diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 8887d570cb..23d468a09d 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1782,75 +1782,76 @@ The following diagram shows the Policy configuration service provider in tree fo
-
- LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
+ LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
-
- LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
+ LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
-
- LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus
+ LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus
-
- LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
-
-
- LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
+ LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
-
- LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
+ LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
-
- LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
+ LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
-
- LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
+ LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
-
- LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
+ LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn
-
- LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
+ LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn
-
- LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
+ LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL
-
- LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
+ LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
-
- LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
+ LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
-
- LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
+ LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
-
- LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon
+ LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
-
- LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
+ LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon
-
- LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
+ LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
-
- LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
+ LocalPoliciesSecurityOptions/TBUserAccountControl_RunAllAdministratorsInAdminApprovalModeD
-
- LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
+ LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
-
- LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
+ LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
-
- LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
+ LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
-
- LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
+ LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
-
- LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
+ LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
-
- LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
+ LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
+
+ -
+ LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index 5b1b04014f..eb8cd4abc7 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - AboveLock
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 321173c109..53ea6582a5 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Accounts
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index ecf8c1bd88..e67542f66b 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - ActiveXControls
@@ -66,6 +66,7 @@ Note: Wild card characters cannot be used when specifying the host URLs.
ADMX Info:
- GP english name: *Approved Installation Sites for ActiveX Controls*
- GP name: *ApprovedActiveXInstallSites*
+- GP path: *Windows Components/ActiveX Installer Service*
- GP ADMX file name: *ActiveXInstallService.admx*
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 1611634651..11297a57df 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - ApplicationDefaults
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 04487cf2a4..5d72ba16b5 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - ApplicationManagement
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index b0b817880f..f3da2fb6fe 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - AppVirtualization
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index 5d23ee3459..0d4c2f7055 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - AttachmentManager
@@ -66,6 +66,7 @@ If you do not configure this policy setting, Windows marks file attachments with
ADMX Info:
- GP english name: *Do not preserve zone information in file attachments*
- GP name: *AM_MarkZoneOnSavedAtttachments*
+- GP path: *Windows Components/Attachment Manager*
- GP ADMX file name: *AttachmentManager.admx*
@@ -117,6 +118,7 @@ If you do not configure this policy setting, Windows hides the check box and Unb
ADMX Info:
- GP english name: *Hide mechanisms to remove zone information*
- GP name: *AM_RemoveZoneInfo*
+- GP path: *Windows Components/Attachment Manager*
- GP ADMX file name: *AttachmentManager.admx*
@@ -168,6 +170,7 @@ If you do not configure this policy setting, Windows does not call the registere
ADMX Info:
- GP english name: *Notify antivirus programs when opening attachments*
- GP name: *AM_CallIOfficeAntiVirus*
+- GP path: *Windows Components/Attachment Manager*
- GP ADMX file name: *AttachmentManager.admx*
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index d6e687ff2b..2b74810ed1 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Authentication
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index 8d520d5bf1..8198ac815b 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Autoplay
@@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, AutoPlay is enabled for
ADMX Info:
- GP english name: *Disallow Autoplay for non-volume devices*
- GP name: *NoAutoplayfornonVolume*
+- GP path: *Windows Components/AutoPlay Policies*
- GP ADMX file name: *AutoPlay.admx*
@@ -122,6 +123,7 @@ If you disable or not configure this policy setting, Windows Vista or later will
ADMX Info:
- GP english name: *Set the default behavior for AutoRun*
- GP name: *NoAutorun*
+- GP path: *Windows Components/AutoPlay Policies*
- GP ADMX file name: *AutoPlay.admx*
@@ -181,6 +183,7 @@ Note: This policy setting appears in both the Computer Configuration and User Co
ADMX Info:
- GP english name: *Turn off Autoplay*
- GP name: *Autorun*
+- GP path: *Windows Components/AutoPlay Policies*
- GP ADMX file name: *AutoPlay.admx*
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
index d400b459dc..70e825b78a 100644
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Bitlocker
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index 36f22b68f0..69445abb1a 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Bluetooth
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 1f89d48fa9..f0d50ff7ac 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Browser
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 827c761526..5235998a62 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Camera
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 099237a30b..0afb973431 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Cellular
@@ -58,6 +58,7 @@ ms.date: 07/14/2017
ADMX Info:
- GP english name: *Set Per-App Cellular Access UI Visibility*
- GP name: *ShowAppCellularAccessUI*
+- GP path: *Network/WWAN Service/WWAN UI Settings*
- GP ADMX file name: *wwansvc.admx*
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index 4e608da6c7..d766ef3c9d 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Connectivity
@@ -521,6 +521,7 @@ If you enable this policy, Windows only allows access to the specified UNC paths
ADMX Info:
- GP english name: *Hardened UNC Paths*
- GP name: *Pol_HardenedPaths*
+- GP path: *Network/Network Provider*
- GP ADMX file name: *networkprovider.admx*
@@ -564,6 +565,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Prohibit installation and configuration of Network Bridge on your DNS domain network*
- GP name: *NC_AllowNetBridge_NLA*
+- GP path: *Network/Network Connections*
- GP ADMX file name: *NetworkConnections.admx*
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index 4ea0afb98d..afa69b9477 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - CredentialProviders
@@ -155,7 +155,7 @@ Added in Windows 10, version 1709. Boolean policy to disable the visibility of t
The Windows 10 Automatic ReDeployment feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students.
- 0 - Enable the visibility of the credentials for Windows 10 Automatic ReDeployment
-- 1 - Disable visibility of the credentials for Windows 10 Automatic ReDeployment
+- 1 - Disable visibility of the credentials for Windows 10 Automatic ReDeployment
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index c99d68a5fe..728275e01e 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - CredentialsUI
@@ -68,6 +68,7 @@ The policy applies to all Windows components and applications that use the Windo
ADMX Info:
- GP english name: *Do not display the password reveal button*
- GP name: *DisablePasswordReveal*
+- GP path: *Windows Components/Credential User Interface*
- GP ADMX file name: *credui.admx*
@@ -117,6 +118,7 @@ If you disable this policy setting, users will always be required to type a user
ADMX Info:
- GP english name: *Enumerate administrator accounts on elevation*
- GP name: *EnumerateAdministrators*
+- GP path: *Windows Components/Credential User Interface*
- GP ADMX file name: *credui.admx*
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 28837af17c..5365025f58 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Cryptography
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index e520e4612f..ebe61e6295 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - DataProtection
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index decc54ee81..7398cdb094 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - DataUsage
@@ -70,6 +70,7 @@ If this policy setting is disabled or is not configured, the cost of 3G connecti
ADMX Info:
- GP english name: *Set 3G Cost*
- GP name: *SetCost3G*
+- GP path: *Network/WWAN Service/WWAN Media Cost*
- GP ADMX file name: *wwansvc.admx*
@@ -125,6 +126,7 @@ If this policy setting is disabled or is not configured, the cost of 4G connecti
ADMX Info:
- GP english name: *Set 4G Cost*
- GP name: *SetCost4G*
+- GP path: *Network/WWAN Service/WWAN Media Cost*
- GP ADMX file name: *wwansvc.admx*
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 337cacc79f..42421382a1 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Defender
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index 830147907b..a80a113695 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - DeliveryOptimization
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index 2a09f78ddf..2f095c7e16 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Desktop
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index f104ff82b3..a613939a89 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - DeviceGuard
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 4f4b4d25d5..b9e3b22182 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - DeviceInstallation
@@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, devices can be installed
ADMX Info:
- GP english name: *Prevent installation of devices that match any of these device IDs*
- GP name: *DeviceInstall_IDs_Deny*
+- GP path: *System/Device Installation/Device Installation Restrictions*
- GP ADMX file name: *deviceinstallation.admx*
@@ -113,6 +114,7 @@ If you disable or do not configure this policy setting, Windows can install and
ADMX Info:
- GP english name: *Prevent installation of devices using drivers that match these device setup classes*
- GP name: *DeviceInstall_Classes_Deny*
+- GP path: *System/Device Installation/Device Installation Restrictions*
- GP ADMX file name: *deviceinstallation.admx*
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 8ac0f11942..3e3e9a0a12 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - DeviceLock
@@ -769,6 +769,7 @@ If you enable this setting, users will no longer be able to modify slide show se
ADMX Info:
- GP english name: *Prevent enabling lock screen slide show*
- GP name: *CPL_Personalization_NoLockScreenSlideshow*
+- GP path: *Control Panel/Personalization*
- GP ADMX file name: *ControlPanelDisplay.admx*
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index c10d926963..173a2e7f02 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Display
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index a1912d6edc..8c563ece39 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/27/2017
+ms.date: 08/09/2017
---
# Policy CSP - Education
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index 7b33c7e5b4..aac0cea10c 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - EnterpriseCloudPrint
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index 800c8ac975..88177e71c6 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - ErrorReporting
@@ -123,6 +123,7 @@ If you disable or do not configure this policy setting, the Turn off Windows Err
ADMX Info:
- GP english name: *Disable Windows Error Reporting*
- GP name: *WerDisable_2*
+- GP path: *Windows Components/Windows Error Reporting*
- GP ADMX file name: *ErrorReporting.admx*
@@ -176,6 +177,7 @@ See also the Configure Error Reporting policy setting.
ADMX Info:
- GP english name: *Display Error Notification*
- GP name: *PCH_ShowUI*
+- GP path: *Windows Components/Windows Error Reporting*
- GP ADMX file name: *ErrorReporting.admx*
@@ -225,6 +227,7 @@ If you disable or do not configure this policy setting, then consent policy sett
ADMX Info:
- GP english name: *Do not send additional data*
- GP name: *WerNoSecondLevelData_2*
+- GP path: *Windows Components/Windows Error Reporting*
- GP ADMX file name: *ErrorReporting.admx*
@@ -274,6 +277,7 @@ If you disable or do not configure this policy setting, Windows Error Reporting
ADMX Info:
- GP english name: *Prevent display of the user interface for critical errors*
- GP name: *WerDoNotShowUI*
+- GP path: *Windows Components/Windows Error Reporting*
- GP ADMX file name: *ErrorReporting.admx*
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index a1f5c9527e..8ded981267 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - EventLogService
@@ -66,6 +66,7 @@ Note: Old events may or may not be retained according to the "Backup log automat
ADMX Info:
- GP english name: *Control Event Log behavior when the log file reaches its maximum size*
- GP name: *Channel_Log_Retention_1*
+- GP path: *Windows Components/Event Log Service/Application*
- GP ADMX file name: *eventlog.admx*
@@ -115,6 +116,7 @@ If you disable or do not configure this policy setting, the maximum size of the
ADMX Info:
- GP english name: *Specify the maximum log file size (KB)*
- GP name: *Channel_LogMaxSize_1*
+- GP path: *Windows Components/Event Log Service/Application*
- GP ADMX file name: *eventlog.admx*
@@ -164,6 +166,7 @@ If you disable or do not configure this policy setting, the maximum size of the
ADMX Info:
- GP english name: *Specify the maximum log file size (KB)*
- GP name: *Channel_LogMaxSize_2*
+- GP path: *Windows Components/Event Log Service/Security*
- GP ADMX file name: *eventlog.admx*
@@ -213,6 +216,7 @@ If you disable or do not configure this policy setting, the maximum size of the
ADMX Info:
- GP english name: *Specify the maximum log file size (KB)*
- GP name: *Channel_LogMaxSize_4*
+- GP path: *Windows Components/Event Log Service/System*
- GP ADMX file name: *eventlog.admx*
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index c69b113a36..82e380c156 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Experience
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index 5cb47e7195..9e5de02b1b 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Games
@@ -22,9 +22,6 @@ ms.date: 07/14/2017
**Games/AllowAdvancedGamingServices**
-
-
-
Placeholder only. Currently not supported.
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index b5377f7a59..cd051e0e91 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/16/2017
+ms.date: 08/09/2017
---
# Policy CSP - InternetExplorer
@@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, the user can configure t
ADMX Info:
- GP english name: *Add a specific list of search providers to the user's list of search providers*
- GP name: *AddSearchProvider*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -113,6 +114,7 @@ If you disable or do not configure this policy setting, ActiveX Filtering is not
ADMX Info:
- GP english name: *Turn on ActiveX Filtering*
- GP name: *TurnOnActiveXFiltering*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -168,6 +170,7 @@ If you disable this policy setting, the list is deleted. The 'Deny all add-ons u
ADMX Info:
- GP english name: *Add-on List*
- GP name: *AddonManagement_AddOnList*
+- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -211,6 +214,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn on the auto-complete feature for user names and passwords on forms*
- GP name: *RestrictFormSuggestPW*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -254,6 +258,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn on certificate address mismatch warning*
- GP name: *IZ_PolicyWarnCertMismatch*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -297,6 +302,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow deleting browsing history on exit*
- GP name: *DBHDisableDeleteOnExit*
+- GP path: *Windows Components/Internet Explorer/Delete Browsing History*
- GP ADMX file name: *inetres.admx*
@@ -348,6 +354,7 @@ If you do not configure this policy, users will be able to turn on or turn off E
ADMX Info:
- GP english name: *Turn on Enhanced Protected Mode*
- GP name: *Advanced_EnableEnhancedProtectedMode*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -397,6 +404,7 @@ If you disable or don't configure this policy setting, the menu option won't app
ADMX Info:
- GP english name: *Let users turn on and use Enterprise Mode from the Tools menu*
- GP name: *EnterpriseModeEnable*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -446,6 +454,7 @@ If you disable or don't configure this policy setting, Internet Explorer opens a
ADMX Info:
- GP english name: *Use the Enterprise Mode IE website list*
- GP name: *EnterpriseModeSiteList*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -489,6 +498,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow fallback to SSL 3.0 (Internet Explorer)*
- GP name: *Advanced_EnableSSL3Fallback*
+- GP path: *Windows Components/Internet Explorer/Security Features*
- GP ADMX file name: *inetres.admx*
@@ -538,6 +548,7 @@ If you disable or do not configure this policy setting, the user can add and rem
ADMX Info:
- GP english name: *Use Policy List of Internet Explorer 7 sites*
- GP name: *CompatView_UsePolicyList*
+- GP path: *Windows Components/Internet Explorer/Compatibility View*
- GP ADMX file name: *inetres.admx*
@@ -589,6 +600,7 @@ If you do not configure this policy setting, Internet Explorer uses an Internet
ADMX Info:
- GP english name: *Turn on Internet Explorer Standards Mode for local intranet*
- GP name: *CompatView_IntranetSites*
+- GP path: *Windows Components/Internet Explorer/Compatibility View*
- GP ADMX file name: *inetres.admx*
@@ -644,6 +656,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
- GP english name: *Internet Zone Template*
- GP name: *IZ_PolicyInternetZoneTemplate*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -699,6 +712,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
- GP english name: *Intranet Zone Template*
- GP name: *IZ_PolicyIntranetZoneTemplate*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -754,6 +768,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
- GP english name: *Local Machine Zone Template*
- GP name: *IZ_PolicyLocalMachineZoneTemplate*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -809,6 +824,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
- GP english name: *Locked-Down Internet Zone Template*
- GP name: *IZ_PolicyInternetZoneLockdownTemplate*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -864,6 +880,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
- GP english name: *Locked-Down Intranet Zone Template*
- GP name: *IZ_PolicyIntranetZoneLockdownTemplate*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -919,6 +936,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
- GP english name: *Locked-Down Local Machine Zone Template*
- GP name: *IZ_PolicyLocalMachineZoneLockdownTemplate*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -974,6 +992,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
- GP english name: *Locked-Down Restricted Sites Zone Template*
- GP name: *IZ_PolicyRestrictedSitesZoneLockdownTemplate*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -1023,6 +1042,7 @@ If you disable or do not configure this policy setting, Internet Explorer does n
ADMX Info:
- GP english name: *Go to an intranet site for a one-word entry in the Address bar*
- GP name: *UseIntranetSiteForOneWordEntry*
+- GP path: *Windows Components/Internet Explorer/Internet Settings/Advanced settings/Browsing*
- GP ADMX file name: *inetres.admx*
@@ -1078,6 +1098,7 @@ If you disable or do not configure this policy, users may choose their own site-
ADMX Info:
- GP english name: *Site to Zone Assignment List*
- GP name: *IZ_Zonemaps*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -1121,6 +1142,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow software to run or install even if the signature is invalid*
- GP name: *Advanced_InvalidSignatureBlock*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -1172,6 +1194,7 @@ If you do not configure this policy setting, the user can turn on and turn off t
ADMX Info:
- GP english name: *Turn on Suggested Sites*
- GP name: *EnableSuggestedSites*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -1227,6 +1250,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
- GP english name: *Trusted Sites Zone Template*
- GP name: *IZ_PolicyTrustedSitesZoneTemplate*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -1282,6 +1306,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
- GP english name: *Locked-Down Trusted Sites Zone Template*
- GP name: *IZ_PolicyTrustedSitesZoneLockdownTemplate*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -1337,6 +1362,7 @@ Note. It is recommended to configure template policy settings in one Group Polic
ADMX Info:
- GP english name: *Restricted Sites Zone Template*
- GP name: *IZ_PolicyRestrictedSitesZoneTemplate*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -1380,6 +1406,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Check for server certificate revocation*
- GP name: *Advanced_CertificateRevocation*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -1423,6 +1450,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Check for signatures on downloaded programs*
- GP name: *Advanced_DownloadSignatures*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -1466,6 +1494,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Internet Explorer Processes*
- GP name: *IESF_PolicyExplorerProcesses_2*
+- GP path: *Windows Components/Internet Explorer/Security Features/Binary Behavior Security Restriction*
- GP ADMX file name: *inetres.admx*
@@ -1517,6 +1546,7 @@ Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny
ADMX Info:
- GP english name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects*
- GP name: *DisableFlashInIE*
+- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -1560,6 +1590,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer*
- GP name: *VerMgmtDisable*
+- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -1609,6 +1640,7 @@ If you disable or do not configure this policy setting, the user can bypass Smar
ADMX Info:
- GP english name: *Prevent bypassing SmartScreen Filter warnings*
- GP name: *DisableSafetyFilterOverride*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -1658,6 +1690,7 @@ If you disable or do not configure this policy setting, the user can bypass Smar
ADMX Info:
- GP english name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet*
- GP name: *DisableSafetyFilterOverrideForAppRepUnknown*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -1701,6 +1734,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Disable "Configuring History"*
- GP name: *RestrictHistory*
+- GP path: *Windows Components/Internet Explorer/Delete Browsing History*
- GP ADMX file name: *inetres.admx*
@@ -1744,6 +1778,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn off Crash Detection*
- GP name: *AddonManagement_RestrictCrashDetection*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -1795,6 +1830,7 @@ If you do not configure this policy setting, the user can choose to participate
ADMX Info:
- GP english name: *Prevent participation in the Customer Experience Improvement Program*
- GP name: *SQM_DisableCEIP*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -1838,6 +1874,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Prevent deleting websites that the user has visited*
- GP name: *DBHDisableDeleteHistory*
+- GP path: *Windows Components/Internet Explorer/Delete Browsing History*
- GP ADMX file name: *inetres.admx*
@@ -1887,6 +1924,7 @@ If you disable or do not configure this policy setting, the user can set the Fee
ADMX Info:
- GP english name: *Prevent downloading of enclosures*
- GP name: *Disable_Downloading_of_Enclosures*
+- GP path: *Windows Components/RSS Feeds*
- GP ADMX file name: *inetres.admx*
@@ -1938,6 +1976,7 @@ Note: SSL 2.0 is off by default and is no longer supported starting with Windows
ADMX Info:
- GP english name: *Turn off encryption support*
- GP name: *Advanced_SetWinInetProtocols*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -1991,6 +2030,7 @@ If you disable or do not configure this policy setting, Internet Explorer may ru
ADMX Info:
- GP english name: *Prevent running First Run wizard*
- GP name: *NoFirstRunCustomise*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2044,6 +2084,7 @@ If you don't configure this setting, users can turn this behavior on or off, usi
ADMX Info:
- GP english name: *Turn off the flip ahead with page prediction feature*
- GP name: *Advanced_DisableFlipAhead*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -2093,6 +2134,7 @@ If you disable or do not configure this policy setting, the Home page box is ena
ADMX Info:
- GP english name: *Disable changing home page settings*
- GP name: *RestrictHomePage*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2136,6 +2178,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Prevent ignoring certificate errors*
- GP name: *NoCertError*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel*
- GP ADMX file name: *inetres.admx*
@@ -2179,6 +2222,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn off InPrivate Browsing*
- GP name: *DisableInPrivateBrowsing*
+- GP path: *Windows Components/Internet Explorer/Privacy*
- GP ADMX file name: *inetres.admx*
@@ -2222,6 +2266,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows*
- GP name: *Advanced_EnableEnhancedProtectedMode64Bit*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -2271,6 +2316,7 @@ If you disable or do not configure this policy setting, the user can configure p
ADMX Info:
- GP english name: *Prevent changing proxy settings*
- GP name: *RestrictProxy*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2320,6 +2366,7 @@ If you disable or do not configure this policy setting, the user can change the
ADMX Info:
- GP english name: *Prevent changing the default search provider*
- GP name: *NoSearchProvider*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2371,6 +2418,7 @@ Note: If the Disable Changing Home Page Settings policy is enabled, the user can
ADMX Info:
- GP english name: *Disable changing secondary home page settings*
- GP name: *SecondaryHomePages*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2414,6 +2462,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn off the Security Settings Check feature*
- GP name: *Disable_Security_Settings_Check*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2465,6 +2514,7 @@ This policy is intended to help the administrator maintain version control for I
ADMX Info:
- GP english name: *Disable Periodic Check for Internet Explorer software updates*
- GP name: *NoUpdateCheck*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2508,6 +2558,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled*
- GP name: *Advanced_DisableEPMCompat*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
- GP ADMX file name: *inetres.admx*
@@ -2563,6 +2614,7 @@ Also, see the "Security zones: Use only machine settings" policy.
ADMX Info:
- GP english name: *Security Zones: Do not allow users to add/delete sites*
- GP name: *Security_zones_map_edit*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2618,6 +2670,7 @@ Also, see the "Security zones: Use only machine settings" policy.
ADMX Info:
- GP english name: *Security Zones: Do not allow users to change policies*
- GP name: *Security_options_edit*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -2669,6 +2722,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
ADMX Info:
- GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer*
- GP name: *VerMgmtDisable*
+- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -2724,6 +2778,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
ADMX Info:
- GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains*
- GP name: *VerMgmtDomainAllowlist*
+- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -2775,6 +2830,7 @@ If you do not configure this policy setting, users choose whether to force local
ADMX Info:
- GP english name: *Intranet Sites: Include all local (intranet) sites not listed in other zones*
- GP name: *IZ_IncludeUnspecifiedLocalSites*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -2826,6 +2882,7 @@ If you do not configure this policy setting, users choose whether network paths
ADMX Info:
- GP english name: *Intranet Sites: Include all network paths (UNCs)*
- GP name: *IZ_UNCAsIntranet*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
- GP ADMX file name: *inetres.admx*
@@ -2877,6 +2934,7 @@ If you do not configure this policy setting, users cannot load a page in the zon
ADMX Info:
- GP english name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -2928,6 +2986,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
- GP english name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -2977,6 +3036,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
- GP english name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3020,6 +3080,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow cut, copy or paste operations from the clipboard via script*
- GP name: *IZ_PolicyAllowPasteViaScript_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3063,6 +3124,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow drag and drop or copy and paste files*
- GP name: *IZ_PolicyDropOrPasteFiles_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3114,6 +3176,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
- GP english name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3165,6 +3228,7 @@ If you do not configure this policy setting, Web sites from less privileged zone
ADMX Info:
- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3208,6 +3272,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow loading of XAML files*
- GP name: *IZ_Policy_XAML_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3259,6 +3324,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi
ADMX Info:
- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3302,6 +3368,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow only approved domains to use ActiveX controls without prompt*
- GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3345,6 +3412,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow only approved domains to use the TDC ActiveX control*
- GP name: *IZ_PolicyAllowTDCControl_Both_Internet*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3388,6 +3456,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow script-initiated windows without size or position constraints*
- GP name: *IZ_PolicyWindowsRestrictionsURLaction_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3431,6 +3500,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow scripting of Internet Explorer WebBrowser controls*
- GP name: *IZ_Policy_WebBrowserControl_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3482,6 +3552,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
- GP english name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3535,6 +3606,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
- GP english name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3578,6 +3650,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow updates to status bar via script*
- GP name: *IZ_Policy_ScriptStatusBar_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3629,6 +3702,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
- GP english name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3672,6 +3746,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Don't run antimalware programs against ActiveX controls*
- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3715,6 +3790,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Download signed ActiveX controls*
- GP name: *IZ_PolicyDownloadSignedActiveX_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3758,6 +3834,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Download unsigned ActiveX controls*
- GP name: *IZ_PolicyDownloadUnsignedActiveX_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3801,6 +3878,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn on Cross-Site Scripting Filter*
- GP name: *IZ_PolicyTurnOnXSSFilter_Both_Internet*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3844,6 +3922,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Enable dragging of content from different domains across windows*
- GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3887,6 +3966,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Enable dragging of content from different domains within a window*
- GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3930,6 +4010,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Enable MIME Sniffing*
- GP name: *IZ_PolicyMimeSniffingURLaction_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -3973,6 +4054,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn on Protected Mode*
- GP name: *IZ_Policy_TurnOnProtectedMode_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4016,6 +4098,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Include local path when user is uploading files to a server*
- GP name: *IZ_Policy_LocalPathForUpload_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4069,6 +4152,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
- GP english name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4141,6 +4225,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4184,6 +4269,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Launching applications and files in an IFRAME*
- GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4227,6 +4313,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Logon options*
- GP name: *IZ_PolicyLogon_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4278,6 +4365,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
- GP english name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4321,6 +4409,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4364,6 +4453,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Run .NET Framework-reliant components signed with Authenticode*
- GP name: *IZ_PolicySignedFrameworkComponentsURLaction_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4407,6 +4497,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Show security warning for potentially unsafe files*
- GP name: *IZ_Policy_UnsafeFiles_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4450,6 +4541,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Use Pop-up Blocker*
- GP name: *IZ_PolicyBlockPopupWindows_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4493,6 +4585,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_1*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4544,6 +4637,7 @@ If you do not configure this policy setting, users are queried to choose whether
ADMX Info:
- GP english name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4595,6 +4689,7 @@ If you do not configure this policy setting, users will receive a prompt when a
ADMX Info:
- GP english name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4644,6 +4739,7 @@ If you disable or do not configure this setting, users will receive a file downl
ADMX Info:
- GP english name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4695,6 +4791,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
- GP english name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4746,6 +4843,7 @@ If you do not configure this policy setting, Web sites from less privileged zone
ADMX Info:
- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4797,6 +4895,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi
ADMX Info:
- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4848,6 +4947,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
- GP english name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4901,6 +5001,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
- GP english name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4952,6 +5053,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
- GP english name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -4995,6 +5097,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Don't run antimalware programs against ActiveX controls*
- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5048,6 +5151,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
- GP english name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5091,6 +5195,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5134,6 +5239,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5185,6 +5291,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
- GP english name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_3*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5236,6 +5343,7 @@ If you do not configure this policy setting, users can load a page in the zone t
ADMX Info:
- GP english name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_9*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5287,6 +5395,7 @@ If you do not configure this policy setting, users will receive a prompt when a
ADMX Info:
- GP english name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_9*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5336,6 +5445,7 @@ If you disable or do not configure this setting, users will receive a file downl
ADMX Info:
- GP english name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_9*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5387,6 +5497,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
- GP english name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_9*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5438,6 +5549,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_9*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5489,6 +5601,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_9*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5540,6 +5653,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
- GP english name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_9*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5593,6 +5707,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
- GP english name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_9*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5644,6 +5759,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
- GP english name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_9*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5687,6 +5803,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Don't run antimalware programs against ActiveX controls*
- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_9*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5740,6 +5857,7 @@ If you do not configure this policy setting, users are queried whether to allow
ADMX Info:
- GP english name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_9*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5783,6 +5901,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_9*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5834,6 +5953,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
- GP english name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_9*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -5885,6 +6005,7 @@ If you do not configure this policy setting, users cannot load a page in the zon
ADMX Info:
- GP english name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_2*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5936,6 +6057,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
- GP english name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_2*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -5985,6 +6107,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
- GP english name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_2*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6036,6 +6159,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
- GP english name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_2*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6087,6 +6211,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_2*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6138,6 +6263,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_2*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6189,6 +6315,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
- GP english name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_2*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6242,6 +6369,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
- GP english name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_2*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6293,6 +6421,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
- GP english name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_2*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6346,6 +6475,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
- GP english name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_2*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6389,6 +6519,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_2*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6440,6 +6571,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
- GP english name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_2*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6491,6 +6623,7 @@ If you do not configure this policy setting, users are queried to choose whether
ADMX Info:
- GP english name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_4*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6542,6 +6675,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
- GP english name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_4*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6591,6 +6725,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
- GP english name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_4*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6642,6 +6777,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
- GP english name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_4*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6693,6 +6829,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_4*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6744,6 +6881,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_4*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6795,6 +6933,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
- GP english name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_4*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6848,6 +6987,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
- GP english name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_4*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6899,6 +7039,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
- GP english name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_4*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -6952,6 +7093,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
- GP english name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_4*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -7003,6 +7145,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
- GP english name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_4*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
- GP ADMX file name: *inetres.admx*
@@ -7054,6 +7197,7 @@ If you do not configure this policy setting, users can load a page in the zone t
ADMX Info:
- GP english name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_10*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7105,6 +7249,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
- GP english name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_10*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7154,6 +7299,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
- GP english name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_10*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7205,6 +7351,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
- GP english name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_10*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7256,6 +7403,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_10*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7307,6 +7455,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_10*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7358,6 +7507,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
- GP english name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_10*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7411,6 +7561,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
- GP english name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_10*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7462,6 +7613,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
- GP english name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_10*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7515,6 +7667,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
- GP english name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_10*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7558,6 +7711,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_10*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7609,6 +7763,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
- GP english name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_10*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
- GP ADMX file name: *inetres.admx*
@@ -7660,6 +7815,7 @@ If you do not configure this policy setting, users cannot load a page in the zon
ADMX Info:
- GP english name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_8*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -7711,6 +7867,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
- GP english name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_8*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -7760,6 +7917,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
- GP english name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_8*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -7811,6 +7969,7 @@ If you do not configure this policy setting, users are queried whether to allow
ADMX Info:
- GP english name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_8*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -7862,6 +8021,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_8*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -7913,6 +8073,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_8*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -7964,6 +8125,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
- GP english name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_8*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8017,6 +8179,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
- GP english name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_8*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8068,6 +8231,7 @@ If you do not configure this policy setting, users cannot preserve information i
ADMX Info:
- GP english name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_8*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8121,6 +8285,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
- GP english name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_8*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8164,6 +8329,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_8*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8215,6 +8381,7 @@ If you do not configure this policy setting, users cannot open other windows and
ADMX Info:
- GP english name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_8*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8266,6 +8433,7 @@ If you do not configure this policy setting, users can load a page in the zone t
ADMX Info:
- GP english name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_6*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8317,6 +8485,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
- GP english name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_6*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8366,6 +8535,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
- GP english name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_6*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8417,6 +8587,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
- GP english name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_6*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8468,6 +8639,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_6*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8519,6 +8691,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_6*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8570,6 +8743,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
- GP english name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_6*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8623,6 +8797,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
- GP english name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_6*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8674,6 +8849,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
- GP english name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_6*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8727,6 +8903,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
- GP english name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_6*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8770,6 +8947,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_6*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8821,6 +8999,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
- GP english name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_6*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -8864,6 +9043,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Internet Explorer Processes*
- GP name: *IESF_PolicyExplorerProcesses_3*
+- GP path: *Windows Components/Internet Explorer/Security Features/MK Protocol Security Restriction*
- GP ADMX file name: *inetres.admx*
@@ -8907,6 +9087,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Internet Explorer Processes*
- GP name: *IESF_PolicyExplorerProcesses_6*
+- GP path: *Windows Components/Internet Explorer/Security Features/Mime Sniffing Safety Feature*
- GP ADMX file name: *inetres.admx*
@@ -8950,6 +9131,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Internet Explorer Processes*
- GP name: *IESF_PolicyExplorerProcesses_10*
+- GP path: *Windows Components/Internet Explorer/Security Features/Notification bar*
- GP ADMX file name: *inetres.admx*
@@ -8993,6 +9175,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Prevent managing SmartScreen Filter*
- GP name: *Disable_Managing_Safety_Filter_IE9*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -9036,6 +9219,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Prevent per-user installation of ActiveX controls*
- GP name: *DisablePerUserActiveXInstall*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -9079,6 +9263,7 @@ ADMX Info:
ADMX Info:
- GP english name: *All Processes*
- GP name: *IESF_PolicyAllProcesses_9*
+- GP path: *Windows Components/Internet Explorer/Security Features/Protection From Zone Elevation*
- GP ADMX file name: *inetres.admx*
@@ -9122,6 +9307,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer *
- GP name: *VerMgmtDisableRunThisTime*
+- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
- GP ADMX file name: *inetres.admx*
@@ -9165,6 +9351,7 @@ ADMX Info:
ADMX Info:
- GP english name: *All Processes*
- GP name: *IESF_PolicyAllProcesses_11*
+- GP path: *Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install*
- GP ADMX file name: *inetres.admx*
@@ -9208,6 +9395,7 @@ ADMX Info:
ADMX Info:
- GP english name: *All Processes*
- GP name: *IESF_PolicyAllProcesses_12*
+- GP path: *Windows Components/Internet Explorer/Security Features/Restrict File Download*
- GP ADMX file name: *inetres.admx*
@@ -9259,6 +9447,7 @@ If you do not configure this policy setting, users cannot load a page in the zon
ADMX Info:
- GP english name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9302,6 +9491,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow active scripting*
- GP name: *IZ_PolicyActiveScripting_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9353,6 +9543,7 @@ If you do not configure this policy setting, ActiveX control installations will
ADMX Info:
- GP english name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9402,6 +9593,7 @@ If you disable or do not configure this setting, file downloads that are not use
ADMX Info:
- GP english name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9445,6 +9637,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow binary and script behaviors*
- GP name: *IZ_PolicyBinaryBehaviors_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9488,6 +9681,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow cut, copy or paste operations from the clipboard via script*
- GP name: *IZ_PolicyAllowPasteViaScript_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9531,6 +9725,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow drag and drop or copy and paste files*
- GP name: *IZ_PolicyDropOrPasteFiles_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9574,6 +9769,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow file downloads*
- GP name: *IZ_PolicyFileDownload_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9625,6 +9821,7 @@ If you do not configure this policy setting, users are queried whether to allow
ADMX Info:
- GP english name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9676,6 +9873,7 @@ If you do not configure this policy setting, the possibly harmful navigations ar
ADMX Info:
- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9719,6 +9917,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow loading of XAML files*
- GP name: *IZ_Policy_XAML_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9762,6 +9961,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow META REFRESH*
- GP name: *IZ_PolicyAllowMETAREFRESH_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9813,6 +10013,7 @@ If you do not configure this policy setting, Internet Explorer will not execute
ADMX Info:
- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9856,6 +10057,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow only approved domains to use ActiveX controls without prompt*
- GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9899,6 +10101,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow only approved domains to use the TDC ActiveX control*
- GP name: *IZ_PolicyAllowTDCControl_Both_Restricted*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9942,6 +10145,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow script-initiated windows without size or position constraints*
- GP name: *IZ_PolicyWindowsRestrictionsURLaction_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -9985,6 +10189,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow scripting of Internet Explorer WebBrowser controls*
- GP name: *IZ_Policy_WebBrowserControl_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10036,6 +10241,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
- GP english name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10089,6 +10295,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
- GP english name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10132,6 +10339,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow updates to status bar via script*
- GP name: *IZ_Policy_ScriptStatusBar_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10183,6 +10391,7 @@ If you do not configure this policy setting, users cannot preserve information i
ADMX Info:
- GP english name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10226,6 +10435,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Don't run antimalware programs against ActiveX controls*
- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10269,6 +10479,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Download signed ActiveX controls*
- GP name: *IZ_PolicyDownloadSignedActiveX_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10312,6 +10523,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Download unsigned ActiveX controls*
- GP name: *IZ_PolicyDownloadUnsignedActiveX_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10355,6 +10567,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn on Cross-Site Scripting Filter*
- GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10398,6 +10611,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Enable dragging of content from different domains across windows*
- GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10441,6 +10655,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Enable dragging of content from different domains within a window*
- GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10484,6 +10699,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Enable MIME Sniffing*
- GP name: *IZ_PolicyMimeSniffingURLaction_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10527,6 +10743,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Include local path when user is uploading files to a server*
- GP name: *IZ_Policy_LocalPathForUpload_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10580,6 +10797,7 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad
ADMX Info:
- GP english name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10623,6 +10841,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10666,6 +10885,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Launching applications and files in an IFRAME*
- GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10709,6 +10929,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Logon options*
- GP name: *IZ_PolicyLogon_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10760,6 +10981,7 @@ If you do not configure this policy setting, users cannot open other windows and
ADMX Info:
- GP english name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10803,6 +11025,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10846,6 +11069,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Run ActiveX controls and plugins*
- GP name: *IZ_PolicyRunActiveXControls_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10889,6 +11113,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Run .NET Framework-reliant components signed with Authenticode*
- GP name: *IZ_PolicySignedFrameworkComponentsURLaction_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10932,6 +11157,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Script ActiveX controls marked safe for scripting*
- GP name: *IZ_PolicyScriptActiveXMarkedSafe_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -10975,6 +11201,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Scripting of Java applets*
- GP name: *IZ_PolicyScriptingOfJavaApplets_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11018,6 +11245,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Show security warning for potentially unsafe files*
- GP name: *IZ_Policy_UnsafeFiles_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11061,6 +11289,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn on Cross-Site Scripting Filter*
- GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11104,6 +11333,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn on Protected Mode*
- GP name: *IZ_Policy_TurnOnProtectedMode_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11147,6 +11377,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Use Pop-up Blocker*
- GP name: *IZ_PolicyBlockPopupWindows_7*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11190,6 +11421,7 @@ ADMX Info:
ADMX Info:
- GP english name: *All Processes*
- GP name: *IESF_PolicyAllProcesses_8*
+- GP path: *Windows Components/Internet Explorer/Security Features/Scripted Window Security Restrictions*
- GP ADMX file name: *inetres.admx*
@@ -11239,6 +11471,7 @@ If you disable or do not configure this policy setting, the user can configure h
ADMX Info:
- GP english name: *Restrict search providers to a specific list*
- GP name: *SpecificSearchProvider*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -11282,6 +11515,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Security Zones: Use only machine settings *
- GP name: *Security_HKLM_only*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -11325,6 +11559,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Specify use of ActiveX Installer Service for installation of ActiveX controls*
- GP name: *OnlyUseAXISForActiveXInstall*
+- GP path: *Windows Components/Internet Explorer*
- GP ADMX file name: *inetres.admx*
@@ -11376,6 +11611,7 @@ If you do not configure this policy setting, users can load a page in the zone t
ADMX Info:
- GP english name: *Access data sources across domains*
- GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11427,6 +11663,7 @@ If you do not configure this policy setting, users will receive a prompt when a
ADMX Info:
- GP english name: *Automatic prompting for ActiveX controls*
- GP name: *IZ_PolicyNotificationBarActiveXURLaction_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11476,6 +11713,7 @@ If you disable or do not configure this setting, users will receive a file downl
ADMX Info:
- GP english name: *Automatic prompting for file downloads*
- GP name: *IZ_PolicyNotificationBarDownloadURLaction_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11527,6 +11765,7 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa
ADMX Info:
- GP english name: *Allow font downloads*
- GP name: *IZ_PolicyFontDownload_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11578,6 +11817,7 @@ If you do not configure this policy setting, a warning is issued to the user tha
ADMX Info:
- GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
- GP name: *IZ_PolicyZoneElevationURLaction_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11629,6 +11869,7 @@ If you do not configure this policy setting, Internet Explorer will execute unsi
ADMX Info:
- GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
- GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11680,6 +11921,7 @@ If you do not configure this policy setting, the user can enable or disable scri
ADMX Info:
- GP english name: *Allow scriptlets*
- GP name: *IZ_Policy_AllowScriptlets_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11733,6 +11975,7 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt
ADMX Info:
- GP english name: *Turn on SmartScreen Filter scan*
- GP name: *IZ_Policy_Phishing_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11784,6 +12027,7 @@ If you do not configure this policy setting, users can preserve information in t
ADMX Info:
- GP english name: *Userdata persistence*
- GP name: *IZ_PolicyUserdataPersistence_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11827,6 +12071,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Don't run antimalware programs against ActiveX controls*
- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11870,6 +12115,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Don't run antimalware programs against ActiveX controls*
- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11923,6 +12169,7 @@ If you do not configure this policy setting, users are queried whether to allow
ADMX Info:
- GP english name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -11966,6 +12213,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -12009,6 +12257,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Initialize and script ActiveX controls not marked as safe*
- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -12052,6 +12301,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Java permissions*
- GP name: *IZ_PolicyJavaPermissions_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
@@ -12103,6 +12353,7 @@ If you do not configure this policy setting, users can open windows and frames f
ADMX Info:
- GP english name: *Navigate windows and frames across different domains*
- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5*
+- GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
- GP ADMX file name: *inetres.admx*
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index 801ebc1f70..f415128684 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Kerberos
@@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, the Kerberos client does
ADMX Info:
- GP english name: *Use forest search order*
- GP name: *ForestSearch*
+- GP path: *System/Kerberos*
- GP ADMX file name: *Kerberos.admx*
@@ -112,6 +113,7 @@ If you disable or do not configure this policy setting, the client devices will
ADMX Info:
- GP english name: *Kerberos client support for claims, compound authentication and Kerberos armoring*
- GP name: *EnableCbacAndArmor*
+- GP path: *System/Kerberos*
- GP ADMX file name: *Kerberos.admx*
@@ -165,6 +167,7 @@ If you disable or do not configure this policy setting, the client computers in
ADMX Info:
- GP english name: *Fail authentication requests when Kerberos armoring is not available*
- GP name: *ClientRequireFast*
+- GP path: *System/Kerberos*
- GP ADMX file name: *Kerberos.admx*
@@ -214,6 +217,7 @@ If you disable or do not configure this policy setting, the Kerberos client requ
ADMX Info:
- GP english name: *Require strict KDC validation*
- GP name: *ValidateKDC*
+- GP path: *System/Kerberos*
- GP ADMX file name: *Kerberos.admx*
@@ -267,6 +271,7 @@ Note: This policy setting configures the existing MaxTokenSize registry value in
ADMX Info:
- GP english name: *Set maximum Kerberos SSPI context token buffer size*
- GP name: *MaxTokenSize*
+- GP path: *System/Kerberos*
- GP ADMX file name: *Kerberos.admx*
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index 192795ada2..e0cc238f3e 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Licensing
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 62c962b525..e24b65ed09 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/04/2017
+ms.date: 08/09/2017
---
# Policy CSP - LocalPoliciesSecurityOptions
@@ -20,7 +20,7 @@ ms.date: 08/04/2017
## LocalPoliciesSecurityOptions policies
-**LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts**
+**LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts**
@@ -58,19 +58,11 @@ Valid values:
- 0 - disabled (users will be able to use Microsoft accounts with Windows)
- 1 - enabled (users cannot add Microsoft accounts)
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus**
+**LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus**
@@ -109,19 +101,11 @@ Valid values:
- 1 - local Administrator account is enabled
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus**
+**LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus**
@@ -157,19 +141,11 @@ Valid values:
Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly**
+**LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly**
@@ -213,19 +189,11 @@ This setting does not affect logons that use domain accounts.
It is possible for applications that use remote interactive logons to bypass this setting.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount**
+**LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount**
@@ -258,19 +226,11 @@ This security setting determines whether a different account name is associated
Default: Administrator.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount**
+**LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount**
@@ -303,19 +263,11 @@ This security setting determines whether a different account name is associated
Default: Guest.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked**
+**LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked**
@@ -349,19 +301,11 @@ Valid values:
- 3 - Do not display user information
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn**
+**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn**
@@ -400,19 +344,11 @@ Valid values:
- 1 - enabled (username will not be shown)
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn**
+**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn**
@@ -452,19 +388,11 @@ Valid values:
- 1 - enabled (username will not be shown)
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL**
+**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL**
@@ -505,19 +433,11 @@ Valid values:
- 1 - enabled (a user is not required to press CTRL+ALT+DEL to log on)
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit**
+**LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit**
@@ -553,19 +473,11 @@ Valid values:
- 1 - enabled (session will lock after amount of inactive time exceeds the inactivity limit)
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn**
+**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn**
@@ -600,20 +512,11 @@ This text is often used for legal reasons, for example, to warn users about the
Default: No message.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
-
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn**
+**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn**
@@ -646,19 +549,11 @@ This security setting allows the specification of a title to appear in the title
Default: No message.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests**
+**LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests**
@@ -683,7 +578,8 @@ Footnote:
-Network security: Allow PKU2U authentication requests to this computer to use online identities.
+
+Network security: Allow PKU2U authentication requests to this computer to use online identities.
This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine.
@@ -692,19 +588,11 @@ Valid values:
- 1 - enabled (allow PKU2U authentication requests to this computer to use online identities.)
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon**
+**LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon**
@@ -729,7 +617,8 @@ Footnote:
-Recovery console: Allow automatic administrative logon
+
+Recovery console: Allow automatic administrative logon
This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system.
@@ -739,19 +628,11 @@ Valid values:
- 1 - enabled (allow automatic administrative logon)
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn**
+**LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn**
@@ -776,7 +657,8 @@ Footnote:
-Shutdown: Allow system to be shut down without having to log on
+
+Shutdown: Allow system to be shut down without having to log on
This security setting determines whether a computer can be shut down without having to log on to Windows.
@@ -791,19 +673,11 @@ Valid values:
- 1 - enabled (allow system to be shut down without having to log on)
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation**
+**LocalPoliciesSecurityOptions/TBUserAccountControl_RunAllAdministratorsInAdminApprovalModeD**
@@ -828,7 +702,48 @@ Footnote:
-User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
+
+User Account Control: Turn on Admin Approval Mode
+
+This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
+
+The options are:
+- 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
+
+
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+
+
+
+**LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+  |
+  3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
@@ -842,19 +757,11 @@ Valid values:
The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators**
+**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators**
@@ -879,7 +786,8 @@ Footnote:
-User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
+
+User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
This policy setting controls the behavior of the elevation prompt for administrators.
@@ -898,19 +806,11 @@ The options are:
• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers**
+**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers**
@@ -935,7 +835,8 @@ Footnote:
-User Account Control: Behavior of the elevation prompt for standard users
+
+User Account Control: Behavior of the elevation prompt for standard users
This policy setting controls the behavior of the elevation prompt for standard users.
The options are:
@@ -947,19 +848,11 @@ The options are:
• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated**
+**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated**
@@ -984,7 +877,8 @@ Footnote:
-User Account Control: Only elevate executable files that are signed and validated
+
+User Account Control: Only elevate executable files that are signed and validated
This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.
@@ -993,19 +887,11 @@ The options are:
- 1 - Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations**
+**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations**
@@ -1030,7 +916,8 @@ Footnote:
-User Account Control: Only elevate UIAccess applications that are installed in secure locations
+
+User Account Control: Only elevate UIAccess applications that are installed in secure locations
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following:
@@ -1045,19 +932,11 @@ The options are:
- 1 - Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/TBUserAccountControl_RunAllAdministratorsInAdminApprovalModeD**
+**LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation**
@@ -1082,54 +961,8 @@ Footnote:
-User Account Control: Turn on Admin Approval Mode
-
-This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
-
-The options are:
-- 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
-- 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
-
-
-Value type is integer. Supported operations are Add, Get, Replace, and Delete.
-
-
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-
-**LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 3 |
- 3 |
- 3 |
- 3 |
- |
- |
-
-
-
-
-User Account Control: Switch to the secure desktop when prompting for elevation
+
+User Account Control: Switch to the secure desktop when prompting for elevation
This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.
@@ -1138,19 +971,11 @@ The options are:
- 1 - Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
-
-
-Footnote:
-
-- 1 - Added in Windows 10, version 1607.
-- 2 - Added in Windows 10, version 1703.
-- 3 - Added in Windows 10, version 1709.
-
-
-**LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations**
+**LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations**
@@ -1175,7 +1000,8 @@ Footnote:
-User Account Control: Virtualize file and registry write failures to per-user locations
+
+User Account Control: Virtualize file and registry write failures to per-user locations
This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software.
@@ -1184,6 +1010,7 @@ The options are:
- 1 - Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
@@ -1194,4 +1021,5 @@ Footnote:
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
-
\ No newline at end of file
+
+
diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md
index ba133e1921..2b3d3a2b35 100644
--- a/windows/client-management/mdm/policy-csp-location.md
+++ b/windows/client-management/mdm/policy-csp-location.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Location
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index a98d78e52b..c207e57f39 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - LockDown
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index 27d44175e4..9e719e5b3b 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Maps
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index e0c705d31b..1734984fd4 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Messaging
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index 0d59b01e1b..fba5342cac 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - NetworkIsolation
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index fa41ee2efb..a1c092d0df 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Notifications
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index f3bb408651..24bb80fa7e 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Power
@@ -64,6 +64,7 @@ If you disable this policy setting, standby states (S1-S3) are not allowed.
ADMX Info:
- GP english name: *Allow standby states (S1-S3) when sleeping (plugged in)*
- GP name: *AllowStandbyStatesAC_2*
+- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
@@ -115,6 +116,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn off the display (on battery)*
- GP name: *VideoPowerDownTimeOutDC_2*
+- GP path: *System/Power Management/Video and Display Settings*
- GP ADMX file name: *power.admx*
@@ -166,6 +168,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn off the display (plugged in)*
- GP name: *VideoPowerDownTimeOutAC_2*
+- GP path: *System/Power Management/Video and Display Settings*
- GP ADMX file name: *power.admx*
@@ -218,6 +221,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Specify the system hibernate timeout (on battery)*
- GP name: *DCHibernateTimeOut_2*
+- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
@@ -269,6 +273,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Specify the system hibernate timeout (plugged in)*
- GP name: *ACHibernateTimeOut_2*
+- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
@@ -318,6 +323,7 @@ If you disable this policy setting, the user is not prompted for a password when
ADMX Info:
- GP english name: *Require a password when a computer wakes (on battery)*
- GP name: *DCPromptForPasswordOnResume_2*
+- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
@@ -367,6 +373,7 @@ If you disable this policy setting, the user is not prompted for a password when
ADMX Info:
- GP english name: *Require a password when a computer wakes (plugged in)*
- GP name: *ACPromptForPasswordOnResume_2*
+- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
@@ -418,6 +425,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Specify the system sleep timeout (on battery)*
- GP name: *DCStandbyTimeOut_2*
+- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
@@ -469,6 +477,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Specify the system sleep timeout (plugged in)*
- GP name: *ACStandbyTimeOut_2*
+- GP path: *System/Power Management/Sleep Settings*
- GP ADMX file name: *power.admx*
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 2fd40ada12..7d17fff50b 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Printers
@@ -139,6 +139,7 @@ If you disable this policy setting:
ADMX Info:
- GP english name: *Point and Print Restrictions*
- GP name: *PointAndPrint_Restrictions*
+- GP path: *Control Panel/Printers*
- GP ADMX file name: *Printing.admx*
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 64b43c3fd9..b2969151a6 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Privacy
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index 0f082798fe..b8964b01a1 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - RemoteAssistance
@@ -70,6 +70,7 @@ If you do not configure this policy setting, the user sees the default warning m
ADMX Info:
- GP english name: *Customize warning messages*
- GP name: *RA_Options*
+- GP path: *System/Remote Assistance*
- GP ADMX file name: *remoteassistance.admx*
@@ -121,6 +122,7 @@ If you do not configure this setting, application-based settings are used.
ADMX Info:
- GP english name: *Turn on session logging*
- GP name: *RA_Logging*
+- GP path: *System/Remote Assistance*
- GP ADMX file name: *remoteassistance.admx*
@@ -180,6 +182,7 @@ If you enable this policy setting you should also enable appropriate firewall ex
ADMX Info:
- GP english name: *Configure Solicited Remote Assistance*
- GP name: *RA_Solicit*
+- GP path: *System/Remote Assistance*
- GP ADMX file name: *remoteassistance.admx*
@@ -262,6 +265,7 @@ Allow Remote Desktop Exception
ADMX Info:
- GP english name: *Configure Offer Remote Assistance*
- GP name: *RA_Unsolicit*
+- GP path: *System/Remote Assistance*
- GP ADMX file name: *remoteassistance.admx*
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 57e8b93015..fc802cbca7 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - RemoteDesktopServices
@@ -70,6 +70,7 @@ You can limit the number of users who can connect simultaneously by configuring
ADMX Info:
- GP english name: *Allow users to connect remotely by using Remote Desktop Services*
- GP name: *TS_DISABLE_CONNECTIONS*
+- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections*
- GP ADMX file name: *terminalserver.admx*
@@ -129,6 +130,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
ADMX Info:
- GP english name: *Set client connection encryption level*
- GP name: *TS_ENCRYPTION_POLICY*
+- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
- GP ADMX file name: *terminalserver.admx*
@@ -182,6 +184,7 @@ If you do not configure this policy setting, client drive redirection and Clipbo
ADMX Info:
- GP english name: *Do not allow drive redirection*
- GP name: *TS_CLIENT_DRIVE_M*
+- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection*
- GP ADMX file name: *terminalserver.admx*
@@ -231,6 +234,7 @@ If you disable this setting or leave it not configured, the user will be able to
ADMX Info:
- GP english name: *Do not allow passwords to be saved*
- GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2*
+- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Connection Client*
- GP ADMX file name: *terminalserver.admx*
@@ -286,6 +290,7 @@ If you do not configure this policy setting, automatic logon is not specified at
ADMX Info:
- GP english name: *Always prompt for password upon connection*
- GP name: *TS_PASSWORD*
+- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
- GP ADMX file name: *terminalserver.admx*
@@ -341,6 +346,7 @@ Note: The RPC interface is used for administering and configuring Remote Desktop
ADMX Info:
- GP english name: *Require secure RPC communication*
- GP name: *TS_RPC_ENCRYPTION*
+- GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
- GP ADMX file name: *terminalserver.admx*
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index 2bb1892add..b1cd0e9207 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - RemoteManagement
@@ -58,6 +58,7 @@ ms.date: 07/14/2017
ADMX Info:
- GP english name: *Allow Basic authentication*
- GP name: *AllowBasic_2*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -101,6 +102,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow Basic authentication*
- GP name: *AllowBasic_1*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -144,6 +146,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow CredSSP authentication*
- GP name: *AllowCredSSP_2*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -187,6 +190,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow CredSSP authentication*
- GP name: *AllowCredSSP_1*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -230,6 +234,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow remote server management through WinRM*
- GP name: *AllowAutoConfig*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -273,6 +278,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow unencrypted traffic*
- GP name: *AllowUnencrypted_2*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -316,6 +322,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Allow unencrypted traffic*
- GP name: *AllowUnencrypted_1*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -359,6 +366,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Disallow Digest authentication*
- GP name: *DisallowDigest*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -402,6 +410,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Disallow Negotiate authentication*
- GP name: *DisallowNegotiate_2*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -445,6 +454,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Disallow Negotiate authentication*
- GP name: *DisallowNegotiate_1*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -488,6 +498,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Disallow WinRM from storing RunAs credentials*
- GP name: *DisableRunAs*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -531,6 +542,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Specify channel binding token hardening level*
- GP name: *CBTHardeningLevel_1*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -574,6 +586,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Trusted Hosts*
- GP name: *TrustedHosts*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -617,6 +630,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn On Compatibility HTTP Listener*
- GP name: *HttpCompatibilityListener*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -660,6 +674,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Turn On Compatibility HTTPS Listener*
- GP name: *HttpsCompatibilityListener*
+- GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index 79559fed08..00dd1a5001 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - RemoteProcedureCall
@@ -68,6 +68,7 @@ Note: This policy will not be applied until the system is rebooted.
ADMX Info:
- GP english name: *Enable RPC Endpoint Mapper Client Authentication*
- GP name: *RpcEnableAuthEpResolution*
+- GP path: *System/Remote Procedure Call*
- GP ADMX file name: *rpc.admx*
@@ -129,6 +130,7 @@ Note: This policy setting will not be applied until the system is rebooted.
ADMX Info:
- GP english name: *Restrict Unauthenticated RPC clients*
- GP name: *RpcRestrictRemoteClients*
+- GP path: *System/Remote Procedure Call*
- GP ADMX file name: *rpc.admx*
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index becd1b6df2..ddc13e6c8e 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - RemoteShell
@@ -58,6 +58,7 @@ ms.date: 07/14/2017
ADMX Info:
- GP english name: *Allow Remote Shell Access*
- GP name: *AllowRemoteShellAccess*
+- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
@@ -101,6 +102,7 @@ ADMX Info:
ADMX Info:
- GP english name: *MaxConcurrentUsers*
- GP name: *MaxConcurrentUsers*
+- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
@@ -144,6 +146,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Specify idle Timeout*
- GP name: *IdleTimeout*
+- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
@@ -187,6 +190,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Specify maximum amount of memory in MB per Shell*
- GP name: *MaxMemoryPerShellMB*
+- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
@@ -230,6 +234,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Specify maximum number of processes per Shell*
- GP name: *MaxProcessesPerShell*
+- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
@@ -273,6 +278,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Specify maximum number of remote shells per user*
- GP name: *MaxShellsPerUser*
+- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
@@ -316,6 +322,7 @@ ADMX Info:
ADMX Info:
- GP english name: *Specify Shell Timeout*
- GP name: *ShellTimeOut*
+- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index b4338ee741..d5f5c4ad2d 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Search
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index 5b0f36a599..0472962b49 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/26/2017
+ms.date: 08/09/2017
---
# Policy CSP - Security
@@ -216,6 +216,45 @@ ms.date: 07/26/2017
- 0 – Don't allow Anti Theft Mode.
- 1 (default) – Anti Theft Mode will follow the default device configuration (region-dependent).
+
+
+
+**Security/ClearTPMIfNotReady**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+Added in Windows 10, version 1709. Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
+
+The following list shows the supported values:
+
+- 0 (default) – Will not force recovery from a non-ready TPM state.
+- 1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear.
+
@@ -258,45 +297,6 @@ ms.date: 07/26/2017
- 0 (default) – Encryption enabled.
- 1 – Encryption disabled.
-
-
-
-**Security/ClearTPMIfNotReady**
-
-
-
-
- | Home |
- Pro |
- Business |
- Enterprise |
- Education |
- Mobile |
- Mobile Enterprise |
-
-
- |
- 3 |
- 3 |
- 3 |
- 3 |
- |
- |
-
-
-
-
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-Added in Windows 10, version 1709. Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
-
-The following list shows the supported values:
-
-- 0 (default) – Will not force recovery from a non-ready TPM state.
-- 1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear.
-
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 1f0609cf32..66b1036ad7 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Settings
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index f051f86853..f9c43718a4 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - SmartScreen
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index e19e02b135..a8f70bedb6 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Speech
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 63e49d9fa5..6c0dd2a75b 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Start
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index 6e7bf5238a..b0dcf3a30b 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Storage
@@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, Windows will activate un
ADMX Info:
- GP english name: *Do not allow Windows to activate Enhanced Storage devices*
- GP name: *TCGSecurityActivationDisabled*
+- GP path: *System/Enhanced Storage Access*
- GP ADMX file name: *enhancedstorage.admx*
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index ac2270f86c..bd2ca894b5 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - System
@@ -548,6 +548,7 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu
ADMX Info:
- GP english name: *Turn off System Restore*
- GP name: *SR_DisableSR*
+- GP path: *System/System Restore*
- GP ADMX file name: *systemrestore.admx*
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 213a633652..8f0523789d 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - TextInput
@@ -363,9 +363,6 @@ ms.date: 07/14/2017
**TextInput/AllowKoreanExtendedHanja**
-
-
-
This policy has been deprecated.
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 5aa7ed1720..2ccd9541ad 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - TimeLanguageSettings
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 3681d55d6f..f057cd47c6 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Update
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 2a91601f05..20616a5dfd 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - Wifi
@@ -22,9 +22,6 @@ ms.date: 07/14/2017
**WiFi/AllowWiFiHotSpotReporting**
-
-
-
This policy has been deprecated.
@@ -283,6 +280,8 @@ Footnote:
-
+## Wifi policies supported by Microsoft Surface Hub
+
+- [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting)
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index 1562806a3e..b7a99ac6a7 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - WindowsDefenderSecurityCenter
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index aea0a2de88..d196f035a8 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - WindowsInkWorkspace
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index c0d3fb1bdc..cab3989529 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - WindowsLogon
@@ -64,6 +64,7 @@ If you disable or do not configure this policy setting, users can choose which a
ADMX Info:
- GP english name: *Turn off app notifications on the lock screen*
- GP name: *DisableLockScreenAppNotifications*
+- GP path: *System/Logon*
- GP ADMX file name: *logon.admx*
@@ -113,6 +114,7 @@ If you disable or don't configure this policy setting, any user can disconnect t
ADMX Info:
- GP english name: *Do not display network selection UI*
- GP name: *DontDisplayNetworkSelectionUI*
+- GP path: *System/Logon*
- GP ADMX file name: *logon.admx*
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index 7662a3bdcb..3086c439d8 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/14/2017
+ms.date: 08/09/2017
---
# Policy CSP - WirelessDisplay
@@ -162,9 +162,6 @@ ms.date: 07/14/2017
**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver**
-
-
-
Added in Windows 10, version 1703.
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 9881348c83..4c6db249d6 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -14,19 +14,6 @@
### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md)
-### [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)
-#### [Upgrade Readiness architecture](upgrade/upgrade-readiness-architecture.md)
-#### [Upgrade Readiness requirements](upgrade/upgrade-readiness-requirements.md)
-#### [Get started with Upgrade Readiness](upgrade/upgrade-readiness-get-started.md)
-##### [Upgrade Readiness deployment script](upgrade/upgrade-readiness-deployment-script.md)
-#### [Use Upgrade Readiness to manage Windows upgrades](upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md)
-##### [Upgrade overview](upgrade/upgrade-readiness-upgrade-overview.md)
-##### [Step 1: Identify apps](upgrade/upgrade-readiness-identify-apps.md)
-##### [Step 2: Resolve issues](upgrade/upgrade-readiness-resolve-issues.md)
-##### [Step 3: Deploy Windows](upgrade/upgrade-readiness-deploy-windows.md)
-##### [Additional insights](upgrade/upgrade-readiness-additional-insights.md)
-#### [Troubleshoot Upgrade Readiness](upgrade/troubleshoot-upgrade-readiness.md)
-
### [Windows 10 deployment test lab](windows-10-poc.md)
#### [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
#### [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
@@ -218,9 +205,6 @@
### [Prepare servicing strategy for Windows 10 updates](update/waas-servicing-strategy-windows-10-updates.md)
### [Build deployment rings for Windows 10 updates](update/waas-deployment-rings-windows-10-updates.md)
### [Assign devices to servicing channels for Windows 10 updates](update/waas-servicing-channels-windows-10-updates.md)
-### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md)
-#### [Get started with Update Compliance](update/update-compliance-get-started.md)
-#### [Use Update Compliance](update/update-compliance-using.md)
### [Optimize Windows 10 update delivery](update/waas-optimize-windows-10-updates.md)
#### [Configure Delivery Optimization for Windows 10 updates](update/waas-delivery-optimization.md)
#### [Configure BranchCache for Windows 10 updates](update/waas-branchcache.md)
diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
index c6d38e7d4d..e5e8d59bf7 100644
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@@ -329,7 +329,7 @@ The steps below walk you through the process of editing the Windows 10 referenc
5. State Restore / Custom Tasks (Pre-Windows Update). Add a new Install Roles and Features action with the following settings:
1. Name: Install - Microsoft NET Framework 3.5.1
- 2. Select the operating system for which roles are to be installed: Windows 8.1
+ 2. Select the operating system for which roles are to be installed: Windows 10
3. Select the roles and features that should be installed: .NET Framework 3.5 (includes .NET 2.0 and 3.0)
**Important**
@@ -471,7 +471,7 @@ In MDT, the x86 boot image can deploy both x86 and x64 operating systems (except
### Update the deployment share
-After the deployment share has been configured, it needs to be updated. This is the process when the Windows Windows PE boot images are created.
+After the deployment share has been configured, it needs to be updated. This is the process when the Windows PE boot images are created.
1. Using the Deployment Workbench, right-click the **MDT Build Lab deployment share** and select **Update Deployment Share**.
2. Use the default options for the Update Deployment Share Wizard.
@@ -566,7 +566,7 @@ SkipFinalSummary=YES
The easiest way to find the current time zone name on a Windows 10 machine is to run tzutil /g in a command prompt. You can also run tzutil /l to get a listing of all available time zone names.
- **JoinWorkgroup.** Configures Windows to join a workgroup.
-- **HideShell.** Hides the Windows Shell during deployment. This is especially useful for Windows 8.1 deployments in which the deployment wizard will otherwise appear behind the tiles.
+- **HideShell.** Hides the Windows Shell during deployment. This is especially useful for Windows 10 deployments in which the deployment wizard will otherwise appear behind the tiles.
- **FinishAction.** Instructs MDT what to do when the task sequence is complete.
- **DoNotCreateExtraPartition.** Configures the task sequence not to create the extra partition for BitLocker. There is no need to do this for your reference image.
- **WSUSServer.** Specifies which Windows Server Update Services (WSUS) server (and port, if needed) to use during the deployment. Without this option MDT will use Microsoft Update directly, which will increase deployment time and limit your options of controlling which updates are applied.
diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md
index 937be3b7e3..8681080388 100644
--- a/windows/deployment/upgrade/upgrade-readiness-get-started.md
+++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md
@@ -138,7 +138,7 @@ To ensure that user computers are receiving the most up to date data from Micros
- Schedule the Upgrade Readiness deployment script to automatically run so that you don’t have to manually initiate an inventory scan each time the compatibility update KBs are updated.
- Schedule monthly user computer scans to view monthly active computer and usage information.
->When you run the deployment script, it initiates a full scan. The daily scheduled task to capture the deltas are created when the update package is installed. A full scan averages to about 2 MB, but the delta scans are very small. For Windows 10 devices, its already part of the OS. This is the **Windows Compat Appraiser** task. Deltas are invoked via the nightly scheduled task. It attempts to run around 3AM, but if system is off at that time, the task will run when the system is turned on.
+>When you run the deployment script, it initiates a full scan. The daily scheduled task to capture the deltas is created when the update package is installed. For Windows 10 devices, it's already part of the OS. A full scan averages about 2 MB, but the delta scans are very small. The scheduled task is named **Windows Compatibility Appraiser** and can be found in the Task Scheduler Library under Microsoft > Windows > Application Experience. Deltas are invoked via the nightly scheduled task. It attempts to run around 3:00AM every day. If the system is powered off at that time, the task will run when the system is turned on.
### Distribute the deployment script at scale
diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index 8d3a787f3c..4954192798 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -12,7 +12,11 @@ author: greg-lindsay
# Configure VDA for Windows 10 Subscription Activation
+<<<<<<< HEAD
+This document describes how to configure virtual machines (VMs) to enable [Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based license.
+=======
This document describes how to configure virtual machines (VMs) to enable [Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops.
+>>>>>>> 9cfade7b4735548209a42a177179689a7e522ec6
## Requirements
diff --git a/windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md b/windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md
index 68cc89fe05..af3bab22cc 100644
--- a/windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md
+++ b/windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md
@@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.localizationpriority: high
+localizationpriority: high
author: brianlic-msft
---
@@ -189,6 +189,12 @@ You can use the Manage-bde.exe command-line tool to replace your TPM-only authen
`manage-bde –protectors –add %systemdrive% -tpmandpin <4-20 digit numeric PIN>`
+
+### When should an additional method of authentication be considered?
+
+New hardware that meets [Windows Hardware Compatibility Program](https://docs.microsoft.com/windows-hardware/design/compatibility/) requirements make a PIN less critical as a mitigation, and having a TPM-only protector is likely sufficient when combined with policies like device lockout. For example, Surface Pro and Surface Book do not have external DMA ports to attack.
+For older hardware, where a PIN may be needed, it’s recommended to enable [enhanced PINs](bitlocker-group-policy-settings.md#bkmk-unlockpol2) that allow non-numeric characters such as letters and punctuation marks, and to set the PIN length based on your risk tolerance and the hardware anti-hammering capabilities available to the TPMs in your computers.
+
### If I lose my recovery information, will the BitLocker-protected data be unrecoverable?
BitLocker is designed to make the encrypted drive unrecoverable without the required authentication. When in recovery mode, the user needs the recovery password or recovery key to unlock the encrypted drive.
@@ -395,6 +401,11 @@ Yes. However, shadow copies made prior to enabling BitLocker will be automatical
BitLocker is not supported on bootable VHDs, but BitLocker is supported on data volume VHDs, such as those used by clusters, if you are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012, or Windows Server 2012 R2.
+### Can I use BitLocker with virtual machines (VMs)?
+
+Yes. Password protectors and virtual TPMs can be used with BitLocker to protect virtual machines. VMs can be domain joined, Azure AD-joined, or workplace-joined (in **Settings** under **Accounts** > **Access work or school** > **Connect to work or school** to receive policy. You can enable encryption either while creating the VM or by using other existing management tools such as the BitLocker CSP, or even by using a startup script or logon script delivered by Group Policy. Windows Server 2016 also supports [Shielded VMs and guarded fabric](https://docs.microsoft.com/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms-top-node) to protect VMs from malicious administrators.
+
+
## More information
- [Prepare your organization for BitLocker: Planning and Policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
diff --git a/windows/device-security/bitlocker/bitlocker-management-for-enterprises.md b/windows/device-security/bitlocker/bitlocker-management-for-enterprises.md
index cda2678d93..e8a02af1fd 100644
--- a/windows/device-security/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/device-security/bitlocker/bitlocker-management-for-enterprises.md
@@ -50,7 +50,7 @@ Though much Windows BitLocker [documentation](bitlocker-overview.md) has been p
## Recommendations for domain-joined computers
-Windows continues to be the focus for new features and improvements for built-in encryption management, for example, automatically enabling encryption on devices that support InstantGo beginning with Windows 8.1. For more information, see [Overview of BitLocker and device encryption in Windows 10](bitlocker-device-encryption-overview-windows-10#device-encryption).
+Windows continues to be the focus for new features and improvements for built-in encryption management, for example, automatically enabling encryption on devices that support InstantGo beginning with Windows 8.1. For more information, see [Overview of BitLocker and device encryption in Windows 10](bitlocker-device-encryption-overview-windows-10.md#device-encryption).
Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 (SCCM) or later can use an existing task sequence to [pre-provision BitLocker](https://technet.microsoft.com/library/hh846237.aspx#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](https://technet.microsoft.com/library/hh846237.aspx#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use SCCM to pre-set any desired [BitLocker Group Policy](https://technet.microsoft.com/library/ee706521(v=ws.10).aspx).
@@ -93,7 +93,7 @@ The Minimal Server Interface is a prerequisite for some of the BitLocker adminis
If you are installing a server manually, such as a stand-alone server, then choosing [Server with Desktop Experience](https://docs.microsoft.com/windows-server/get-started/getting-started-with-server-with-desktop-experience) is the easiest path because you can avoid performing the steps to add a GUI to Server Core.
- Additionally, lights out data centers can take advantage of the enhanced security of a second factor while avoiding the need for user intervention during reboots by optionally using a combination of BitLocker (TPM+PIN) and BitLocker Network Unlock. BitLocker Network Unlock brings together the best of hardware protection, location dependence, and automatic unlock, while in the trusted location. For the configuration steps, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock).
+ Additionally, lights out data centers can take advantage of the enhanced security of a second factor while avoiding the need for user intervention during reboots by optionally using a combination of BitLocker (TPM+PIN) and BitLocker Network Unlock. BitLocker Network Unlock brings together the best of hardware protection, location dependence, and automatic unlock, while in the trusted location. For the configuration steps, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md).
For more information, see the Bitlocker FAQs article and other useful links in [Related Articles](#articles).