From 7b5202cbe7d9d89427fc27a721ec56df0d4195af Mon Sep 17 00:00:00 2001 From: John Tobin Date: Wed, 9 Aug 2017 10:22:48 -0700 Subject: [PATCH 1/3] Added new Java GSS API issue. --- .../credential-guard-known-issues.md | 20 ++++--------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/windows/access-protection/credential-guard/credential-guard-known-issues.md b/windows/access-protection/credential-guard/credential-guard-known-issues.md index b9dd345053..2241fb465d 100644 --- a/windows/access-protection/credential-guard/credential-guard-known-issues.md +++ b/windows/access-protection/credential-guard/credential-guard-known-issues.md @@ -33,25 +33,13 @@ The following known issues have been fixed by servicing releases made available - Windows 10 Version 1511: [KB4015219 (OS Build 10586.873)](https://support.microsoft.com/help/4015219) - Windows 10 Version 1507: [KB4015221 (OS Build 10240.17354)](https://support.microsoft.com/help/4015221) +## Known issues involving third-party applications +The following issue affects the Java GSS API. See the following Oracle bug database article: +- [JDK-8161921: Windows 10 Credential Guard does not allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921) - - - - - - - - - - - - - - - - +When Credential Guard is enabled on Windows 10, the Java GSS API will not authenticate. This is expected behavior because Credential Guard blocks specific application authentication capabilities and will not provide the TGT session key to applications regardless of registry key settings. For further information see [Application requirements](https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements). The following issue affects Cisco AnyConnect Secure Mobility Client: From ba5ad6f2e2b979a9219932374c740d6d5d55eda3 Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Wed, 9 Aug 2017 17:28:41 +0000 Subject: [PATCH 2/3] Merged PR 2634: adding GP paths to ADMX policies adding GP paths --- .../mdm/policy-csp-abovelock.md | 2 +- .../mdm/policy-csp-accounts.md | 2 +- .../mdm/policy-csp-activexcontrols.md | 3 +- .../mdm/policy-csp-applicationdefaults.md | 2 +- .../mdm/policy-csp-applicationmanagement.md | 2 +- .../mdm/policy-csp-appvirtualization.md | 2 +- .../mdm/policy-csp-attachmentmanager.md | 5 +- .../mdm/policy-csp-authentication.md | 2 +- .../mdm/policy-csp-autoplay.md | 5 +- .../mdm/policy-csp-bitlocker.md | 2 +- .../mdm/policy-csp-bluetooth.md | 2 +- .../mdm/policy-csp-browser.md | 2 +- .../mdm/policy-csp-camera.md | 2 +- .../mdm/policy-csp-cellular.md | 3 +- .../mdm/policy-csp-connectivity.md | 4 +- .../mdm/policy-csp-credentialproviders.md | 4 +- .../mdm/policy-csp-credentialsui.md | 4 +- .../mdm/policy-csp-cryptography.md | 2 +- .../mdm/policy-csp-dataprotection.md | 2 +- .../mdm/policy-csp-datausage.md | 4 +- .../mdm/policy-csp-defender.md | 2 +- .../mdm/policy-csp-deliveryoptimization.md | 2 +- .../mdm/policy-csp-desktop.md | 2 +- .../mdm/policy-csp-deviceguard.md | 2 +- .../mdm/policy-csp-deviceinstallation.md | 4 +- .../mdm/policy-csp-devicelock.md | 3 +- .../mdm/policy-csp-display.md | 2 +- .../mdm/policy-csp-education.md | 2 +- .../mdm/policy-csp-enterprisecloudprint.md | 2 +- .../mdm/policy-csp-errorreporting.md | 6 +- .../mdm/policy-csp-eventlogservice.md | 6 +- .../mdm/policy-csp-experience.md | 2 +- .../client-management/mdm/policy-csp-games.md | 5 +- .../mdm/policy-csp-internetexplorer.md | 253 +++++++++++++++++- .../mdm/policy-csp-kerberos.md | 7 +- .../mdm/policy-csp-licensing.md | 2 +- ...policy-csp-localpoliciessecurityoptions.md | 85 +++--- .../mdm/policy-csp-location.md | 2 +- .../mdm/policy-csp-lockdown.md | 2 +- .../client-management/mdm/policy-csp-maps.md | 2 +- .../mdm/policy-csp-messaging.md | 2 +- .../mdm/policy-csp-networkisolation.md | 2 +- .../mdm/policy-csp-notifications.md | 2 +- .../client-management/mdm/policy-csp-power.md | 11 +- .../mdm/policy-csp-printers.md | 3 +- .../mdm/policy-csp-privacy.md | 2 +- .../mdm/policy-csp-remoteassistance.md | 6 +- .../mdm/policy-csp-remotedesktopservices.md | 8 +- .../mdm/policy-csp-remotemanagement.md | 17 +- .../mdm/policy-csp-remoteprocedurecall.md | 4 +- .../mdm/policy-csp-remoteshell.md | 9 +- .../mdm/policy-csp-search.md | 2 +- .../mdm/policy-csp-security.md | 80 +++--- .../mdm/policy-csp-settings.md | 2 +- .../mdm/policy-csp-smartscreen.md | 2 +- .../mdm/policy-csp-speech.md | 2 +- .../client-management/mdm/policy-csp-start.md | 2 +- .../mdm/policy-csp-storage.md | 3 +- .../mdm/policy-csp-system.md | 3 +- .../mdm/policy-csp-textinput.md | 5 +- .../mdm/policy-csp-timelanguagesettings.md | 2 +- .../mdm/policy-csp-update.md | 2 +- .../client-management/mdm/policy-csp-wifi.md | 9 +- ...olicy-csp-windowsdefendersecuritycenter.md | 2 +- .../mdm/policy-csp-windowsinkworkspace.md | 2 +- .../mdm/policy-csp-windowslogon.md | 4 +- .../mdm/policy-csp-wirelessdisplay.md | 5 +- 67 files changed, 481 insertions(+), 161 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 5b1b04014f..eb8cd4abc7 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - AboveLock diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 321173c109..53ea6582a5 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Accounts diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index ecf8c1bd88..e67542f66b 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - ActiveXControls @@ -66,6 +66,7 @@ Note: Wild card characters cannot be used when specifying the host URLs. ADMX Info: - GP english name: *Approved Installation Sites for ActiveX Controls* - GP name: *ApprovedActiveXInstallSites* +- GP path: *Windows Components/ActiveX Installer Service* - GP ADMX file name: *ActiveXInstallService.admx* diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 1611634651..11297a57df 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - ApplicationDefaults diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 04487cf2a4..5d72ba16b5 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - ApplicationManagement diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index b0b817880f..f3da2fb6fe 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - AppVirtualization diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 5d23ee3459..0d4c2f7055 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - AttachmentManager @@ -66,6 +66,7 @@ If you do not configure this policy setting, Windows marks file attachments with ADMX Info: - GP english name: *Do not preserve zone information in file attachments* - GP name: *AM_MarkZoneOnSavedAtttachments* +- GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* @@ -117,6 +118,7 @@ If you do not configure this policy setting, Windows hides the check box and Unb ADMX Info: - GP english name: *Hide mechanisms to remove zone information* - GP name: *AM_RemoveZoneInfo* +- GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* @@ -168,6 +170,7 @@ If you do not configure this policy setting, Windows does not call the registere ADMX Info: - GP english name: *Notify antivirus programs when opening attachments* - GP name: *AM_CallIOfficeAntiVirus* +- GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index d6e687ff2b..2b74810ed1 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Authentication diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 8d520d5bf1..8198ac815b 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Autoplay @@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, AutoPlay is enabled for ADMX Info: - GP english name: *Disallow Autoplay for non-volume devices* - GP name: *NoAutoplayfornonVolume* +- GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* @@ -122,6 +123,7 @@ If you disable or not configure this policy setting, Windows Vista or later will ADMX Info: - GP english name: *Set the default behavior for AutoRun* - GP name: *NoAutorun* +- GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* @@ -181,6 +183,7 @@ Note: This policy setting appears in both the Computer Configuration and User Co ADMX Info: - GP english name: *Turn off Autoplay* - GP name: *Autorun* +- GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index d400b459dc..70e825b78a 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Bitlocker diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 36f22b68f0..69445abb1a 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Bluetooth diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 1f89d48fa9..f0d50ff7ac 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Browser diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 827c761526..5235998a62 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Camera diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 099237a30b..0afb973431 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Cellular @@ -58,6 +58,7 @@ ms.date: 07/14/2017 ADMX Info: - GP english name: *Set Per-App Cellular Access UI Visibility* - GP name: *ShowAppCellularAccessUI* +- GP path: *Network/WWAN Service/WWAN UI Settings* - GP ADMX file name: *wwansvc.admx* diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 4e608da6c7..d766ef3c9d 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Connectivity @@ -521,6 +521,7 @@ If you enable this policy, Windows only allows access to the specified UNC paths ADMX Info: - GP english name: *Hardened UNC Paths* - GP name: *Pol_HardenedPaths* +- GP path: *Network/Network Provider* - GP ADMX file name: *networkprovider.admx* @@ -564,6 +565,7 @@ ADMX Info: ADMX Info: - GP english name: *Prohibit installation and configuration of Network Bridge on your DNS domain network* - GP name: *NC_AllowNetBridge_NLA* +- GP path: *Network/Network Connections* - GP ADMX file name: *NetworkConnections.admx* diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 4ea0afb98d..afa69b9477 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - CredentialProviders @@ -155,7 +155,7 @@ Added in Windows 10, version 1709. Boolean policy to disable the visibility of t The Windows 10 Automatic ReDeployment feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students. - 0 - Enable the visibility of the credentials for Windows 10 Automatic ReDeployment -- 1 - Disable visibility of the credentials for Windows 10 Automatic ReDeployment +- 1 - Disable visibility of the credentials for Windows 10 Automatic ReDeployment diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index c99d68a5fe..728275e01e 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - CredentialsUI @@ -68,6 +68,7 @@ The policy applies to all Windows components and applications that use the Windo ADMX Info: - GP english name: *Do not display the password reveal button* - GP name: *DisablePasswordReveal* +- GP path: *Windows Components/Credential User Interface* - GP ADMX file name: *credui.admx* @@ -117,6 +118,7 @@ If you disable this policy setting, users will always be required to type a user ADMX Info: - GP english name: *Enumerate administrator accounts on elevation* - GP name: *EnumerateAdministrators* +- GP path: *Windows Components/Credential User Interface* - GP ADMX file name: *credui.admx* diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 28837af17c..5365025f58 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Cryptography diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index e520e4612f..ebe61e6295 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - DataProtection diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index decc54ee81..7398cdb094 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - DataUsage @@ -70,6 +70,7 @@ If this policy setting is disabled or is not configured, the cost of 3G connecti ADMX Info: - GP english name: *Set 3G Cost* - GP name: *SetCost3G* +- GP path: *Network/WWAN Service/WWAN Media Cost* - GP ADMX file name: *wwansvc.admx* @@ -125,6 +126,7 @@ If this policy setting is disabled or is not configured, the cost of 4G connecti ADMX Info: - GP english name: *Set 4G Cost* - GP name: *SetCost4G* +- GP path: *Network/WWAN Service/WWAN Media Cost* - GP ADMX file name: *wwansvc.admx* diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 337cacc79f..42421382a1 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Defender diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 830147907b..a80a113695 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - DeliveryOptimization diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 2a09f78ddf..2f095c7e16 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Desktop diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index f104ff82b3..a613939a89 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - DeviceGuard diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 4f4b4d25d5..b9e3b22182 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - DeviceInstallation @@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, devices can be installed ADMX Info: - GP english name: *Prevent installation of devices that match any of these device IDs* - GP name: *DeviceInstall_IDs_Deny* +- GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* @@ -113,6 +114,7 @@ If you disable or do not configure this policy setting, Windows can install and ADMX Info: - GP english name: *Prevent installation of devices using drivers that match these device setup classes* - GP name: *DeviceInstall_Classes_Deny* +- GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 8ac0f11942..3e3e9a0a12 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - DeviceLock @@ -769,6 +769,7 @@ If you enable this setting, users will no longer be able to modify slide show se ADMX Info: - GP english name: *Prevent enabling lock screen slide show* - GP name: *CPL_Personalization_NoLockScreenSlideshow* +- GP path: *Control Panel/Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index c10d926963..173a2e7f02 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Display diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index a1912d6edc..8c563ece39 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/27/2017 +ms.date: 08/09/2017 --- # Policy CSP - Education diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 7b33c7e5b4..aac0cea10c 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - EnterpriseCloudPrint diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 800c8ac975..88177e71c6 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - ErrorReporting @@ -123,6 +123,7 @@ If you disable or do not configure this policy setting, the Turn off Windows Err ADMX Info: - GP english name: *Disable Windows Error Reporting* - GP name: *WerDisable_2* +- GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -176,6 +177,7 @@ See also the Configure Error Reporting policy setting. ADMX Info: - GP english name: *Display Error Notification* - GP name: *PCH_ShowUI* +- GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -225,6 +227,7 @@ If you disable or do not configure this policy setting, then consent policy sett ADMX Info: - GP english name: *Do not send additional data* - GP name: *WerNoSecondLevelData_2* +- GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* @@ -274,6 +277,7 @@ If you disable or do not configure this policy setting, Windows Error Reporting ADMX Info: - GP english name: *Prevent display of the user interface for critical errors* - GP name: *WerDoNotShowUI* +- GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index a1f5c9527e..8ded981267 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - EventLogService @@ -66,6 +66,7 @@ Note: Old events may or may not be retained according to the "Backup log automat ADMX Info: - GP english name: *Control Event Log behavior when the log file reaches its maximum size* - GP name: *Channel_Log_Retention_1* +- GP path: *Windows Components/Event Log Service/Application* - GP ADMX file name: *eventlog.admx* @@ -115,6 +116,7 @@ If you disable or do not configure this policy setting, the maximum size of the ADMX Info: - GP english name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_1* +- GP path: *Windows Components/Event Log Service/Application* - GP ADMX file name: *eventlog.admx* @@ -164,6 +166,7 @@ If you disable or do not configure this policy setting, the maximum size of the ADMX Info: - GP english name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_2* +- GP path: *Windows Components/Event Log Service/Security* - GP ADMX file name: *eventlog.admx* @@ -213,6 +216,7 @@ If you disable or do not configure this policy setting, the maximum size of the ADMX Info: - GP english name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_4* +- GP path: *Windows Components/Event Log Service/System* - GP ADMX file name: *eventlog.admx* diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index c69b113a36..82e380c156 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Experience diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 5cb47e7195..9e5de02b1b 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Games @@ -22,9 +22,6 @@ ms.date: 07/14/2017 **Games/AllowAdvancedGamingServices** - - -

Placeholder only. Currently not supported. diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index b5377f7a59..cd051e0e91 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/16/2017 +ms.date: 08/09/2017 --- # Policy CSP - InternetExplorer @@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, the user can configure t ADMX Info: - GP english name: *Add a specific list of search providers to the user's list of search providers* - GP name: *AddSearchProvider* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -113,6 +114,7 @@ If you disable or do not configure this policy setting, ActiveX Filtering is not ADMX Info: - GP english name: *Turn on ActiveX Filtering* - GP name: *TurnOnActiveXFiltering* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -168,6 +170,7 @@ If you disable this policy setting, the list is deleted. The 'Deny all add-ons u ADMX Info: - GP english name: *Add-on List* - GP name: *AddonManagement_AddOnList* +- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -211,6 +214,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn on the auto-complete feature for user names and passwords on forms* - GP name: *RestrictFormSuggestPW* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -254,6 +258,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn on certificate address mismatch warning* - GP name: *IZ_PolicyWarnCertMismatch* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -297,6 +302,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow deleting browsing history on exit* - GP name: *DBHDisableDeleteOnExit* +- GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* @@ -348,6 +354,7 @@ If you do not configure this policy, users will be able to turn on or turn off E ADMX Info: - GP english name: *Turn on Enhanced Protected Mode* - GP name: *Advanced_EnableEnhancedProtectedMode* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -397,6 +404,7 @@ If you disable or don't configure this policy setting, the menu option won't app ADMX Info: - GP english name: *Let users turn on and use Enterprise Mode from the Tools menu* - GP name: *EnterpriseModeEnable* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -446,6 +454,7 @@ If you disable or don't configure this policy setting, Internet Explorer opens a ADMX Info: - GP english name: *Use the Enterprise Mode IE website list* - GP name: *EnterpriseModeSiteList* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -489,6 +498,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow fallback to SSL 3.0 (Internet Explorer)* - GP name: *Advanced_EnableSSL3Fallback* +- GP path: *Windows Components/Internet Explorer/Security Features* - GP ADMX file name: *inetres.admx* @@ -538,6 +548,7 @@ If you disable or do not configure this policy setting, the user can add and rem ADMX Info: - GP english name: *Use Policy List of Internet Explorer 7 sites* - GP name: *CompatView_UsePolicyList* +- GP path: *Windows Components/Internet Explorer/Compatibility View* - GP ADMX file name: *inetres.admx* @@ -589,6 +600,7 @@ If you do not configure this policy setting, Internet Explorer uses an Internet ADMX Info: - GP english name: *Turn on Internet Explorer Standards Mode for local intranet* - GP name: *CompatView_IntranetSites* +- GP path: *Windows Components/Internet Explorer/Compatibility View* - GP ADMX file name: *inetres.admx* @@ -644,6 +656,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: - GP english name: *Internet Zone Template* - GP name: *IZ_PolicyInternetZoneTemplate* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -699,6 +712,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: - GP english name: *Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneTemplate* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -754,6 +768,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: - GP english name: *Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneTemplate* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -809,6 +824,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: - GP english name: *Locked-Down Internet Zone Template* - GP name: *IZ_PolicyInternetZoneLockdownTemplate* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -864,6 +880,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: - GP english name: *Locked-Down Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneLockdownTemplate* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -919,6 +936,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: - GP english name: *Locked-Down Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneLockdownTemplate* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -974,6 +992,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: - GP english name: *Locked-Down Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneLockdownTemplate* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1023,6 +1042,7 @@ If you disable or do not configure this policy setting, Internet Explorer does n ADMX Info: - GP english name: *Go to an intranet site for a one-word entry in the Address bar* - GP name: *UseIntranetSiteForOneWordEntry* +- GP path: *Windows Components/Internet Explorer/Internet Settings/Advanced settings/Browsing* - GP ADMX file name: *inetres.admx* @@ -1078,6 +1098,7 @@ If you disable or do not configure this policy, users may choose their own site- ADMX Info: - GP english name: *Site to Zone Assignment List* - GP name: *IZ_Zonemaps* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1121,6 +1142,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow software to run or install even if the signature is invalid* - GP name: *Advanced_InvalidSignatureBlock* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -1172,6 +1194,7 @@ If you do not configure this policy setting, the user can turn on and turn off t ADMX Info: - GP english name: *Turn on Suggested Sites* - GP name: *EnableSuggestedSites* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1227,6 +1250,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: - GP english name: *Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneTemplate* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1282,6 +1306,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: - GP english name: *Locked-Down Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneLockdownTemplate* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1337,6 +1362,7 @@ Note. It is recommended to configure template policy settings in one Group Polic ADMX Info: - GP english name: *Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneTemplate* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -1380,6 +1406,7 @@ ADMX Info: ADMX Info: - GP english name: *Check for server certificate revocation* - GP name: *Advanced_CertificateRevocation* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -1423,6 +1450,7 @@ ADMX Info: ADMX Info: - GP english name: *Check for signatures on downloaded programs* - GP name: *Advanced_DownloadSignatures* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -1466,6 +1494,7 @@ ADMX Info: ADMX Info: - GP english name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_2* +- GP path: *Windows Components/Internet Explorer/Security Features/Binary Behavior Security Restriction* - GP ADMX file name: *inetres.admx* @@ -1517,6 +1546,7 @@ Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny ADMX Info: - GP english name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects* - GP name: *DisableFlashInIE* +- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -1560,6 +1590,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* - GP name: *VerMgmtDisable* +- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -1609,6 +1640,7 @@ If you disable or do not configure this policy setting, the user can bypass Smar ADMX Info: - GP english name: *Prevent bypassing SmartScreen Filter warnings* - GP name: *DisableSafetyFilterOverride* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1658,6 +1690,7 @@ If you disable or do not configure this policy setting, the user can bypass Smar ADMX Info: - GP english name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet* - GP name: *DisableSafetyFilterOverrideForAppRepUnknown* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1701,6 +1734,7 @@ ADMX Info: ADMX Info: - GP english name: *Disable "Configuring History"* - GP name: *RestrictHistory* +- GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* @@ -1744,6 +1778,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn off Crash Detection* - GP name: *AddonManagement_RestrictCrashDetection* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1795,6 +1830,7 @@ If you do not configure this policy setting, the user can choose to participate ADMX Info: - GP english name: *Prevent participation in the Customer Experience Improvement Program* - GP name: *SQM_DisableCEIP* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -1838,6 +1874,7 @@ ADMX Info: ADMX Info: - GP english name: *Prevent deleting websites that the user has visited* - GP name: *DBHDisableDeleteHistory* +- GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* @@ -1887,6 +1924,7 @@ If you disable or do not configure this policy setting, the user can set the Fee ADMX Info: - GP english name: *Prevent downloading of enclosures* - GP name: *Disable_Downloading_of_Enclosures* +- GP path: *Windows Components/RSS Feeds* - GP ADMX file name: *inetres.admx* @@ -1938,6 +1976,7 @@ Note: SSL 2.0 is off by default and is no longer supported starting with Windows ADMX Info: - GP english name: *Turn off encryption support* - GP name: *Advanced_SetWinInetProtocols* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -1991,6 +2030,7 @@ If you disable or do not configure this policy setting, Internet Explorer may ru ADMX Info: - GP english name: *Prevent running First Run wizard* - GP name: *NoFirstRunCustomise* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2044,6 +2084,7 @@ If you don't configure this setting, users can turn this behavior on or off, usi ADMX Info: - GP english name: *Turn off the flip ahead with page prediction feature* - GP name: *Advanced_DisableFlipAhead* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -2093,6 +2134,7 @@ If you disable or do not configure this policy setting, the Home page box is ena ADMX Info: - GP english name: *Disable changing home page settings* - GP name: *RestrictHomePage* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2136,6 +2178,7 @@ ADMX Info: ADMX Info: - GP english name: *Prevent ignoring certificate errors* - GP name: *NoCertError* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel* - GP ADMX file name: *inetres.admx* @@ -2179,6 +2222,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn off InPrivate Browsing* - GP name: *DisableInPrivateBrowsing* +- GP path: *Windows Components/Internet Explorer/Privacy* - GP ADMX file name: *inetres.admx* @@ -2222,6 +2266,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows* - GP name: *Advanced_EnableEnhancedProtectedMode64Bit* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -2271,6 +2316,7 @@ If you disable or do not configure this policy setting, the user can configure p ADMX Info: - GP english name: *Prevent changing proxy settings* - GP name: *RestrictProxy* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2320,6 +2366,7 @@ If you disable or do not configure this policy setting, the user can change the ADMX Info: - GP english name: *Prevent changing the default search provider* - GP name: *NoSearchProvider* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2371,6 +2418,7 @@ Note: If the Disable Changing Home Page Settings policy is enabled, the user can ADMX Info: - GP english name: *Disable changing secondary home page settings* - GP name: *SecondaryHomePages* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2414,6 +2462,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn off the Security Settings Check feature* - GP name: *Disable_Security_Settings_Check* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2465,6 +2514,7 @@ This policy is intended to help the administrator maintain version control for I ADMX Info: - GP english name: *Disable Periodic Check for Internet Explorer software updates* - GP name: *NoUpdateCheck* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2508,6 +2558,7 @@ ADMX Info: ADMX Info: - GP english name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled* - GP name: *Advanced_DisableEPMCompat* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* @@ -2563,6 +2614,7 @@ Also, see the "Security zones: Use only machine settings" policy. ADMX Info: - GP english name: *Security Zones: Do not allow users to add/delete sites* - GP name: *Security_zones_map_edit* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2618,6 +2670,7 @@ Also, see the "Security zones: Use only machine settings" policy. ADMX Info: - GP english name: *Security Zones: Do not allow users to change policies* - GP name: *Security_options_edit* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -2669,6 +2722,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T ADMX Info: - GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* - GP name: *VerMgmtDisable* +- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -2724,6 +2778,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T ADMX Info: - GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains* - GP name: *VerMgmtDomainAllowlist* +- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -2775,6 +2830,7 @@ If you do not configure this policy setting, users choose whether to force local ADMX Info: - GP english name: *Intranet Sites: Include all local (intranet) sites not listed in other zones* - GP name: *IZ_IncludeUnspecifiedLocalSites* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2826,6 +2882,7 @@ If you do not configure this policy setting, users choose whether network paths ADMX Info: - GP english name: *Intranet Sites: Include all network paths (UNCs)* - GP name: *IZ_UNCAsIntranet* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* @@ -2877,6 +2934,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: - GP english name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -2928,6 +2986,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -2977,6 +3036,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: - GP english name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3020,6 +3080,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3063,6 +3124,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3114,6 +3176,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: - GP english name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3165,6 +3228,7 @@ If you do not configure this policy setting, Web sites from less privileged zone ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3208,6 +3272,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3259,6 +3324,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3302,6 +3368,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3345,6 +3412,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Internet* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3388,6 +3456,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3431,6 +3500,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3482,6 +3552,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: - GP english name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3535,6 +3606,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3578,6 +3650,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3629,6 +3702,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3672,6 +3746,7 @@ ADMX Info: ADMX Info: - GP english name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3715,6 +3790,7 @@ ADMX Info: ADMX Info: - GP english name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3758,6 +3834,7 @@ ADMX Info: ADMX Info: - GP english name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3801,6 +3878,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Internet* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3844,6 +3922,7 @@ ADMX Info: ADMX Info: - GP english name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3887,6 +3966,7 @@ ADMX Info: ADMX Info: - GP english name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3930,6 +4010,7 @@ ADMX Info: ADMX Info: - GP english name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -3973,6 +4054,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4016,6 +4098,7 @@ ADMX Info: ADMX Info: - GP english name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4069,6 +4152,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4141,6 +4225,7 @@ ADMX Info: ADMX Info: - GP english name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4184,6 +4269,7 @@ ADMX Info: ADMX Info: - GP english name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4227,6 +4313,7 @@ ADMX Info: ADMX Info: - GP english name: *Logon options* - GP name: *IZ_PolicyLogon_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4278,6 +4365,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: - GP english name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4321,6 +4409,7 @@ ADMX Info: ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4364,6 +4453,7 @@ ADMX Info: ADMX Info: - GP english name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4407,6 +4497,7 @@ ADMX Info: ADMX Info: - GP english name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4450,6 +4541,7 @@ ADMX Info: ADMX Info: - GP english name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4493,6 +4585,7 @@ ADMX Info: ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_1* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* @@ -4544,6 +4637,7 @@ If you do not configure this policy setting, users are queried to choose whether ADMX Info: - GP english name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4595,6 +4689,7 @@ If you do not configure this policy setting, users will receive a prompt when a ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4644,6 +4739,7 @@ If you disable or do not configure this setting, users will receive a file downl ADMX Info: - GP english name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4695,6 +4791,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: - GP english name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4746,6 +4843,7 @@ If you do not configure this policy setting, Web sites from less privileged zone ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4797,6 +4895,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4848,6 +4947,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: - GP english name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4901,6 +5001,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4952,6 +5053,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -4995,6 +5097,7 @@ ADMX Info: ADMX Info: - GP english name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5048,6 +5151,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5091,6 +5195,7 @@ ADMX Info: ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5134,6 +5239,7 @@ ADMX Info: ADMX Info: - GP english name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5185,6 +5291,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: - GP english name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_3* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -5236,6 +5343,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: - GP english name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_9* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5287,6 +5395,7 @@ If you do not configure this policy setting, users will receive a prompt when a ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_9* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5336,6 +5445,7 @@ If you disable or do not configure this setting, users will receive a file downl ADMX Info: - GP english name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_9* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5387,6 +5497,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: - GP english name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_9* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5438,6 +5549,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_9* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5489,6 +5601,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_9* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5540,6 +5653,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: - GP english name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_9* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5593,6 +5707,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_9* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5644,6 +5759,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_9* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5687,6 +5803,7 @@ ADMX Info: ADMX Info: - GP english name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_9* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5740,6 +5857,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_9* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5783,6 +5901,7 @@ ADMX Info: ADMX Info: - GP english name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_9* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5834,6 +5953,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: - GP english name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_9* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -5885,6 +6005,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: - GP english name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_2* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -5936,6 +6057,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_2* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -5985,6 +6107,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: - GP english name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_2* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6036,6 +6159,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: - GP english name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_2* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6087,6 +6211,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_2* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6138,6 +6263,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_2* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6189,6 +6315,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: - GP english name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_2* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6242,6 +6369,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_2* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6293,6 +6421,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_2* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6346,6 +6475,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_2* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6389,6 +6519,7 @@ ADMX Info: ADMX Info: - GP english name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_2* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6440,6 +6571,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: - GP english name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_2* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* @@ -6491,6 +6623,7 @@ If you do not configure this policy setting, users are queried to choose whether ADMX Info: - GP english name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_4* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6542,6 +6675,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_4* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6591,6 +6725,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: - GP english name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_4* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6642,6 +6777,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: - GP english name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_4* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6693,6 +6829,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_4* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6744,6 +6881,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_4* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6795,6 +6933,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: - GP english name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_4* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6848,6 +6987,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_4* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6899,6 +7039,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_4* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -6952,6 +7093,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_4* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -7003,6 +7145,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: - GP english name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_4* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* @@ -7054,6 +7197,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: - GP english name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_10* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7105,6 +7249,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_10* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7154,6 +7299,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: - GP english name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_10* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7205,6 +7351,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: - GP english name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_10* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7256,6 +7403,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_10* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7307,6 +7455,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_10* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7358,6 +7507,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: - GP english name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_10* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7411,6 +7561,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_10* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7462,6 +7613,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_10* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7515,6 +7667,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_10* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7558,6 +7711,7 @@ ADMX Info: ADMX Info: - GP english name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_10* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7609,6 +7763,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: - GP english name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_10* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* @@ -7660,6 +7815,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: - GP english name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_8* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -7711,6 +7867,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_8* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -7760,6 +7917,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: - GP english name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_8* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -7811,6 +7969,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: - GP english name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_8* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -7862,6 +8021,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_8* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -7913,6 +8073,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_8* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -7964,6 +8125,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: - GP english name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_8* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8017,6 +8179,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_8* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8068,6 +8231,7 @@ If you do not configure this policy setting, users cannot preserve information i ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_8* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8121,6 +8285,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_8* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8164,6 +8329,7 @@ ADMX Info: ADMX Info: - GP english name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_8* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8215,6 +8381,7 @@ If you do not configure this policy setting, users cannot open other windows and ADMX Info: - GP english name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_8* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8266,6 +8433,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: - GP english name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_6* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8317,6 +8485,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_6* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8366,6 +8535,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: - GP english name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_6* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8417,6 +8587,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: - GP english name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_6* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8468,6 +8639,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_6* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8519,6 +8691,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_6* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8570,6 +8743,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: - GP english name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_6* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8623,6 +8797,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_6* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8674,6 +8849,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_6* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8727,6 +8903,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_6* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8770,6 +8947,7 @@ ADMX Info: ADMX Info: - GP english name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_6* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8821,6 +8999,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: - GP english name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_6* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -8864,6 +9043,7 @@ ADMX Info: ADMX Info: - GP english name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_3* +- GP path: *Windows Components/Internet Explorer/Security Features/MK Protocol Security Restriction* - GP ADMX file name: *inetres.admx* @@ -8907,6 +9087,7 @@ ADMX Info: ADMX Info: - GP english name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_6* +- GP path: *Windows Components/Internet Explorer/Security Features/Mime Sniffing Safety Feature* - GP ADMX file name: *inetres.admx* @@ -8950,6 +9131,7 @@ ADMX Info: ADMX Info: - GP english name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_10* +- GP path: *Windows Components/Internet Explorer/Security Features/Notification bar* - GP ADMX file name: *inetres.admx* @@ -8993,6 +9175,7 @@ ADMX Info: ADMX Info: - GP english name: *Prevent managing SmartScreen Filter* - GP name: *Disable_Managing_Safety_Filter_IE9* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -9036,6 +9219,7 @@ ADMX Info: ADMX Info: - GP english name: *Prevent per-user installation of ActiveX controls* - GP name: *DisablePerUserActiveXInstall* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -9079,6 +9263,7 @@ ADMX Info: ADMX Info: - GP english name: *All Processes* - GP name: *IESF_PolicyAllProcesses_9* +- GP path: *Windows Components/Internet Explorer/Security Features/Protection From Zone Elevation* - GP ADMX file name: *inetres.admx* @@ -9122,6 +9307,7 @@ ADMX Info: ADMX Info: - GP english name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer * - GP name: *VerMgmtDisableRunThisTime* +- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -9165,6 +9351,7 @@ ADMX Info: ADMX Info: - GP english name: *All Processes* - GP name: *IESF_PolicyAllProcesses_11* +- GP path: *Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install* - GP ADMX file name: *inetres.admx* @@ -9208,6 +9395,7 @@ ADMX Info: ADMX Info: - GP english name: *All Processes* - GP name: *IESF_PolicyAllProcesses_12* +- GP path: *Windows Components/Internet Explorer/Security Features/Restrict File Download* - GP ADMX file name: *inetres.admx* @@ -9259,6 +9447,7 @@ If you do not configure this policy setting, users cannot load a page in the zon ADMX Info: - GP english name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9302,6 +9491,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow active scripting* - GP name: *IZ_PolicyActiveScripting_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9353,6 +9543,7 @@ If you do not configure this policy setting, ActiveX control installations will ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9402,6 +9593,7 @@ If you disable or do not configure this setting, file downloads that are not use ADMX Info: - GP english name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9445,6 +9637,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow binary and script behaviors* - GP name: *IZ_PolicyBinaryBehaviors_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9488,6 +9681,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9531,6 +9725,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9574,6 +9769,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow file downloads* - GP name: *IZ_PolicyFileDownload_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9625,6 +9821,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: - GP english name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9676,6 +9873,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9719,6 +9917,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9762,6 +9961,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow META REFRESH* - GP name: *IZ_PolicyAllowMETAREFRESH_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9813,6 +10013,7 @@ If you do not configure this policy setting, Internet Explorer will not execute ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9856,6 +10057,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9899,6 +10101,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Restricted* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9942,6 +10145,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -9985,6 +10189,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10036,6 +10241,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: - GP english name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10089,6 +10295,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10132,6 +10339,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10183,6 +10391,7 @@ If you do not configure this policy setting, users cannot preserve information i ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10226,6 +10435,7 @@ ADMX Info: ADMX Info: - GP english name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10269,6 +10479,7 @@ ADMX Info: ADMX Info: - GP english name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10312,6 +10523,7 @@ ADMX Info: ADMX Info: - GP english name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10355,6 +10567,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10398,6 +10611,7 @@ ADMX Info: ADMX Info: - GP english name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10441,6 +10655,7 @@ ADMX Info: ADMX Info: - GP english name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10484,6 +10699,7 @@ ADMX Info: ADMX Info: - GP english name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10527,6 +10743,7 @@ ADMX Info: ADMX Info: - GP english name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10580,6 +10797,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10623,6 +10841,7 @@ ADMX Info: ADMX Info: - GP english name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10666,6 +10885,7 @@ ADMX Info: ADMX Info: - GP english name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10709,6 +10929,7 @@ ADMX Info: ADMX Info: - GP english name: *Logon options* - GP name: *IZ_PolicyLogon_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10760,6 +10981,7 @@ If you do not configure this policy setting, users cannot open other windows and ADMX Info: - GP english name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10803,6 +11025,7 @@ ADMX Info: ADMX Info: - GP english name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10846,6 +11069,7 @@ ADMX Info: ADMX Info: - GP english name: *Run ActiveX controls and plugins* - GP name: *IZ_PolicyRunActiveXControls_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10889,6 +11113,7 @@ ADMX Info: ADMX Info: - GP english name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10932,6 +11157,7 @@ ADMX Info: ADMX Info: - GP english name: *Script ActiveX controls marked safe for scripting* - GP name: *IZ_PolicyScriptActiveXMarkedSafe_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -10975,6 +11201,7 @@ ADMX Info: ADMX Info: - GP english name: *Scripting of Java applets* - GP name: *IZ_PolicyScriptingOfJavaApplets_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11018,6 +11245,7 @@ ADMX Info: ADMX Info: - GP english name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11061,6 +11289,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11104,6 +11333,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11147,6 +11377,7 @@ ADMX Info: ADMX Info: - GP english name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_7* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11190,6 +11421,7 @@ ADMX Info: ADMX Info: - GP english name: *All Processes* - GP name: *IESF_PolicyAllProcesses_8* +- GP path: *Windows Components/Internet Explorer/Security Features/Scripted Window Security Restrictions* - GP ADMX file name: *inetres.admx* @@ -11239,6 +11471,7 @@ If you disable or do not configure this policy setting, the user can configure h ADMX Info: - GP english name: *Restrict search providers to a specific list* - GP name: *SpecificSearchProvider* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -11282,6 +11515,7 @@ ADMX Info: ADMX Info: - GP english name: *Security Zones: Use only machine settings * - GP name: *Security_HKLM_only* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -11325,6 +11559,7 @@ ADMX Info: ADMX Info: - GP english name: *Specify use of ActiveX Installer Service for installation of ActiveX controls* - GP name: *OnlyUseAXISForActiveXInstall* +- GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* @@ -11376,6 +11611,7 @@ If you do not configure this policy setting, users can load a page in the zone t ADMX Info: - GP english name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11427,6 +11663,7 @@ If you do not configure this policy setting, users will receive a prompt when a ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11476,6 +11713,7 @@ If you disable or do not configure this setting, users will receive a file downl ADMX Info: - GP english name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11527,6 +11765,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa ADMX Info: - GP english name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11578,6 +11817,7 @@ If you do not configure this policy setting, a warning is issued to the user tha ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11629,6 +11869,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11680,6 +11921,7 @@ If you do not configure this policy setting, the user can enable or disable scri ADMX Info: - GP english name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11733,6 +11975,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11784,6 +12027,7 @@ If you do not configure this policy setting, users can preserve information in t ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11827,6 +12071,7 @@ ADMX Info: ADMX Info: - GP english name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11870,6 +12115,7 @@ ADMX Info: ADMX Info: - GP english name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11923,6 +12169,7 @@ If you do not configure this policy setting, users are queried whether to allow ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -11966,6 +12213,7 @@ ADMX Info: ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12009,6 +12257,7 @@ ADMX Info: ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12052,6 +12301,7 @@ ADMX Info: ADMX Info: - GP english name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* @@ -12103,6 +12353,7 @@ If you do not configure this policy setting, users can open windows and frames f ADMX Info: - GP english name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5* +- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 801ebc1f70..f415128684 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Kerberos @@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, the Kerberos client does ADMX Info: - GP english name: *Use forest search order* - GP name: *ForestSearch* +- GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -112,6 +113,7 @@ If you disable or do not configure this policy setting, the client devices will ADMX Info: - GP english name: *Kerberos client support for claims, compound authentication and Kerberos armoring* - GP name: *EnableCbacAndArmor* +- GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -165,6 +167,7 @@ If you disable or do not configure this policy setting, the client computers in ADMX Info: - GP english name: *Fail authentication requests when Kerberos armoring is not available* - GP name: *ClientRequireFast* +- GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -214,6 +217,7 @@ If you disable or do not configure this policy setting, the Kerberos client requ ADMX Info: - GP english name: *Require strict KDC validation* - GP name: *ValidateKDC* +- GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* @@ -267,6 +271,7 @@ Note: This policy setting configures the existing MaxTokenSize registry value in ADMX Info: - GP english name: *Set maximum Kerberos SSPI context token buffer size* - GP name: *MaxTokenSize* +- GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 192795ada2..e0cc238f3e 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Licensing diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 3ef2f11cab..e24b65ed09 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/04/2017 +ms.date: 08/09/2017 --- # Policy CSP - LocalPoliciesSecurityOptions @@ -672,6 +672,46 @@ Valid values: - 0 - disabled - 1 - enabled (allow system to be shut down without having to log on) +Value type is integer. Supported operations are Add, Get, Replace, and Delete. + + + + +**LocalPoliciesSecurityOptions/TBUserAccountControl_RunAllAdministratorsInAdminApprovalModeD** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark3check mark3check mark3check mark3cross markcross mark
+ + + +User Account Control: Turn on Admin Approval Mode + +This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. + +The options are: +- 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced. +- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. + + Value type is integer. Supported operations are Add, Get, Replace, and Delete. @@ -891,46 +931,6 @@ The options are: - 0 - Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system. - 1 - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. -Value type is integer. Supported operations are Add, Get, Replace, and Delete. - - - - -**LocalPoliciesSecurityOptions/TBUserAccountControl_RunAllAdministratorsInAdminApprovalModeD** - - - - - - - - - - - - - - - - - - - - - -
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark3check mark3check mark3check mark3cross markcross mark
- - - -User Account Control: Turn on Admin Approval Mode - -This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. - -The options are: -- 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced. -- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. - - Value type is integer. Supported operations are Add, Get, Replace, and Delete. @@ -1021,4 +1021,5 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - \ No newline at end of file + + diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index ba133e1921..2b3d3a2b35 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Location diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index a98d78e52b..c207e57f39 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - LockDown diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 27d44175e4..9e719e5b3b 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Maps diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index e0c705d31b..1734984fd4 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Messaging diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 0d59b01e1b..fba5342cac 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - NetworkIsolation diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index fa41ee2efb..a1c092d0df 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Notifications diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index f3bb408651..24bb80fa7e 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Power @@ -64,6 +64,7 @@ If you disable this policy setting, standby states (S1-S3) are not allowed. ADMX Info: - GP english name: *Allow standby states (S1-S3) when sleeping (plugged in)* - GP name: *AllowStandbyStatesAC_2* +- GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -115,6 +116,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn off the display (on battery)* - GP name: *VideoPowerDownTimeOutDC_2* +- GP path: *System/Power Management/Video and Display Settings* - GP ADMX file name: *power.admx* @@ -166,6 +168,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn off the display (plugged in)* - GP name: *VideoPowerDownTimeOutAC_2* +- GP path: *System/Power Management/Video and Display Settings* - GP ADMX file name: *power.admx* @@ -218,6 +221,7 @@ ADMX Info: ADMX Info: - GP english name: *Specify the system hibernate timeout (on battery)* - GP name: *DCHibernateTimeOut_2* +- GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -269,6 +273,7 @@ ADMX Info: ADMX Info: - GP english name: *Specify the system hibernate timeout (plugged in)* - GP name: *ACHibernateTimeOut_2* +- GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -318,6 +323,7 @@ If you disable this policy setting, the user is not prompted for a password when ADMX Info: - GP english name: *Require a password when a computer wakes (on battery)* - GP name: *DCPromptForPasswordOnResume_2* +- GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -367,6 +373,7 @@ If you disable this policy setting, the user is not prompted for a password when ADMX Info: - GP english name: *Require a password when a computer wakes (plugged in)* - GP name: *ACPromptForPasswordOnResume_2* +- GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -418,6 +425,7 @@ ADMX Info: ADMX Info: - GP english name: *Specify the system sleep timeout (on battery)* - GP name: *DCStandbyTimeOut_2* +- GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* @@ -469,6 +477,7 @@ ADMX Info: ADMX Info: - GP english name: *Specify the system sleep timeout (plugged in)* - GP name: *ACStandbyTimeOut_2* +- GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 2fd40ada12..7d17fff50b 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Printers @@ -139,6 +139,7 @@ If you disable this policy setting: ADMX Info: - GP english name: *Point and Print Restrictions* - GP name: *PointAndPrint_Restrictions* +- GP path: *Control Panel/Printers* - GP ADMX file name: *Printing.admx* diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 64b43c3fd9..b2969151a6 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Privacy diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index 0f082798fe..b8964b01a1 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - RemoteAssistance @@ -70,6 +70,7 @@ If you do not configure this policy setting, the user sees the default warning m ADMX Info: - GP english name: *Customize warning messages* - GP name: *RA_Options* +- GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* @@ -121,6 +122,7 @@ If you do not configure this setting, application-based settings are used. ADMX Info: - GP english name: *Turn on session logging* - GP name: *RA_Logging* +- GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* @@ -180,6 +182,7 @@ If you enable this policy setting you should also enable appropriate firewall ex ADMX Info: - GP english name: *Configure Solicited Remote Assistance* - GP name: *RA_Solicit* +- GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* @@ -262,6 +265,7 @@ Allow Remote Desktop Exception ADMX Info: - GP english name: *Configure Offer Remote Assistance* - GP name: *RA_Unsolicit* +- GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 57e8b93015..fc802cbca7 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - RemoteDesktopServices @@ -70,6 +70,7 @@ You can limit the number of users who can connect simultaneously by configuring ADMX Info: - GP english name: *Allow users to connect remotely by using Remote Desktop Services* - GP name: *TS_DISABLE_CONNECTIONS* +- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections* - GP ADMX file name: *terminalserver.admx* @@ -129,6 +130,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp ADMX Info: - GP english name: *Set client connection encryption level* - GP name: *TS_ENCRYPTION_POLICY* +- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* @@ -182,6 +184,7 @@ If you do not configure this policy setting, client drive redirection and Clipbo ADMX Info: - GP english name: *Do not allow drive redirection* - GP name: *TS_CLIENT_DRIVE_M* +- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection* - GP ADMX file name: *terminalserver.admx* @@ -231,6 +234,7 @@ If you disable this setting or leave it not configured, the user will be able to ADMX Info: - GP english name: *Do not allow passwords to be saved* - GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2* +- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Connection Client* - GP ADMX file name: *terminalserver.admx* @@ -286,6 +290,7 @@ If you do not configure this policy setting, automatic logon is not specified at ADMX Info: - GP english name: *Always prompt for password upon connection* - GP name: *TS_PASSWORD* +- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* @@ -341,6 +346,7 @@ Note: The RPC interface is used for administering and configuring Remote Desktop ADMX Info: - GP english name: *Require secure RPC communication* - GP name: *TS_RPC_ENCRYPTION* +- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 2bb1892add..b1cd0e9207 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - RemoteManagement @@ -58,6 +58,7 @@ ms.date: 07/14/2017 ADMX Info: - GP english name: *Allow Basic authentication* - GP name: *AllowBasic_2* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -101,6 +102,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow Basic authentication* - GP name: *AllowBasic_1* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -144,6 +146,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow CredSSP authentication* - GP name: *AllowCredSSP_2* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -187,6 +190,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow CredSSP authentication* - GP name: *AllowCredSSP_1* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -230,6 +234,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow remote server management through WinRM* - GP name: *AllowAutoConfig* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -273,6 +278,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow unencrypted traffic* - GP name: *AllowUnencrypted_2* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -316,6 +322,7 @@ ADMX Info: ADMX Info: - GP english name: *Allow unencrypted traffic* - GP name: *AllowUnencrypted_1* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -359,6 +366,7 @@ ADMX Info: ADMX Info: - GP english name: *Disallow Digest authentication* - GP name: *DisallowDigest* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -402,6 +410,7 @@ ADMX Info: ADMX Info: - GP english name: *Disallow Negotiate authentication* - GP name: *DisallowNegotiate_2* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -445,6 +454,7 @@ ADMX Info: ADMX Info: - GP english name: *Disallow Negotiate authentication* - GP name: *DisallowNegotiate_1* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -488,6 +498,7 @@ ADMX Info: ADMX Info: - GP english name: *Disallow WinRM from storing RunAs credentials* - GP name: *DisableRunAs* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -531,6 +542,7 @@ ADMX Info: ADMX Info: - GP english name: *Specify channel binding token hardening level* - GP name: *CBTHardeningLevel_1* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -574,6 +586,7 @@ ADMX Info: ADMX Info: - GP english name: *Trusted Hosts* - GP name: *TrustedHosts* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -617,6 +630,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn On Compatibility HTTP Listener* - GP name: *HttpCompatibilityListener* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* @@ -660,6 +674,7 @@ ADMX Info: ADMX Info: - GP english name: *Turn On Compatibility HTTPS Listener* - GP name: *HttpsCompatibilityListener* +- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 79559fed08..00dd1a5001 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - RemoteProcedureCall @@ -68,6 +68,7 @@ Note: This policy will not be applied until the system is rebooted. ADMX Info: - GP english name: *Enable RPC Endpoint Mapper Client Authentication* - GP name: *RpcEnableAuthEpResolution* +- GP path: *System/Remote Procedure Call* - GP ADMX file name: *rpc.admx* @@ -129,6 +130,7 @@ Note: This policy setting will not be applied until the system is rebooted. ADMX Info: - GP english name: *Restrict Unauthenticated RPC clients* - GP name: *RpcRestrictRemoteClients* +- GP path: *System/Remote Procedure Call* - GP ADMX file name: *rpc.admx* diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index becd1b6df2..ddc13e6c8e 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - RemoteShell @@ -58,6 +58,7 @@ ms.date: 07/14/2017 ADMX Info: - GP english name: *Allow Remote Shell Access* - GP name: *AllowRemoteShellAccess* +- GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -101,6 +102,7 @@ ADMX Info: ADMX Info: - GP english name: *MaxConcurrentUsers* - GP name: *MaxConcurrentUsers* +- GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -144,6 +146,7 @@ ADMX Info: ADMX Info: - GP english name: *Specify idle Timeout* - GP name: *IdleTimeout* +- GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -187,6 +190,7 @@ ADMX Info: ADMX Info: - GP english name: *Specify maximum amount of memory in MB per Shell* - GP name: *MaxMemoryPerShellMB* +- GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -230,6 +234,7 @@ ADMX Info: ADMX Info: - GP english name: *Specify maximum number of processes per Shell* - GP name: *MaxProcessesPerShell* +- GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -273,6 +278,7 @@ ADMX Info: ADMX Info: - GP english name: *Specify maximum number of remote shells per user* - GP name: *MaxShellsPerUser* +- GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* @@ -316,6 +322,7 @@ ADMX Info: ADMX Info: - GP english name: *Specify Shell Timeout* - GP name: *ShellTimeOut* +- GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index b4338ee741..d5f5c4ad2d 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Search diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 5b0f36a599..0472962b49 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/26/2017 +ms.date: 08/09/2017 --- # Policy CSP - Security @@ -216,6 +216,45 @@ ms.date: 07/26/2017 - 0 – Don't allow Anti Theft Mode. - 1 (default) – Anti Theft Mode will follow the default device configuration (region-dependent). + + + +**Security/ClearTPMIfNotReady** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark3check mark3check mark3check mark3cross markcross mark
+ + + +> [!NOTE] +> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. + +Added in Windows 10, version 1709. Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart. + +The following list shows the supported values: + +- 0 (default) – Will not force recovery from a non-ready TPM state. +- 1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear. + @@ -258,45 +297,6 @@ ms.date: 07/26/2017 - 0 (default) – Encryption enabled. - 1 – Encryption disabled. - - - -**Security/ClearTPMIfNotReady** - - - - - - - - - - - - - - - - - - - - - -
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark3check mark3check mark3check mark3cross markcross mark
- - - -> [!NOTE] -> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. - -Added in Windows 10, version 1709. Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart. - -The following list shows the supported values: - -- 0 (default) – Will not force recovery from a non-ready TPM state. -- 1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear. - diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 1f0609cf32..66b1036ad7 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Settings diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index f051f86853..f9c43718a4 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - SmartScreen diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index e19e02b135..a8f70bedb6 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Speech diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 63e49d9fa5..6c0dd2a75b 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Start diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 6e7bf5238a..b0dcf3a30b 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Storage @@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, Windows will activate un ADMX Info: - GP english name: *Do not allow Windows to activate Enhanced Storage devices* - GP name: *TCGSecurityActivationDisabled* +- GP path: *System/Enhanced Storage Access* - GP ADMX file name: *enhancedstorage.admx* diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index ac2270f86c..bd2ca894b5 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - System @@ -548,6 +548,7 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu ADMX Info: - GP english name: *Turn off System Restore* - GP name: *SR_DisableSR* +- GP path: *System/System Restore* - GP ADMX file name: *systemrestore.admx* diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 213a633652..8f0523789d 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - TextInput @@ -363,9 +363,6 @@ ms.date: 07/14/2017 **TextInput/AllowKoreanExtendedHanja** - - -

This policy has been deprecated. diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 5aa7ed1720..2ccd9541ad 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - TimeLanguageSettings diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 3681d55d6f..f057cd47c6 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Update diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 2a91601f05..20616a5dfd 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - Wifi @@ -22,9 +22,6 @@ ms.date: 07/14/2017 **WiFi/AllowWiFiHotSpotReporting** - - -

This policy has been deprecated. @@ -283,6 +280,8 @@ Footnote: - +## Wifi policies supported by Microsoft Surface Hub + +- [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting) diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 1562806a3e..b7a99ac6a7 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - WindowsDefenderSecurityCenter diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index aea0a2de88..d196f035a8 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - WindowsInkWorkspace diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index c0d3fb1bdc..cab3989529 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - WindowsLogon @@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, users can choose which a ADMX Info: - GP english name: *Turn off app notifications on the lock screen* - GP name: *DisableLockScreenAppNotifications* +- GP path: *System/Logon* - GP ADMX file name: *logon.admx* @@ -113,6 +114,7 @@ If you disable or don't configure this policy setting, any user can disconnect t ADMX Info: - GP english name: *Do not display network selection UI* - GP name: *DontDisplayNetworkSelectionUI* +- GP path: *System/Logon* - GP ADMX file name: *logon.admx* diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 7662a3bdcb..3086c439d8 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/14/2017 +ms.date: 08/09/2017 --- # Policy CSP - WirelessDisplay @@ -162,9 +162,6 @@ ms.date: 07/14/2017 **WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver** - - -

Added in Windows 10, version 1703. From 11c7c951f64f2da460820bc1076b4c982e7da73b Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Wed, 9 Aug 2017 19:06:00 +0000 Subject: [PATCH 3/3] Merged PR 2638: EntepriseDataProtection CSP updated values in Settings/EDPEnforcementLevel --- .../mdm/enterprisedataprotection-csp.md | 6 +++--- .../mdm/new-in-windows-mdm-enrollment-management.md | 10 ++++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md index 95722f7b40..c79f4f55e9 100644 --- a/windows/client-management/mdm/enterprisedataprotection-csp.md +++ b/windows/client-management/mdm/enterprisedataprotection-csp.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 06/19/2017 +ms.date: 08/09/2017 --- # EnterpriseDataProtection CSP @@ -44,8 +44,8 @@ The following diagram shows the EnterpriseDataProtection CSP in tree format. - 0 (default) – Off / No protection (decrypts previously protected data). - 1 – Silent mode (encrypt and audit only). -- 2 – Override mode (encrypt, prompt, and audit). -- 3 – Block mode (encrypt, block, and audit). +- 2 – Allow override mode (encrypt, prompt and allow overrides, and audit). +- 3 – Hides overrides (encrypt, prompt but hide overrides, and audit).

Supported operations are Add, Get, Replace and Delete. Value type is integer. diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index ddbd9bfab8..2fe500388f 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1322,6 +1322,16 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware [CM\_CellularEntries CSP](cm-cellularentries-csp.md)

Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.

+ +[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) +

Updated the Settings/EDPEnforcementLevel values to the following:

+ + [Policy CSP](policy-configuration-service-provider.md)

Added the following new policies for Windows 10, version 1709: