 -   GP name: *WerNoSecondLevelData_2*
+-   GP path: *Windows Components/Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*

 <!--EndADMX-->
@ -274,6 +277,7 @@ If you disable or do not configure this policy setting, Windows Error Reporting
 ADMX Info:  
 -   GP english name: *Prevent display of the user interface for critical errors*
 -   GP name: *WerDoNotShowUI*
+-   GP path: *Windows Components/Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - EventLogService
@ -66,6 +66,7 @@ Note: Old events may or may not be retained according to the "Backup log automat
 ADMX Info:  
 -   GP english name: *Control Event Log behavior when the log file reaches its maximum size*
 -   GP name: *Channel_Log_Retention_1*
+-   GP path: *Windows Components/Event Log Service/Application*
 -   GP ADMX file name: *eventlog.admx*

 <!--EndADMX-->
@ -115,6 +116,7 @@ If you disable or do not configure this policy setting, the maximum size of the
 ADMX Info:  
 -   GP english name: *Specify the maximum log file size (KB)*
 -   GP name: *Channel_LogMaxSize_1*
+-   GP path: *Windows Components/Event Log Service/Application*
 -   GP ADMX file name: *eventlog.admx*

 <!--EndADMX-->
@ -164,6 +166,7 @@ If you disable or do not configure this policy setting, the maximum size of the
 ADMX Info:  
 -   GP english name: *Specify the maximum log file size (KB)*
 -   GP name: *Channel_LogMaxSize_2*
+-   GP path: *Windows Components/Event Log Service/Security*
 -   GP ADMX file name: *eventlog.admx*

 <!--EndADMX-->
@ -213,6 +216,7 @@ If you disable or do not configure this policy setting, the maximum size of the
 ADMX Info:  
 -   GP english name: *Specify the maximum log file size (KB)*
 -   GP name: *Channel_LogMaxSize_4*
+-   GP path: *Windows Components/Event Log Service/System*
 -   GP ADMX file name: *eventlog.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Experience
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Games
@ -22,9 +22,6 @@ ms.date: 07/14/2017
 <!--StartPolicy-->
 <a href="" id="games-allowadvancedgamingservices"></a>**Games/AllowAdvancedGamingServices**  

-<!--StartSKU-->
-
-<!--EndSKU-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Placeholder only. Currently not supported.

--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Kerberos
@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, the Kerberos client does
 ADMX Info:  
 -   GP english name: *Use forest search order*
 -   GP name: *ForestSearch*
+-   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*

 <!--EndADMX-->
@ -112,6 +113,7 @@ If you disable or do not configure this policy setting, the client devices will
 ADMX Info:  
 -   GP english name: *Kerberos client support for claims, compound authentication and Kerberos armoring*
 -   GP name: *EnableCbacAndArmor*
+-   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*

 <!--EndADMX-->
@ -165,6 +167,7 @@ If you disable or do not configure this policy setting, the client computers in
 ADMX Info:  
 -   GP english name: *Fail authentication requests when Kerberos armoring is not available*
 -   GP name: *ClientRequireFast*
+-   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*

 <!--EndADMX-->
@ -214,6 +217,7 @@ If you disable or do not configure this policy setting, the Kerberos client requ
 ADMX Info:  
 -   GP english name: *Require strict KDC validation*
 -   GP name: *ValidateKDC*
+-   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*

 <!--EndADMX-->
@ -267,6 +271,7 @@ Note: This policy setting configures the existing MaxTokenSize registry value in
 ADMX Info:  
 -   GP english name: *Set maximum Kerberos SSPI context token buffer size*
 -   GP name: *MaxTokenSize*
+-   GP path: *System/Kerberos*
 -   GP ADMX file name: *Kerberos.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Licensing
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/04/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - LocalPoliciesSecurityOptions
@ -672,6 +672,46 @@ Valid values:
 - 0 - disabled
 - 1 - enabled (allow system to be shut down without having to log on)

+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="localpoliciessecurityoptions-tbuseraccountcontrol-runalladministratorsinadminapprovalmoded"></a>**LocalPoliciesSecurityOptions/TBUserAccountControl_RunAllAdministratorsInAdminApprovalModeD**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+User Account Control: Turn on Admin Approval Mode
+
+This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
+
+The options are:
+- 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. 
+
+
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.

 <!--EndDescription-->
@ -891,46 +931,6 @@ The options are:
 - 0 - Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.
 - 1 - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.

-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="localpoliciessecurityoptions-tbuseraccountcontrol-runalladministratorsinadminapprovalmode"></a>**LocalPoliciesSecurityOptions/TBUserAccountControl_RunAllAdministratorsInAdminApprovalModeD**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-User Account Control: Turn on Admin Approval Mode
-
-This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
-
-The options are:
- 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. 
-
-
 Value type is integer. Supported operations are Add, Get, Replace, and Delete.

 <!--EndDescription-->
@ -1021,4 +1021,5 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.

-<!--EndPolicies-->
+<!--EndPolicies-->
+
--- a/windows/client-management/mdm/policy-csp-location.md
+++ b/windows/client-management/mdm/policy-csp-location.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Location
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - LockDown
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Maps
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Messaging
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - NetworkIsolation
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Notifications
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Power
@ -64,6 +64,7 @@ If you disable this policy setting, standby states (S1-S3) are not allowed.
 ADMX Info:  
 -   GP english name: *Allow standby states (S1-S3) when sleeping (plugged in)*
 -   GP name: *AllowStandbyStatesAC_2*
+-   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*

 <!--EndADMX-->
@ -115,6 +116,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Turn off the display (on battery)*
 -   GP name: *VideoPowerDownTimeOutDC_2*
+-   GP path: *System/Power Management/Video and Display Settings*
 -   GP ADMX file name: *power.admx*

 <!--EndADMX-->
@ -166,6 +168,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Turn off the display (plugged in)*
 -   GP name: *VideoPowerDownTimeOutAC_2*
+-   GP path: *System/Power Management/Video and Display Settings*
 -   GP ADMX file name: *power.admx*

 <!--EndADMX-->
@ -218,6 +221,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Specify the system hibernate timeout (on battery)*
 -   GP name: *DCHibernateTimeOut_2*
+-   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*

 <!--EndADMX-->
@ -269,6 +273,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Specify the system hibernate timeout (plugged in)*
 -   GP name: *ACHibernateTimeOut_2*
+-   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*

 <!--EndADMX-->
@ -318,6 +323,7 @@ If you disable this policy setting, the user is not prompted for a password when
 ADMX Info:  
 -   GP english name: *Require a password when a computer wakes (on battery)*
 -   GP name: *DCPromptForPasswordOnResume_2*
+-   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*

 <!--EndADMX-->
@ -367,6 +373,7 @@ If you disable this policy setting, the user is not prompted for a password when
 ADMX Info:  
 -   GP english name: *Require a password when a computer wakes (plugged in)*
 -   GP name: *ACPromptForPasswordOnResume_2*
+-   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*

 <!--EndADMX-->
@ -418,6 +425,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Specify the system sleep timeout (on battery)*
 -   GP name: *DCStandbyTimeOut_2*
+-   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*

 <!--EndADMX-->
@ -469,6 +477,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Specify the system sleep timeout (plugged in)*
 -   GP name: *ACStandbyTimeOut_2*
+-   GP path: *System/Power Management/Sleep Settings*
 -   GP ADMX file name: *power.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Printers
@ -139,6 +139,7 @@ If you disable this policy setting:
 ADMX Info:  
 -   GP english name: *Point and Print Restrictions*
 -   GP name: *PointAndPrint_Restrictions*
+-   GP path: *Control Panel/Printers*
 -   GP ADMX file name: *Printing.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Privacy
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - RemoteAssistance
@ -70,6 +70,7 @@ If you do not configure this policy setting, the user sees the default warning m
 ADMX Info:  
 -   GP english name: *Customize warning messages*
 -   GP name: *RA_Options*
+-   GP path: *System/Remote Assistance*
 -   GP ADMX file name: *remoteassistance.admx*

 <!--EndADMX-->
@ -121,6 +122,7 @@ If you do not configure this setting, application-based settings are used.
 ADMX Info:  
 -   GP english name: *Turn on session logging*
 -   GP name: *RA_Logging*
+-   GP path: *System/Remote Assistance*
 -   GP ADMX file name: *remoteassistance.admx*

 <!--EndADMX-->
@ -180,6 +182,7 @@ If you enable this policy setting you should also enable appropriate firewall ex
 ADMX Info:  
 -   GP english name: *Configure Solicited Remote Assistance*
 -   GP name: *RA_Solicit*
+-   GP path: *System/Remote Assistance*
 -   GP ADMX file name: *remoteassistance.admx*

 <!--EndADMX-->
@ -262,6 +265,7 @@ Allow Remote Desktop Exception
 ADMX Info:  
 -   GP english name: *Configure Offer Remote Assistance*
 -   GP name: *RA_Unsolicit*
+-   GP path: *System/Remote Assistance*
 -   GP ADMX file name: *remoteassistance.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - RemoteDesktopServices
@ -70,6 +70,7 @@ You can limit the number of users who can connect simultaneously by configuring
 ADMX Info:  
 -   GP english name: *Allow users to connect remotely by using Remote Desktop Services*
 -   GP name: *TS_DISABLE_CONNECTIONS*
+-   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections*
 -   GP ADMX file name: *terminalserver.admx*

 <!--EndADMX-->
@ -129,6 +130,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
 ADMX Info:  
 -   GP english name: *Set client connection encryption level*
 -   GP name: *TS_ENCRYPTION_POLICY*
+-   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
 -   GP ADMX file name: *terminalserver.admx*

 <!--EndADMX-->
@ -182,6 +184,7 @@ If you do not configure this policy setting, client drive redirection and Clipbo
 ADMX Info:  
 -   GP english name: *Do not allow drive redirection*
 -   GP name: *TS_CLIENT_DRIVE_M*
+-   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection*
 -   GP ADMX file name: *terminalserver.admx*

 <!--EndADMX-->
@ -231,6 +234,7 @@ If you disable this setting or leave it not configured, the user will be able to
 ADMX Info:  
 -   GP english name: *Do not allow passwords to be saved*
 -   GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2*
+-   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Connection Client*
 -   GP ADMX file name: *terminalserver.admx*

 <!--EndADMX-->
@ -286,6 +290,7 @@ If you do not configure this policy setting, automatic logon is not specified at
 ADMX Info:  
 -   GP english name: *Always prompt for password upon connection*
 -   GP name: *TS_PASSWORD*
+-   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
 -   GP ADMX file name: *terminalserver.admx*

 <!--EndADMX-->
@ -341,6 +346,7 @@ Note: The RPC interface is used for administering and configuring Remote Desktop
 ADMX Info:  
 -   GP english name: *Require secure RPC communication*
 -   GP name: *TS_RPC_ENCRYPTION*
+-   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
 -   GP ADMX file name: *terminalserver.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - RemoteManagement
@ -58,6 +58,7 @@ ms.date: 07/14/2017
 ADMX Info:  
 -   GP english name: *Allow Basic authentication*
 -   GP name: *AllowBasic_2*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -101,6 +102,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Allow Basic authentication*
 -   GP name: *AllowBasic_1*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -144,6 +146,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Allow CredSSP authentication*
 -   GP name: *AllowCredSSP_2*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -187,6 +190,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Allow CredSSP authentication*
 -   GP name: *AllowCredSSP_1*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -230,6 +234,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Allow remote server management through WinRM*
 -   GP name: *AllowAutoConfig*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -273,6 +278,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Allow unencrypted traffic*
 -   GP name: *AllowUnencrypted_2*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -316,6 +322,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Allow unencrypted traffic*
 -   GP name: *AllowUnencrypted_1*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -359,6 +366,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Disallow Digest authentication*
 -   GP name: *DisallowDigest*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -402,6 +410,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Disallow Negotiate authentication*
 -   GP name: *DisallowNegotiate_2*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -445,6 +454,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Disallow Negotiate authentication*
 -   GP name: *DisallowNegotiate_1*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -488,6 +498,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Disallow WinRM from storing RunAs credentials*
 -   GP name: *DisableRunAs*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -531,6 +542,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Specify channel binding token hardening level*
 -   GP name: *CBTHardeningLevel_1*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -574,6 +586,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Trusted Hosts*
 -   GP name: *TrustedHosts*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -617,6 +630,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Turn On Compatibility HTTP Listener*
 -   GP name: *HttpCompatibilityListener*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
@ -660,6 +674,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Turn On Compatibility HTTPS Listener*
 -   GP name: *HttpsCompatibilityListener*
+-   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - RemoteProcedureCall
@ -68,6 +68,7 @@ Note: This policy will not be applied until the system is rebooted.
 ADMX Info:  
 -   GP english name: *Enable RPC Endpoint Mapper Client Authentication*
 -   GP name: *RpcEnableAuthEpResolution*
+-   GP path: *System/Remote Procedure Call*
 -   GP ADMX file name: *rpc.admx*

 <!--EndADMX-->
@ -129,6 +130,7 @@ Note: This policy setting will not be applied until the system is rebooted.
 ADMX Info:  
 -   GP english name: *Restrict Unauthenticated RPC clients*
 -   GP name: *RpcRestrictRemoteClients*
+-   GP path: *System/Remote Procedure Call*
 -   GP ADMX file name: *rpc.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - RemoteShell
@ -58,6 +58,7 @@ ms.date: 07/14/2017
 ADMX Info:  
 -   GP english name: *Allow Remote Shell Access*
 -   GP name: *AllowRemoteShellAccess*
+-   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*

 <!--EndADMX-->
@ -101,6 +102,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *MaxConcurrentUsers*
 -   GP name: *MaxConcurrentUsers*
+-   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*

 <!--EndADMX-->
@ -144,6 +146,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Specify idle Timeout*
 -   GP name: *IdleTimeout*
+-   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*

 <!--EndADMX-->
@ -187,6 +190,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Specify maximum amount of memory in MB per Shell*
 -   GP name: *MaxMemoryPerShellMB*
+-   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*

 <!--EndADMX-->
@ -230,6 +234,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Specify maximum number of processes per Shell*
 -   GP name: *MaxProcessesPerShell*
+-   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*

 <!--EndADMX-->
@ -273,6 +278,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Specify maximum number of remote shells per user*
 -   GP name: *MaxShellsPerUser*
+-   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*

 <!--EndADMX-->
@ -316,6 +322,7 @@ ADMX Info:
 ADMX Info:  
 -   GP english name: *Specify Shell Timeout*
 -   GP name: *ShellTimeOut*
+-   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Search
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/26/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Security
@ -216,6 +216,45 @@ ms.date: 07/26/2017
 -   0 – Don't allow Anti Theft Mode.
 -   1 (default) – Anti Theft Mode will follow the default device configuration (region-dependent).

+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="security-cleartpmifnotready"></a>**Security/ClearTPMIfNotReady**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+Added in Windows 10, version 1709. Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
+
+The following list shows the supported values:
+
+-   0 (default) – Will not force recovery from a non-ready TPM state.
+-   1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear.
+
 <!--EndDescription-->
 <!--EndPolicy-->
 <!--StartPolicy-->
@ -258,45 +297,6 @@ ms.date: 07/26/2017
 -   0 (default) – Encryption enabled.
 -   1 – Encryption disabled.

-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="security-cleartpmifnotready"></a>**Security/ClearTPMIfNotReady**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-Added in Windows 10, version 1709. Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
-
-The following list shows the supported values:
-
-   0 (default) – Will not force recovery from a non-ready TPM state.
-   1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear.
-
 <!--EndDescription-->
 <!--EndPolicy-->
 <!--StartPolicy-->
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Settings
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - SmartScreen
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Speech
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Start
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Storage
@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, Windows will activate un
 ADMX Info:  
 -   GP english name: *Do not allow Windows to activate Enhanced Storage devices*
 -   GP name: *TCGSecurityActivationDisabled*
+-   GP path: *System/Enhanced Storage Access*
 -   GP ADMX file name: *enhancedstorage.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - System
@ -548,6 +548,7 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu
 ADMX Info:  
 -   GP english name: *Turn off System Restore*
 -   GP name: *SR_DisableSR*
+-   GP path: *System/System Restore*
 -   GP ADMX file name: *systemrestore.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - TextInput
@ -363,9 +363,6 @@ ms.date: 07/14/2017
 <!--StartPolicy-->
 <a href="" id="textinput-allowkoreanextendedhanja"></a>**TextInput/AllowKoreanExtendedHanja**  

-<!--StartSKU-->
-
-<!--EndSKU-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This policy has been deprecated.

--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - TimeLanguageSettings
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Update
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - Wifi
@ -22,9 +22,6 @@ ms.date: 07/14/2017
 <!--StartPolicy-->
 <a href="" id="wifi-allowwifihotspotreporting"></a>**WiFi/AllowWiFiHotSpotReporting**  

-<!--StartSKU-->
-
-<!--EndSKU-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This policy has been deprecated.

@ -283,6 +280,8 @@ Footnote:
 <!--EndIoTCore-->

 <!--StartSurfaceHub-->
- 
+## <a href="" id="surfacehubpolicies"></a>Wifi policies supported by Microsoft Surface Hub  
+
+-   [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting)  
 <!--EndSurfaceHub-->

--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - WindowsDefenderSecurityCenter
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - WindowsInkWorkspace
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - WindowsLogon
@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, users can choose which a
 ADMX Info:  
 -   GP english name: *Turn off app notifications on the lock screen*
 -   GP name: *DisableLockScreenAppNotifications*
+-   GP path: *System/Logon*
 -   GP ADMX file name: *logon.admx*

 <!--EndADMX-->
@ -113,6 +114,7 @@ If you disable or don't configure this policy setting, any user can disconnect t
 ADMX Info:  
 -   GP english name: *Do not display network selection UI*
 -   GP name: *DontDisplayNetworkSelectionUI*
+-   GP path: *System/Logon*
 -   GP ADMX file name: *logon.admx*

 <!--EndADMX-->
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
 ---

 # Policy CSP - WirelessDisplay
@ -162,9 +162,6 @@ ms.date: 07/14/2017
 <!--StartPolicy-->
 <a href="" id="wirelessdisplay-allowuserinputfromwirelessdisplayreceiver"></a>**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver**  

-<!--StartSKU-->
-
-<!--EndSKU-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703.