diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 8f10c8e96a..a860bdea45 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -11,6 +11,11 @@
"redirect_document_id": true
},
{
+"source_path": "windows/client-management/mdm/policy-admx-backed.md",
+"redirect_url": "/windows/client-management/mdm/policy-configuration-service-provider",
+"redirect_document_id": true
+},
+{
"source_path": "windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md",
"redirect_url": "/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune",
"redirect_document_id": false
diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md
index 7633008a2d..9f8deab97e 100644
--- a/devices/surface-hub/whiteboard-collaboration.md
+++ b/devices/surface-hub/whiteboard-collaboration.md
@@ -63,9 +63,9 @@ The OMA URI for each setting consists of `./User/Vendor/MSFT/EnterpriseModernApp
| Setting | Details | OMA URI | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML*? |
| --- | ---- | --- |---- | --- | --- |
-| Enable sign-in | Users can sign in and authenticate | EnableSignIn | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes |
-| Disable sign-in | Users are unable to sign in and access collaboration or education features | DisableSignIn | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes |
-| Disable Collaboration | Users can sign in but not create or join collaborative sessions | DisableCollaboration | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes |
+| Enable sign-in | Users can sign in and authenticate | EnableSignIn | Yes
[Use a custom policy.](manage-settings-with-mdm-for-surface-hub.md#example-intune) | Yes.
[Use a custom setting.](manage-settings-with-mdm-for-surface-hub.md#example-sccm) | Yes |
+| Disable sign-in | Users are unable to sign in and access collaboration or education features | DisableSignIn | Yes
[Use a custom policy.](manage-settings-with-mdm-for-surface-hub.md#example-intune) | Yes.
[Use a custom setting.](manage-settings-with-mdm-for-surface-hub.md#example-sccm) | Yes |
+| Disable Collaboration | Users can sign in but not create or join collaborative sessions | DisableCollaboration | Yes
[Use a custom policy.](manage-settings-with-mdm-for-surface-hub.md#example-intune) | Yes.
[Use a custom setting.](manage-settings-with-mdm-for-surface-hub.md#example-sccm) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
Whiteboard also has other MDM settings that can be managed and set for defaults, exporting, and sharing. You can see these additional settings in [Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md#whiteboard-collaboration-settings).
diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md
index c744876e01..ef8103d135 100644
--- a/devices/surface/microsoft-surface-data-eraser.md
+++ b/devices/surface/microsoft-surface-data-eraser.md
@@ -9,6 +9,7 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
author: miladCA
+ms.date: 06/29/2017
---
# Microsoft Surface Data Eraser
diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md
index f64cc3d1cd..207c434259 100644
--- a/devices/surface/microsoft-surface-deployment-accelerator.md
+++ b/devices/surface/microsoft-surface-deployment-accelerator.md
@@ -2,6 +2,7 @@
title: Microsoft Surface Deployment Accelerator (Surface)
description: Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.
ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4
+ms.date: 06/29/2017
localizationpriority: high
keywords: deploy, install, tool
ms.prod: w10
diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md
index f41c92b26b..e555b82072 100644
--- a/devices/surface/surface-dock-updater.md
+++ b/devices/surface/surface-dock-updater.md
@@ -9,6 +9,7 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: jobotto
+ms.date: 06/29/2017
---
# Microsoft Surface Dock Updater
diff --git a/education/windows/get-minecraft-device-promotion.md b/education/windows/get-minecraft-device-promotion.md
new file mode 100644
index 0000000000..7f9fedb193
--- /dev/null
+++ b/education/windows/get-minecraft-device-promotion.md
@@ -0,0 +1,72 @@
+---
+title: Get Minecraft Education Edition with your Windows 10 device promotion
+description: Windows 10 device promotion for Minecraft Education Edition licenses
+keywords: school, Minecraft, education edition
+ms.prod: W10
+ms.mktglfcycl: plan
+ms.sitesec: library
+localizationpriority: high
+author: trudyha
+ms.author: trudyha
+ms.date: 06/29/2017
+---
+
+# Get Minecraft: Education Edition with Windows 10 device promotion
+
+**Applies to:**
+
+- Windows 10
+
+For qualifying customers, receive a one-year, single-user subscription for Minecraft: Education Edition for each Windows 10 device you purchase for your K-12 school. You’ll need your invoice or receipt, so be sure to keep track of that. For more information including terms of use, see [Minecraft: Education Edition promotion](https://info.microsoft.com/Minecraft-Education-Edition-Signup.html).
+
+## Requirements
+- Qualified Educational Users in K-12 education institutions
+- Windows 10 devices purchased from May 2, 2017 - January 31, 2018
+- Redeem Minecraft: Education Edition licenses from July 1, 2017 - March 17, 2018
+- Microsoft Store for Education admin must submit request for Minecraft: Education Edition licenses
+- Proof of device purchase is required (invoice required)
+
+Full details available at [Minecraft: Education Edition promotion](https://info.microsoft.com/Minecraft-Education-Edition-Signup.html).
+
+## Redeem Minecraft: Education Edition licenses
+Redeeming your licenses takes just a few steps:
+- Visit the device promotion page
+- Submit a device purchase statement
+- Provide proof of your device purchase
+
+After that, we’ll add the appropriate number of Minecraft: Education Edition licenses to your product inventory in **Microsoft Store for Education** as **Minecraft: Education Edition [subscription]**.
+
+**To redeem Minecraft: Education Edition licenses**
+1. Visit [Minecraft: Education Edition and Windows 10 device promotion](https://educationstore.microsoft.com/store/mee-device-promo?setflight=wsfb_devicepromo) in **Microsoft Store for Education**.
+
+ 
+
+2. Sign in to **Microsoft Store for Education** using a school account. If you don’t have one, we’ll help you set one up.
+-or-
+
+ If you're already signed in to Microsoft Store for Education, the device special offer is available on **Benefits**.
+ Click **Manage**, **Benefits**, and then click **Minecraft: Education Edition Device Promotion**.
+
+3. **On Minecraft Windows 10 device special offer**, click **Submit a device purchase**.
+
+ 
+
+4. Provide info for **Proof of Purchase**. Be sure to include a .pdf or .jpg of your invoice, and then click **Next**.
+
+ > [!NOTE]
+ > Your one-year subscription starts when you submit your proof-of-purchase info. Be sure to submit your request when you'll be using licenses in the classroom.
+
+ 
+
+5. Accept the **Promotion Terms of use**, and then click **Submit**.
+
+ Success look like this!
+
+ 
+
+6. Click **Actions** and then click **Manage** to go to the management page for **Minecraft: Education Edition** and distribute licenses.
+
+## Distribute Minecraft: Education Edition licenses
+Teachers or admins can distribute the licenses:
+- [Learn how teachers can distribute **Minecraft: Education Edition**](teacher-get-minecraft.md#distribute-minecraft)
+- [Learn how IT administrators can distribute **Minecraft: Education Edition**](school-get-minecraft.md#distribute-minecraft)
\ No newline at end of file
diff --git a/education/windows/images/get-mcee-promo.png b/education/windows/images/get-mcee-promo.png
new file mode 100644
index 0000000000..823631367d
Binary files /dev/null and b/education/windows/images/get-mcee-promo.png differ
diff --git a/education/windows/images/mcee-benefits.png b/education/windows/images/mcee-benefits.png
new file mode 100644
index 0000000000..96d0287718
Binary files /dev/null and b/education/windows/images/mcee-benefits.png differ
diff --git a/education/windows/images/msfe-device-promo-success.png b/education/windows/images/msfe-device-promo-success.png
new file mode 100644
index 0000000000..590a488c11
Binary files /dev/null and b/education/windows/images/msfe-device-promo-success.png differ
diff --git a/education/windows/images/proof-of-purchase.png b/education/windows/images/proof-of-purchase.png
new file mode 100644
index 0000000000..dd78d6329d
Binary files /dev/null and b/education/windows/images/proof-of-purchase.png differ
diff --git a/windows/access-protection/hello-for-business/hello-and-password-changes.md b/windows/access-protection/hello-for-business/hello-and-password-changes.md
index 33bc609550..0a5b5a6d31 100644
--- a/windows/access-protection/hello-for-business/hello-and-password-changes.md
+++ b/windows/access-protection/hello-for-business/hello-and-password-changes.md
@@ -8,6 +8,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Windows Hello and password changes
diff --git a/windows/access-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/access-protection/hello-for-business/hello-biometrics-in-enterprise.md
index cb9bfb63dd..c458afafc8 100644
--- a/windows/access-protection/hello-for-business/hello-biometrics-in-enterprise.md
+++ b/windows/access-protection/hello-for-business/hello-biometrics-in-enterprise.md
@@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Windows Hello biometrics in the enterprise
diff --git a/windows/access-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/access-protection/hello-for-business/hello-errors-during-pin-creation.md
index b9f0619b20..ee01d1173d 100644
--- a/windows/access-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/access-protection/hello-for-business/hello-errors-during-pin-creation.md
@@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Windows Hello errors during PIN creation
diff --git a/windows/access-protection/hello-for-business/hello-event-300.md b/windows/access-protection/hello-for-business/hello-event-300.md
index 1eecd8dd53..3d94345736 100644
--- a/windows/access-protection/hello-for-business/hello-event-300.md
+++ b/windows/access-protection/hello-for-business/hello-event-300.md
@@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Event ID 300 - Windows Hello successfully created
diff --git a/windows/access-protection/hello-for-business/hello-how-it-works.md b/windows/access-protection/hello-for-business/hello-how-it-works.md
index 379783c65a..1e42ccaded 100644
--- a/windows/access-protection/hello-for-business/hello-how-it-works.md
+++ b/windows/access-protection/hello-for-business/hello-how-it-works.md
@@ -7,6 +7,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# How Windows Hello for Business works
diff --git a/windows/access-protection/hello-for-business/hello-identity-verification.md b/windows/access-protection/hello-for-business/hello-identity-verification.md
index 063ed2cfe2..eaac2063b5 100644
--- a/windows/access-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/access-protection/hello-for-business/hello-identity-verification.md
@@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security, mobile
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Windows Hello for Business
diff --git a/windows/access-protection/hello-for-business/hello-manage-in-organization.md b/windows/access-protection/hello-for-business/hello-manage-in-organization.md
index 165f6259f6..8ef71c6d85 100644
--- a/windows/access-protection/hello-for-business/hello-manage-in-organization.md
+++ b/windows/access-protection/hello-for-business/hello-manage-in-organization.md
@@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Manage Windows Hello for Business in your organization
diff --git a/windows/access-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/access-protection/hello-for-business/hello-prepare-people-to-use.md
index 8426ced11d..eaa96377ed 100644
--- a/windows/access-protection/hello-for-business/hello-prepare-people-to-use.md
+++ b/windows/access-protection/hello-for-business/hello-prepare-people-to-use.md
@@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Prepare people to use Windows Hello
diff --git a/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md
index 208b3e6a3c..a224eeab82 100644
--- a/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md
+++ b/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md
@@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Why a PIN is better than a password
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 45051db6b8..e929807ac8 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -218,6 +218,8 @@
#### [Win32AppInventory DDF file](win32appinventory-ddf-file.md)
### [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
#### [WindowsAdvancedThreatProtection DDF file](windowsadvancedthreatprotection-ddf.md)
+### [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)
+#### [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md)
### [WindowsLicensing CSP](windowslicensing-csp.md)
#### [WindowsLicensing DDF file](windowslicensing-ddf-file.md)
### [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)
diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
index d3ca116cea..d205a19291 100644
--- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
@@ -52,7 +52,7 @@ Two Azure AD MDM enrollment scenarios:
- Joining a device to Azure AD for company-owned devices
- Adding a work account to a personal device (BYOD)
-In both scenarios, Azure AD is responsible for authenticating the user and the device, which provides a verified unique device identifier that can be used fo MDM enrollment.
+In both scenarios, Azure AD is responsible for authenticating the user and the device, which provides a verified unique device identifier that can be used for MDM enrollment.
In both scenarios, the enrollment flow provides an opportunity for the MDM service to render it's own UI, using a web view. MDM vendors should use this to render the Terms of Use (TOU), which can be different for company-owned and BYOD devices. MDM vendors can also use the web view to render additional UI elements, such as asking for a one-time PIN, if this is part of the business process of the organization.
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index b9c1c1cd51..f5bba14384 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -275,11 +275,11 @@ Footnotes:
Mobile Enterprise |
-  |
- |
+  3 |
+ 3 |
|
- |
- |
+ 3 |
+ 3 |
|
|
@@ -359,11 +359,11 @@ Footnotes:
Mobile Enterprise |
- |
- |
+ 3 |
+ 3 |
|
- |
- |
+ 3 |
+ 3 |
|
|
@@ -2305,6 +2305,37 @@ Footnotes:
+
+
+[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+
+
+
[WindowsLicensing CSP](windowslicensing-csp.md)
diff --git a/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png b/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png
new file mode 100644
index 0000000000..8e18128149
Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png differ
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index d71053ae18..2527387dd9 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1258,9 +1258,17 @@ Also Added [Firewall DDF file](firewall-ddf-file.md).
+| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) |
+New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md). |
+
+
| [DynamicManagement CSP](dynamicmanagement-csp.md) |
The DynamicManagement CSP is not supported in Windows 10 Mobile and Mobile Enterprise. The table of SKU information in the [Configuration service provider reference](configuration-service-provider-reference.md) was updated. |
+
+| [CM_ProxyEntries CSP](cm-proxyentries-csp.md) and [CMPolicy CSP](cmpolicy-csp.md) |
+In Windows 10, version 1709, support for desktop SKUs were added to these CSPs. The table of SKU information in the [Configuration service provider reference](configuration-service-provider-reference.md) was updated. |
+
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 1d12982cbe..ec16e08ca7 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -7,11 +7,14 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 06/19/2017
+ms.date: 06/30/2017
---
# Policy DDF file
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
This topic shows the OMA DM device description framework (DDF) for the **Policy** configuration service provider. DDF files are used only with OMA DM provisioning XML.
You can download the DDF files from the links below:
@@ -20,7 +23,7 @@ You can download the DDF files from the links below:
- [Download the Policy DDF file for Windows 10, version 1607](http://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml)
- [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
-The XML below is the DDF for Windows 10, version 1703.
+The XML below is the DDF for Windows 10, version 1709.
``` syntax
@@ -442,6 +445,100 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ Education
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ AllowUserPrinterInstallation
+
+
+
+
+
+
+
+ Boolean that specifies whether or not to allow user to install new printers
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DefaultPrinterName
+
+
+
+
+
+
+
+ This policy sets user's default printer
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PrinterNames
+
+
+
+
+
+
+
+ This policy provisions per-user network printers
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
EnterpriseCloudPrint
@@ -891,6 +988,78 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ AllowAutoComplete
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowCertificateAddressMismatchWarning
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowDeletingBrowsingHistoryOnExit
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
AllowEnhancedProtectedMode
@@ -1251,6 +1420,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ AllowSoftwareWhenSignatureIsInvalid
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
AllowsRestrictedSitesZoneTemplate
@@ -1323,6 +1516,78 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ CheckServerCertificateRevocation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ CheckSignaturesOnDownloadedPrograms
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ConsistentMimeHandlingInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DisableAdobeFlash
@@ -1347,6 +1612,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ DisableBlockingOfOutdatedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DisableBypassOfSmartScreenWarnings
@@ -1395,6 +1684,54 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ DisableConfiguringHistory
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableCrashDetection
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DisableCustomerExperienceImprovementProgramParticipation
@@ -1419,6 +1756,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ DisableDeletingUserVisitedWebsites
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DisableEnclosureDownloading
@@ -1539,6 +1900,78 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ DisableIgnoringCertificateErrors
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableInPrivateBrowsing
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableProcessesInEnhancedProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DisableProxyChange
@@ -1611,6 +2044,54 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ DisableSecuritySettingsCheck
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DoNotAllowActiveXControlsInProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DoNotBlockOutdatedActiveXControls
@@ -1779,6 +2260,54 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ InternetZoneAllowCopyPasteViaScript
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneAllowDragAndDropCopyAndPasteFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
InternetZoneAllowFontDownloads
@@ -1827,6 +2356,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ InternetZoneAllowLoadingOfXAMLFilesWRONG
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
InternetZoneAllowNETFrameworkReliantComponents
@@ -1851,6 +2404,102 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneAllowScriptInitiatedWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
InternetZoneAllowScriptlets
@@ -1899,6 +2548,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ InternetZoneAllowUpdatesToStatusBarViaScript
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
InternetZoneAllowUserDataPersistence
@@ -1923,6 +2596,246 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneDownloadSignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneDownloadUnsignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneEnableCrossSiteScriptingFilter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneEnableMIMESniffing
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneEnableProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneIncludeLocalPathWhenUploadingFilesToServer
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
InternetZoneInitializeAndScriptActiveXControls
@@ -1947,6 +2860,126 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneJavaPermissionsWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneJavaPermissionsWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneLaunchingApplicationsAndFilesInIFRAME
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneLogonOptions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
InternetZoneNavigateWindowsAndFrames
@@ -1971,6 +3004,126 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneUsePopupBlocker
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
IntranetZoneAllowAccessToDataSources
@@ -2451,6 +3604,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LocalMachineZoneInitializeAndScriptActiveXControls
@@ -2475,6 +3652,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ LocalMachineZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LocalMachineZoneNavigateWindowsAndFrames
@@ -2739,6 +3940,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ LockedDownInternetZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LockedDownInternetZoneNavigateWindowsAndFrames
@@ -3267,6 +4492,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ LockedDownLocalMachineZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LockedDownLocalMachineZoneNavigateWindowsAndFrames
@@ -3531,6 +4780,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ LockedDownRestrictedSitesZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LockedDownRestrictedSitesZoneNavigateWindowsAndFrames
@@ -3795,6 +5068,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ LockedDownTrustedSitesZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LockedDownTrustedSitesZoneNavigateWindowsAndFrames
@@ -3819,6 +5116,198 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ MimeSniffingSafetyFeatureInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ MKProtocolSecurityRestrictionInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ NotificationBarInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PreventManagingSmartScreenFilter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PreventPerUserInstallationOfActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ProtectionFromZoneElevationInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RemoveRunThisTimeButtonForOutdatedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictActiveXInstallInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneAllowAccessToDataSources
@@ -3843,6 +5332,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ RestrictedSitesZoneAllowActiveScripting
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
@@ -3892,7 +5405,127 @@ The XML below is the DDF for Windows 10, version 1703.
- RestrictedSitesZoneAllowFontDownloads
+ RestrictedSitesZoneAllowBinaryAndScriptBehaviors
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowCopyPasteViaScript
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowFileDownloads
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowFontDownloadsWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowFontDownloadsWRONG2
@@ -3939,6 +5572,54 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ RestrictedSitesZoneAllowLoadingOfXAMLFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowMETAREFRESH
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneAllowNETFrameworkReliantComponents
@@ -3963,6 +5644,102 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowScriptInitiatedWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneAllowScriptlets
@@ -4011,6 +5788,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneAllowUserDataPersistence
@@ -4035,6 +5836,174 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneDownloadSignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneDownloadUnsignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneEnableMIMESniffing
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneInitializeAndScriptActiveXControls
@@ -4059,6 +6028,78 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ RestrictedSitesZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneLogonOptions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneNavigateWindowsAndFrames
@@ -4083,6 +6124,270 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneRunActiveXControlsAndPlugins
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneWRONG
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneWRONG3
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneWRONG4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneWRONG5
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictFileDownloadInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
SearchProviderList
@@ -4107,6 +6412,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ SpecifyUseOfActiveXInstallerService
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
TrustedSitesZoneAllowAccessToDataSources
@@ -4347,6 +6676,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ TrustedSitesZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
TrustedSitesZoneNavigateWindowsAndFrames
@@ -4371,6 +6724,54 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ TrustedSitesZoneWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TrustedSitesZoneWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
Notifications
@@ -4642,10 +7043,10 @@ The XML below is the DDF for Windows 10, version 1703.
- RequirePrivateStoreOnly
-
+ RequirePrivateStoreOnly
+
-
+
0
@@ -4653,15 +7054,15 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -4684,10 +7085,10 @@ The XML below is the DDF for Windows 10, version 1703.
- DoNotPreserveZoneInformation
-
+ DoNotPreserveZoneInformation
+
-
+
@@ -4695,25 +7096,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
AttachmentManager.admx
AttachmentManager~AT~WindowsComponents~AM_AM
AM_MarkZoneOnSavedAtttachments
-
+
- HideZoneInfoMechanism
-
+ HideZoneInfoMechanism
+
-
+
@@ -4721,25 +7122,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
AttachmentManager.admx
AttachmentManager~AT~WindowsComponents~AM_AM
AM_RemoveZoneInfo
-
+
- NotifyAntivirusPrograms
-
+ NotifyAntivirusPrograms
+
-
+
@@ -4747,19 +7148,19 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
AttachmentManager.admx
AttachmentManager~AT~WindowsComponents~AM_AM
AM_CallIOfficeAntiVirus
-
+
@@ -4782,10 +7183,10 @@ The XML below is the DDF for Windows 10, version 1703.
- AllowEAPCertSSO
-
+ AllowEAPCertSSO
+
-
+
0
@@ -4793,15 +7194,15 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -4824,10 +7225,10 @@ The XML below is the DDF for Windows 10, version 1703.
- DisallowAutoplayForNonVolumeDevices
-
+ DisallowAutoplayForNonVolumeDevices
+
-
+
@@ -4835,25 +7236,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
AutoPlay.admx
AutoPlay~AT~WindowsComponents~AutoPlay
NoAutoplayfornonVolume
-
+
- SetDefaultAutoRunBehavior
-
+ SetDefaultAutoRunBehavior
+
-
+
@@ -4861,25 +7262,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
AutoPlay.admx
AutoPlay~AT~WindowsComponents~AutoPlay
NoAutorun
-
+
- TurnOffAutoPlay
-
+ TurnOffAutoPlay
+
-
+
@@ -4887,19 +7288,19 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
AutoPlay.admx
AutoPlay~AT~WindowsComponents~AutoPlay
Autorun
-
+
@@ -4922,10 +7323,10 @@ The XML below is the DDF for Windows 10, version 1703.
- DisablePasswordReveal
-
+ DisablePasswordReveal
+
-
+
@@ -4933,19 +7334,19 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
credui.admx
CredUI~AT~WindowsComponents~CredUI
DisablePasswordReveal
-
+
@@ -4968,10 +7369,10 @@ The XML below is the DDF for Windows 10, version 1703.
- PreventUserRedirectionOfProfileFolders
-
+ PreventUserRedirectionOfProfileFolders
+
-
+
@@ -4979,19 +7380,105 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
desktop.admx
desktop~AT~Desktop
DisablePersonalDirChange
-
+
+
+
+
+ Education
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ AllowUserPrinterInstallation
+
+
+
+
+ Boolean that specifies whether or not to allow user to install new printers
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DefaultPrinterName
+
+
+
+
+ This policy sets user's default printer
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PrinterNames
+
+
+
+
+ This policy provisions per-user network printers
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
@@ -5014,10 +7501,10 @@ The XML below is the DDF for Windows 10, version 1703.
- CloudPrinterDiscoveryEndPoint
-
+ CloudPrinterDiscoveryEndPoint
+
-
+
This policy provisions per-user discovery end point to discover cloud printers
@@ -5025,21 +7512,21 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
- CloudPrintOAuthAuthority
-
+ CloudPrintOAuthAuthority
+
-
+
Authentication endpoint for acquiring OAuth tokens
@@ -5047,21 +7534,21 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
- CloudPrintOAuthClientId
-
+ CloudPrintOAuthClientId
+
-
+
A GUID identifying the client application authorized to retrieve OAuth tokens from the OAuthAuthority
E1CF1107-FF90-4228-93BF-26052DD2C714
@@ -5069,21 +7556,21 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
- CloudPrintResourceId
-
+ CloudPrintResourceId
+
-
+
Resource URI for which access is being requested by the Enterprise Cloud Print client during OAuth authentication
@@ -5091,21 +7578,21 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
- DiscoveryMaxPrinterLimit
-
+ DiscoveryMaxPrinterLimit
+
-
+
Defines the maximum number of printers that should be queried from discovery end point
20
@@ -5113,21 +7600,21 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
- MopriaDiscoveryResourceId
-
+ MopriaDiscoveryResourceId
+
-
+
Resource URI for which access is being requested by the Mopria discovery client during OAuth authentication
@@ -5135,15 +7622,15 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -5166,10 +7653,10 @@ The XML below is the DDF for Windows 10, version 1703.
- AllowTailoredExperiencesWithDiagnosticData
-
+ AllowTailoredExperiencesWithDiagnosticData
+
-
+
1
@@ -5177,21 +7664,21 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowThirdPartySuggestionsInWindowsSpotlight
-
+ AllowThirdPartySuggestionsInWindowsSpotlight
+
-
+
1
@@ -5199,22 +7686,22 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowWindowsConsumerFeatures
-
+ AllowWindowsConsumerFeatures
+
-
+
0
@@ -5222,22 +7709,22 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowWindowsSpotlight
-
+ AllowWindowsSpotlight
+
-
+
1
@@ -5245,22 +7732,22 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowWindowsSpotlightOnActionCenter
-
+ AllowWindowsSpotlightOnActionCenter
+
-
+
1
@@ -5268,21 +7755,21 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowWindowsSpotlightWindowsWelcomeExperience
-
+ AllowWindowsSpotlightWindowsWelcomeExperience
+
-
+
1
@@ -5290,21 +7777,21 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
- ConfigureWindowsSpotlightOnLockScreen
-
+ ConfigureWindowsSpotlightOnLockScreen
+
-
+
1
@@ -5312,16 +7799,16 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
-
+
@@ -5344,10 +7831,10 @@ The XML below is the DDF for Windows 10, version 1703.
- AddSearchProvider
-
+ AddSearchProvider
+
-
+
@@ -5355,25 +7842,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer
AddSearchProvider
-
+
- AllowActiveXFiltering
-
+ AllowActiveXFiltering
+
-
+
@@ -5381,25 +7868,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer
TurnOnActiveXFiltering
-
+
- AllowAddOnList
-
+ AllowAddOnList
+
-
+
@@ -5407,25 +7894,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
AddonManagement_AddOnList
-
+
- AllowEnhancedProtectedMode
-
+ AllowAutoComplete
+
-
+
@@ -5433,25 +7920,103 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ RestrictFormSuggestPW
+
+
+
+ AllowCertificateAddressMismatchWarning
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
+ IZ_PolicyWarnCertMismatch
+
+
+
+ AllowDeletingBrowsingHistoryOnExit
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory
+ DBHDisableDeleteOnExit
+
+
+
+ AllowEnhancedProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
Advanced_EnableEnhancedProtectedMode
-
+
- AllowEnterpriseModeFromToolsMenu
-
+ AllowEnterpriseModeFromToolsMenu
+
-
+
@@ -5459,25 +8024,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer
EnterpriseModeEnable
-
+
- AllowEnterpriseModeSiteList
-
+ AllowEnterpriseModeSiteList
+
-
+
@@ -5485,25 +8050,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer
EnterpriseModeSiteList
-
+
- AllowInternetExplorer7PolicyList
-
+ AllowInternetExplorer7PolicyList
+
-
+
@@ -5511,25 +8076,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView
CompatView_UsePolicyList
-
+
- AllowInternetExplorerStandardsMode
-
+ AllowInternetExplorerStandardsMode
+
-
+
@@ -5537,25 +8102,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView
CompatView_IntranetSites
-
+
- AllowInternetZoneTemplate
-
+ AllowInternetZoneTemplate
+
-
+
@@ -5563,25 +8128,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyInternetZoneTemplate
-
+
- AllowIntranetZoneTemplate
-
+ AllowIntranetZoneTemplate
+
-
+
@@ -5589,25 +8154,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyIntranetZoneTemplate
-
+
- AllowLocalMachineZoneTemplate
-
+ AllowLocalMachineZoneTemplate
+
-
+
@@ -5615,25 +8180,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyLocalMachineZoneTemplate
-
+
- AllowLockedDownInternetZoneTemplate
-
+ AllowLockedDownInternetZoneTemplate
+
-
+
@@ -5641,25 +8206,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyInternetZoneLockdownTemplate
-
+
- AllowLockedDownIntranetZoneTemplate
-
+ AllowLockedDownIntranetZoneTemplate
+
-
+
@@ -5667,25 +8232,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyIntranetZoneLockdownTemplate
-
+
- AllowLockedDownLocalMachineZoneTemplate
-
+ AllowLockedDownLocalMachineZoneTemplate
+
-
+
@@ -5693,25 +8258,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyLocalMachineZoneLockdownTemplate
-
+
- AllowLockedDownRestrictedSitesZoneTemplate
-
+ AllowLockedDownRestrictedSitesZoneTemplate
+
-
+
@@ -5719,25 +8284,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyRestrictedSitesZoneLockdownTemplate
-
+
- AllowOneWordEntry
-
+ AllowOneWordEntry
+
-
+
@@ -5745,25 +8310,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetSettings~Advanced~Browsing
UseIntranetSiteForOneWordEntry
-
+
- AllowSiteToZoneAssignmentList
-
+ AllowSiteToZoneAssignmentList
+
-
+
@@ -5771,25 +8336,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_Zonemaps
-
+
- AllowsLockedDownTrustedSitesZoneTemplate
-
+ AllowsLockedDownTrustedSitesZoneTemplate
+
-
+
@@ -5797,25 +8362,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyTrustedSitesZoneLockdownTemplate
-
+
- AllowsRestrictedSitesZoneTemplate
-
+ AllowSoftwareWhenSignatureIsInvalid
+
-
+
@@ -5823,25 +8388,51 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_InvalidSignatureBlock
+
+
+
+ AllowsRestrictedSitesZoneTemplate
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyRestrictedSitesZoneTemplate
-
+
- AllowSuggestedSites
-
+ AllowSuggestedSites
+
-
+
@@ -5849,25 +8440,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer
EnableSuggestedSites
-
+
- AllowTrustedSitesZoneTemplate
-
+ AllowTrustedSitesZoneTemplate
+
-
+
@@ -5875,25 +8466,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyTrustedSitesZoneTemplate
-
+
- DisableAdobeFlash
-
+ CheckServerCertificateRevocation
+
-
+
@@ -5901,25 +8492,103 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_CertificateRevocation
+
+
+
+ CheckSignaturesOnDownloadedPrograms
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_DownloadSignatures
+
+
+
+ ConsistentMimeHandlingInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryBinaryBehaviorSecurityRestriction
+ IESF_PolicyExplorerProcesses_2
+
+
+
+ DisableAdobeFlash
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
DisableFlashInIE
-
+
- DisableBypassOfSmartScreenWarnings
-
+ DisableBlockingOfOutdatedActiveXControls
+
-
+
@@ -5927,311 +8596,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- DisableSafetyFilterOverride
-
-
-
- DisableBypassOfSmartScreenWarningsAboutUncommonFiles
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- DisableSafetyFilterOverrideForAppRepUnknown
-
-
-
- DisableCustomerExperienceImprovementProgramParticipation
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- SQM_DisableCEIP
-
-
-
- DisableEnclosureDownloading
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~RSS_Feeds
- Disable_Downloading_of_Enclosures
-
-
-
- DisableEncryptionSupport
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
- Advanced_SetWinInetProtocols
-
-
-
- DisableFirstRunWizard
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- NoFirstRunCustomise
-
-
-
- DisableFlipAheadFeature
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
- Advanced_DisableFlipAhead
-
-
-
- DisableHomePageChange
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- RestrictHomePage
-
-
-
- DisableProxyChange
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- RestrictProxy
-
-
-
- DisableSearchProviderChange
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- NoSearchProvider
-
-
-
- DisableSecondaryHomePageChange
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- SecondaryHomePages
-
-
-
- DoNotBlockOutdatedActiveXControls
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
VerMgmtDisable
-
+
- DoNotBlockOutdatedActiveXControlsOnSpecificDomains
-
+ DisableBypassOfSmartScreenWarnings
+
-
+
@@ -6239,25 +8622,545 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ DisableSafetyFilterOverride
+
+
+
+ DisableBypassOfSmartScreenWarningsAboutUncommonFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ DisableSafetyFilterOverrideForAppRepUnknown
+
+
+
+ DisableConfiguringHistory
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory
+ RestrictHistory
+
+
+
+ DisableCrashDetection
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ AddonManagement_RestrictCrashDetection
+
+
+
+ DisableCustomerExperienceImprovementProgramParticipation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ SQM_DisableCEIP
+
+
+
+ DisableDeletingUserVisitedWebsites
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory
+ DBHDisableDeleteHistory
+
+
+
+ DisableEnclosureDownloading
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~RSS_Feeds
+ Disable_Downloading_of_Enclosures
+
+
+
+ DisableEncryptionSupport
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_SetWinInetProtocols
+
+
+
+ DisableFirstRunWizard
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ NoFirstRunCustomise
+
+
+
+ DisableFlipAheadFeature
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_DisableFlipAhead
+
+
+
+ DisableHomePageChange
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ RestrictHomePage
+
+
+
+ DisableIgnoringCertificateErrors
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL
+ NoCertError
+
+
+
+ DisableInPrivateBrowsing
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~CategoryPrivacy
+ DisableInPrivateBrowsing
+
+
+
+ DisableProcessesInEnhancedProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_EnableEnhancedProtectedMode64Bit
+
+
+
+ DisableProxyChange
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ RestrictProxy
+
+
+
+ DisableSearchProviderChange
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ NoSearchProvider
+
+
+
+ DisableSecondaryHomePageChange
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ SecondaryHomePages
+
+
+
+ DisableSecuritySettingsCheck
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ Disable_Security_Settings_Check
+
+
+
+ DoNotAllowActiveXControlsInProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_DisableEPMCompat
+
+
+
+ DoNotBlockOutdatedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
+ VerMgmtDisable
+
+
+
+ DoNotBlockOutdatedActiveXControlsOnSpecificDomains
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
VerMgmtDomainAllowlist
-
+
- IncludeAllLocalSites
-
+ IncludeAllLocalSites
+
-
+
@@ -6265,25 +9168,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_IncludeUnspecifiedLocalSites
-
+
- IncludeAllNetworkPaths
-
+ IncludeAllNetworkPaths
+
-
+
@@ -6291,25 +9194,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_UNCAsIntranet
-
+
- InternetZoneAllowAccessToDataSources
-
+ InternetZoneAllowAccessToDataSources
+
-
+
@@ -6317,25 +9220,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyAccessDataSourcesAcrossDomains_1
-
+
- InternetZoneAllowAutomaticPromptingForActiveXControls
-
+ InternetZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -6343,25 +9246,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyNotificationBarActiveXURLaction_1
-
+
- InternetZoneAllowAutomaticPromptingForFileDownloads
-
+ InternetZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -6369,25 +9272,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyNotificationBarDownloadURLaction_1
-
+
- InternetZoneAllowFontDownloads
-
+ InternetZoneAllowCopyPasteViaScript
+
-
+
@@ -6395,25 +9298,77 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyAllowPasteViaScript_1
+
+
+
+ InternetZoneAllowDragAndDropCopyAndPasteFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyDropOrPasteFiles_1
+
+
+
+ InternetZoneAllowFontDownloads
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyFontDownload_1
-
+
- InternetZoneAllowLessPrivilegedSites
-
+ InternetZoneAllowLessPrivilegedSites
+
-
+
@@ -6421,25 +9376,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyZoneElevationURLaction_1
-
+
- InternetZoneAllowNETFrameworkReliantComponents
-
+ InternetZoneAllowLoadingOfXAMLFilesWRONG
+
-
+
@@ -6447,25 +9402,51 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_Policy_XAML_1
+
+
+
+ InternetZoneAllowNETFrameworkReliantComponents
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyUnsignedFrameworkComponentsURLaction_1
-
+
- InternetZoneAllowScriptlets
-
+ InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
+
-
+
@@ -6473,25 +9454,129 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Intranet
+
+
+
+ InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
+ IZ_PolicyAllowTDCControl_Both_LocalMachine
+
+
+
+ InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_Policy_WebBrowserControl_1
+
+
+
+ InternetZoneAllowScriptInitiatedWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
+ IZ_PolicyWindowsRestrictionsURLaction_6
+
+
+
+ InternetZoneAllowScriptlets
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_Policy_AllowScriptlets_1
-
+
- InternetZoneAllowSmartScreenIE
-
+ InternetZoneAllowSmartScreenIE
+
-
+
@@ -6499,25 +9584,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_Policy_Phishing_1
-
+
- InternetZoneAllowUserDataPersistence
-
+ InternetZoneAllowUpdatesToStatusBarViaScript
+
-
+
@@ -6525,25 +9610,51 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_Policy_ScriptStatusBar_1
+
+
+
+ InternetZoneAllowUserDataPersistence
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyUserdataPersistence_1
-
+
- InternetZoneInitializeAndScriptActiveXControls
-
+ InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1
+
-
+
@@ -6551,25 +9662,285 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_1
+
+
+
+ InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_3
+
+
+
+ InternetZoneDownloadSignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyDownloadSignedActiveX_3
+
+
+
+ InternetZoneDownloadUnsignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyDownloadUnsignedActiveX_1
+
+
+
+ InternetZoneEnableCrossSiteScriptingFilter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
+ IZ_PolicyTurnOnXSSFilter_Both_LocalMachine
+
+
+
+ InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet
+
+
+
+ InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet
+
+
+
+ InternetZoneEnableMIMESniffing
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyMimeSniffingURLaction_1
+
+
+
+ InternetZoneEnableProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
+ IZ_Policy_TurnOnProtectedMode_2
+
+
+
+ InternetZoneIncludeLocalPathWhenUploadingFilesToServer
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_Policy_LocalPathForUpload_1
+
+
+
+ InternetZoneInitializeAndScriptActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyScriptActiveXNotMarkedSafe_1
-
+
- InternetZoneNavigateWindowsAndFrames
-
+ InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
+
-
+
@@ -6577,25 +9948,155 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyScriptActiveXNotMarkedSafe_1
+
+
+
+ InternetZoneJavaPermissionsWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyJavaPermissions_1
+
+
+
+ InternetZoneJavaPermissionsWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyJavaPermissions_3
+
+
+
+ InternetZoneLaunchingApplicationsAndFilesInIFRAME
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyLaunchAppsAndFilesInIFRAME_1
+
+
+
+ InternetZoneLogonOptions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyLogon_1
+
+
+
+ InternetZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyNavigateSubframesAcrossDomains_1
-
+
- IntranetZoneAllowAccessToDataSources
-
+ InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode
+
-
+
@@ -6603,25 +10104,155 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyUnsignedFrameworkComponentsURLaction_1
+
+
+
+ InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicySignedFrameworkComponentsURLaction_1
+
+
+
+ InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_Policy_UnsafeFiles_1
+
+
+
+ InternetZoneUsePopupBlocker
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyBlockPopupWindows_1
+
+
+
+ InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyZoneElevationURLaction_1
+
+
+
+ IntranetZoneAllowAccessToDataSources
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyAccessDataSourcesAcrossDomains_3
-
+
- IntranetZoneAllowAutomaticPromptingForActiveXControls
-
+ IntranetZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -6629,25 +10260,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyNotificationBarActiveXURLaction_3
-
+
- IntranetZoneAllowAutomaticPromptingForFileDownloads
-
+ IntranetZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -6655,25 +10286,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyNotificationBarDownloadURLaction_3
-
+
- IntranetZoneAllowFontDownloads
-
+ IntranetZoneAllowFontDownloads
+
-
+
@@ -6681,25 +10312,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyFontDownload_3
-
+
- IntranetZoneAllowLessPrivilegedSites
-
+ IntranetZoneAllowLessPrivilegedSites
+
-
+
@@ -6707,25 +10338,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyZoneElevationURLaction_3
-
+
- IntranetZoneAllowNETFrameworkReliantComponents
-
+ IntranetZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -6733,25 +10364,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyUnsignedFrameworkComponentsURLaction_3
-
+
- IntranetZoneAllowScriptlets
-
+ IntranetZoneAllowScriptlets
+
-
+
@@ -6759,25 +10390,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_Policy_AllowScriptlets_3
-
+
- IntranetZoneAllowSmartScreenIE
-
+ IntranetZoneAllowSmartScreenIE
+
-
+
@@ -6785,25 +10416,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_Policy_Phishing_3
-
+
- IntranetZoneAllowUserDataPersistence
-
+ IntranetZoneAllowUserDataPersistence
+
-
+
@@ -6811,25 +10442,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyUserdataPersistence_3
-
+
- IntranetZoneInitializeAndScriptActiveXControls
-
+ IntranetZoneInitializeAndScriptActiveXControls
+
-
+
@@ -6837,25 +10468,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyScriptActiveXNotMarkedSafe_3
-
+
- IntranetZoneNavigateWindowsAndFrames
-
+ IntranetZoneNavigateWindowsAndFrames
+
-
+
@@ -6863,25 +10494,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyNavigateSubframesAcrossDomains_3
-
+
- LocalMachineZoneAllowAccessToDataSources
-
+ LocalMachineZoneAllowAccessToDataSources
+
-
+
@@ -6889,25 +10520,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyAccessDataSourcesAcrossDomains_9
-
+
- LocalMachineZoneAllowAutomaticPromptingForActiveXControls
-
+ LocalMachineZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -6915,25 +10546,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyNotificationBarActiveXURLaction_9
-
+
- LocalMachineZoneAllowAutomaticPromptingForFileDownloads
-
+ LocalMachineZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -6941,25 +10572,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyNotificationBarDownloadURLaction_9
-
+
- LocalMachineZoneAllowFontDownloads
-
+ LocalMachineZoneAllowFontDownloads
+
-
+
@@ -6967,25 +10598,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyFontDownload_9
-
+
- LocalMachineZoneAllowLessPrivilegedSites
-
+ LocalMachineZoneAllowLessPrivilegedSites
+
-
+
@@ -6993,25 +10624,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyZoneElevationURLaction_9
-
+
- LocalMachineZoneAllowNETFrameworkReliantComponents
-
+ LocalMachineZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -7019,25 +10650,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyUnsignedFrameworkComponentsURLaction_9
-
+
- LocalMachineZoneAllowScriptlets
-
+ LocalMachineZoneAllowScriptlets
+
-
+
@@ -7045,25 +10676,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_Policy_AllowScriptlets_9
-
+
- LocalMachineZoneAllowSmartScreenIE
-
+ LocalMachineZoneAllowSmartScreenIE
+
-
+
@@ -7071,25 +10702,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_Policy_Phishing_9
-
+
- LocalMachineZoneAllowUserDataPersistence
-
+ LocalMachineZoneAllowUserDataPersistence
+
-
+
@@ -7097,25 +10728,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyUserdataPersistence_9
-
+
- LocalMachineZoneInitializeAndScriptActiveXControls
-
+ LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
+
-
+
@@ -7123,25 +10754,51 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone~IZ_LocalMachineZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_9
+
+
+
+ LocalMachineZoneInitializeAndScriptActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyScriptActiveXNotMarkedSafe_9
-
+
- LocalMachineZoneNavigateWindowsAndFrames
-
+ LocalMachineZoneJavaPermissions
+
-
+
@@ -7149,25 +10806,51 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
+ IZ_PolicyJavaPermissions_9
+
+
+
+ LocalMachineZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyNavigateSubframesAcrossDomains_9
-
+
- LockedDownInternetZoneAllowAccessToDataSources
-
+ LockedDownInternetZoneAllowAccessToDataSources
+
-
+
@@ -7175,25 +10858,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyAccessDataSourcesAcrossDomains_2
-
+
- LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls
-
+ LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -7201,25 +10884,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyNotificationBarActiveXURLaction_2
-
+
- LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads
-
+ LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -7227,25 +10910,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyNotificationBarDownloadURLaction_2
-
+
- LockedDownInternetZoneAllowFontDownloads
-
+ LockedDownInternetZoneAllowFontDownloads
+
-
+
@@ -7253,25 +10936,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyFontDownload_2
-
+
- LockedDownInternetZoneAllowLessPrivilegedSites
-
+ LockedDownInternetZoneAllowLessPrivilegedSites
+
-
+
@@ -7279,25 +10962,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyZoneElevationURLaction_2
-
+
- LockedDownInternetZoneAllowNETFrameworkReliantComponents
-
+ LockedDownInternetZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -7305,25 +10988,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyUnsignedFrameworkComponentsURLaction_2
-
+
- LockedDownInternetZoneAllowScriptlets
-
+ LockedDownInternetZoneAllowScriptlets
+
-
+
@@ -7331,25 +11014,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_Policy_AllowScriptlets_2
-
+
- LockedDownInternetZoneAllowSmartScreenIE
-
+ LockedDownInternetZoneAllowSmartScreenIE
+
-
+
@@ -7357,25 +11040,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_Policy_Phishing_2
-
+
- LockedDownInternetZoneAllowUserDataPersistence
-
+ LockedDownInternetZoneAllowUserDataPersistence
+
-
+
@@ -7383,25 +11066,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyUserdataPersistence_2
-
+
- LockedDownInternetZoneInitializeAndScriptActiveXControls
-
+ LockedDownInternetZoneInitializeAndScriptActiveXControls
+
-
+
@@ -7409,25 +11092,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyScriptActiveXNotMarkedSafe_2
-
+
- LockedDownInternetZoneNavigateWindowsAndFrames
-
+ LockedDownInternetZoneJavaPermissions
+
-
+
@@ -7435,25 +11118,51 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
+ IZ_PolicyJavaPermissions_2
+
+
+
+ LockedDownInternetZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyNavigateSubframesAcrossDomains_2
-
+
- LockedDownIntranetZoneAllowAccessToDataSources
-
+ LockedDownIntranetZoneAllowAccessToDataSources
+
-
+
@@ -7461,25 +11170,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyAccessDataSourcesAcrossDomains_4
-
+
- LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls
-
+ LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -7487,25 +11196,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyNotificationBarActiveXURLaction_4
-
+
- LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads
-
+ LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -7513,25 +11222,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyNotificationBarDownloadURLaction_4
-
+
- LockedDownIntranetZoneAllowFontDownloads
-
+ LockedDownIntranetZoneAllowFontDownloads
+
-
+
@@ -7539,25 +11248,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyFontDownload_4
-
+
- LockedDownIntranetZoneAllowLessPrivilegedSites
-
+ LockedDownIntranetZoneAllowLessPrivilegedSites
+
-
+
@@ -7565,25 +11274,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyZoneElevationURLaction_4
-
+
- LockedDownIntranetZoneAllowNETFrameworkReliantComponents
-
+ LockedDownIntranetZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -7591,25 +11300,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyUnsignedFrameworkComponentsURLaction_4
-
+
- LockedDownIntranetZoneAllowScriptlets
-
+ LockedDownIntranetZoneAllowScriptlets
+
-
+
@@ -7617,25 +11326,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_Policy_AllowScriptlets_4
-
+
- LockedDownIntranetZoneAllowSmartScreenIE
-
+ LockedDownIntranetZoneAllowSmartScreenIE
+
-
+
@@ -7643,25 +11352,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_Policy_Phishing_4
-
+
- LockedDownIntranetZoneAllowUserDataPersistence
-
+ LockedDownIntranetZoneAllowUserDataPersistence
+
-
+
@@ -7669,25 +11378,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyUserdataPersistence_4
-
+
- LockedDownIntranetZoneInitializeAndScriptActiveXControls
-
+ LockedDownIntranetZoneInitializeAndScriptActiveXControls
+
-
+
@@ -7695,25 +11404,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyScriptActiveXNotMarkedSafe_4
-
+
- LockedDownIntranetZoneNavigateWindowsAndFrames
-
+ LockedDownIntranetZoneNavigateWindowsAndFrames
+
-
+
@@ -7721,25 +11430,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyNavigateSubframesAcrossDomains_4
-
+
- LockedDownLocalMachineZoneAllowAccessToDataSources
-
+ LockedDownLocalMachineZoneAllowAccessToDataSources
+
-
+
@@ -7747,25 +11456,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyAccessDataSourcesAcrossDomains_10
-
+
- LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls
-
+ LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -7773,25 +11482,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyNotificationBarActiveXURLaction_10
-
+
- LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads
-
+ LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -7799,25 +11508,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyNotificationBarDownloadURLaction_10
-
+
- LockedDownLocalMachineZoneAllowFontDownloads
-
+ LockedDownLocalMachineZoneAllowFontDownloads
+
-
+
@@ -7825,25 +11534,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyFontDownload_10
-
+
- LockedDownLocalMachineZoneAllowLessPrivilegedSites
-
+ LockedDownLocalMachineZoneAllowLessPrivilegedSites
+
-
+
@@ -7851,25 +11560,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyZoneElevationURLaction_10
-
+
- LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents
-
+ LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -7877,25 +11586,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyUnsignedFrameworkComponentsURLaction_10
-
+
- LockedDownLocalMachineZoneAllowScriptlets
-
+ LockedDownLocalMachineZoneAllowScriptlets
+
-
+
@@ -7903,25 +11612,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_Policy_AllowScriptlets_10
-
+
- LockedDownLocalMachineZoneAllowSmartScreenIE
-
+ LockedDownLocalMachineZoneAllowSmartScreenIE
+
-
+
@@ -7929,25 +11638,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_Policy_Phishing_10
-
+
- LockedDownLocalMachineZoneAllowUserDataPersistence
-
+ LockedDownLocalMachineZoneAllowUserDataPersistence
+
-
+
@@ -7955,25 +11664,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyUserdataPersistence_10
-
+
- LockedDownLocalMachineZoneInitializeAndScriptActiveXControls
-
+ LockedDownLocalMachineZoneInitializeAndScriptActiveXControls
+
-
+
@@ -7981,25 +11690,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyScriptActiveXNotMarkedSafe_10
-
+
- LockedDownLocalMachineZoneNavigateWindowsAndFrames
-
+ LockedDownLocalMachineZoneJavaPermissions
+
-
+
@@ -8007,25 +11716,51 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
+ IZ_PolicyJavaPermissions_10
+
+
+
+ LockedDownLocalMachineZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyNavigateSubframesAcrossDomains_10
-
+
- LockedDownRestrictedSitesZoneAllowAccessToDataSources
-
+ LockedDownRestrictedSitesZoneAllowAccessToDataSources
+
-
+
@@ -8033,25 +11768,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyAccessDataSourcesAcrossDomains_8
-
+
- LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
-
+ LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -8059,25 +11794,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyNotificationBarActiveXURLaction_8
-
+
- LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
-
+ LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -8085,25 +11820,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyNotificationBarDownloadURLaction_8
-
+
- LockedDownRestrictedSitesZoneAllowFontDownloads
-
+ LockedDownRestrictedSitesZoneAllowFontDownloads
+
-
+
@@ -8111,25 +11846,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyFontDownload_8
-
+
- LockedDownRestrictedSitesZoneAllowLessPrivilegedSites
-
+ LockedDownRestrictedSitesZoneAllowLessPrivilegedSites
+
-
+
@@ -8137,25 +11872,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyZoneElevationURLaction_8
-
+
- LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents
-
+ LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -8163,25 +11898,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyUnsignedFrameworkComponentsURLaction_8
-
+
- LockedDownRestrictedSitesZoneAllowScriptlets
-
+ LockedDownRestrictedSitesZoneAllowScriptlets
+
-
+
@@ -8189,25 +11924,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_Policy_AllowScriptlets_8
-
+
- LockedDownRestrictedSitesZoneAllowSmartScreenIE
-
+ LockedDownRestrictedSitesZoneAllowSmartScreenIE
+
-
+
@@ -8215,25 +11950,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_Policy_Phishing_8
-
+
- LockedDownRestrictedSitesZoneAllowUserDataPersistence
-
+ LockedDownRestrictedSitesZoneAllowUserDataPersistence
+
-
+
@@ -8241,25 +11976,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyUserdataPersistence_8
-
+
- LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls
-
+ LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls
+
-
+
@@ -8267,25 +12002,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyScriptActiveXNotMarkedSafe_8
-
+
- LockedDownRestrictedSitesZoneNavigateWindowsAndFrames
-
+ LockedDownRestrictedSitesZoneJavaPermissions
+
-
+
@@ -8293,25 +12028,51 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
+ IZ_PolicyJavaPermissions_8
+
+
+
+ LockedDownRestrictedSitesZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyNavigateSubframesAcrossDomains_8
-
+
- LockedDownTrustedSitesZoneAllowAccessToDataSources
-
+ LockedDownTrustedSitesZoneAllowAccessToDataSources
+
-
+
@@ -8319,25 +12080,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyAccessDataSourcesAcrossDomains_6
-
+
- LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls
-
+ LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -8345,25 +12106,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyNotificationBarActiveXURLaction_6
-
+
- LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads
-
+ LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -8371,25 +12132,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyNotificationBarDownloadURLaction_6
-
+
- LockedDownTrustedSitesZoneAllowFontDownloads
-
+ LockedDownTrustedSitesZoneAllowFontDownloads
+
-
+
@@ -8397,25 +12158,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyFontDownload_6
-
+
- LockedDownTrustedSitesZoneAllowLessPrivilegedSites
-
+ LockedDownTrustedSitesZoneAllowLessPrivilegedSites
+
-
+
@@ -8423,25 +12184,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyZoneElevationURLaction_6
-
+
- LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents
-
+ LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -8449,25 +12210,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyUnsignedFrameworkComponentsURLaction_6
-
+
- LockedDownTrustedSitesZoneAllowScriptlets
-
+ LockedDownTrustedSitesZoneAllowScriptlets
+
-
+
@@ -8475,25 +12236,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_Policy_AllowScriptlets_6
-
+
- LockedDownTrustedSitesZoneAllowSmartScreenIE
-
+ LockedDownTrustedSitesZoneAllowSmartScreenIE
+
-
+
@@ -8501,25 +12262,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_Policy_Phishing_6
-
+
- LockedDownTrustedSitesZoneAllowUserDataPersistence
-
+ LockedDownTrustedSitesZoneAllowUserDataPersistence
+
-
+
@@ -8527,25 +12288,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyUserdataPersistence_6
-
+
- LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls
-
+ LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls
+
-
+
@@ -8553,25 +12314,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyScriptActiveXNotMarkedSafe_6
-
+
- LockedDownTrustedSitesZoneNavigateWindowsAndFrames
-
+ LockedDownTrustedSitesZoneJavaPermissions
+
-
+
@@ -8579,25 +12340,51 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
+ IZ_PolicyJavaPermissions_6
+
+
+
+ LockedDownTrustedSitesZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyNavigateSubframesAcrossDomains_6
-
+
- RestrictedSitesZoneAllowAccessToDataSources
-
+ MimeSniffingSafetyFeatureInternetExplorerProcesses
+
-
+
@@ -8605,25 +12392,233 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMimeSniffingSafetyFeature
+ IESF_PolicyExplorerProcesses_6
+
+
+
+ MKProtocolSecurityRestrictionInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMKProtocolSecurityRestriction
+ IESF_PolicyExplorerProcesses_3
+
+
+
+ NotificationBarInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryInformationBar
+ IESF_PolicyExplorerProcesses_10
+
+
+
+ PreventManagingSmartScreenFilter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyDownloadSignedActiveX_1
+
+
+
+ PreventPerUserInstallationOfActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ DisablePerUserActiveXInstall
+
+
+
+ ProtectionFromZoneElevationInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryProtectionFromZoneElevation
+ IESF_PolicyAllProcesses_9
+
+
+
+ RemoveRunThisTimeButtonForOutdatedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
+ VerMgmtDisableRunThisTime
+
+
+
+ RestrictActiveXInstallInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictActiveXInstall
+ IESF_PolicyAllProcesses_11
+
+
+
+ RestrictedSitesZoneAllowAccessToDataSources
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyAccessDataSourcesAcrossDomains_7
-
+
- RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
-
+ RestrictedSitesZoneAllowActiveScripting
+
-
+
@@ -8631,25 +12626,51 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyActiveScripting_1
+
+
+
+ RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyNotificationBarActiveXURLaction_7
-
+
- RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
-
+ RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -8657,25 +12678,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyNotificationBarDownloadURLaction_7
-
+
- RestrictedSitesZoneAllowFontDownloads
-
+ RestrictedSitesZoneAllowBinaryAndScriptBehaviors
+
-
+
@@ -8683,25 +12704,129 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyBinaryBehaviors_1
+
+
+
+ RestrictedSitesZoneAllowCopyPasteViaScript
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyAllowPasteViaScript_7
+
+
+
+ RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyDropOrPasteFiles_7
+
+
+
+ RestrictedSitesZoneAllowFileDownloads
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyFileDownload_1
+
+
+
+ RestrictedSitesZoneAllowFontDownloadsWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyFontDownload_7
-
+
- RestrictedSitesZoneAllowLessPrivilegedSites
-
+ RestrictedSitesZoneAllowFontDownloadsWRONG2
+
-
+
@@ -8709,25 +12834,51 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyFontDownload_1
+
+
+
+ RestrictedSitesZoneAllowLessPrivilegedSites
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyZoneElevationURLaction_7
-
+
- RestrictedSitesZoneAllowNETFrameworkReliantComponents
-
+ RestrictedSitesZoneAllowLoadingOfXAMLFiles
+
-
+
@@ -8735,25 +12886,77 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_Policy_XAML_7
+
+
+
+ RestrictedSitesZoneAllowMETAREFRESH
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyAllowMETAREFRESH_1
+
+
+
+ RestrictedSitesZoneAllowNETFrameworkReliantComponents
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyUnsignedFrameworkComponentsURLaction_7
-
+
- RestrictedSitesZoneAllowScriptlets
-
+ RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
+
-
+
@@ -8761,25 +12964,129 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted
+
+
+
+ RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyAllowTDCControl_Both_Restricted
+
+
+
+ RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_Policy_WebBrowserControl_7
+
+
+
+ RestrictedSitesZoneAllowScriptInitiatedWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyWindowsRestrictionsURLaction_7
+
+
+
+ RestrictedSitesZoneAllowScriptlets
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_Policy_AllowScriptlets_7
-
+
- RestrictedSitesZoneAllowSmartScreenIE
-
+ RestrictedSitesZoneAllowSmartScreenIE
+
-
+
@@ -8787,25 +13094,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_Policy_Phishing_7
-
+
- RestrictedSitesZoneAllowUserDataPersistence
-
+ RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
+
-
+
@@ -8813,25 +13120,51 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_Policy_ScriptStatusBar_7
+
+
+
+ RestrictedSitesZoneAllowUserDataPersistence
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyUserdataPersistence_7
-
+
- RestrictedSitesZoneInitializeAndScriptActiveXControls
-
+ RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
+
-
+
@@ -8839,25 +13172,207 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_7
+
+
+
+ RestrictedSitesZoneDownloadSignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyDownloadSignedActiveX_7
+
+
+
+ RestrictedSitesZoneDownloadUnsignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyDownloadUnsignedActiveX_7
+
+
+
+ RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted
+
+
+
+ RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted
+
+
+
+ RestrictedSitesZoneEnableMIMESniffing
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyMimeSniffingURLaction_7
+
+
+
+ RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_Policy_LocalPathForUpload_7
+
+
+
+ RestrictedSitesZoneInitializeAndScriptActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyScriptActiveXNotMarkedSafe_7
-
+
- RestrictedSitesZoneNavigateWindowsAndFrames
-
+ RestrictedSitesZoneJavaPermissions
+
-
+
@@ -8865,25 +13380,103 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyJavaPermissions_7
+
+
+
+ RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyLaunchAppsAndFilesInIFRAME_7
+
+
+
+ RestrictedSitesZoneLogonOptions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyLogon_7
+
+
+
+ RestrictedSitesZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyNavigateSubframesAcrossDomains_7
-
+
- SearchProviderList
-
+ RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains
+
-
+
@@ -8891,25 +13484,311 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyNavigateSubframesAcrossDomains_1
+
+
+
+ RestrictedSitesZoneRunActiveXControlsAndPlugins
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyRunActiveXControls_1
+
+
+
+ RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicySignedFrameworkComponentsURLaction_7
+
+
+
+ RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyScriptActiveXMarkedSafe_1
+
+
+
+ RestrictedSitesZoneWRONG
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
+ IZ_PolicyScriptingOfJavaApplets_6
+
+
+
+ RestrictedSitesZoneWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_Policy_UnsafeFiles_7
+
+
+
+ RestrictedSitesZoneWRONG3
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyTurnOnXSSFilter_Both_Restricted
+
+
+
+ RestrictedSitesZoneWRONG4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_Policy_TurnOnProtectedMode_7
+
+
+
+ RestrictedSitesZoneWRONG5
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyBlockPopupWindows_7
+
+
+
+ RestrictFileDownloadInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictFileDownload
+ IESF_PolicyAllProcesses_12
+
+
+
+ ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryScriptedWindowSecurityRestrictions
+ IESF_PolicyAllProcesses_8
+
+
+
+ SearchProviderList
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer
SpecificSearchProvider
-
+
- TrustedSitesZoneAllowAccessToDataSources
-
+ SpecifyUseOfActiveXInstallerService
+
-
+
@@ -8917,25 +13796,51 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ OnlyUseAXISForActiveXInstall
+
+
+
+ TrustedSitesZoneAllowAccessToDataSources
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyAccessDataSourcesAcrossDomains_5
-
+
- TrustedSitesZoneAllowAutomaticPromptingForActiveXControls
-
+ TrustedSitesZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -8943,25 +13848,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyNotificationBarActiveXURLaction_5
-
+
- TrustedSitesZoneAllowAutomaticPromptingForFileDownloads
-
+ TrustedSitesZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -8969,25 +13874,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyNotificationBarDownloadURLaction_5
-
+
- TrustedSitesZoneAllowFontDownloads
-
+ TrustedSitesZoneAllowFontDownloads
+
-
+
@@ -8995,25 +13900,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyFontDownload_5
-
+
- TrustedSitesZoneAllowLessPrivilegedSites
-
+ TrustedSitesZoneAllowLessPrivilegedSites
+
-
+
@@ -9021,25 +13926,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyZoneElevationURLaction_5
-
+
- TrustedSitesZoneAllowNETFrameworkReliantComponents
-
+ TrustedSitesZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -9047,25 +13952,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyUnsignedFrameworkComponentsURLaction_5
-
+
- TrustedSitesZoneAllowScriptlets
-
+ TrustedSitesZoneAllowScriptlets
+
-
+
@@ -9073,25 +13978,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_Policy_AllowScriptlets_5
-
+
- TrustedSitesZoneAllowSmartScreenIE
-
+ TrustedSitesZoneAllowSmartScreenIE
+
-
+
@@ -9099,25 +14004,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_Policy_Phishing_5
-
+
- TrustedSitesZoneAllowUserDataPersistence
-
+ TrustedSitesZoneAllowUserDataPersistence
+
-
+
@@ -9125,25 +14030,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyUserdataPersistence_5
-
+
- TrustedSitesZoneInitializeAndScriptActiveXControls
-
+ TrustedSitesZoneInitializeAndScriptActiveXControls
+
-
+
@@ -9151,25 +14056,25 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyScriptActiveXNotMarkedSafe_5
-
+
- TrustedSitesZoneNavigateWindowsAndFrames
-
+ TrustedSitesZoneJavaPermissions
+
-
+
@@ -9177,19 +14082,97 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyJavaPermissions_5
+
+
+
+ TrustedSitesZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyNavigateSubframesAcrossDomains_5
-
+
+
+
+ TrustedSitesZoneWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_5
+
+
+
+ TrustedSitesZoneWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyScriptActiveXNotMarkedSafe_5
+
@@ -9212,10 +14195,10 @@ The XML below is the DDF for Windows 10, version 1703.
- DisallowNotificationMirroring
-
+ DisallowNotificationMirroring
+
-
+
0
@@ -9223,15 +14206,15 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -9254,10 +14237,10 @@ The XML below is the DDF for Windows 10, version 1703.
- PointAndPrintRestrictions_User
-
+ PointAndPrintRestrictions_User
+
-
+
@@ -9265,19 +14248,19 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
Printing.admx
Printing~AT~ControlPanel~CplPrinters
PointAndPrint_Restrictions
-
+
@@ -9300,10 +14283,10 @@ The XML below is the DDF for Windows 10, version 1703.
- ConfigureTaskbarCalendar
-
+ ConfigureTaskbarCalendar
+
-
+
0
@@ -9311,15 +14294,15 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -9342,10 +14325,10 @@ The XML below is the DDF for Windows 10, version 1703.
- StartLayout
-
+ StartLayout
+
-
+
@@ -9353,16 +14336,16 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
phone
-
+
@@ -9385,10 +14368,10 @@ The XML below is the DDF for Windows 10, version 1703.
- AllowTelemetry
-
+ AllowTelemetry
+
-
+
3
@@ -9396,15 +14379,15 @@ The XML below is the DDF for Windows 10, version 1703.
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -9659,6 +14642,87 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ AccountPolicies
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ MinDevicePasswordLength
+
+
+
+
+
+
+
+ This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PasswordMustMeetComplexityRequirement
+
+
+
+
+
+
+
+ This security setting determines whether passwords must meet complexity requirements.
+
+If this policy is enabled, passwords must meet the following minimum requirements:
+
+Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
+Be at least six characters in length
+Contain characters from three of the following four categories:
+English uppercase characters (A through Z)
+English lowercase characters (a through z)
+Base 10 digits (0 through 9)
+Non-alphabetic characters (for example, !, $, #, %)
+Complexity requirements are enforced when passwords are changed or created.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
Accounts
@@ -10870,6 +15934,30 @@ The XML below is the DDF for Windows 10, version 1703.
+
+ AllowFidoDeviceSignon
+
+
+
+
+
+
+
+ Specifies whether FIDO device can be used to sign on.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
AllowSecondaryAuthenticationDevice
@@ -11449,7 +16537,7 @@ The XML below is the DDF for Windows 10, version 1703.
This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat.
-If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
+If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation.
@@ -11760,7 +16848,7 @@ Example:
If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support.
Encapsulate each string with greater than and less than characters like any other XML tag.
-Version 1703 or later: If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.
+Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.
@@ -12072,6 +17160,52 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ Cellular
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ShowAppCellularAccessUI
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
Connectivity
@@ -12285,6 +17419,78 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ DiablePrintingOverHTTP
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableDownloadingOfPrintDriversOverHTTP
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DisallowNetworkConnectivityActiveTests
@@ -12333,6 +17539,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ ProhibitInstallationAndConfigurationOfNetworkBridge
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
CredentialProviders
@@ -13017,6 +18247,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ AttackSurfaceReductionOnlyExclusions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AttackSurfaceReductionRules
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
AvgCPULoadFactor
@@ -13041,6 +18319,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ CloudBlockLevel
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ CloudExtendedTimeout
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DaysToRetainCleanedMalware
@@ -13065,6 +18391,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ EnableGuardMyFolders
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ EnableNetworkProtection
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
ExcludedExtensions
@@ -13137,6 +18511,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ GuardedFoldersAllowedApplications
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ GuardedFoldersList
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
PUAProtection
@@ -13760,6 +19182,100 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ DeviceGuard
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ EnableVirtualizationBasedSecurity
+
+
+
+
+
+
+
+ Turns On Virtualization Based Security(VBS)
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LsaCfgFlags
+
+
+
+
+
+
+
+ Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if configured previously without UEFI Lock, 1 - Turns on CredentialGuard with UEFI lock. 2 - Turns on CredentialGuard without UEFI lock.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RequirePlatformSecurityFeatures
+
+
+
+
+
+
+
+ Select Platform Security Level: 1 - Turns on VBS with Secure Boot, 3 - Turns on VBS with Secure Boot and DMA. DMA requires hardware support.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
DeviceInstallation
@@ -14004,7 +19520,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- Specifies how many passwords can be stored in the history that can’t be used.
+ Specifies how many passwords can be stored in the history that can’t be used.
@@ -14187,6 +19703,34 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ MinimumPasswordAge
+
+
+
+
+
+
+
+ This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0.
+
+The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.
+
+Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
PreventLockScreenSlideShow
@@ -15063,6 +20607,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ AllowCertificateAddressMismatchWarning
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowDeletingBrowsingHistoryOnExit
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
AllowEnhancedProtectedMode
@@ -15135,6 +20727,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ AllowFallbackToSSL3
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
AllowInternetExplorer7PolicyList
@@ -15423,6 +21039,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ AllowSoftwareWhenSignatureIsInvalid
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
AllowsRestrictedSitesZoneTemplate
@@ -15495,6 +21135,78 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ CheckServerCertificateRevocation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ CheckSignaturesOnDownloadedPrograms
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ConsistentMimeHandlingInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DisableAdobeFlash
@@ -15519,6 +21231,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ DisableBlockingOfOutdatedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DisableBypassOfSmartScreenWarnings
@@ -15567,6 +21303,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ DisableConfiguringHistory
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableCrashDetection
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DisableCustomerExperienceImprovementProgramParticipation
@@ -15591,6 +21375,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ DisableDeletingUserVisitedWebsites
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DisableEnclosureDownloading
@@ -15687,6 +21495,78 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ DisableIgnoringCertificateErrors
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableInPrivateBrowsing
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableProcessesInEnhancedProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DisableProxyChange
@@ -15759,6 +21639,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ DisableSecuritySettingsCheck
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DisableUpdateCheck
@@ -15783,6 +21687,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ DoNotAllowActiveXControlsInProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DoNotAllowUsersToAddSites
@@ -15999,6 +21927,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ InternetZoneAllowCopyPasteViaScript
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneAllowDragAndDropCopyAndPasteFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
InternetZoneAllowFontDownloads
@@ -16047,6 +22023,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ InternetZoneAllowLoadingOfXAMLFilesWRONG
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
InternetZoneAllowNETFrameworkReliantComponents
@@ -16071,6 +22071,102 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneAllowScriptInitiatedWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
InternetZoneAllowScriptlets
@@ -16119,6 +22215,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ InternetZoneAllowUpdatesToStatusBarViaScript
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
InternetZoneAllowUserDataPersistence
@@ -16143,6 +22263,246 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneDownloadSignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneDownloadUnsignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneEnableCrossSiteScriptingFilter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneEnableMIMESniffing
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneEnableProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneIncludeLocalPathWhenUploadingFilesToServer
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
InternetZoneInitializeAndScriptActiveXControls
@@ -16167,6 +22527,126 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneJavaPermissionsWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneJavaPermissionsWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneLaunchingApplicationsAndFilesInIFRAME
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneLogonOptions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
InternetZoneNavigateWindowsAndFrames
@@ -16191,6 +22671,126 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneUsePopupBlocker
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
IntranetZoneAllowAccessToDataSources
@@ -16671,6 +23271,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LocalMachineZoneInitializeAndScriptActiveXControls
@@ -16695,6 +23319,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ LocalMachineZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LocalMachineZoneNavigateWindowsAndFrames
@@ -16959,6 +23607,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ LockedDownInternetZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LockedDownInternetZoneNavigateWindowsAndFrames
@@ -17487,6 +24159,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ LockedDownLocalMachineZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LockedDownLocalMachineZoneNavigateWindowsAndFrames
@@ -17751,6 +24447,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ LockedDownRestrictedSitesZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LockedDownRestrictedSitesZoneNavigateWindowsAndFrames
@@ -18015,6 +24735,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ LockedDownTrustedSitesZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LockedDownTrustedSitesZoneNavigateWindowsAndFrames
@@ -18039,6 +24783,198 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ MimeSniffingSafetyFeatureInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ MKProtocolSecurityRestrictionInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ NotificationBarInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PreventManagingSmartScreenFilter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PreventPerUserInstallationOfActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ProtectionFromZoneElevationInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RemoveRunThisTimeButtonForOutdatedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictActiveXInstallInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneAllowAccessToDataSources
@@ -18063,6 +24999,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ RestrictedSitesZoneAllowActiveScripting
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
@@ -18112,7 +25072,127 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- RestrictedSitesZoneAllowFontDownloads
+ RestrictedSitesZoneAllowBinaryAndScriptBehaviors
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowCopyPasteViaScript
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowFileDownloads
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowFontDownloadsWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowFontDownloadsWRONG2
@@ -18159,6 +25239,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ RestrictedSitesZoneAllowLoadingOfXAMLFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowMETAREFRESH
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneAllowNETFrameworkReliantComponents
@@ -18183,6 +25311,102 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneAllowScriptInitiatedWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneAllowScriptlets
@@ -18231,6 +25455,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneAllowUserDataPersistence
@@ -18255,6 +25503,174 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneDownloadSignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneDownloadUnsignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneEnableMIMESniffing
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneInitializeAndScriptActiveXControls
@@ -18279,6 +25695,78 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ RestrictedSitesZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneLogonOptions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RestrictedSitesZoneNavigateWindowsAndFrames
@@ -18303,6 +25791,270 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneRunActiveXControlsAndPlugins
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneWRONG
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneWRONG3
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneWRONG4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictedSitesZoneWRONG5
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RestrictFileDownloadInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
SearchProviderList
@@ -18327,6 +26079,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ SecurityZonesUseOnlyMachineSettings
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ SpecifyUseOfActiveXInstallerService
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
TrustedSitesZoneAllowAccessToDataSources
@@ -18567,6 +26367,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ TrustedSitesZoneJavaPermissions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
TrustedSitesZoneNavigateWindowsAndFrames
@@ -18591,6 +26415,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ TrustedSitesZoneWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TrustedSitesZoneWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
Kerberos
@@ -18804,6 +26676,897 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ LocalPoliciesSecurityOptions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Accounts_BlockMicrosoftAccounts
+
+
+
+
+
+
+
+ This policy setting prevents users from adding new Microsoft accounts on this computer.
+
+If you select the "Users can’t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
+
+If you select the "Users can’t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
+
+If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Accounts_EnableAdministratorAccountStatus
+
+
+
+
+
+
+
+ This security setting determines whether the local Administrator account is enabled or disabled.
+
+Notes
+
+If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password.
+Disabling the Administrator account can become a maintenance issue under certain circumstances.
+
+Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator will not be enabled.
+
+Default: Disabled.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Accounts_EnableGuestAccountStatus
+
+
+
+
+
+
+
+ This security setting determines if the Guest account is enabled or disabled.
+
+Default: Disabled.
+
+Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
+
+
+
+
+
+
+
+ Accounts: Limit local account use of blank passwords to console logon only
+
+This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard.
+
+Default: Enabled.
+
+
+Warning:
+
+Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers.
+If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services.
+
+Notes
+
+This setting does not affect logons that use domain accounts.
+It is possible for applications that use remote interactive logons to bypass this setting.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Accounts_RenameAdministratorAccount
+
+
+
+
+
+
+
+ Accounts: Rename administrator account
+
+This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination.
+
+Default: Administrator.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Accounts_RenameGuestAccount
+
+
+
+
+
+
+
+ Accounts: Rename guest account
+
+This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination.
+
+Default: Guest.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
+
+
+
+
+
+
+
+ Interactive Logon:Display user information when the session is locked
+User display name, domain and user names (1)
+User display name only (2)
+Do not display user information (3)
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Interactivelogon_DoNotDisplayLastSignedIn
+
+
+
+
+
+
+
+ Interactive logon: Don't display last signed-in
+This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC.
+If this policy is enabled, the username will not be shown.
+
+If this policy is disabled, the username will be shown.
+
+Default: Disabled.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Interactivelogon_DoNotDisplayUsernameAtSignIn
+
+
+
+
+
+
+
+ Interactive logon: Don't display username at sign-in
+This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown.
+If this policy is enabled, the username will not be shown.
+
+If this policy is disabled, the username will be shown.
+
+Default: Disabled.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Interactivelogon_DoNotRequireCTRLALTDEL
+
+
+
+
+
+
+
+ Interactive logon: Do not require CTRL+ALT+DEL
+
+This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on.
+
+If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords.
+
+If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows.
+
+Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier.
+Default on stand-alone computers: Enabled.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InteractiveLogon_MachineInactivityLimit
+
+
+
+
+
+
+
+ Interactive logon: Machine inactivity limit.
+
+Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.
+
+Default: not enforced.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InteractiveLogon_MessageTextForUsersAttemptingToLogOn
+
+
+
+
+
+
+
+ Interactive logon: Message text for users attempting to log on
+
+This security setting specifies a text message that is displayed to users when they log on.
+
+This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited.
+
+Default: No message.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
+
+
+
+
+
+
+
+ Interactive logon: Message title for users attempting to log on
+
+This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on.
+
+Default: No message.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares
+
+
+
+
+
+
+
+ Network access: Do not allow anonymous enumeration of SAM accounts and shares
+
+This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed.
+
+Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.
+
+Default: Disabled.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
+
+
+
+
+
+
+
+ Network access: Restrict anonymous access to Named Pipes and Shares
+
+When enabled, this security setting restricts anonymous access to shares and pipes to the settings for:
+
+Network access: Named pipes that can be accessed anonymously
+Network access: Shares that can be accessed anonymously
+Default: Enabled.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
+
+
+
+
+
+
+
+ Network access: Restrict clients allowed to make remote calls to SAM
+
+This policy setting allows you to restrict remote rpc connections to SAM.
+
+If not selected, the default security descriptor will be used.
+
+This policy is supported on at least Windows Server 2016.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ NetworkSecurity_AllowPKU2UAuthenticationRequests
+
+
+
+
+
+
+
+ Network security: Allow PKU2U authentication requests to this computer to use online identities.
+
+This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RecoveryConsole_AllowAutomaticAdministrativeLogon
+
+
+
+
+
+
+
+ Recovery console: Allow automatic administrative logon
+
+This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system.
+
+Default: This policy is not defined and automatic administrative logon is not allowed.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Shutdown_ClearVirtualMemoryPageFile
+
+
+
+
+
+
+
+ Shutdown: Clear virtual memory pagefile
+
+This security setting determines whether the virtual memory pagefile is cleared when the system is shut down.
+
+Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile is not available to an unauthorized user who manages to directly access the pagefile.
+
+When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled.
+
+Default: Disabled.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
+
+
+
+
+
+
+
+ User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
+
+This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
+
+• Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
+
+• Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
+
+
+
+
+
+
+
+ User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
+
+This policy setting controls the behavior of the elevation prompt for administrators.
+
+The options are:
+
+• Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments.
+
+• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
+
+• Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+
+• Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+
+• Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+
+• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
+
+
+
+
+
+
+
+ User Account Control: Behavior of the elevation prompt for standard users
+This policy setting controls the behavior of the elevation prompt for standard users.
+
+The options are:
+
+• Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+
+• Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
+
+• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
+
+
+
+
+
+
+
+ User Account Control: Only elevate executable files that are signed and validated
+
+This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.
+
+The options are:
+
+• Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run.
+
+• Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
+
+
+
+
+
+
+
+ User Account Control: Only elevate UIAccess applications that are installed in secure locations
+
+This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following:
+
+- …\Program Files\, including subfolders
+- …\Windows\system32\
+- …\Program Files (x86)\, including subfolders for 64-bit versions of Windows
+
+Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting.
+
+The options are:
+
+• Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
+
+• Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ UserAccountControl_RunAllAdministratorsInAdminApprovalMode
+
+
+
+
+
+
+
+ User Account Control: Turn on Admin Approval Mode
+
+This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
+
+The options are:
+
+• Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
+
+• Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
+
+
+
+
+
+
+
+ User Account Control: Switch to the secure desktop when prompting for elevation
+
+This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.
+
+The options are:
+
+• Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
+
+• Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ UserAccountControl_UseAdminApprovalMode
+
+
+
+
+
+
+
+ User Account Control: Use Admin Approval Mode for the built-in Administrator account
+
+This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.
+
+The options are:
+
+• Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation.
+
+• Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
+
+
+
+
+
+
+
+ User Account Control: Virtualize file and registry write failures to per-user locations
+
+This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software.
+
+The options are:
+
+• Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry.
+
+• Disabled: Applications that write data to protected locations fail.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
Location
@@ -19319,6 +28082,102 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ DisplayOffTimeoutOnBattery
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisplayOffTimeoutPluggedIn
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ HibernateTimeoutOnBattery
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ HibernateTimeoutPluggedIn
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RequirePasswordWhenComputerWakesOnBattery
@@ -19367,6 +28226,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ StandbyTimeoutOnBattery
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ StandbyTimeoutPluggedIn
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
Printers
@@ -19531,6 +28438,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ EnableActivityFeed
+
+
+
+
+
+
+
+ Enables ActivityFeed, which is responsible for mirroring different activity types (as applicable) across device graph of the user.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LetAppsAccessAccountInfo
@@ -19915,6 +28846,102 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ LetAppsAccessCellularData
+
+
+
+
+
+
+
+ This policy setting specifies whether Windows apps can access cellular data.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LetAppsAccessCellularData_ForceAllowTheseApps
+
+
+
+
+
+
+
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LetAppsAccessCellularData_ForceDenyTheseApps
+
+
+
+
+
+
+
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LetAppsAccessCellularData_UserInControlOfTheseApps
+
+
+
+
+
+
+
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data privacy setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
LetAppsAccessContacts
@@ -21259,6 +30286,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ PublishUserActivities
+
+
+
+
+
+
+
+ Allows apps/system to publish 'User Activities' into ActivityFeed.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
RemoteAssistance
@@ -21544,6 +30595,388 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ RemoteManagement
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ AllowBasicAuthentication_Client
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowBasicAuthentication_Service
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowCredSSPAuthenticationClient
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowCredSSPAuthenticationService
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowRemoteServerManagement
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowUnencryptedTraffic_Client
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowUnencryptedTraffic_Service
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisallowDigestAuthentication
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisallowNegotiateAuthenticationClient
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisallowNegotiateAuthenticationService
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisallowStoringOfRunAsCredentials
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ SpecifyChannelBindingTokenHardeningLevel
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TrustedHosts
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TurnOnCompatibilityHTTPListener
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TurnOnCompatibilityHTTPSListener
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
RemoteProcedureCall
@@ -21614,6 +31047,196 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ RemoteShell
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ AllowRemoteShellAccess
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ MaxConcurrentUsers
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ SpecifyIdleTimeout
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ SpecifyMaxMemory
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ SpecifyMaxProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ SpecifyMaxRemoteShells
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ SpecifyShellTimeout
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
Search
@@ -22017,6 +31640,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ ClearTPMIfNotReady
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
PreventAutomaticDeviceEncryptionForAzureADJoinedDevices
@@ -22969,6 +32616,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ HidePeopleBar
+
+
+
+
+
+
+
+ Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
HidePowerButton
@@ -23550,7 +33221,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
+ This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
@@ -24087,6 +33758,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ AllowAutoWindowsUpdateDownloadOverMeteredNetwork
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
AllowMUUpdateService
@@ -24543,6 +34238,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ ManageBuildPreview
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
PauseDeferrals
@@ -24759,6 +34478,126 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ ScheduledInstallEveryWeek
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScheduledInstallFirstWeek
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScheduledInstallFourthWeek
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScheduledInstallSecondWeek
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScheduledInstallThirdWeek
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
ScheduledInstallTime
@@ -25094,6 +34933,364 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ WindowsDefenderSecurityCenter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CompanyName
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableAppBrowserUI
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableEnhancedNotifications
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableFamilyUI
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableHealthUI
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableNetworkUI
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableNotifications
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisableVirusUI
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ DisallowExploitProtectionOverride
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Email
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ EnableCustomizedToasts
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ EnableInAppCustomization
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Phone
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ URL
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
WindowsInkWorkspace
@@ -25279,6 +35476,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ AllowMdnsAdvertisement
+
+
+
+
+
+
+
+ This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowMdnsDiscovery
+
+
+
+
+
+
+
+ This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
AllowProjectionFromPC
@@ -25474,10 +35719,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowActionCenterNotifications
-
+ AllowActionCenterNotifications
+
-
+
1
@@ -25485,22 +35730,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- AllowCortanaAboveLock
-
+ AllowCortanaAboveLock
+
-
+
1
@@ -25508,21 +35753,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowToasts
-
+ AllowToasts
+
-
+
1
@@ -25530,15 +35775,92 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
+
+
+
+ AccountPolicies
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ MinDevicePasswordLength
+
+
+
+
+ This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0.
+ 7
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ PasswordMustMeetComplexityRequirement
+
+
+
+
+ This security setting determines whether passwords must meet complexity requirements.
+
+If this policy is enabled, passwords must meet the following minimum requirements:
+
+Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
+Be at least six characters in length
+Contain characters from three of the following four categories:
+English uppercase characters (A through Z)
+English lowercase characters (a through z)
+Base 10 digits (0 through 9)
+Non-alphabetic characters (for example, !, $, #, %)
+Complexity requirements are enforced when passwords are changed or created.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
@@ -25561,10 +35883,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowAddingNonMicrosoftAccountsManually
-
+ AllowAddingNonMicrosoftAccountsManually
+
-
+
1
@@ -25572,21 +35894,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowMicrosoftAccountConnection
-
+ AllowMicrosoftAccountConnection
+
-
+
1
@@ -25594,21 +35916,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowMicrosoftAccountSignInAssistant
-
+ AllowMicrosoftAccountSignInAssistant
+
-
+
1
@@ -25616,21 +35938,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- DomainNamesForEmailSync
-
+ DomainNamesForEmailSync
+
-
+
@@ -25638,15 +35960,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -25669,10 +35991,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- ApprovedInstallationSites
-
+ ApprovedInstallationSites
+
-
+
@@ -25680,19 +36002,19 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
ActiveXInstallService.admx
ActiveXInstallService~AT~WindowsComponents~AxInstSv
ApprovedActiveXInstallSites
-
+
@@ -25715,10 +36037,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- DefaultAssociationsConfiguration
-
+ DefaultAssociationsConfiguration
+
-
+
@@ -25726,16 +36048,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
@@ -25758,10 +36080,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowAllTrustedApps
-
+ AllowAllTrustedApps
+
-
+
65535
@@ -25769,21 +36091,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowAppStoreAutoUpdate
-
+ AllowAppStoreAutoUpdate
+
-
+
2
@@ -25791,21 +36113,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowDeveloperUnlock
-
+ AllowDeveloperUnlock
+
-
+
65535
@@ -25813,21 +36135,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowGameDVR
-
+ AllowGameDVR
+
-
+
1
@@ -25835,22 +36157,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowSharedUserAppData
-
+ AllowSharedUserAppData
+
-
+
0
@@ -25858,21 +36180,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowStore
-
+ AllowStore
+
-
+
1
@@ -25880,22 +36202,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- ApplicationRestrictions
-
+ ApplicationRestrictions
+
-
+
@@ -25903,22 +36225,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- DisableStoreOriginatedApps
-
+ DisableStoreOriginatedApps
+
-
+
0
@@ -25926,21 +36248,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- RestrictAppDataToSystemVolume
-
+ RestrictAppDataToSystemVolume
+
-
+
0
@@ -25948,21 +36270,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- RestrictAppToSystemVolume
-
+ RestrictAppToSystemVolume
+
-
+
0
@@ -25970,15 +36292,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -26001,10 +36323,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowAppVClient
-
+ AllowAppVClient
+
-
+
@@ -26012,25 +36334,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV
EnableAppV
-
+
- AllowDynamicVirtualization
-
+ AllowDynamicVirtualization
+
-
+
@@ -26038,25 +36360,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Virtualization
Virtualization_JITVEnable
-
+
- AllowPackageCleanup
-
+ AllowPackageCleanup
+
-
+
@@ -26064,25 +36386,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_PackageManagement
PackageManagement_AutoCleanupEnable
-
+
- AllowPackageScripts
-
+ AllowPackageScripts
+
-
+
@@ -26090,25 +36412,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Scripting
Scripting_Enable_Package_Scripts
-
+
- AllowPublishingRefreshUX
-
+ AllowPublishingRefreshUX
+
-
+
@@ -26116,25 +36438,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Publishing
Enable_Publishing_Refresh_UX
-
+
- AllowReportingServer
-
+ AllowReportingServer
+
-
+
@@ -26142,25 +36464,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Reporting
Reporting_Server_Policy
-
+
- AllowRoamingFileExclusions
-
+ AllowRoamingFileExclusions
+
-
+
@@ -26168,25 +36490,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Integration
Integration_Roaming_File_Exclusions
-
+
- AllowRoamingRegistryExclusions
-
+ AllowRoamingRegistryExclusions
+
-
+
@@ -26194,25 +36516,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Integration
Integration_Roaming_Registry_Exclusions
-
+
- AllowStreamingAutoload
-
+ AllowStreamingAutoload
+
-
+
@@ -26220,25 +36542,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Streaming
Steaming_Autoload
-
+
- ClientCoexistenceAllowMigrationmode
-
+ ClientCoexistenceAllowMigrationmode
+
-
+
@@ -26246,25 +36568,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Client_Coexistence
Client_Coexistence_Enable_Migration_mode
-
+
- IntegrationAllowRootGlobal
-
+ IntegrationAllowRootGlobal
+
-
+
@@ -26272,25 +36594,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Integration
Integration_Root_User
-
+
- IntegrationAllowRootUser
-
+ IntegrationAllowRootUser
+
-
+
@@ -26298,25 +36620,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Integration
Integration_Root_Global
-
+
- PublishingAllowServer1
-
+ PublishingAllowServer1
+
-
+
@@ -26324,25 +36646,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Publishing
Publishing_Server1_Policy
-
+
- PublishingAllowServer2
-
+ PublishingAllowServer2
+
-
+
@@ -26350,25 +36672,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Publishing
Publishing_Server2_Policy
-
+
- PublishingAllowServer3
-
+ PublishingAllowServer3
+
-
+
@@ -26376,25 +36698,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Publishing
Publishing_Server3_Policy
-
+
- PublishingAllowServer4
-
+ PublishingAllowServer4
+
-
+
@@ -26402,25 +36724,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Publishing
Publishing_Server4_Policy
-
+
- PublishingAllowServer5
-
+ PublishingAllowServer5
+
-
+
@@ -26428,25 +36750,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Publishing
Publishing_Server5_Policy
-
+
- StreamingAllowCertificateFilterForClient_SSL
-
+ StreamingAllowCertificateFilterForClient_SSL
+
-
+
@@ -26454,25 +36776,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Streaming
Streaming_Certificate_Filter_For_Client_SSL
-
+
- StreamingAllowHighCostLaunch
-
+ StreamingAllowHighCostLaunch
+
-
+
@@ -26480,25 +36802,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Streaming
Streaming_Allow_High_Cost_Launch
-
+
- StreamingAllowLocationProvider
-
+ StreamingAllowLocationProvider
+
-
+
@@ -26506,25 +36828,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Streaming
Streaming_Location_Provider
-
+
- StreamingAllowPackageInstallationRoot
-
+ StreamingAllowPackageInstallationRoot
+
-
+
@@ -26532,25 +36854,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Streaming
Streaming_Package_Installation_Root
-
+
- StreamingAllowPackageSourceRoot
-
+ StreamingAllowPackageSourceRoot
+
-
+
@@ -26558,25 +36880,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Streaming
Streaming_Package_Source_Root
-
+
- StreamingAllowReestablishmentInterval
-
+ StreamingAllowReestablishmentInterval
+
-
+
@@ -26584,25 +36906,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Streaming
Streaming_Reestablishment_Interval
-
+
- StreamingAllowReestablishmentRetries
-
+ StreamingAllowReestablishmentRetries
+
-
+
@@ -26610,25 +36932,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Streaming
Streaming_Reestablishment_Retries
-
+
- StreamingSharedContentStoreMode
-
+ StreamingSharedContentStoreMode
+
-
+
@@ -26636,25 +36958,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Streaming
Streaming_Shared_Content_Store_Mode
-
+
- StreamingSupportBranchCache
-
+ StreamingSupportBranchCache
+
-
+
@@ -26662,25 +36984,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Streaming
Streaming_Support_Branch_Cache
-
+
- StreamingVerifyCertificateRevocationList
-
+ StreamingVerifyCertificateRevocationList
+
-
+
@@ -26688,25 +37010,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Streaming
Streaming_Verify_Certificate_Revocation_List
-
+
- VirtualComponentsAllowList
-
+ VirtualComponentsAllowList
+
-
+
@@ -26714,19 +37036,19 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
appv.admx
appv~AT~System~CAT_AppV~CAT_Virtualization
Virtualization_JITVAllowList
-
+
@@ -26749,10 +37071,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowFastReconnect
-
+ AllowFastReconnect
+
-
+
1
@@ -26760,21 +37082,44 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowSecondaryAuthenticationDevice
-
+ AllowFidoDeviceSignon
+
-
+
+
+ Specifies whether FIDO device can be used to sign on.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ AllowSecondaryAuthenticationDevice
+
+
+
0
@@ -26782,15 +37127,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -26813,10 +37158,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- DisallowAutoplayForNonVolumeDevices
-
+ DisallowAutoplayForNonVolumeDevices
+
-
+
@@ -26824,25 +37169,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
AutoPlay.admx
AutoPlay~AT~WindowsComponents~AutoPlay
NoAutoplayfornonVolume
-
+
- SetDefaultAutoRunBehavior
-
+ SetDefaultAutoRunBehavior
+
-
+
@@ -26850,25 +37195,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
AutoPlay.admx
AutoPlay~AT~WindowsComponents~AutoPlay
NoAutorun
-
+
- TurnOffAutoPlay
-
+ TurnOffAutoPlay
+
-
+
@@ -26876,19 +37221,19 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
AutoPlay.admx
AutoPlay~AT~WindowsComponents~AutoPlay
Autorun
-
+
@@ -26911,10 +37256,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- EncryptionMethod
-
+ EncryptionMethod
+
-
+
6
@@ -26922,15 +37267,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -26953,10 +37298,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowAdvertising
-
+ AllowAdvertising
+
-
+
1
@@ -26964,21 +37309,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowDiscoverableMode
-
+ AllowDiscoverableMode
+
-
+
1
@@ -26986,21 +37331,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowPrepairing
-
+ AllowPrepairing
+
-
+
1
@@ -27008,21 +37353,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LocalDeviceName
-
+ LocalDeviceName
+
-
+
@@ -27030,21 +37375,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- ServicesAllowedList
-
+ ServicesAllowedList
+
-
+
@@ -27052,15 +37397,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -27083,10 +37428,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowAddressBarDropdown
-
+ AllowAddressBarDropdown
+
-
+
This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recommend disabling this setting if you want to minimize network connections from Microsoft Edge to Microsoft services.
1
@@ -27094,22 +37439,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowAutofill
-
+ AllowAutofill
+
-
+
This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge.
0
@@ -27117,21 +37462,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowBrowser
-
+ AllowBrowser
+
-
+
1
@@ -27139,22 +37484,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- AllowCookies
-
+ AllowCookies
+
-
+
This setting lets you configure how your company deals with cookies.
2
@@ -27162,21 +37507,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowDeveloperTools
-
+ AllowDeveloperTools
+
-
+
This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge.
1
@@ -27184,22 +37529,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowDoNotTrack
-
+ AllowDoNotTrack
+
-
+
This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info.
0
@@ -27207,21 +37552,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowExtensions
-
+ AllowExtensions
+
-
+
This setting lets you decide whether employees can load extensions in Microsoft Edge.
1
@@ -27229,22 +37574,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowFlash
-
+ AllowFlash
+
-
+
This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge.
1
@@ -27252,22 +37597,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowFlashClickToRun
-
+ AllowFlashClickToRun
+
-
+
Configure the Adobe Flash Click-to-Run setting.
1
@@ -27275,22 +37620,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowInPrivate
-
+ AllowInPrivate
+
-
+
This setting lets you decide whether employees can browse using InPrivate website browsing.
1
@@ -27298,25 +37643,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowMicrosoftCompatibilityList
-
+ AllowMicrosoftCompatibilityList
+
-
+
This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat.
-If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
+If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly.
If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation.
1
@@ -27324,21 +37669,21 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowPasswordManager
-
+ AllowPasswordManager
+
-
+
This setting lets you decide whether employees can save their passwords locally, using Password Manager.
1
@@ -27346,21 +37691,21 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowPopups
-
+ AllowPopups
+
-
+
This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows.
0
@@ -27368,22 +37713,22 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowSearchEngineCustomization
-
+ AllowSearchEngineCustomization
+
-
+
Allow search engine customization for MDM enrolled devices. Users can change their default search engine.
@@ -27396,21 +37741,21 @@ This policy will only apply on domain joined machines or when the device is MDM
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowSearchSuggestionsinAddressBar
-
+ AllowSearchSuggestionsinAddressBar
+
-
+
This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge.
1
@@ -27418,21 +37763,21 @@ This policy will only apply on domain joined machines or when the device is MDM
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowSmartScreen
-
+ AllowSmartScreen
+
-
+
This setting lets you decide whether to turn on Windows Defender SmartScreen.
1
@@ -27440,21 +37785,21 @@ This policy will only apply on domain joined machines or when the device is MDM
-
+
-
+
- text/plain
+ text/plain
-
+
- ClearBrowsingDataOnExit
-
+ ClearBrowsingDataOnExit
+
-
+
Specifies whether to always clear browsing history on exiting Microsoft Edge.
0
@@ -27462,22 +37807,22 @@ This policy will only apply on domain joined machines or when the device is MDM
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- ConfigureAdditionalSearchEngines
-
+ ConfigureAdditionalSearchEngines
+
-
+
Allows you to add up to 5 additional search engines for MDM-enrolled devices.
@@ -27491,21 +37836,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- DisableLockdownOfStartPages
-
+ DisableLockdownOfStartPages
+
-
+
Boolean policy that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when Browser/HomePages policy is in effect.
@@ -27518,22 +37863,22 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- EnterpriseModeSiteList
-
+ EnterpriseModeSiteList
+
-
+
This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites.
@@ -27541,22 +37886,22 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- EnterpriseSiteListServiceUrl
-
+ EnterpriseSiteListServiceUrl
+
-
+
@@ -27564,22 +37909,22 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- FirstRunURL
-
+ FirstRunURL
+
-
+
Configure first run URL.
@@ -27587,50 +37932,50 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- HomePages
-
+ HomePages
+
-
+
Configure the Start page URLs for your employees.
Example:
If you wanted to allow contoso.com and fabrikam.com then you would append /support to the site strings like contoso.com/support and fabrikam.com/support.
Encapsulate each string with greater than and less than characters like any other XML tag.
-Version 1703 or later: If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.
+Version 1703 or later:  If you don't want to send traffic to Microsoft, you can use the about:blank value (encapsulate with greater than and less than characters like any other XML tag), which is honored for both domain- and non-domain-joined machines, when it's the only configured URL.
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- PreventAccessToAboutFlagsInMicrosoftEdge
-
+ PreventAccessToAboutFlagsInMicrosoftEdge
+
-
+
Prevent access to the about:flags page in Microsoft Edge.
0
@@ -27638,21 +37983,21 @@ Version 1703 or later: If you don't want to send traffic to Microsoft, you ca
-
+
-
+
- text/plain
+ text/plain
-
+
- PreventFirstRunPage
-
+ PreventFirstRunPage
+
-
+
Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop.
@@ -27662,22 +38007,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- PreventLiveTileDataCollection
-
+ PreventLiveTileDataCollection
+
-
+
This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu.
@@ -27687,34 +38032,32 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
PreventSmartScreenPromptOverride
-
-
-
Don't allow Windows Defender SmartScreen warning overrides
+ 0
-
+
-
+
text/plain
@@ -27725,20 +38068,18 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
PreventSmartScreenPromptOverrideForFiles
-
-
-
Don't allow Windows Defender SmartScreen warning overrides for unverified files.
+ 0
-
+
-
+
text/plain
@@ -27746,10 +38087,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- PreventUsingLocalHostIPAddressForWebRTC
-
+ PreventUsingLocalHostIPAddressForWebRTC
+
-
+
Prevent using localhost IP address for WebRTC
0
@@ -27757,21 +38098,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- SendIntranetTraffictoInternetExplorer
-
+ SendIntranetTraffictoInternetExplorer
+
-
+
Sends all intranet traffic over to Internet Explorer.
0
@@ -27779,22 +38120,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- SetDefaultSearchEngine
-
+ SetDefaultSearchEngine
+
-
+
Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine.
@@ -27808,21 +38149,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- ShowMessageWhenOpeningSitesInInternetExplorer
-
+ ShowMessageWhenOpeningSitesInInternetExplorer
+
-
+
Show message when opening sites in Internet Explorer
0
@@ -27830,22 +38171,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- SyncFavoritesBetweenIEAndMicrosoftEdge
-
+ SyncFavoritesBetweenIEAndMicrosoftEdge
+
-
+
Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.
0
@@ -27853,16 +38194,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
@@ -27885,10 +38226,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowCamera
-
+ AllowCamera
+
-
+
1
@@ -27896,15 +38237,60 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
+
+
+
+ Cellular
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ShowAppCellularAccessUI
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ wwansvc.admx
+ wwansvc~AT~Network~WwanSvc_Category~UISettings_Category
+ ShowAppCellularAccessUI
+
@@ -27927,10 +38313,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowBluetooth
-
+ AllowBluetooth
+
-
+
2
@@ -27938,21 +38324,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowCellularData
-
+ AllowCellularData
+
-
+
1
@@ -27960,21 +38346,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowCellularDataRoaming
-
+ AllowCellularDataRoaming
+
-
+
1
@@ -27982,21 +38368,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowConnectedDevices
-
+ AllowConnectedDevices
+
-
+
1
@@ -28004,21 +38390,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowNFC
-
+ AllowNFC
+
-
+
1
@@ -28026,22 +38412,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- AllowUSBConnection
-
+ AllowUSBConnection
+
-
+
1
@@ -28049,22 +38435,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- AllowVPNOverCellular
-
+ AllowVPNOverCellular
+
-
+
1
@@ -28072,21 +38458,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowVPNRoamingOverCellular
-
+ AllowVPNRoamingOverCellular
+
-
+
1
@@ -28094,43 +38480,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- DisallowNetworkConnectivityActiveTests
-
+ DiablePrintingOverHTTP
+
-
-
-
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- HardenedUNCPaths
-
-
-
+
@@ -28138,19 +38502,145 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ ICM.admx
+ ICM~AT~System~InternetManagement~InternetManagement_Settings
+ DisableHTTPPrinting_2
+
+
+
+ DisableDownloadingOfPrintDriversOverHTTP
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ ICM.admx
+ ICM~AT~System~InternetManagement~InternetManagement_Settings
+ DisableWebPnPDownload_2
+
+
+
+ DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ ICM.admx
+ ICM~AT~System~InternetManagement~InternetManagement_Settings
+ ShellPreventWPWDownload_2
+
+
+
+ DisallowNetworkConnectivityActiveTests
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ HardenedUNCPaths
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
networkprovider.admx
NetworkProvider~AT~Network~Cat_NetworkProvider
Pol_HardenedPaths
-
+
+
+
+ ProhibitInstallationAndConfigurationOfNetworkBridge
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ NetworkConnections.admx
+ NetworkConnections~AT~Network~NetworkConnections
+ NC_AllowNetBridge_NLA
+
@@ -28173,10 +38663,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowPINLogon
-
+ AllowPINLogon
+
-
+
@@ -28184,25 +38674,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
credentialproviders.admx
CredentialProviders~AT~System~Logon
AllowDomainPINLogon
-
+
- BlockPicturePassword
-
+ BlockPicturePassword
+
-
+
@@ -28210,19 +38700,19 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
credentialproviders.admx
CredentialProviders~AT~System~Logon
BlockDomainPicturePassword
-
+
@@ -28245,10 +38735,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- DisablePasswordReveal
-
+ DisablePasswordReveal
+
-
+
@@ -28256,25 +38746,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
credui.admx
CredUI~AT~WindowsComponents~CredUI
DisablePasswordReveal
-
+
- EnumerateAdministrators
-
+ EnumerateAdministrators
+
-
+
@@ -28282,19 +38772,19 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
credui.admx
CredUI~AT~WindowsComponents~CredUI
EnumerateAdministrators
-
+
@@ -28317,10 +38807,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowFipsAlgorithmPolicy
-
+ AllowFipsAlgorithmPolicy
+
-
+
0
@@ -28328,21 +38818,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- TLSCipherSuites
-
+ TLSCipherSuites
+
-
+
@@ -28350,15 +38840,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -28381,10 +38871,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowDirectMemoryAccess
-
+ AllowDirectMemoryAccess
+
-
+
1
@@ -28392,21 +38882,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LegacySelectiveWipeID
-
+ LegacySelectiveWipeID
+
-
+
@@ -28414,15 +38904,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -28445,10 +38935,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- SetCost3G
-
+ SetCost3G
+
-
+
@@ -28456,24 +38946,24 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
wwansvc.admx
wwansvc~AT~Network~WwanSvc_Category~NetworkCost_Category
SetCost3G
-
+
- SetCost4G
-
+ SetCost4G
+
-
+
@@ -28481,18 +38971,18 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
wwansvc.admx
wwansvc~AT~Network~WwanSvc_Category~NetworkCost_Category
SetCost4G
-
+
@@ -28515,10 +39005,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowArchiveScanning
-
+ AllowArchiveScanning
+
-
+
1
@@ -28526,22 +39016,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowBehaviorMonitoring
-
+ AllowBehaviorMonitoring
+
-
+
1
@@ -28549,22 +39039,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowCloudProtection
-
+ AllowCloudProtection
+
-
+
1
@@ -28572,22 +39062,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowEmailScanning
-
+ AllowEmailScanning
+
-
+
0
@@ -28595,22 +39085,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowFullScanOnMappedNetworkDrives
-
+ AllowFullScanOnMappedNetworkDrives
+
-
+
0
@@ -28618,22 +39108,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowFullScanRemovableDriveScanning
-
+ AllowFullScanRemovableDriveScanning
+
-
+
1
@@ -28641,22 +39131,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowIntrusionPreventionSystem
-
+ AllowIntrusionPreventionSystem
+
-
+
1
@@ -28664,22 +39154,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowIOAVProtection
-
+ AllowIOAVProtection
+
-
+
1
@@ -28687,22 +39177,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowOnAccessProtection
-
+ AllowOnAccessProtection
+
-
+
1
@@ -28710,22 +39200,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowRealtimeMonitoring
-
+ AllowRealtimeMonitoring
+
-
+
1
@@ -28733,22 +39223,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowScanningNetworkFiles
-
+ AllowScanningNetworkFiles
+
-
+
0
@@ -28756,22 +39246,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowScriptScanning
-
+ AllowScriptScanning
+
-
+
1
@@ -28779,22 +39269,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowUserUIAccess
-
+ AllowUserUIAccess
+
-
+
1
@@ -28802,22 +39292,68 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AvgCPULoadFactor
-
+ AttackSurfaceReductionOnlyExclusions
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ AttackSurfaceReductionRules
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ AvgCPULoadFactor
+
+
+
50
@@ -28825,22 +39361,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DaysToRetainCleanedMalware
-
+ CloudBlockLevel
+
-
+
0
@@ -28848,91 +39384,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- ExcludedExtensions
-
+ CloudExtendedTimeout
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
-
-
-
- ExcludedPaths
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
-
-
-
- ExcludedProcesses
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
-
-
-
- PUAProtection
-
-
-
+
0
@@ -28940,22 +39407,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- RealTimeScanDirection
-
+ DaysToRetainCleanedMalware
+
-
+
0
@@ -28963,22 +39430,229 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- ScanParameter
-
+ EnableGuardMyFolders
+
-
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ EnableNetworkProtection
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ ExcludedExtensions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ ExcludedPaths
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ ExcludedProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ GuardedFoldersAllowedApplications
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ GuardedFoldersList
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ PUAProtection
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ RealTimeScanDirection
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ ScanParameter
+
+
+
1
@@ -28986,22 +39660,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- ScheduleQuickScanTime
-
+ ScheduleQuickScanTime
+
-
+
120
@@ -29009,22 +39683,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- ScheduleScanDay
-
+ ScheduleScanDay
+
-
+
0
@@ -29032,22 +39706,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- ScheduleScanTime
-
+ ScheduleScanTime
+
-
+
120
@@ -29055,22 +39729,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- SignatureUpdateInterval
-
+ SignatureUpdateInterval
+
-
+
8
@@ -29078,22 +39752,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- SubmitSamplesConsent
-
+ SubmitSamplesConsent
+
-
+
1
@@ -29101,22 +39775,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- ThreatSeverityDefaultAction
-
+ ThreatSeverityDefaultAction
+
-
+
@@ -29124,16 +39798,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
@@ -29156,10 +39830,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- DOAbsoluteMaxCacheSize
-
+ DOAbsoluteMaxCacheSize
+
-
+
10
@@ -29167,22 +39841,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOAllowVPNPeerCaching
-
+ DOAllowVPNPeerCaching
+
-
+
0
@@ -29190,22 +39864,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DODownloadMode
-
+ DODownloadMode
+
-
+
1
@@ -29213,22 +39887,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOGroupId
-
+ DOGroupId
+
-
+
@@ -29236,22 +39910,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOMaxCacheAge
-
+ DOMaxCacheAge
+
-
+
259200
@@ -29259,22 +39933,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOMaxCacheSize
-
+ DOMaxCacheSize
+
-
+
20
@@ -29282,22 +39956,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOMaxDownloadBandwidth
-
+ DOMaxDownloadBandwidth
+
-
+
0
@@ -29305,22 +39979,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOMaxUploadBandwidth
-
+ DOMaxUploadBandwidth
+
-
+
0
@@ -29328,22 +40002,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOMinBackgroundQos
-
+ DOMinBackgroundQos
+
-
+
500
@@ -29351,22 +40025,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOMinBatteryPercentageAllowedToUpload
-
+ DOMinBatteryPercentageAllowedToUpload
+
-
+
0
@@ -29374,22 +40048,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOMinDiskSizeAllowedToPeer
-
+ DOMinDiskSizeAllowedToPeer
+
-
+
32
@@ -29397,22 +40071,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOMinFileSizeToCache
-
+ DOMinFileSizeToCache
+
-
+
100
@@ -29420,22 +40094,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOMinRAMAllowedToPeer
-
+ DOMinRAMAllowedToPeer
+
-
+
4
@@ -29443,22 +40117,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOModifyCacheDrive
-
+ DOModifyCacheDrive
+
-
+
%SystemDrive%
@@ -29466,22 +40140,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOMonthlyUploadDataCap
-
+ DOMonthlyUploadDataCap
+
-
+
20
@@ -29489,22 +40163,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DOPercentageMaxDownloadBandwidth
-
+ DOPercentageMaxDownloadBandwidth
+
-
+
0
@@ -29512,16 +40186,105 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
+
+
+
+ DeviceGuard
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ EnableVirtualizationBasedSecurity
+
+
+
+
+ Turns On Virtualization Based Security(VBS)
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ LsaCfgFlags
+
+
+
+
+ Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if configured previously without UEFI Lock, 1 - Turns on CredentialGuard with UEFI lock. 2 - Turns on CredentialGuard without UEFI lock.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ RequirePlatformSecurityFeatures
+
+
+
+
+ Select Platform Security Level: 1 - Turns on VBS with Secure Boot, 3 - Turns on VBS with Secure Boot and DMA. DMA requires hardware support.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
@@ -29544,10 +40307,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- PreventInstallationOfMatchingDeviceIDs
-
+ PreventInstallationOfMatchingDeviceIDs
+
-
+
@@ -29555,25 +40318,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
deviceinstallation.admx
DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category
DeviceInstall_IDs_Deny
-
+
- PreventInstallationOfMatchingDeviceSetupClasses
-
+ PreventInstallationOfMatchingDeviceSetupClasses
+
-
+
@@ -29581,19 +40344,19 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
deviceinstallation.admx
DeviceInstallation~AT~System~DeviceInstall_Category~DeviceInstall_Restrictions_Category
DeviceInstall_Classes_Deny
-
+
@@ -29616,10 +40379,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowIdleReturnWithoutPassword
-
+ AllowIdleReturnWithoutPassword
+
-
+
Specifies whether the user must input a PIN or password when the device resumes from an idle state.
1
@@ -29627,22 +40390,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- AllowScreenTimeoutWhileLockedUserConfig
-
+ AllowScreenTimeoutWhileLockedUserConfig
+
-
+
Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices.
0
@@ -29650,21 +40413,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowSimpleDevicePassword
-
+ AllowSimpleDevicePassword
+
-
+
Specifies whether PINs or passwords such as 1111 or 1234 are allowed. For the desktop, it also controls the use of picture passwords.
1
@@ -29672,21 +40435,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AlphanumericDevicePasswordRequired
-
+ AlphanumericDevicePasswordRequired
+
-
+
Determines the type of PIN or password required. This policy only applies if the DeviceLock/DevicePasswordEnabled policy is set to 0
2
@@ -29694,21 +40457,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- DevicePasswordEnabled
-
+ DevicePasswordEnabled
+
-
+
Specifies whether device lock is enabled.
1
@@ -29716,21 +40479,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- DevicePasswordExpiration
-
+ DevicePasswordExpiration
+
-
+
Specifies when the password expires (in days).
0
@@ -29738,43 +40501,43 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- DevicePasswordHistory
-
+ DevicePasswordHistory
+
-
+
- Specifies how many passwords can be stored in the history that can’t be used.
+ Specifies how many passwords can be stored in the history that can’t be used.
0
-
+
-
+
- text/plain
+ text/plain
-
+
- EnforceLockScreenAndLogonImage
-
+ EnforceLockScreenAndLogonImage
+
-
+
@@ -29782,22 +40545,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- EnforceLockScreenProvider
-
+ EnforceLockScreenProvider
+
-
+
@@ -29805,21 +40568,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- MaxDevicePasswordFailedAttempts
-
+ MaxDevicePasswordFailedAttempts
+
-
+
0
@@ -29827,21 +40590,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- MaxInactivityTimeDeviceLock
-
+ MaxInactivityTimeDeviceLock
+
-
+
The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.
0
@@ -29849,21 +40612,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- MaxInactivityTimeDeviceLockWithExternalDisplay
-
+ MaxInactivityTimeDeviceLockWithExternalDisplay
+
-
+
Sets the maximum timeout value for the external display.
0
@@ -29871,22 +40634,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- MinDevicePasswordComplexCharacters
-
+ MinDevicePasswordComplexCharacters
+
-
+
The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password.
1
@@ -29894,21 +40657,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- MinDevicePasswordLength
-
+ MinDevicePasswordLength
+
-
+
Specifies the minimum number or characters required in the PIN or password.
4
@@ -29916,21 +40679,48 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- PreventLockScreenSlideShow
-
+ MinimumPasswordAge
+
-
+
+
+ This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0.
+
+The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.
+
+Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ PreventLockScreenSlideShow
+
+
+
@@ -29938,25 +40728,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
ControlPanelDisplay.admx
ControlPanelDisplay~AT~ControlPanel~Personalization
CPL_Personalization_NoLockScreenSlideshow
-
+
- ScreenTimeoutWhileLocked
-
+ ScreenTimeoutWhileLocked
+
-
+
Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices.
10
@@ -29964,15 +40754,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -29995,10 +40785,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- TurnOffGdiDPIScalingForApps
-
+ TurnOffGdiDPIScalingForApps
+
-
+
This policy allows to force turn off GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension.
@@ -30006,22 +40796,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- TurnOnGdiDPIScalingForApps
-
+ TurnOnGdiDPIScalingForApps
+
-
+
This policy allows to turn on GDI DPI Scaling for a semicolon separated list of applications. Applications can be specified either by using full path or just filename and extension.
@@ -30029,16 +40819,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
@@ -30061,10 +40851,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- CustomizeConsentSettings
-
+ CustomizeConsentSettings
+
-
+
@@ -30072,25 +40862,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
ErrorReporting.admx
ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting
WerConsentCustomize_2
-
+
- DisableWindowsErrorReporting
-
+ DisableWindowsErrorReporting
+
-
+
@@ -30098,25 +40888,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
ErrorReporting.admx
ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting
WerDisable_2
-
+
- DisplayErrorNotification
-
+ DisplayErrorNotification
+
-
+
@@ -30124,25 +40914,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
ErrorReporting.admx
ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting
PCH_ShowUI
-
+
- DoNotSendAdditionalData
-
+ DoNotSendAdditionalData
+
-
+
@@ -30150,25 +40940,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
ErrorReporting.admx
ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting
WerNoSecondLevelData_2
-
+
- PreventCriticalErrorDisplay
-
+ PreventCriticalErrorDisplay
+
-
+
@@ -30176,19 +40966,19 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
ErrorReporting.admx
ErrorReporting~AT~WindowsComponents~CAT_WindowsErrorReporting
WerDoNotShowUI
-
+
@@ -30211,10 +41001,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- ControlEventLogBehavior
-
+ ControlEventLogBehavior
+
-
+
@@ -30222,25 +41012,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
eventlog.admx
EventLog~AT~WindowsComponents~EventLogCategory~EventLog_Application
Channel_Log_Retention_1
-
+
- SpecifyMaximumFileSizeApplicationLog
-
+ SpecifyMaximumFileSizeApplicationLog
+
-
+
@@ -30248,25 +41038,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
eventlog.admx
EventLog~AT~WindowsComponents~EventLogCategory~EventLog_Application
Channel_LogMaxSize_1
-
+
- SpecifyMaximumFileSizeSecurityLog
-
+ SpecifyMaximumFileSizeSecurityLog
+
-
+
@@ -30274,25 +41064,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
eventlog.admx
EventLog~AT~WindowsComponents~EventLogCategory~EventLog_Security
Channel_LogMaxSize_2
-
+
- SpecifyMaximumFileSizeSystemLog
-
+ SpecifyMaximumFileSizeSystemLog
+
-
+
@@ -30300,19 +41090,19 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
eventlog.admx
EventLog~AT~WindowsComponents~EventLogCategory~EventLog_System
Channel_LogMaxSize_4
-
+
@@ -30335,10 +41125,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowCopyPaste
-
+ AllowCopyPaste
+
-
+
1
@@ -30346,22 +41136,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- AllowCortana
-
+ AllowCortana
+
-
+
1
@@ -30369,21 +41159,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowDeviceDiscovery
-
+ AllowDeviceDiscovery
+
-
+
1
@@ -30391,21 +41181,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowFindMyDevice
-
+ AllowFindMyDevice
+
-
+
1
@@ -30413,21 +41203,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowManualMDMUnenrollment
-
+ AllowManualMDMUnenrollment
+
-
+
1
@@ -30435,21 +41225,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowSaveAsOfOfficeFiles
-
+ AllowSaveAsOfOfficeFiles
+
-
+
1
@@ -30457,21 +41247,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowScreenCapture
-
+ AllowScreenCapture
+
-
+
1
@@ -30479,21 +41269,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowSharingOfOfficeFiles
-
+ AllowSharingOfOfficeFiles
+
-
+
1
@@ -30501,21 +41291,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowSIMErrorDialogPromptWhenNoSIM
-
+ AllowSIMErrorDialogPromptWhenNoSIM
+
-
+
1
@@ -30523,21 +41313,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowSyncMySettings
-
+ AllowSyncMySettings
+
-
+
1
@@ -30545,21 +41335,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowTaskSwitcher
-
+ AllowTaskSwitcher
+
-
+
1
@@ -30567,22 +41357,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- AllowVoiceRecording
-
+ AllowVoiceRecording
+
-
+
1
@@ -30590,22 +41380,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- AllowWindowsTips
-
+ AllowWindowsTips
+
-
+
1
@@ -30613,22 +41403,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DoNotShowFeedbackNotifications
-
+ DoNotShowFeedbackNotifications
+
-
+
0
@@ -30636,15 +41426,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -30667,10 +41457,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowAdvancedGamingServices
-
+ AllowAdvancedGamingServices
+
-
+
Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services.
1
@@ -30678,15 +41468,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -30709,10 +41499,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AddSearchProvider
-
+ AddSearchProvider
+
-
+
@@ -30720,25 +41510,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer
AddSearchProvider
-
+
- AllowActiveXFiltering
-
+ AllowActiveXFiltering
+
-
+
@@ -30746,25 +41536,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer
TurnOnActiveXFiltering
-
+
- AllowAddOnList
-
+ AllowAddOnList
+
-
+
@@ -30772,25 +41562,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
AddonManagement_AddOnList
-
+
- AllowEnhancedProtectedMode
-
+ AllowCertificateAddressMismatchWarning
+
-
+
@@ -30798,25 +41588,77 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
+ IZ_PolicyWarnCertMismatch
+
+
+
+ AllowDeletingBrowsingHistoryOnExit
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory
+ DBHDisableDeleteOnExit
+
+
+
+ AllowEnhancedProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
Advanced_EnableEnhancedProtectedMode
-
+
- AllowEnterpriseModeFromToolsMenu
-
+ AllowEnterpriseModeFromToolsMenu
+
-
+
@@ -30824,25 +41666,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer
EnterpriseModeEnable
-
+
- AllowEnterpriseModeSiteList
-
+ AllowEnterpriseModeSiteList
+
-
+
@@ -30850,25 +41692,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer
EnterpriseModeSiteList
-
+
- AllowInternetExplorer7PolicyList
-
+ AllowFallbackToSSL3
+
-
+
@@ -30876,25 +41718,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures
+ Advanced_EnableSSL3Fallback
+
+
+
+ AllowInternetExplorer7PolicyList
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView
CompatView_UsePolicyList
-
+
- AllowInternetExplorerStandardsMode
-
+ AllowInternetExplorerStandardsMode
+
-
+
@@ -30902,25 +41770,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~CategoryCompatView
CompatView_IntranetSites
-
+
- AllowInternetZoneTemplate
-
+ AllowInternetZoneTemplate
+
-
+
@@ -30928,25 +41796,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyInternetZoneTemplate
-
+
- AllowIntranetZoneTemplate
-
+ AllowIntranetZoneTemplate
+
-
+
@@ -30954,25 +41822,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyIntranetZoneTemplate
-
+
- AllowLocalMachineZoneTemplate
-
+ AllowLocalMachineZoneTemplate
+
-
+
@@ -30980,25 +41848,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyLocalMachineZoneTemplate
-
+
- AllowLockedDownInternetZoneTemplate
-
+ AllowLockedDownInternetZoneTemplate
+
-
+
@@ -31006,25 +41874,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyInternetZoneLockdownTemplate
-
+
- AllowLockedDownIntranetZoneTemplate
-
+ AllowLockedDownIntranetZoneTemplate
+
-
+
@@ -31032,25 +41900,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyIntranetZoneLockdownTemplate
-
+
- AllowLockedDownLocalMachineZoneTemplate
-
+ AllowLockedDownLocalMachineZoneTemplate
+
-
+
@@ -31058,25 +41926,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyLocalMachineZoneLockdownTemplate
-
+
- AllowLockedDownRestrictedSitesZoneTemplate
-
+ AllowLockedDownRestrictedSitesZoneTemplate
+
-
+
@@ -31084,25 +41952,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyRestrictedSitesZoneLockdownTemplate
-
+
- AllowOneWordEntry
-
+ AllowOneWordEntry
+
-
+
@@ -31110,25 +41978,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetSettings~Advanced~Browsing
UseIntranetSiteForOneWordEntry
-
+
- AllowSiteToZoneAssignmentList
-
+ AllowSiteToZoneAssignmentList
+
-
+
@@ -31136,25 +42004,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_Zonemaps
-
+
- AllowsLockedDownTrustedSitesZoneTemplate
-
+ AllowsLockedDownTrustedSitesZoneTemplate
+
-
+
@@ -31162,25 +42030,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyTrustedSitesZoneLockdownTemplate
-
+
- AllowsRestrictedSitesZoneTemplate
-
+ AllowSoftwareWhenSignatureIsInvalid
+
-
+
@@ -31188,25 +42056,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_InvalidSignatureBlock
+
+
+
+ AllowsRestrictedSitesZoneTemplate
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyRestrictedSitesZoneTemplate
-
+
- AllowSuggestedSites
-
+ AllowSuggestedSites
+
-
+
@@ -31214,25 +42108,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer
EnableSuggestedSites
-
+
- AllowTrustedSitesZoneTemplate
-
+ AllowTrustedSitesZoneTemplate
+
-
+
@@ -31240,25 +42134,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_PolicyTrustedSitesZoneTemplate
-
+
- DisableAdobeFlash
-
+ CheckServerCertificateRevocation
+
-
+
@@ -31266,25 +42160,103 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_CertificateRevocation
+
+
+
+ CheckSignaturesOnDownloadedPrograms
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_DownloadSignatures
+
+
+
+ ConsistentMimeHandlingInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryBinaryBehaviorSecurityRestriction
+ IESF_PolicyExplorerProcesses_2
+
+
+
+ DisableAdobeFlash
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
DisableFlashInIE
-
+
- DisableBypassOfSmartScreenWarnings
-
+ DisableBlockingOfOutdatedActiveXControls
+
-
+
@@ -31292,357 +42264,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
-
- phone
- inetres.admx
-
-
-
- DisableBypassOfSmartScreenWarningsAboutUncommonFiles
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
-
-
-
- DisableCustomerExperienceImprovementProgramParticipation
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- SQM_DisableCEIP
-
-
-
- DisableEnclosureDownloading
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~RSS_Feeds
- Disable_Downloading_of_Enclosures
-
-
-
- DisableEncryptionSupport
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
- Advanced_SetWinInetProtocols
-
-
-
- DisableFirstRunWizard
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- NoFirstRunCustomise
-
-
-
- DisableFlipAheadFeature
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
- Advanced_DisableFlipAhead
-
-
-
- DisableProxyChange
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
-
-
-
- DisableSearchProviderChange
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- NoSearchProvider
-
-
-
- DisableSecondaryHomePageChange
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- SecondaryHomePages
-
-
-
- DisableUpdateCheck
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- NoUpdateCheck
-
-
-
- DoNotAllowUsersToAddSites
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- Security_zones_map_edit
-
-
-
- DoNotAllowUsersToChangePolicies
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer
- Security_options_edit
-
-
-
- DoNotBlockOutdatedActiveXControls
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
VerMgmtDisable
-
+
- DoNotBlockOutdatedActiveXControlsOnSpecificDomains
-
+ DisableBypassOfSmartScreenWarnings
+
-
+
@@ -31650,25 +42290,589 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+
+
+
+ DisableBypassOfSmartScreenWarningsAboutUncommonFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+
+
+
+ DisableConfiguringHistory
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory
+ RestrictHistory
+
+
+
+ DisableCrashDetection
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+
+
+
+ DisableCustomerExperienceImprovementProgramParticipation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ SQM_DisableCEIP
+
+
+
+ DisableDeletingUserVisitedWebsites
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~DeleteBrowsingHistory
+ DBHDisableDeleteHistory
+
+
+
+ DisableEnclosureDownloading
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~RSS_Feeds
+ Disable_Downloading_of_Enclosures
+
+
+
+ DisableEncryptionSupport
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_SetWinInetProtocols
+
+
+
+ DisableFirstRunWizard
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ NoFirstRunCustomise
+
+
+
+ DisableFlipAheadFeature
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_DisableFlipAhead
+
+
+
+ DisableIgnoringCertificateErrors
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL
+ NoCertError
+
+
+
+ DisableInPrivateBrowsing
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~CategoryPrivacy
+ DisableInPrivateBrowsing
+
+
+
+ DisableProcessesInEnhancedProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_EnableEnhancedProtectedMode64Bit
+
+
+
+ DisableProxyChange
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+
+
+
+ DisableSearchProviderChange
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ NoSearchProvider
+
+
+
+ DisableSecondaryHomePageChange
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ SecondaryHomePages
+
+
+
+ DisableSecuritySettingsCheck
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ Disable_Security_Settings_Check
+
+
+
+ DisableUpdateCheck
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ NoUpdateCheck
+
+
+
+ DoNotAllowActiveXControlsInProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~AdvancedPage
+ Advanced_DisableEPMCompat
+
+
+
+ DoNotAllowUsersToAddSites
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ Security_zones_map_edit
+
+
+
+ DoNotAllowUsersToChangePolicies
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ Security_options_edit
+
+
+
+ DoNotBlockOutdatedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
+ VerMgmtDisable
+
+
+
+ DoNotBlockOutdatedActiveXControlsOnSpecificDomains
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
VerMgmtDomainAllowlist
-
+
- IncludeAllLocalSites
-
+ IncludeAllLocalSites
+
-
+
@@ -31676,25 +42880,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_IncludeUnspecifiedLocalSites
-
+
- IncludeAllNetworkPaths
-
+ IncludeAllNetworkPaths
+
-
+
@@ -31702,25 +42906,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage
IZ_UNCAsIntranet
-
+
- InternetZoneAllowAccessToDataSources
-
+ InternetZoneAllowAccessToDataSources
+
-
+
@@ -31728,25 +42932,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyAccessDataSourcesAcrossDomains_1
-
+
- InternetZoneAllowAutomaticPromptingForActiveXControls
-
+ InternetZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -31754,25 +42958,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyNotificationBarActiveXURLaction_1
-
+
- InternetZoneAllowAutomaticPromptingForFileDownloads
-
+ InternetZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -31780,25 +42984,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyNotificationBarDownloadURLaction_1
-
+
- InternetZoneAllowFontDownloads
-
+ InternetZoneAllowCopyPasteViaScript
+
-
+
@@ -31806,25 +43010,77 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyAllowPasteViaScript_1
+
+
+
+ InternetZoneAllowDragAndDropCopyAndPasteFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyDropOrPasteFiles_1
+
+
+
+ InternetZoneAllowFontDownloads
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyFontDownload_1
-
+
- InternetZoneAllowLessPrivilegedSites
-
+ InternetZoneAllowLessPrivilegedSites
+
-
+
@@ -31832,25 +43088,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyZoneElevationURLaction_1
-
+
- InternetZoneAllowNETFrameworkReliantComponents
-
+ InternetZoneAllowLoadingOfXAMLFilesWRONG
+
-
+
@@ -31858,25 +43114,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_Policy_XAML_1
+
+
+
+ InternetZoneAllowNETFrameworkReliantComponents
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyUnsignedFrameworkComponentsURLaction_1
-
+
- InternetZoneAllowScriptlets
-
+ InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
+
-
+
@@ -31884,25 +43166,129 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Intranet
+
+
+
+ InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
+ IZ_PolicyAllowTDCControl_Both_LocalMachine
+
+
+
+ InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_Policy_WebBrowserControl_1
+
+
+
+ InternetZoneAllowScriptInitiatedWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
+ IZ_PolicyWindowsRestrictionsURLaction_6
+
+
+
+ InternetZoneAllowScriptlets
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_Policy_AllowScriptlets_1
-
+
- InternetZoneAllowSmartScreenIE
-
+ InternetZoneAllowSmartScreenIE
+
-
+
@@ -31910,25 +43296,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_Policy_Phishing_1
-
+
- InternetZoneAllowUserDataPersistence
-
+ InternetZoneAllowUpdatesToStatusBarViaScript
+
-
+
@@ -31936,25 +43322,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_Policy_ScriptStatusBar_1
+
+
+
+ InternetZoneAllowUserDataPersistence
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyUserdataPersistence_1
-
+
- InternetZoneInitializeAndScriptActiveXControls
-
+ InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1
+
-
+
@@ -31962,25 +43374,285 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_1
+
+
+
+ InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_3
+
+
+
+ InternetZoneDownloadSignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyDownloadSignedActiveX_3
+
+
+
+ InternetZoneDownloadUnsignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyDownloadUnsignedActiveX_1
+
+
+
+ InternetZoneEnableCrossSiteScriptingFilter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
+ IZ_PolicyTurnOnXSSFilter_Both_LocalMachine
+
+
+
+ InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet
+
+
+
+ InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet
+
+
+
+ InternetZoneEnableMIMESniffing
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyMimeSniffingURLaction_1
+
+
+
+ InternetZoneEnableProtectedMode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
+ IZ_Policy_TurnOnProtectedMode_2
+
+
+
+ InternetZoneIncludeLocalPathWhenUploadingFilesToServer
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_Policy_LocalPathForUpload_1
+
+
+
+ InternetZoneInitializeAndScriptActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyScriptActiveXNotMarkedSafe_1
-
+
- InternetZoneNavigateWindowsAndFrames
-
+ InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
+
-
+
@@ -31988,25 +43660,155 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyScriptActiveXNotMarkedSafe_1
+
+
+
+ InternetZoneJavaPermissionsWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyJavaPermissions_1
+
+
+
+ InternetZoneJavaPermissionsWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
+ IZ_PolicyJavaPermissions_3
+
+
+
+ InternetZoneLaunchingApplicationsAndFilesInIFRAME
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyLaunchAppsAndFilesInIFRAME_1
+
+
+
+ InternetZoneLogonOptions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyLogon_1
+
+
+
+ InternetZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
IZ_PolicyNavigateSubframesAcrossDomains_1
-
+
- IntranetZoneAllowAccessToDataSources
-
+ InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode
+
-
+
@@ -32014,25 +43816,155 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyUnsignedFrameworkComponentsURLaction_1
+
+
+
+ InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicySignedFrameworkComponentsURLaction_1
+
+
+
+ InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_Policy_UnsafeFiles_1
+
+
+
+ InternetZoneUsePopupBlocker
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyBlockPopupWindows_1
+
+
+
+ InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyZoneElevationURLaction_1
+
+
+
+ IntranetZoneAllowAccessToDataSources
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyAccessDataSourcesAcrossDomains_3
-
+
- IntranetZoneAllowAutomaticPromptingForActiveXControls
-
+ IntranetZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -32040,25 +43972,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyNotificationBarActiveXURLaction_3
-
+
- IntranetZoneAllowAutomaticPromptingForFileDownloads
-
+ IntranetZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -32066,25 +43998,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyNotificationBarDownloadURLaction_3
-
+
- IntranetZoneAllowFontDownloads
-
+ IntranetZoneAllowFontDownloads
+
-
+
@@ -32092,25 +44024,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyFontDownload_3
-
+
- IntranetZoneAllowLessPrivilegedSites
-
+ IntranetZoneAllowLessPrivilegedSites
+
-
+
@@ -32118,25 +44050,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyZoneElevationURLaction_3
-
+
- IntranetZoneAllowNETFrameworkReliantComponents
-
+ IntranetZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -32144,25 +44076,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyUnsignedFrameworkComponentsURLaction_3
-
+
- IntranetZoneAllowScriptlets
-
+ IntranetZoneAllowScriptlets
+
-
+
@@ -32170,25 +44102,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_Policy_AllowScriptlets_3
-
+
- IntranetZoneAllowSmartScreenIE
-
+ IntranetZoneAllowSmartScreenIE
+
-
+
@@ -32196,25 +44128,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_Policy_Phishing_3
-
+
- IntranetZoneAllowUserDataPersistence
-
+ IntranetZoneAllowUserDataPersistence
+
-
+
@@ -32222,25 +44154,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyUserdataPersistence_3
-
+
- IntranetZoneInitializeAndScriptActiveXControls
-
+ IntranetZoneInitializeAndScriptActiveXControls
+
-
+
@@ -32248,25 +44180,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyScriptActiveXNotMarkedSafe_3
-
+
- IntranetZoneNavigateWindowsAndFrames
-
+ IntranetZoneNavigateWindowsAndFrames
+
-
+
@@ -32274,25 +44206,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
IZ_PolicyNavigateSubframesAcrossDomains_3
-
+
- LocalMachineZoneAllowAccessToDataSources
-
+ LocalMachineZoneAllowAccessToDataSources
+
-
+
@@ -32300,25 +44232,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyAccessDataSourcesAcrossDomains_9
-
+
- LocalMachineZoneAllowAutomaticPromptingForActiveXControls
-
+ LocalMachineZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -32326,25 +44258,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyNotificationBarActiveXURLaction_9
-
+
- LocalMachineZoneAllowAutomaticPromptingForFileDownloads
-
+ LocalMachineZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -32352,25 +44284,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyNotificationBarDownloadURLaction_9
-
+
- LocalMachineZoneAllowFontDownloads
-
+ LocalMachineZoneAllowFontDownloads
+
-
+
@@ -32378,25 +44310,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyFontDownload_9
-
+
- LocalMachineZoneAllowLessPrivilegedSites
-
+ LocalMachineZoneAllowLessPrivilegedSites
+
-
+
@@ -32404,25 +44336,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyZoneElevationURLaction_9
-
+
- LocalMachineZoneAllowNETFrameworkReliantComponents
-
+ LocalMachineZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -32430,25 +44362,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyUnsignedFrameworkComponentsURLaction_9
-
+
- LocalMachineZoneAllowScriptlets
-
+ LocalMachineZoneAllowScriptlets
+
-
+
@@ -32456,25 +44388,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_Policy_AllowScriptlets_9
-
+
- LocalMachineZoneAllowSmartScreenIE
-
+ LocalMachineZoneAllowSmartScreenIE
+
-
+
@@ -32482,25 +44414,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_Policy_Phishing_9
-
+
- LocalMachineZoneAllowUserDataPersistence
-
+ LocalMachineZoneAllowUserDataPersistence
+
-
+
@@ -32508,25 +44440,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyUserdataPersistence_9
-
+
- LocalMachineZoneInitializeAndScriptActiveXControls
-
+ LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
+
-
+
@@ -32534,25 +44466,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone~IZ_LocalMachineZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_9
+
+
+
+ LocalMachineZoneInitializeAndScriptActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyScriptActiveXNotMarkedSafe_9
-
+
- LocalMachineZoneNavigateWindowsAndFrames
-
+ LocalMachineZoneJavaPermissions
+
-
+
@@ -32560,25 +44518,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
+ IZ_PolicyJavaPermissions_9
+
+
+
+ LocalMachineZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZone
IZ_PolicyNavigateSubframesAcrossDomains_9
-
+
- LockedDownInternetZoneAllowAccessToDataSources
-
+ LockedDownInternetZoneAllowAccessToDataSources
+
-
+
@@ -32586,25 +44570,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyAccessDataSourcesAcrossDomains_2
-
+
- LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls
-
+ LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -32612,25 +44596,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyNotificationBarActiveXURLaction_2
-
+
- LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads
-
+ LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -32638,25 +44622,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyNotificationBarDownloadURLaction_2
-
+
- LockedDownInternetZoneAllowFontDownloads
-
+ LockedDownInternetZoneAllowFontDownloads
+
-
+
@@ -32664,25 +44648,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyFontDownload_2
-
+
- LockedDownInternetZoneAllowLessPrivilegedSites
-
+ LockedDownInternetZoneAllowLessPrivilegedSites
+
-
+
@@ -32690,25 +44674,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyZoneElevationURLaction_2
-
+
- LockedDownInternetZoneAllowNETFrameworkReliantComponents
-
+ LockedDownInternetZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -32716,25 +44700,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyUnsignedFrameworkComponentsURLaction_2
-
+
- LockedDownInternetZoneAllowScriptlets
-
+ LockedDownInternetZoneAllowScriptlets
+
-
+
@@ -32742,25 +44726,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_Policy_AllowScriptlets_2
-
+
- LockedDownInternetZoneAllowSmartScreenIE
-
+ LockedDownInternetZoneAllowSmartScreenIE
+
-
+
@@ -32768,25 +44752,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_Policy_Phishing_2
-
+
- LockedDownInternetZoneAllowUserDataPersistence
-
+ LockedDownInternetZoneAllowUserDataPersistence
+
-
+
@@ -32794,25 +44778,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyUserdataPersistence_2
-
+
- LockedDownInternetZoneInitializeAndScriptActiveXControls
-
+ LockedDownInternetZoneInitializeAndScriptActiveXControls
+
-
+
@@ -32820,25 +44804,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyScriptActiveXNotMarkedSafe_2
-
+
- LockedDownInternetZoneNavigateWindowsAndFrames
-
+ LockedDownInternetZoneJavaPermissions
+
-
+
@@ -32846,25 +44830,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
+ IZ_PolicyJavaPermissions_2
+
+
+
+ LockedDownInternetZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZoneLockdown
IZ_PolicyNavigateSubframesAcrossDomains_2
-
+
- LockedDownIntranetZoneAllowAccessToDataSources
-
+ LockedDownIntranetZoneAllowAccessToDataSources
+
-
+
@@ -32872,25 +44882,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyAccessDataSourcesAcrossDomains_4
-
+
- LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls
-
+ LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -32898,25 +44908,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyNotificationBarActiveXURLaction_4
-
+
- LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads
-
+ LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -32924,25 +44934,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyNotificationBarDownloadURLaction_4
-
+
- LockedDownIntranetZoneAllowFontDownloads
-
+ LockedDownIntranetZoneAllowFontDownloads
+
-
+
@@ -32950,25 +44960,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyFontDownload_4
-
+
- LockedDownIntranetZoneAllowLessPrivilegedSites
-
+ LockedDownIntranetZoneAllowLessPrivilegedSites
+
-
+
@@ -32976,25 +44986,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyZoneElevationURLaction_4
-
+
- LockedDownIntranetZoneAllowNETFrameworkReliantComponents
-
+ LockedDownIntranetZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -33002,25 +45012,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyUnsignedFrameworkComponentsURLaction_4
-
+
- LockedDownIntranetZoneAllowScriptlets
-
+ LockedDownIntranetZoneAllowScriptlets
+
-
+
@@ -33028,25 +45038,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_Policy_AllowScriptlets_4
-
+
- LockedDownIntranetZoneAllowSmartScreenIE
-
+ LockedDownIntranetZoneAllowSmartScreenIE
+
-
+
@@ -33054,25 +45064,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_Policy_Phishing_4
-
+
- LockedDownIntranetZoneAllowUserDataPersistence
-
+ LockedDownIntranetZoneAllowUserDataPersistence
+
-
+
@@ -33080,25 +45090,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyUserdataPersistence_4
-
+
- LockedDownIntranetZoneInitializeAndScriptActiveXControls
-
+ LockedDownIntranetZoneInitializeAndScriptActiveXControls
+
-
+
@@ -33106,25 +45116,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyScriptActiveXNotMarkedSafe_4
-
+
- LockedDownIntranetZoneNavigateWindowsAndFrames
-
+ LockedDownIntranetZoneNavigateWindowsAndFrames
+
-
+
@@ -33132,25 +45142,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZoneLockdown
IZ_PolicyNavigateSubframesAcrossDomains_4
-
+
- LockedDownLocalMachineZoneAllowAccessToDataSources
-
+ LockedDownLocalMachineZoneAllowAccessToDataSources
+
-
+
@@ -33158,25 +45168,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyAccessDataSourcesAcrossDomains_10
-
+
- LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls
-
+ LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -33184,25 +45194,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyNotificationBarActiveXURLaction_10
-
+
- LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads
-
+ LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -33210,25 +45220,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyNotificationBarDownloadURLaction_10
-
+
- LockedDownLocalMachineZoneAllowFontDownloads
-
+ LockedDownLocalMachineZoneAllowFontDownloads
+
-
+
@@ -33236,25 +45246,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyFontDownload_10
-
+
- LockedDownLocalMachineZoneAllowLessPrivilegedSites
-
+ LockedDownLocalMachineZoneAllowLessPrivilegedSites
+
-
+
@@ -33262,25 +45272,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyZoneElevationURLaction_10
-
+
- LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents
-
+ LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -33288,25 +45298,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyUnsignedFrameworkComponentsURLaction_10
-
+
- LockedDownLocalMachineZoneAllowScriptlets
-
+ LockedDownLocalMachineZoneAllowScriptlets
+
-
+
@@ -33314,25 +45324,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_Policy_AllowScriptlets_10
-
+
- LockedDownLocalMachineZoneAllowSmartScreenIE
-
+ LockedDownLocalMachineZoneAllowSmartScreenIE
+
-
+
@@ -33340,25 +45350,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_Policy_Phishing_10
-
+
- LockedDownLocalMachineZoneAllowUserDataPersistence
-
+ LockedDownLocalMachineZoneAllowUserDataPersistence
+
-
+
@@ -33366,25 +45376,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyUserdataPersistence_10
-
+
- LockedDownLocalMachineZoneInitializeAndScriptActiveXControls
-
+ LockedDownLocalMachineZoneInitializeAndScriptActiveXControls
+
-
+
@@ -33392,25 +45402,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyScriptActiveXNotMarkedSafe_10
-
+
- LockedDownLocalMachineZoneNavigateWindowsAndFrames
-
+ LockedDownLocalMachineZoneJavaPermissions
+
-
+
@@ -33418,25 +45428,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
+ IZ_PolicyJavaPermissions_10
+
+
+
+ LockedDownLocalMachineZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_LocalMachineZoneLockdown
IZ_PolicyNavigateSubframesAcrossDomains_10
-
+
- LockedDownRestrictedSitesZoneAllowAccessToDataSources
-
+ LockedDownRestrictedSitesZoneAllowAccessToDataSources
+
-
+
@@ -33444,25 +45480,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyAccessDataSourcesAcrossDomains_8
-
+
- LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
-
+ LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -33470,25 +45506,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyNotificationBarActiveXURLaction_8
-
+
- LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
-
+ LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -33496,25 +45532,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyNotificationBarDownloadURLaction_8
-
+
- LockedDownRestrictedSitesZoneAllowFontDownloads
-
+ LockedDownRestrictedSitesZoneAllowFontDownloads
+
-
+
@@ -33522,25 +45558,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyFontDownload_8
-
+
- LockedDownRestrictedSitesZoneAllowLessPrivilegedSites
-
+ LockedDownRestrictedSitesZoneAllowLessPrivilegedSites
+
-
+
@@ -33548,25 +45584,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyZoneElevationURLaction_8
-
+
- LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents
-
+ LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -33574,25 +45610,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyUnsignedFrameworkComponentsURLaction_8
-
+
- LockedDownRestrictedSitesZoneAllowScriptlets
-
+ LockedDownRestrictedSitesZoneAllowScriptlets
+
-
+
@@ -33600,25 +45636,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_Policy_AllowScriptlets_8
-
+
- LockedDownRestrictedSitesZoneAllowSmartScreenIE
-
+ LockedDownRestrictedSitesZoneAllowSmartScreenIE
+
-
+
@@ -33626,25 +45662,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_Policy_Phishing_8
-
+
- LockedDownRestrictedSitesZoneAllowUserDataPersistence
-
+ LockedDownRestrictedSitesZoneAllowUserDataPersistence
+
-
+
@@ -33652,25 +45688,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyUserdataPersistence_8
-
+
- LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls
-
+ LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls
+
-
+
@@ -33678,25 +45714,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyScriptActiveXNotMarkedSafe_8
-
+
- LockedDownRestrictedSitesZoneNavigateWindowsAndFrames
-
+ LockedDownRestrictedSitesZoneJavaPermissions
+
-
+
@@ -33704,25 +45740,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
+ IZ_PolicyJavaPermissions_8
+
+
+
+ LockedDownRestrictedSitesZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZoneLockdown
IZ_PolicyNavigateSubframesAcrossDomains_8
-
+
- LockedDownTrustedSitesZoneAllowAccessToDataSources
-
+ LockedDownTrustedSitesZoneAllowAccessToDataSources
+
-
+
@@ -33730,25 +45792,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyAccessDataSourcesAcrossDomains_6
-
+
- LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls
-
+ LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -33756,25 +45818,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyNotificationBarActiveXURLaction_6
-
+
- LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads
-
+ LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -33782,25 +45844,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyNotificationBarDownloadURLaction_6
-
+
- LockedDownTrustedSitesZoneAllowFontDownloads
-
+ LockedDownTrustedSitesZoneAllowFontDownloads
+
-
+
@@ -33808,25 +45870,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyFontDownload_6
-
+
- LockedDownTrustedSitesZoneAllowLessPrivilegedSites
-
+ LockedDownTrustedSitesZoneAllowLessPrivilegedSites
+
-
+
@@ -33834,25 +45896,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyZoneElevationURLaction_6
-
+
- LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents
-
+ LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -33860,25 +45922,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyUnsignedFrameworkComponentsURLaction_6
-
+
- LockedDownTrustedSitesZoneAllowScriptlets
-
+ LockedDownTrustedSitesZoneAllowScriptlets
+
-
+
@@ -33886,25 +45948,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_Policy_AllowScriptlets_6
-
+
- LockedDownTrustedSitesZoneAllowSmartScreenIE
-
+ LockedDownTrustedSitesZoneAllowSmartScreenIE
+
-
+
@@ -33912,25 +45974,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_Policy_Phishing_6
-
+
- LockedDownTrustedSitesZoneAllowUserDataPersistence
-
+ LockedDownTrustedSitesZoneAllowUserDataPersistence
+
-
+
@@ -33938,25 +46000,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyUserdataPersistence_6
-
+
- LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls
-
+ LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls
+
-
+
@@ -33964,25 +46026,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyScriptActiveXNotMarkedSafe_6
-
+
- LockedDownTrustedSitesZoneNavigateWindowsAndFrames
-
+ LockedDownTrustedSitesZoneJavaPermissions
+
-
+
@@ -33990,25 +46052,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
+ IZ_PolicyJavaPermissions_6
+
+
+
+ LockedDownTrustedSitesZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
IZ_PolicyNavigateSubframesAcrossDomains_6
-
+
- RestrictedSitesZoneAllowAccessToDataSources
-
+ MimeSniffingSafetyFeatureInternetExplorerProcesses
+
-
+
@@ -34016,25 +46104,233 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMimeSniffingSafetyFeature
+ IESF_PolicyExplorerProcesses_6
+
+
+
+ MKProtocolSecurityRestrictionInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryMKProtocolSecurityRestriction
+ IESF_PolicyExplorerProcesses_3
+
+
+
+ NotificationBarInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryInformationBar
+ IESF_PolicyExplorerProcesses_10
+
+
+
+ PreventManagingSmartScreenFilter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyDownloadSignedActiveX_1
+
+
+
+ PreventPerUserInstallationOfActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ DisablePerUserActiveXInstall
+
+
+
+ ProtectionFromZoneElevationInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryProtectionFromZoneElevation
+ IESF_PolicyAllProcesses_9
+
+
+
+ RemoveRunThisTimeButtonForOutdatedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
+ VerMgmtDisableRunThisTime
+
+
+
+ RestrictActiveXInstallInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictActiveXInstall
+ IESF_PolicyAllProcesses_11
+
+
+
+ RestrictedSitesZoneAllowAccessToDataSources
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyAccessDataSourcesAcrossDomains_7
-
+
- RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
-
+ RestrictedSitesZoneAllowActiveScripting
+
-
+
@@ -34042,25 +46338,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyActiveScripting_1
+
+
+
+ RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyNotificationBarActiveXURLaction_7
-
+
- RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
-
+ RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -34068,25 +46390,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyNotificationBarDownloadURLaction_7
-
+
- RestrictedSitesZoneAllowFontDownloads
-
+ RestrictedSitesZoneAllowBinaryAndScriptBehaviors
+
-
+
@@ -34094,25 +46416,129 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyBinaryBehaviors_1
+
+
+
+ RestrictedSitesZoneAllowCopyPasteViaScript
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyAllowPasteViaScript_7
+
+
+
+ RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyDropOrPasteFiles_7
+
+
+
+ RestrictedSitesZoneAllowFileDownloads
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyFileDownload_1
+
+
+
+ RestrictedSitesZoneAllowFontDownloadsWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyFontDownload_7
-
+
- RestrictedSitesZoneAllowLessPrivilegedSites
-
+ RestrictedSitesZoneAllowFontDownloadsWRONG2
+
-
+
@@ -34120,25 +46546,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyFontDownload_1
+
+
+
+ RestrictedSitesZoneAllowLessPrivilegedSites
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyZoneElevationURLaction_7
-
+
- RestrictedSitesZoneAllowNETFrameworkReliantComponents
-
+ RestrictedSitesZoneAllowLoadingOfXAMLFiles
+
-
+
@@ -34146,25 +46598,77 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_Policy_XAML_7
+
+
+
+ RestrictedSitesZoneAllowMETAREFRESH
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyAllowMETAREFRESH_1
+
+
+
+ RestrictedSitesZoneAllowNETFrameworkReliantComponents
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyUnsignedFrameworkComponentsURLaction_7
-
+
- RestrictedSitesZoneAllowScriptlets
-
+ RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
+
-
+
@@ -34172,25 +46676,129 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted
+
+
+
+ RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyAllowTDCControl_Both_Restricted
+
+
+
+ RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_Policy_WebBrowserControl_7
+
+
+
+ RestrictedSitesZoneAllowScriptInitiatedWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyWindowsRestrictionsURLaction_7
+
+
+
+ RestrictedSitesZoneAllowScriptlets
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_Policy_AllowScriptlets_7
-
+
- RestrictedSitesZoneAllowSmartScreenIE
-
+ RestrictedSitesZoneAllowSmartScreenIE
+
-
+
@@ -34198,25 +46806,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_Policy_Phishing_7
-
+
- RestrictedSitesZoneAllowUserDataPersistence
-
+ RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
+
-
+
@@ -34224,25 +46832,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_Policy_ScriptStatusBar_7
+
+
+
+ RestrictedSitesZoneAllowUserDataPersistence
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyUserdataPersistence_7
-
+
- RestrictedSitesZoneInitializeAndScriptActiveXControls
-
+ RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
+
-
+
@@ -34250,25 +46884,207 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_7
+
+
+
+ RestrictedSitesZoneDownloadSignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyDownloadSignedActiveX_7
+
+
+
+ RestrictedSitesZoneDownloadUnsignedActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyDownloadUnsignedActiveX_7
+
+
+
+ RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted
+
+
+
+ RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted
+
+
+
+ RestrictedSitesZoneEnableMIMESniffing
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyMimeSniffingURLaction_7
+
+
+
+ RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_Policy_LocalPathForUpload_7
+
+
+
+ RestrictedSitesZoneInitializeAndScriptActiveXControls
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyScriptActiveXNotMarkedSafe_7
-
+
- RestrictedSitesZoneNavigateWindowsAndFrames
-
+ RestrictedSitesZoneJavaPermissions
+
-
+
@@ -34276,25 +47092,103 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyJavaPermissions_7
+
+
+
+ RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyLaunchAppsAndFilesInIFRAME_7
+
+
+
+ RestrictedSitesZoneLogonOptions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyLogon_7
+
+
+
+ RestrictedSitesZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
IZ_PolicyNavigateSubframesAcrossDomains_7
-
+
- SearchProviderList
-
+ RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains
+
-
+
@@ -34302,25 +47196,311 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyNavigateSubframesAcrossDomains_1
+
+
+
+ RestrictedSitesZoneRunActiveXControlsAndPlugins
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyRunActiveXControls_1
+
+
+
+ RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicySignedFrameworkComponentsURLaction_7
+
+
+
+ RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
+ IZ_PolicyScriptActiveXMarkedSafe_1
+
+
+
+ RestrictedSitesZoneWRONG
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZoneLockdown
+ IZ_PolicyScriptingOfJavaApplets_6
+
+
+
+ RestrictedSitesZoneWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_Policy_UnsafeFiles_7
+
+
+
+ RestrictedSitesZoneWRONG3
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyTurnOnXSSFilter_Both_Restricted
+
+
+
+ RestrictedSitesZoneWRONG4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_Policy_TurnOnProtectedMode_7
+
+
+
+ RestrictedSitesZoneWRONG5
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
+ IZ_PolicyBlockPopupWindows_7
+
+
+
+ RestrictFileDownloadInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryRestrictFileDownload
+ IESF_PolicyAllProcesses_12
+
+
+
+ ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_CategoryScriptedWindowSecurityRestrictions
+ IESF_PolicyAllProcesses_8
+
+
+
+ SearchProviderList
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer
SpecificSearchProvider
-
+
- TrustedSitesZoneAllowAccessToDataSources
-
+ SecurityZonesUseOnlyMachineSettings
+
-
+
@@ -34328,25 +47508,77 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ Security_HKLM_only
+
+
+
+ SpecifyUseOfActiveXInstallerService
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer
+ OnlyUseAXISForActiveXInstall
+
+
+
+ TrustedSitesZoneAllowAccessToDataSources
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyAccessDataSourcesAcrossDomains_5
-
+
- TrustedSitesZoneAllowAutomaticPromptingForActiveXControls
-
+ TrustedSitesZoneAllowAutomaticPromptingForActiveXControls
+
-
+
@@ -34354,25 +47586,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyNotificationBarActiveXURLaction_5
-
+
- TrustedSitesZoneAllowAutomaticPromptingForFileDownloads
-
+ TrustedSitesZoneAllowAutomaticPromptingForFileDownloads
+
-
+
@@ -34380,25 +47612,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyNotificationBarDownloadURLaction_5
-
+
- TrustedSitesZoneAllowFontDownloads
-
+ TrustedSitesZoneAllowFontDownloads
+
-
+
@@ -34406,25 +47638,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyFontDownload_5
-
+
- TrustedSitesZoneAllowLessPrivilegedSites
-
+ TrustedSitesZoneAllowLessPrivilegedSites
+
-
+
@@ -34432,25 +47664,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyZoneElevationURLaction_5
-
+
- TrustedSitesZoneAllowNETFrameworkReliantComponents
-
+ TrustedSitesZoneAllowNETFrameworkReliantComponents
+
-
+
@@ -34458,25 +47690,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyUnsignedFrameworkComponentsURLaction_5
-
+
- TrustedSitesZoneAllowScriptlets
-
+ TrustedSitesZoneAllowScriptlets
+
-
+
@@ -34484,25 +47716,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_Policy_AllowScriptlets_5
-
+
- TrustedSitesZoneAllowSmartScreenIE
-
+ TrustedSitesZoneAllowSmartScreenIE
+
-
+
@@ -34510,25 +47742,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_Policy_Phishing_5
-
+
- TrustedSitesZoneAllowUserDataPersistence
-
+ TrustedSitesZoneAllowUserDataPersistence
+
-
+
@@ -34536,25 +47768,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyUserdataPersistence_5
-
+
- TrustedSitesZoneInitializeAndScriptActiveXControls
-
+ TrustedSitesZoneInitializeAndScriptActiveXControls
+
-
+
@@ -34562,25 +47794,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyScriptActiveXNotMarkedSafe_5
-
+
- TrustedSitesZoneNavigateWindowsAndFrames
-
+ TrustedSitesZoneJavaPermissions
+
-
+
@@ -34588,19 +47820,97 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyJavaPermissions_5
+
+
+
+ TrustedSitesZoneNavigateWindowsAndFrames
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
inetres.admx
inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
IZ_PolicyNavigateSubframesAcrossDomains_5
-
+
+
+
+ TrustedSitesZoneWRONG1
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyAntiMalwareCheckingOfActiveXControls_5
+
+
+
+ TrustedSitesZoneWRONG2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ inetres.admx
+ inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
+ IZ_PolicyScriptActiveXNotMarkedSafe_5
+
@@ -34623,10 +47933,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowForestSearchOrder
-
+ AllowForestSearchOrder
+
-
+
@@ -34634,25 +47944,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
Kerberos.admx
Kerberos~AT~System~kerberos
ForestSearch
-
+
- KerberosClientSupportsClaimsCompoundArmor
-
+ KerberosClientSupportsClaimsCompoundArmor
+
-
+
@@ -34660,25 +47970,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
Kerberos.admx
Kerberos~AT~System~kerberos
EnableCbacAndArmor
-
+
- RequireKerberosArmoring
-
+ RequireKerberosArmoring
+
-
+
@@ -34686,25 +47996,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
Kerberos.admx
Kerberos~AT~System~kerberos
ClientRequireFast
-
+
- RequireStrictKDCValidation
-
+ RequireStrictKDCValidation
+
-
+
@@ -34712,25 +48022,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
Kerberos.admx
Kerberos~AT~System~kerberos
ValidateKDC
-
+
- SetMaximumContextTokenSize
-
+ SetMaximumContextTokenSize
+
-
+
@@ -34738,19 +48048,19 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
Kerberos.admx
Kerberos~AT~System~kerberos
MaxTokenSize
-
+
@@ -34773,10 +48083,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowWindowsEntitlementReactivation
-
+ AllowWindowsEntitlementReactivation
+
-
+
1
@@ -34784,22 +48094,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- DisallowKMSClientOnlineAVSValidation
-
+ DisallowKMSClientOnlineAVSValidation
+
-
+
0
@@ -34807,16 +48117,876 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
+
+
+
+ LocalPoliciesSecurityOptions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Accounts_BlockMicrosoftAccounts
+
+
+
+
+ This policy setting prevents users from adding new Microsoft accounts on this computer.
+
+If you select the "Users can’t add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
+
+If you select the "Users can’t add or log on with Microsoft accounts" option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
+
+If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ Accounts_EnableAdministratorAccountStatus
+
+
+
+
+ This security setting determines whether the local Administrator account is enabled or disabled.
+
+Notes
+
+If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password.
+Disabling the Administrator account can become a maintenance issue under certain circumstances.
+
+Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator will not be enabled.
+
+Default: Disabled.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ desktop
+
+
+
+ Accounts_EnableGuestAccountStatus
+
+
+
+
+ This security setting determines if the Guest account is enabled or disabled.
+
+Default: Disabled.
+
+Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ desktop
+
+
+
+ Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
+
+
+
+
+ Accounts: Limit local account use of blank passwords to console logon only
+
+This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard.
+
+Default: Enabled.
+
+
+Warning:
+
+Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on by using a user account that does not have a password. This is especially important for portable computers.
+If you apply this security policy to the Everyone group, no one will be able to log on through Remote Desktop Services.
+
+Notes
+
+This setting does not affect logons that use domain accounts.
+It is possible for applications that use remote interactive logons to bypass this setting.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ Accounts_RenameAdministratorAccount
+
+
+
+
+ Accounts: Rename administrator account
+
+This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination.
+
+Default: Administrator.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ Accounts_RenameGuestAccount
+
+
+
+
+ Accounts: Rename guest account
+
+This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination.
+
+Default: Guest.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
+
+
+
+
+ Interactive Logon:Display user information when the session is locked
+User display name, domain and user names (1)
+User display name only (2)
+Do not display user information (3)
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ Interactivelogon_DoNotDisplayLastSignedIn
+
+
+
+
+ Interactive logon: Don't display last signed-in
+This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC.
+If this policy is enabled, the username will not be shown.
+
+If this policy is disabled, the username will be shown.
+
+Default: Disabled.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ Interactivelogon_DoNotDisplayUsernameAtSignIn
+
+
+
+
+ Interactive logon: Don't display username at sign-in
+This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown.
+If this policy is enabled, the username will not be shown.
+
+If this policy is disabled, the username will be shown.
+
+Default: Disabled.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ Interactivelogon_DoNotRequireCTRLALTDEL
+
+
+
+
+ Interactive logon: Do not require CTRL+ALT+DEL
+
+This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on.
+
+If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the users' passwords. Requiring CTRL+ALT+DEL before users log on ensures that users are communicating by means of a trusted path when entering their passwords.
+
+If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows.
+
+Default on domain-computers: Enabled: At least Windows 8/Disabled: Windows 7 or earlier.
+Default on stand-alone computers: Enabled.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ InteractiveLogon_MachineInactivityLimit
+
+
+
+
+ Interactive logon: Machine inactivity limit.
+
+Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.
+
+Default: not enforced.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InteractiveLogon_MessageTextForUsersAttemptingToLogOn
+
+
+
+
+ Interactive logon: Message text for users attempting to log on
+
+This security setting specifies a text message that is displayed to users when they log on.
+
+This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited.
+
+Default: No message.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
+
+
+
+
+ Interactive logon: Message title for users attempting to log on
+
+This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on.
+
+Default: No message.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares
+
+
+
+
+ Network access: Do not allow anonymous enumeration of SAM accounts and shares
+
+This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed.
+
+Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.
+
+Default: Disabled.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
+
+
+
+
+ Network access: Restrict anonymous access to Named Pipes and Shares
+
+When enabled, this security setting restricts anonymous access to shares and pipes to the settings for:
+
+Network access: Named pipes that can be accessed anonymously
+Network access: Shares that can be accessed anonymously
+Default: Enabled.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
+
+
+
+
+ Network access: Restrict clients allowed to make remote calls to SAM
+
+This policy setting allows you to restrict remote rpc connections to SAM.
+
+If not selected, the default security descriptor will be used.
+
+This policy is supported on at least Windows Server 2016.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ NetworkSecurity_AllowPKU2UAuthenticationRequests
+
+
+
+
+ Network security: Allow PKU2U authentication requests to this computer to use online identities.
+
+This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ RecoveryConsole_AllowAutomaticAdministrativeLogon
+
+
+
+
+ Recovery console: Allow automatic administrative logon
+
+This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system.
+
+Default: This policy is not defined and automatic administrative logon is not allowed.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ Shutdown_ClearVirtualMemoryPageFile
+
+
+
+
+ Shutdown: Clear virtual memory pagefile
+
+This security setting determines whether the virtual memory pagefile is cleared when the system is shut down.
+
+Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and it is well protected. However, systems that are configured to allow booting to other operating systems might have to make sure that the system pagefile is wiped clean when this system shuts down. This ensures that sensitive information from process memory that might go into the pagefile is not available to an unauthorized user who manages to directly access the pagefile.
+
+When this policy is enabled, it causes the system pagefile to be cleared upon clean shutdown. If you enable this security option, the hibernation file (hiberfil.sys) is also zeroed out when hibernation is disabled.
+
+Default: Disabled.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
+
+
+
+
+ User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
+
+This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
+
+• Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
+
+• Disabled: (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
+
+
+
+
+ User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
+
+This policy setting controls the behavior of the elevation prompt for administrators.
+
+The options are:
+
+• Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constrained environments.
+
+• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
+
+• Prompt for consent on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+
+• Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+
+• Prompt for consent: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+
+• Prompt for consent for non-Windows binaries: (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
+
+
+
+
+ User Account Control: Behavior of the elevation prompt for standard users
+This policy setting controls the behavior of the elevation prompt for standard users.
+
+The options are:
+
+• Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+
+• Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
+
+• Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
+
+
+
+
+ User Account Control: Only elevate executable files that are signed and validated
+
+This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.
+
+The options are:
+
+• Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run.
+
+• Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
+
+
+
+
+ User Account Control: Only elevate UIAccess applications that are installed in secure locations
+
+This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following:
+
+- …\Program Files\, including subfolders
+- …\Windows\system32\
+- …\Program Files (x86)\, including subfolders for 64-bit versions of Windows
+
+Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting.
+
+The options are:
+
+• Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
+
+• Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ UserAccountControl_RunAllAdministratorsInAdminApprovalMode
+
+
+
+
+ User Account Control: Turn on Admin Approval Mode
+
+This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
+
+The options are:
+
+• Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
+
+• Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
+
+
+
+
+ User Account Control: Switch to the secure desktop when prompting for elevation
+
+This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.
+
+The options are:
+
+• Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
+
+• Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ UserAccountControl_UseAdminApprovalMode
+
+
+
+
+ User Account Control: Use Admin Approval Mode for the built-in Administrator account
+
+This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.
+
+The options are:
+
+• Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation.
+
+• Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
+
+
+
+
+ User Account Control: Virtualize file and registry write failures to per-user locations
+
+This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software.
+
+The options are:
+
+• Enabled: (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry.
+
+• Disabled: Applications that write data to protected locations fail.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
@@ -34839,10 +49009,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- EnableLocation
-
+ EnableLocation
+
-
+
0
@@ -34850,15 +49020,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -34881,10 +49051,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowEdgeSwipe
-
+ AllowEdgeSwipe
+
-
+
1
@@ -34892,16 +49062,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
@@ -34924,10 +49094,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowOfflineMapsDownloadOverMeteredConnection
-
+ AllowOfflineMapsDownloadOverMeteredConnection
+
-
+
65535
@@ -34935,21 +49105,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- EnableOfflineMapsAutoUpdate
-
+ EnableOfflineMapsAutoUpdate
+
-
+
65535
@@ -34957,15 +49127,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -34988,10 +49158,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowMessageSync
-
+ AllowMessageSync
+
-
+
1
@@ -34999,22 +49169,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- AllowMMS
-
+ AllowMMS
+
-
+
1
@@ -35022,22 +49192,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- AllowRCS
-
+ AllowRCS
+
-
+
1
@@ -35045,16 +49215,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
@@ -35077,10 +49247,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- EnterpriseCloudResources
-
+ EnterpriseCloudResources
+
-
+
@@ -35088,21 +49258,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- EnterpriseInternalProxyServers
-
+ EnterpriseInternalProxyServers
+
-
+
@@ -35110,21 +49280,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- EnterpriseIPRange
-
+ EnterpriseIPRange
+
-
+
@@ -35132,21 +49302,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- EnterpriseIPRangesAreAuthoritative
-
+ EnterpriseIPRangesAreAuthoritative
+
-
+
0
@@ -35154,21 +49324,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- EnterpriseNetworkDomainNames
-
+ EnterpriseNetworkDomainNames
+
-
+
@@ -35176,21 +49346,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- EnterpriseProxyServers
-
+ EnterpriseProxyServers
+
-
+
@@ -35198,21 +49368,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- EnterpriseProxyServersAreAuthoritative
-
+ EnterpriseProxyServersAreAuthoritative
+
-
+
0
@@ -35220,21 +49390,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- NeutralResources
-
+ NeutralResources
+
-
+
@@ -35242,15 +49412,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -35273,10 +49443,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowStandbyWhenSleepingPluggedIn
-
+ AllowStandbyWhenSleepingPluggedIn
+
-
+
@@ -35284,25 +49454,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
power.admx
Power~AT~System~PowerManagementCat~PowerSleepSettingsCat
AllowStandbyStatesAC_2
-
+
- RequirePasswordWhenComputerWakesOnBattery
-
+ DisplayOffTimeoutOnBattery
+
-
+
@@ -35310,25 +49480,129 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+ phone
+ power.admx
+ Power~AT~System~PowerManagementCat~PowerVideoSettingsCat
+ VideoPowerDownTimeOutDC_2
+
+
+
+ DisplayOffTimeoutPluggedIn
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ power.admx
+ Power~AT~System~PowerManagementCat~PowerVideoSettingsCat
+ VideoPowerDownTimeOutAC_2
+
+
+
+ HibernateTimeoutOnBattery
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ power.admx
+ Power~AT~System~PowerManagementCat~PowerSleepSettingsCat
+ DCHibernateTimeOut_2
+
+
+
+ HibernateTimeoutPluggedIn
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ power.admx
+ Power~AT~System~PowerManagementCat~PowerSleepSettingsCat
+ ACHibernateTimeOut_2
+
+
+
+ RequirePasswordWhenComputerWakesOnBattery
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
power.admx
Power~AT~System~PowerManagementCat~PowerSleepSettingsCat
DCPromptForPasswordOnResume_2
-
+
- RequirePasswordWhenComputerWakesPluggedIn
-
+ RequirePasswordWhenComputerWakesPluggedIn
+
-
+
@@ -35336,19 +49610,71 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
power.admx
Power~AT~System~PowerManagementCat~PowerSleepSettingsCat
ACPromptForPasswordOnResume_2
-
+
+
+
+ StandbyTimeoutOnBattery
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ power.admx
+ Power~AT~System~PowerManagementCat~PowerSleepSettingsCat
+ DCStandbyTimeOut_2
+
+
+
+ StandbyTimeoutPluggedIn
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ power.admx
+ Power~AT~System~PowerManagementCat~PowerSleepSettingsCat
+ ACStandbyTimeOut_2
+
@@ -35371,10 +49697,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- PointAndPrintRestrictions
-
+ PointAndPrintRestrictions
+
-
+
@@ -35382,25 +49708,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
Printing.admx
Printing~AT~ControlPanel~CplPrinters
PointAndPrint_Restrictions_Win7
-
+
- PublishPrinters
-
+ PublishPrinters
+
-
+
@@ -35408,19 +49734,19 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
Printing2.admx
Printing2~AT~Printers
PublishPrinters
-
+
@@ -35443,10 +49769,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowAutoAcceptPairingAndPrivacyConsentPrompts
-
+ AllowAutoAcceptPairingAndPrivacyConsentPrompts
+
-
+
0
@@ -35454,22 +49780,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- AllowInputPersonalization
-
+ AllowInputPersonalization
+
-
+
1
@@ -35477,22 +49803,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
10.0.10240
-
+
- DisableAdvertisingId
-
+ DisableAdvertisingId
+
-
+
65535
@@ -35500,21 +49826,43 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessAccountInfo
-
+ EnableActivityFeed
+
-
+
+
+ Enables ActivityFeed, which is responsible for mirroring different activity types (as applicable) across device graph of the user.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LetAppsAccessAccountInfo
+
+
+
This policy setting specifies whether Windows apps can access account information.
0
@@ -35522,21 +49870,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessAccountInfo_ForceAllowTheseApps
-
+ LetAppsAccessAccountInfo_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
@@ -35544,21 +49892,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessAccountInfo_ForceDenyTheseApps
-
+ LetAppsAccessAccountInfo_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
@@ -35566,21 +49914,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessAccountInfo_UserInControlOfTheseApps
-
+ LetAppsAccessAccountInfo_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
@@ -35588,21 +49936,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessCalendar
-
+ LetAppsAccessCalendar
+
-
+
This policy setting specifies whether Windows apps can access the calendar.
0
@@ -35610,21 +49958,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessCalendar_ForceAllowTheseApps
-
+ LetAppsAccessCalendar_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
@@ -35632,21 +49980,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessCalendar_ForceDenyTheseApps
-
+ LetAppsAccessCalendar_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
@@ -35654,21 +50002,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessCalendar_UserInControlOfTheseApps
-
+ LetAppsAccessCalendar_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
@@ -35676,21 +50024,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessCallHistory
-
+ LetAppsAccessCallHistory
+
-
+
This policy setting specifies whether Windows apps can access call history.
0
@@ -35698,21 +50046,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessCallHistory_ForceAllowTheseApps
-
+ LetAppsAccessCallHistory_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
@@ -35720,21 +50068,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessCallHistory_ForceDenyTheseApps
-
+ LetAppsAccessCallHistory_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
@@ -35742,21 +50090,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessCallHistory_UserInControlOfTheseApps
-
+ LetAppsAccessCallHistory_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
@@ -35764,21 +50112,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessCamera
-
+ LetAppsAccessCamera
+
-
+
This policy setting specifies whether Windows apps can access the camera.
0
@@ -35786,21 +50134,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessCamera_ForceAllowTheseApps
-
+ LetAppsAccessCamera_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
@@ -35808,21 +50156,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessCamera_ForceDenyTheseApps
-
+ LetAppsAccessCamera_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
@@ -35830,21 +50178,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessCamera_UserInControlOfTheseApps
-
+ LetAppsAccessCamera_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
@@ -35852,21 +50200,109 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessContacts
-
+ LetAppsAccessCellularData
+
-
+
+
+ This policy setting specifies whether Windows apps can access cellular data.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LetAppsAccessCellularData_ForceAllowTheseApps
+
+
+
+
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LetAppsAccessCellularData_ForceDenyTheseApps
+
+
+
+
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LetAppsAccessCellularData_UserInControlOfTheseApps
+
+
+
+
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data privacy setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LetAppsAccessContacts
+
+
+
This policy setting specifies whether Windows apps can access contacts.
0
@@ -35874,21 +50310,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessContacts_ForceAllowTheseApps
-
+ LetAppsAccessContacts_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
@@ -35896,21 +50332,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessContacts_ForceDenyTheseApps
-
+ LetAppsAccessContacts_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
@@ -35918,21 +50354,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessContacts_UserInControlOfTheseApps
-
+ LetAppsAccessContacts_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
@@ -35940,21 +50376,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessEmail
-
+ LetAppsAccessEmail
+
-
+
This policy setting specifies whether Windows apps can access email.
0
@@ -35962,21 +50398,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessEmail_ForceAllowTheseApps
-
+ LetAppsAccessEmail_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
@@ -35984,21 +50420,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessEmail_ForceDenyTheseApps
-
+ LetAppsAccessEmail_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
@@ -36006,21 +50442,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessEmail_UserInControlOfTheseApps
-
+ LetAppsAccessEmail_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
@@ -36028,21 +50464,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessLocation
-
+ LetAppsAccessLocation
+
-
+
This policy setting specifies whether Windows apps can access location.
0
@@ -36050,21 +50486,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessLocation_ForceAllowTheseApps
-
+ LetAppsAccessLocation_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
@@ -36072,21 +50508,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessLocation_ForceDenyTheseApps
-
+ LetAppsAccessLocation_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
@@ -36094,21 +50530,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessLocation_UserInControlOfTheseApps
-
+ LetAppsAccessLocation_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
@@ -36116,21 +50552,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessMessaging
-
+ LetAppsAccessMessaging
+
-
+
This policy setting specifies whether Windows apps can read or send messages (text or MMS).
0
@@ -36138,21 +50574,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessMessaging_ForceAllowTheseApps
-
+ LetAppsAccessMessaging_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
@@ -36160,21 +50596,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessMessaging_ForceDenyTheseApps
-
+ LetAppsAccessMessaging_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
@@ -36182,21 +50618,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessMessaging_UserInControlOfTheseApps
-
+ LetAppsAccessMessaging_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
@@ -36204,21 +50640,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessMicrophone
-
+ LetAppsAccessMicrophone
+
-
+
This policy setting specifies whether Windows apps can access the microphone.
0
@@ -36226,21 +50662,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessMicrophone_ForceAllowTheseApps
-
+ LetAppsAccessMicrophone_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
@@ -36248,21 +50684,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessMicrophone_ForceDenyTheseApps
-
+ LetAppsAccessMicrophone_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
@@ -36270,21 +50706,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessMicrophone_UserInControlOfTheseApps
-
+ LetAppsAccessMicrophone_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
@@ -36292,21 +50728,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessMotion
-
+ LetAppsAccessMotion
+
-
+
This policy setting specifies whether Windows apps can access motion data.
0
@@ -36314,21 +50750,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessMotion_ForceAllowTheseApps
-
+ LetAppsAccessMotion_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
@@ -36336,21 +50772,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessMotion_ForceDenyTheseApps
-
+ LetAppsAccessMotion_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
@@ -36358,21 +50794,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessMotion_UserInControlOfTheseApps
-
+ LetAppsAccessMotion_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
@@ -36380,21 +50816,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessNotifications
-
+ LetAppsAccessNotifications
+
-
+
This policy setting specifies whether Windows apps can access notifications.
0
@@ -36402,21 +50838,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessNotifications_ForceAllowTheseApps
-
+ LetAppsAccessNotifications_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
@@ -36424,21 +50860,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessNotifications_ForceDenyTheseApps
-
+ LetAppsAccessNotifications_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
@@ -36446,21 +50882,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessNotifications_UserInControlOfTheseApps
-
+ LetAppsAccessNotifications_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
@@ -36468,21 +50904,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessPhone
-
+ LetAppsAccessPhone
+
-
+
This policy setting specifies whether Windows apps can make phone calls
0
@@ -36490,21 +50926,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessPhone_ForceAllowTheseApps
-
+ LetAppsAccessPhone_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
@@ -36512,21 +50948,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessPhone_ForceDenyTheseApps
-
+ LetAppsAccessPhone_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
@@ -36534,21 +50970,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessPhone_UserInControlOfTheseApps
-
+ LetAppsAccessPhone_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
@@ -36556,21 +50992,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessRadios
-
+ LetAppsAccessRadios
+
-
+
This policy setting specifies whether Windows apps have access to control radios.
0
@@ -36578,21 +51014,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessRadios_ForceAllowTheseApps
-
+ LetAppsAccessRadios_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
@@ -36600,21 +51036,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessRadios_ForceDenyTheseApps
-
+ LetAppsAccessRadios_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
@@ -36622,21 +51058,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessRadios_UserInControlOfTheseApps
-
+ LetAppsAccessRadios_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
@@ -36644,21 +51080,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessTasks
-
+ LetAppsAccessTasks
+
-
+
This policy setting specifies whether Windows apps can access tasks.
0
@@ -36666,21 +51102,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessTasks_ForceAllowTheseApps
-
+ LetAppsAccessTasks_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
@@ -36688,21 +51124,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessTasks_ForceDenyTheseApps
-
+ LetAppsAccessTasks_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
@@ -36710,21 +51146,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessTasks_UserInControlOfTheseApps
-
+ LetAppsAccessTasks_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
@@ -36732,21 +51168,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessTrustedDevices
-
+ LetAppsAccessTrustedDevices
+
-
+
This policy setting specifies whether Windows apps can access trusted devices.
0
@@ -36754,21 +51190,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessTrustedDevices_ForceAllowTheseApps
-
+ LetAppsAccessTrustedDevices_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
@@ -36776,21 +51212,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessTrustedDevices_ForceDenyTheseApps
-
+ LetAppsAccessTrustedDevices_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
@@ -36798,21 +51234,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsAccessTrustedDevices_UserInControlOfTheseApps
-
+ LetAppsAccessTrustedDevices_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
@@ -36820,21 +51256,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsGetDiagnosticInfo
-
+ LetAppsGetDiagnosticInfo
+
-
+
This policy setting specifies whether Windows apps can get diagnostic information about other apps, including user names.
0
@@ -36842,21 +51278,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsGetDiagnosticInfo_ForceAllowTheseApps
-
+ LetAppsGetDiagnosticInfo_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.
@@ -36864,21 +51300,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsGetDiagnosticInfo_ForceDenyTheseApps
-
+ LetAppsGetDiagnosticInfo_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to get diagnostic information about other apps, including user names. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.
@@ -36886,21 +51322,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsGetDiagnosticInfo_UserInControlOfTheseApps
-
+ LetAppsGetDiagnosticInfo_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the app diagnostics privacy setting for the listed Windows apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified Windows apps.
@@ -36908,21 +51344,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsRunInBackground
-
+ LetAppsRunInBackground
+
-
+
This policy setting specifies whether Windows apps can run in the background.
0
@@ -36930,21 +51366,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsRunInBackground_ForceAllowTheseApps
-
+ LetAppsRunInBackground_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.
@@ -36952,21 +51388,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsRunInBackground_ForceDenyTheseApps
-
+ LetAppsRunInBackground_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are not allowed to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.
@@ -36974,21 +51410,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsRunInBackground_UserInControlOfTheseApps
-
+ LetAppsRunInBackground_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the background apps privacy setting for the listed Windows apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified Windows apps.
@@ -36996,21 +51432,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsSyncWithDevices
-
+ LetAppsSyncWithDevices
+
-
+
This policy setting specifies whether Windows apps can sync with devices.
0
@@ -37018,21 +51454,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsSyncWithDevices_ForceAllowTheseApps
-
+ LetAppsSyncWithDevices_ForceAllowTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -37040,21 +51476,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsSyncWithDevices_ForceDenyTheseApps
-
+ LetAppsSyncWithDevices_ForceDenyTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -37062,21 +51498,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- LetAppsSyncWithDevices_UserInControlOfTheseApps
-
+ LetAppsSyncWithDevices_UserInControlOfTheseApps
+
-
+
List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -37084,15 +51520,37 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
+
+
+ PublishUserActivities
+
+
+
+
+ Allows apps/system to publish 'User Activities' into ActivityFeed.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
@@ -37115,10 +51573,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- CustomizeWarningMessages
-
+ CustomizeWarningMessages
+
-
+
@@ -37126,25 +51584,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
remoteassistance.admx
RemoteAssistance~AT~System~RemoteAssist
RA_Options
-
+
- SessionLogging
-
+ SessionLogging
+
-
+
@@ -37152,25 +51610,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
remoteassistance.admx
RemoteAssistance~AT~System~RemoteAssist
RA_Logging
-
+
- SolicitedRemoteAssistance
-
+ SolicitedRemoteAssistance
+
-
+
@@ -37178,25 +51636,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
remoteassistance.admx
RemoteAssistance~AT~System~RemoteAssist
RA_Solicit
-
+
- UnsolicitedRemoteAssistance
-
+ UnsolicitedRemoteAssistance
+
-
+
@@ -37204,19 +51662,19 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
remoteassistance.admx
RemoteAssistance~AT~System~RemoteAssist
RA_Unsolicit
-
+
@@ -37239,10 +51697,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowUsersToConnectRemotely
-
+ AllowUsersToConnectRemotely
+
-
+
@@ -37250,25 +51708,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
terminalserver.admx
TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_CONNECTIONS
TS_DISABLE_CONNECTIONS
-
+
- ClientConnectionEncryptionLevel
-
+ ClientConnectionEncryptionLevel
+
-
+
@@ -37276,25 +51734,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
terminalserver.admx
TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITY
TS_ENCRYPTION_POLICY
-
+
- DoNotAllowDriveRedirection
-
+ DoNotAllowDriveRedirection
+
-
+
@@ -37302,25 +51760,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
terminalserver.admx
TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_REDIRECTION
TS_CLIENT_DRIVE_M
-
+
- DoNotAllowPasswordSaving
-
+ DoNotAllowPasswordSaving
+
-
+
@@ -37328,25 +51786,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
terminalserver.admx
TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_CLIENT
TS_CLIENT_DISABLE_PASSWORD_SAVING_2
-
+
- PromptForPasswordUponConnection
-
+ PromptForPasswordUponConnection
+
-
+
@@ -37354,25 +51812,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
terminalserver.admx
TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITY
TS_PASSWORD
-
+
- RequireSecureRPCCommunication
-
+ RequireSecureRPCCommunication
+
-
+
@@ -37380,19 +51838,429 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
terminalserver.admx
TerminalServer~AT~WindowsComponents~TS_GP_NODE~TS_TERMINAL_SERVER~TS_SECURITY
TS_RPC_ENCRYPTION
-
+
+
+
+
+ RemoteManagement
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ AllowBasicAuthentication_Client
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient
+ AllowBasic_2
+
+
+
+ AllowBasicAuthentication_Service
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
+ AllowBasic_1
+
+
+
+ AllowCredSSPAuthenticationClient
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
+ AllowCredSSP_1
+
+
+
+ AllowCredSSPAuthenticationService
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
+ AllowCredSSP_2
+
+
+
+ AllowRemoteServerManagement
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
+ AllowAutoConfig
+
+
+
+ AllowUnencryptedTraffic_Client
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient
+ AllowUnencrypted_2
+
+
+
+ AllowUnencryptedTraffic_Service
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
+ AllowUnencrypted_1
+
+
+
+ DisallowDigestAuthentication
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient
+ DisallowDigest
+
+
+
+ DisallowNegotiateAuthenticationClient
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
+ DisallowNegotiate_1
+
+
+
+ DisallowNegotiateAuthenticationService
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient
+ DisallowNegotiate_2
+
+
+
+ DisallowStoringOfRunAsCredentials
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
+ DisableRunAs
+
+
+
+ SpecifyChannelBindingTokenHardeningLevel
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
+ CBTHardeningLevel_1
+
+
+
+ TrustedHosts
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMClient
+ TrustedHosts
+
+
+
+ TurnOnCompatibilityHTTPListener
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
+ HttpCompatibilityListener
+
+
+
+ TurnOnCompatibilityHTTPSListener
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteManagement.admx
+ WindowsRemoteManagement~AT~WindowsComponents~WinRM~WinRMService
+ HttpsCompatibilityListener
+
@@ -37415,10 +52283,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- RestrictUnauthenticatedRPCClients
-
+ RestrictUnauthenticatedRPCClients
+
-
+
@@ -37426,25 +52294,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
rpc.admx
RPC~AT~System~Rpc
RpcRestrictRemoteClients
-
+
- RPCEndpointMapperClientAuthentication
-
+ RPCEndpointMapperClientAuthentication
+
-
+
@@ -37452,19 +52320,221 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
rpc.admx
RPC~AT~System~Rpc
RpcEnableAuthEpResolution
-
+
+
+
+
+ RemoteShell
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ AllowRemoteShellAccess
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteShell.admx
+ WindowsRemoteShell~AT~WindowsComponents~WinRS
+ AllowRemoteShellAccess
+
+
+
+ MaxConcurrentUsers
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteShell.admx
+ WindowsRemoteShell~AT~WindowsComponents~WinRS
+ MaxConcurrentUsers
+
+
+
+ SpecifyIdleTimeout
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteShell.admx
+ WindowsRemoteShell~AT~WindowsComponents~WinRS
+ IdleTimeout
+
+
+
+ SpecifyMaxMemory
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteShell.admx
+ WindowsRemoteShell~AT~WindowsComponents~WinRS
+ MaxMemoryPerShellMB
+
+
+
+ SpecifyMaxProcesses
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteShell.admx
+ WindowsRemoteShell~AT~WindowsComponents~WinRS
+ MaxProcessesPerShell
+
+
+
+ SpecifyMaxRemoteShells
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteShell.admx
+ WindowsRemoteShell~AT~WindowsComponents~WinRS
+ MaxShellsPerUser
+
+
+
+ SpecifyShellTimeout
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ WindowsRemoteShell.admx
+ WindowsRemoteShell~AT~WindowsComponents~WinRS
+ ShellTimeOut
+
@@ -37487,10 +52557,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowIndexingEncryptedStoresOrItems
-
+ AllowIndexingEncryptedStoresOrItems
+
-
+
0
@@ -37498,21 +52568,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowSearchToUseLocation
-
+ AllowSearchToUseLocation
+
-
+
1
@@ -37520,21 +52590,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowStoringImagesFromVisionSearch
-
+ AllowStoringImagesFromVisionSearch
+
-
+
1
@@ -37542,21 +52612,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowUsingDiacritics
-
+ AllowUsingDiacritics
+
-
+
0
@@ -37564,21 +52634,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowWindowsIndexer
-
+ AllowWindowsIndexer
+
-
+
3
@@ -37586,21 +52656,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AlwaysUseAutoLangDetection
-
+ AlwaysUseAutoLangDetection
+
-
+
0
@@ -37608,21 +52678,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- DisableBackoff
-
+ DisableBackoff
+
-
+
0
@@ -37630,21 +52700,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- DisableRemovableDriveIndexing
-
+ DisableRemovableDriveIndexing
+
-
+
0
@@ -37652,21 +52722,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- PreventIndexingLowDiskSpaceMB
-
+ PreventIndexingLowDiskSpaceMB
+
-
+
1
@@ -37674,21 +52744,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- PreventRemoteQueries
-
+ PreventRemoteQueries
+
-
+
1
@@ -37696,21 +52766,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- SafeSearchPermissions
-
+ SafeSearchPermissions
+
-
+
1
@@ -37718,16 +52788,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
@@ -37750,10 +52820,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowAddProvisioningPackage
-
+ AllowAddProvisioningPackage
+
-
+
1
@@ -37761,21 +52831,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowManualRootCertificateInstallation
-
+ AllowManualRootCertificateInstallation
+
-
+
1
@@ -37783,22 +52853,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- AllowRemoveProvisioningPackage
-
+ AllowRemoveProvisioningPackage
+
-
+
1
@@ -37806,21 +52876,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AntiTheftMode
-
+ AntiTheftMode
+
-
+
1
@@ -37828,22 +52898,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
- PreventAutomaticDeviceEncryptionForAzureADJoinedDevices
-
+ ClearTPMIfNotReady
+
-
+
0
@@ -37851,21 +52921,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+ phone
+
- RequireDeviceEncryption
-
+ PreventAutomaticDeviceEncryptionForAzureADJoinedDevices
+
-
+
0
@@ -37873,21 +52944,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- RequireProvisioningPackageSignature
-
+ RequireDeviceEncryption
+
-
+
0
@@ -37895,21 +52966,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- RequireRetrieveHealthCertificateOnBoot
-
+ RequireProvisioningPackageSignature
+
-
+
0
@@ -37917,15 +52988,37 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
+
+
+ RequireRetrieveHealthCertificateOnBoot
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
@@ -37948,10 +53041,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowAutoPlay
-
+ AllowAutoPlay
+
-
+
1
@@ -37959,22 +53052,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowDataSense
-
+ AllowDataSense
+
-
+
1
@@ -37982,21 +53075,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowDateTime
-
+ AllowDateTime
+
-
+
1
@@ -38004,21 +53097,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowEditDeviceName
-
+ AllowEditDeviceName
+
-
+
1
@@ -38026,21 +53119,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowLanguage
-
+ AllowLanguage
+
-
+
1
@@ -38048,22 +53141,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowPowerSleep
-
+ AllowPowerSleep
+
-
+
1
@@ -38071,22 +53164,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowRegion
-
+ AllowRegion
+
-
+
1
@@ -38094,22 +53187,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowSignInOptions
-
+ AllowSignInOptions
+
-
+
1
@@ -38117,22 +53210,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowVPN
-
+ AllowVPN
+
-
+
1
@@ -38140,21 +53233,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowWorkplace
-
+ AllowWorkplace
+
-
+
1
@@ -38162,22 +53255,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowYourAccount
-
+ AllowYourAccount
+
-
+
1
@@ -38185,21 +53278,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- PageVisibilityList
-
+ PageVisibilityList
+
-
+
@@ -38207,15 +53300,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -38238,10 +53331,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- EnableAppInstallControl
-
+ EnableAppInstallControl
+
-
+
0
@@ -38249,22 +53342,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- EnableSmartScreenInShell
-
+ EnableSmartScreenInShell
+
-
+
1
@@ -38272,22 +53365,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- PreventOverrideForFilesInShell
-
+ PreventOverrideForFilesInShell
+
-
+
0
@@ -38295,16 +53388,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
@@ -38327,10 +53420,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowSpeechModelUpdate
-
+ AllowSpeechModelUpdate
+
-
+
1
@@ -38338,15 +53431,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -38369,10 +53462,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowPinnedFolderDocuments
-
+ AllowPinnedFolderDocuments
+
-
+
This policy controls the visibility of the Documents shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.
65535
@@ -38380,22 +53473,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowPinnedFolderDownloads
-
+ AllowPinnedFolderDownloads
+
-
+
This policy controls the visibility of the Downloads shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.
65535
@@ -38403,22 +53496,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowPinnedFolderFileExplorer
-
+ AllowPinnedFolderFileExplorer
+
-
+
This policy controls the visibility of the File Explorer shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.
65535
@@ -38426,22 +53519,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowPinnedFolderHomeGroup
-
+ AllowPinnedFolderHomeGroup
+
-
+
This policy controls the visibility of the HomeGroup shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.
65535
@@ -38449,22 +53542,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowPinnedFolderMusic
-
+ AllowPinnedFolderMusic
+
-
+
This policy controls the visibility of the Music shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.
65535
@@ -38472,22 +53565,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowPinnedFolderNetwork
-
+ AllowPinnedFolderNetwork
+
-
+
This policy controls the visibility of the Network shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.
65535
@@ -38495,22 +53588,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowPinnedFolderPersonalFolder
-
+ AllowPinnedFolderPersonalFolder
+
-
+
This policy controls the visibility of the PersonalFolder shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.
65535
@@ -38518,22 +53611,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowPinnedFolderPictures
-
+ AllowPinnedFolderPictures
+
-
+
This policy controls the visibility of the Pictures shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.
65535
@@ -38541,22 +53634,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowPinnedFolderSettings
-
+ AllowPinnedFolderSettings
+
-
+
This policy controls the visibility of the Settings shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.
65535
@@ -38564,22 +53657,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowPinnedFolderVideos
-
+ AllowPinnedFolderVideos
+
-
+
This policy controls the visibility of the Videos shortcut on the Start menu. The possible values are 0 - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, 1 - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, 65535 - means that there is no enforced configuration and the setting can be changed by the user.
65535
@@ -38587,22 +53680,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- ForceStartSize
-
+ ForceStartSize
+
-
+
0
@@ -38610,22 +53703,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- HideAppList
-
+ HideAppList
+
-
+
Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app.
0
@@ -38633,22 +53726,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- HideChangeAccountSettings
-
+ HideChangeAccountSettings
+
-
+
Enabling this policy hides "Change account settings" from appearing in the user tile in the start menu.
0
@@ -38656,21 +53749,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- HideFrequentlyUsedApps
-
+ HideFrequentlyUsedApps
+
-
+
Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app.
0
@@ -38678,22 +53771,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- HideHibernate
-
+ HideHibernate
+
-
+
Enabling this policy hides "Hibernate" from appearing in the power button in the start menu.
0
@@ -38701,21 +53794,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- HideLock
-
+ HideLock
+
-
+
Enabling this policy hides "Lock" from appearing in the user tile in the start menu.
0
@@ -38723,21 +53816,44 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- HidePowerButton
-
+ HidePeopleBar
+
-
+
+
+ Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ HidePowerButton
+
+
+
Enabling this policy hides the power button from appearing in the start menu.
0
@@ -38745,21 +53861,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- HideRecentJumplists
-
+ HideRecentJumplists
+
-
+
Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app.
0
@@ -38767,22 +53883,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- HideRecentlyAddedApps
-
+ HideRecentlyAddedApps
+
-
+
Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app.
0
@@ -38790,22 +53906,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- HideRestart
-
+ HideRestart
+
-
+
Enabling this policy hides "Restart/Update and restart" from appearing in the power button in the start menu.
0
@@ -38813,21 +53929,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- HideShutDown
-
+ HideShutDown
+
-
+
Enabling this policy hides "Shut down/Update and shut down" from appearing in the power button in the start menu.
0
@@ -38835,21 +53951,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- HideSignOut
-
+ HideSignOut
+
-
+
Enabling this policy hides "Sign out" from appearing in the user tile in the start menu.
0
@@ -38857,21 +53973,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- HideSleep
-
+ HideSleep
+
-
+
Enabling this policy hides "Sleep" from appearing in the power button in the start menu.
0
@@ -38879,21 +53995,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- HideSwitchAccount
-
+ HideSwitchAccount
+
-
+
Enabling this policy hides "Switch account" from appearing in the user tile in the start menu.
0
@@ -38901,21 +54017,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- HideUserTile
-
+ HideUserTile
+
-
+
Enabling this policy hides the user tile from appearing in the start menu.
0
@@ -38923,21 +54039,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- ImportEdgeAssets
-
+ ImportEdgeAssets
+
-
+
This policy setting allows you to import Edge assets to be used with StartLayout policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when StartLayout policy is modified.
@@ -38945,22 +54061,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- NoPinningToTaskbar
-
+ NoPinningToTaskbar
+
-
+
This policy setting allows you to control pinning programs to the Taskbar. If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar.
0
@@ -38968,22 +54084,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- StartLayout
-
+ StartLayout
+
-
+
@@ -38991,16 +54107,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
@@ -39023,10 +54139,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- EnhancedStorageDevices
-
+ EnhancedStorageDevices
+
-
+
@@ -39034,19 +54150,19 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
enhancedstorage.admx
EnhancedStorage~AT~System~EnStorDeviceAccess
TCGSecurityActivationDisabled
-
+
@@ -39069,10 +54185,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowBuildPreview
-
+ AllowBuildPreview
+
-
+
2
@@ -39080,21 +54196,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowEmbeddedMode
-
+ AllowEmbeddedMode
+
-
+
0
@@ -39102,21 +54218,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowExperimentation
-
+ AllowExperimentation
+
-
+
1
@@ -39124,21 +54240,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowFontProviders
-
+ AllowFontProviders
+
-
+
1
@@ -39146,21 +54262,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowLocation
-
+ AllowLocation
+
-
+
1
@@ -39168,21 +54284,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowStorageCard
-
+ AllowStorageCard
+
-
+
1
@@ -39190,21 +54306,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowTelemetry
-
+ AllowTelemetry
+
-
+
3
@@ -39212,21 +54328,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowUserToResetPhone
-
+ AllowUserToResetPhone
+
-
+
1
@@ -39234,21 +54350,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- BootStartDriverInitialization
-
+ BootStartDriverInitialization
+
-
+
@@ -39256,47 +54372,47 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
earlylauncham.admx
EarlyLaunchAM~AT~System~ELAMCategory
POL_DriverLoadPolicy_Name
-
+
- DisableOneDriveFileSync
-
+ DisableOneDriveFileSync
+
-
+
- This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
+ This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
0
-
+
-
+
- text/plain
+ text/plain
-
+
- DisableSystemRestore
-
+ DisableSystemRestore
+
-
+
@@ -39304,25 +54420,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
systemrestore.admx
SystemRestore~AT~System~SR
SR_DisableSR
-
+
- TelemetryProxy
-
+ TelemetryProxy
+
-
+
@@ -39330,15 +54446,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -39361,10 +54477,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowIMELogging
-
+ AllowIMELogging
+
-
+
1
@@ -39372,22 +54488,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowIMENetworkAccess
-
+ AllowIMENetworkAccess
+
-
+
1
@@ -39395,22 +54511,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowInputPanel
-
+ AllowInputPanel
+
-
+
1
@@ -39418,22 +54534,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowJapaneseIMESurrogatePairCharacters
-
+ AllowJapaneseIMESurrogatePairCharacters
+
-
+
1
@@ -39441,22 +54557,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowJapaneseIVSCharacters
-
+ AllowJapaneseIVSCharacters
+
-
+
1
@@ -39464,22 +54580,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowJapaneseNonPublishingStandardGlyph
-
+ AllowJapaneseNonPublishingStandardGlyph
+
-
+
1
@@ -39487,22 +54603,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowJapaneseUserDictionary
-
+ AllowJapaneseUserDictionary
+
-
+
1
@@ -39510,22 +54626,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowKeyboardTextSuggestions
-
+ AllowKeyboardTextSuggestions
+
-
+
1
@@ -39533,21 +54649,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowLanguageFeaturesUninstall
-
+ AllowLanguageFeaturesUninstall
+
-
+
1
@@ -39555,22 +54671,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- ExcludeJapaneseIMEExceptJIS0208
-
+ ExcludeJapaneseIMEExceptJIS0208
+
-
+
0
@@ -39578,21 +54694,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- ExcludeJapaneseIMEExceptJIS0208andEUDC
-
+ ExcludeJapaneseIMEExceptJIS0208andEUDC
+
-
+
0
@@ -39600,22 +54716,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- ExcludeJapaneseIMEExceptShiftJIS
-
+ ExcludeJapaneseIMEExceptShiftJIS
+
-
+
0
@@ -39623,16 +54739,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
@@ -39655,10 +54771,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowSet24HourClock
-
+ AllowSet24HourClock
+
-
+
0
@@ -39666,16 +54782,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
desktop
-
+
@@ -39698,10 +54814,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- ActiveHoursEnd
-
+ ActiveHoursEnd
+
-
+
17
@@ -39709,21 +54825,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- ActiveHoursMaxRange
-
+ ActiveHoursMaxRange
+
-
+
18
@@ -39731,21 +54847,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- ActiveHoursStart
-
+ ActiveHoursStart
+
-
+
8
@@ -39753,21 +54869,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowAutoUpdate
-
+ AllowAutoUpdate
+
-
+
2
@@ -39775,21 +54891,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowMUUpdateService
-
+ AllowAutoWindowsUpdateDownloadOverMeteredNetwork
+
-
+
0
@@ -39797,22 +54913,44 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+
+
+
+ AllowMUUpdateService
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
-
+
- AllowNonMicrosoftSignedUpdate
-
+ AllowNonMicrosoftSignedUpdate
+
-
+
1
@@ -39820,21 +54958,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowUpdateService
-
+ AllowUpdateService
+
-
+
1
@@ -39842,21 +54980,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AutoRestartDeadlinePeriodInDays
-
+ AutoRestartDeadlinePeriodInDays
+
-
+
7
@@ -39864,21 +55002,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AutoRestartNotificationSchedule
-
+ AutoRestartNotificationSchedule
+
-
+
15
@@ -39886,21 +55024,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AutoRestartRequiredNotificationDismissal
-
+ AutoRestartRequiredNotificationDismissal
+
-
+
1
@@ -39908,21 +55046,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- BranchReadinessLevel
-
+ BranchReadinessLevel
+
-
+
16
@@ -39930,21 +55068,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- DeferFeatureUpdatesPeriodInDays
-
+ DeferFeatureUpdatesPeriodInDays
+
-
+
0
@@ -39952,21 +55090,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- DeferQualityUpdatesPeriodInDays
-
+ DeferQualityUpdatesPeriodInDays
+
-
+
0
@@ -39974,21 +55112,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- DeferUpdatePeriod
-
+ DeferUpdatePeriod
+
-
+
0
@@ -39996,21 +55134,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- DeferUpgradePeriod
-
+ DeferUpgradePeriod
+
-
+
0
@@ -40018,21 +55156,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- DetectionFrequency
-
+ DetectionFrequency
+
-
+
22
@@ -40040,21 +55178,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- EngagedRestartDeadline
-
+ EngagedRestartDeadline
+
-
+
14
@@ -40062,21 +55200,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- EngagedRestartSnoozeSchedule
-
+ EngagedRestartSnoozeSchedule
+
-
+
3
@@ -40084,21 +55222,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- EngagedRestartTransitionSchedule
-
+ EngagedRestartTransitionSchedule
+
-
+
7
@@ -40106,21 +55244,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- ExcludeWUDriversInQualityUpdate
-
+ ExcludeWUDriversInQualityUpdate
+
-
+
0
@@ -40128,21 +55266,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- FillEmptyContentUrls
-
+ FillEmptyContentUrls
+
-
+
0
@@ -40150,21 +55288,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- IgnoreMOAppDownloadLimit
-
+ IgnoreMOAppDownloadLimit
+
-
+
0
@@ -40172,21 +55310,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- IgnoreMOUpdateDownloadLimit
-
+ IgnoreMOUpdateDownloadLimit
+
-
+
0
@@ -40194,219 +55332,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- PauseDeferrals
-
+ ManageBuildPreview
+
-
-
-
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- PauseFeatureUpdates
-
-
-
-
-
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- PauseFeatureUpdatesStartTime
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- PauseQualityUpdates
-
-
-
-
-
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- PauseQualityUpdatesStartTime
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- PhoneUpdateRestrictions
-
-
-
-
-
- 4
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- RequireDeferUpgrade
-
-
-
-
-
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- RequireUpdateApproval
-
-
-
-
-
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- ScheduledInstallDay
-
-
-
-
-
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- ScheduledInstallTime
-
-
-
+
3
@@ -40414,65 +55354,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- ScheduleImminentRestartWarning
-
+ PauseDeferrals
+
-
-
-
- 15
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- ScheduleRestartWarning
-
-
-
-
-
- 4
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- SetAutoRestartNotificationDisable
-
-
-
+
0
@@ -40480,21 +55376,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- SetEDURestart
-
+ PauseFeatureUpdates
+
-
+
0
@@ -40502,43 +55398,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- UpdateServiceUrl
-
+ PauseFeatureUpdatesStartTime
+
-
-
-
- CorpWSUS
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- UpdateServiceUrlAlternate
-
-
-
+
@@ -40546,16 +55420,412 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
+
+
+
+
+ PauseQualityUpdates
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PauseQualityUpdatesStartTime
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PhoneUpdateRestrictions
+
+
+
+
+
+ 4
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RequireDeferUpgrade
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RequireUpdateApproval
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScheduledInstallDay
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScheduledInstallEveryWeek
+
+
+
+
+
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScheduledInstallFirstWeek
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScheduledInstallFourthWeek
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScheduledInstallSecondWeek
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScheduledInstallThirdWeek
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScheduledInstallTime
+
+
+
+
+
+ 3
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScheduleImminentRestartWarning
+
+
+
+
+
+ 15
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ScheduleRestartWarning
+
+
+
+
+
+ 4
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ SetAutoRestartNotificationDisable
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ SetEDURestart
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ UpdateServiceUrl
+
+
+
+
+
+ CorpWSUS
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ UpdateServiceUrlAlternate
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
phone
-
+
@@ -40578,10 +55848,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowAutoConnectToWiFiSenseHotspots
-
+ AllowAutoConnectToWiFiSenseHotspots
+
-
+
1
@@ -40589,21 +55859,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowInternetSharing
-
+ AllowInternetSharing
+
-
+
1
@@ -40611,21 +55881,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowManualWiFiConfiguration
-
+ AllowManualWiFiConfiguration
+
-
+
1
@@ -40633,21 +55903,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowWiFi
-
+ AllowWiFi
+
-
+
1
@@ -40655,21 +55925,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowWiFiDirect
-
+ AllowWiFiDirect
+
-
+
1
@@ -40677,21 +55947,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- WLANScanMode
-
+ WLANScanMode
+
-
+
0
@@ -40699,15 +55969,357 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
+
+
+
+ WindowsDefenderSecurityCenter
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ CompanyName
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ DisableAppBrowserUI
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ DisableEnhancedNotifications
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ DisableFamilyUI
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ DisableHealthUI
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ DisableNetworkUI
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ DisableNotifications
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ DisableVirusUI
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ DisallowExploitProtectionOverride
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ Email
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ EnableCustomizedToasts
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ EnableInAppCustomization
+
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ Phone
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
+
+
+ URL
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+
@@ -40730,10 +56342,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowSuggestedAppsInWindowsInkWorkspace
-
+ AllowSuggestedAppsInWindowsInkWorkspace
+
-
+
1
@@ -40741,22 +56353,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowWindowsInkWorkspace
-
+ AllowWindowsInkWorkspace
+
-
+
2
@@ -40764,16 +56376,16 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
@@ -40796,10 +56408,10 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- DisableLockScreenAppNotifications
-
+ DisableLockScreenAppNotifications
+
-
+
@@ -40807,25 +56419,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
logon.admx
Logon~AT~System~Logon
DisableLockScreenAppNotifications
-
+
- DontDisplayNetworkSelectionUI
-
+ DontDisplayNetworkSelectionUI
+
-
+
@@ -40833,25 +56445,25 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
logon.admx
Logon~AT~System~Logon
DontDisplayNetworkSelectionUI
-
+
- HideFastUserSwitching
-
+ HideFastUserSwitching
+
-
+
This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager. If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied. The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager. If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations.
0
@@ -40859,15 +56471,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
@@ -40890,10 +56502,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- AllowProjectionFromPC
-
+ AllowMdnsAdvertisement
+
-
+
+
+ This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowMdnsDiscovery
+
+
+
+
+ This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver.
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowProjectionFromPC
+
+
+
This policy allows you to turn off projection from a PC.
If you set it to 0, your PC cannot discover or project to other devices.
@@ -40903,21 +56559,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowProjectionFromPCOverInfrastructure
-
+ AllowProjectionFromPCOverInfrastructure
+
-
+
This policy allows you to turn off projection from a PC over infrastructure.
If you set it to 0, your PC cannot discover or project to other infrastructure devices, though it may still be possible to discover and project over WiFi Direct.
@@ -40927,21 +56583,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowProjectionToPC
-
+ AllowProjectionToPC
+
-
+
This policy setting allows you to turn off projection to a PC
If you set it to 0, your PC isn't discoverable and can't be projected to
@@ -40951,22 +56607,22 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
phone
-
+
- AllowProjectionToPCOverInfrastructure
-
+ AllowProjectionToPCOverInfrastructure
+
-
+
This policy setting allows you to turn off projection to a PC over infrastructure.
If you set it to 0, your PC cannot be discoverable and can't be projected to over infrastructure, though it may still be possible to project over WiFi Direct.
@@ -40976,21 +56632,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- AllowUserInputFromWirelessDisplayReceiver
-
+ AllowUserInputFromWirelessDisplayReceiver
+
-
+
1
@@ -40998,21 +56654,21 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
- RequirePinForPairing
-
+ RequirePinForPairing
+
-
+
This policy setting allows you to require a pin for pairing.
If you turn this on, the pairing ceremony for new devices will always require a PIN
@@ -41022,15 +56678,15 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
+
-
+
- text/plain
+ text/plain
-
+
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 9e26467563..c982bb06b0 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -1215,7 +1215,7 @@ Servers
./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/EncryptionMethod
- PFS2048
+ AES128
@@ -1224,7 +1224,7 @@ Servers
./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/IntegrityCheckMethod
- Eap
+ SHA256
@@ -1233,7 +1233,7 @@ Servers
./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/DHGroup
- SHA256
+ Group2
@@ -1242,7 +1242,7 @@ Servers
./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/PfsGroup
- AES128
+ PFS2048
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
new file mode 100644
index 0000000000..3df07a32ad
--- /dev/null
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -0,0 +1,95 @@
+---
+title: WindowsDefenderApplicationGuard CSP
+description: WindowsDefenderApplicationGuard CSP
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 06/27/2017
+---
+
+# WindowsDefenderApplicationGuard CSP
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in the Application Guard. This CSP was added in Windows 10, version 1709.
+
+The following diagram shows the WindowsDefenderApplicationGuard configuration service provider in tree format.
+
+
+
+**./Device/Vendor/MSFT/WindowsDefenderApplicationGuard**
+Root node. Supported operation is Get.
+
+
+**Settings**
+Interior node. Supported operation is Get.
+
+**Settings/AllowWindowsDefenderApplicationGuard**
+Turn on Windows Defender Application Guard in Enterprise Mode. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+ - 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment.
+ - 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container.
+
+**Settings/ClipboardFileType**
+Determines the type of content that can be copied from the host to Application Guard environment and vice versa. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+- 0 - Allow text copying.
+- 1 - Allow text and image copying.
+
+**Settings/ClipboardSettings**
+This policy setting allows you to decide how the clipboard behaves while in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete
+
+- 0 (default) - Completely turns Off the clipboard functionality for the Application Guard.
+- 1 - Turns On the clipboard functionality and lets you choose whether to additionally enable copying of certain content from Application Guard into Microsoft Edge and enable copying of certain content from Microsoft Edge into Application Guard.
+
+> [!Important]
+> Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.
+
+**Settings/PrintingSettings**
+This policy setting allows you to decide how the print functionality behaves while in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+- 0 - Disables all print functionality (default)
+- 1 - Enables only XPS printing
+- 2 - Enables only PDF printing
+- 3 - Enables both PDF and XPS printing
+- 4 - Enables only local printing
+- 5 - Enables both local and XPS printing - 6 - Enables both local and PDF printing
+- 7 - Enables local, PDF, and XPS printing
+- 8 - Enables only network printing
+- 9 - Enables both network and XPS printing
+- 10 - Enables both network and PDF printing
+- 11 - Enables network, PDF, and XPS printing
+- 12 - Enables both network and local printing
+- 13 - Enables network, local, and XPS printing
+- 14 - Enables network, local, and PDF printing
+- 15 - Enables all printing
+
+**Settings/BlockNonEnterpriseContent**
+This policy setting allows you to decide whether websites can load non-enterprise content in Microsoft Edge and Internet Explorer. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+- 0 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Windows Defender Application Guard.
+- 1 (default) - Non-enterprise sites can open outside of the Windows Defender Application Guard container, directly in Internet Explorer and Microsoft Edge.
+
+**Settings/AllowPersistence**
+This policy setting allows you to decide whether data should persist across different sessions in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+- 0 - Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user log-off.
+- 1 - Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
+
+**Status**
+Returns status on Application Guard installation and pre-requisites. Value type is integer. Supported operation is Get.
+
+**InstallWindowsDefenderApplicationGuard**
+Initiates remote installation of Application Guard feature. Supported operations are Get and Execute.
+
+**Audit**
+Interior node. Supported operation is Get
+
+**Audit/AuditApplicationGuard**
+This policy setting allows you to decide whether auditing events can be collected from Application Guard. Value type in integer. Supported operations are Add, Get, Replace, and Delete.
+
+- 0 (default) - - Audit event logs aren't collected for Application Guard.
+- 1 - Application Guard inherits its auditing policies from Microsoft Edge and starts to audit system events specifically for Application Guard.
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
new file mode 100644
index 0000000000..d70c704083
--- /dev/null
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -0,0 +1,290 @@
+---
+title: WindowsDefenderApplicationGuard DDF file
+description: WindowsDefenderApplicationGuard DDF file
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 06/27/2017
+---
+
+# WindowsDefenderApplicationGuard DDF file
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic shows the OMA DM device description framework (DDF) for the **WindowsDefenderApplicationGuard** configuration service provider.
+
+``` syntax
+
+]>
+
+ 1.2
+
+ WindowsDefenderApplicationGuard
+ ./Vendor/MSFT
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ com.microsoft/1.1/MDM/WindowsDefenderApplicationGuard
+
+
+
+ Settings
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ AllowWindowsDefenderApplicationGuard
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ClipboardFileType
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ClipboardSettings
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PrintingSettings
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ BlockNonEnterpriseContent
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ AllowPersistence
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ Status
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InstallWindowsDefenderApplicationGuard
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Audit
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ AuditApplicationGuard
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+```
\ No newline at end of file
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 7fa036486d..789b57b03a 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -18,6 +18,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
| New or changed topic | Description |
| --- | --- |
+| [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md) | Added guidelines for using Remote Desktop app as the kiosk app and added a general guideline that apps generated using the Desktop App Converter cannot be used for kiosk apps |
| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Added warning about using Shell Launcher to set a custom shell with an application that launches a different process and then exits |
| [Windows Configuration Designer command-line interface (reference)](provisioning-packages/provisioning-command-line.md) | Removed references to imaging |
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index fc598eebe1..ec6199f1a5 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -7,6 +7,8 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
localizationpriority: high
+ms.author: jdecker
+ms.date: 06/29/2017
---
# Guidelines for choosing an app for assigned access (kiosk mode)
@@ -27,6 +29,14 @@ The following guidelines may help you choose an appropriate Windows app for your
- Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app. If this happens, you must update the assigned access settings to launch the updated app, because assigned access uses the AUMID to determine which app to launch.
+- Apps that are generated using the [Desktop App Converter (Desktop Bridge)](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) cannot be used as kiosk apps.
+
+## Guidelines for using Remote Desktop app
+
+Kiosk apps open in full screen. When you assign [Remote Desktop](https://www.microsoft.com/store/apps/9wzdncrfj3ps) as the kiosk app, make sure the **Start connections in full screen** setting in the Remote Desktop app is set to **Off**.
+
+
+
## Guidelines for Windows apps that launch other apps
diff --git a/windows/configuration/images/rdc.png b/windows/configuration/images/rdc.png
new file mode 100644
index 0000000000..e0ea9ef548
Binary files /dev/null and b/windows/configuration/images/rdc.png differ
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index babe4c7aa6..7dc9c4e629 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -41,6 +41,8 @@
##### [Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md)
#### [Change history for Plan for Windows 10 deployment](planning/change-history-for-plan-for-windows-10-deployment.md)
+### [Overview of Windows AutoPilot](windows-10-auto-pilot.md)
+
### [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
### [Windows 10 deployment tools reference](windows-10-deployment-tools-reference.md)
diff --git a/windows/deployment/change-history-for-deploy-windows-10.md b/windows/deployment/change-history-for-deploy-windows-10.md
index 56563526b0..7353568c47 100644
--- a/windows/deployment/change-history-for-deploy-windows-10.md
+++ b/windows/deployment/change-history-for-deploy-windows-10.md
@@ -6,11 +6,17 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
+ms.date: 06/28/2017
---
# Change history for Deploy Windows 10
This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](/windows/windows-10).
+## June 2017
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Overview of Windows AutoPilot](windows-10-auto-pilot.md) | New |
+
## April 2017
| New or changed topic | Description |
|----------------------|-------------|
diff --git a/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md
index 5bc508fcfb..e98fea9e6f 100644
--- a/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md
@@ -15,7 +15,11 @@ author: mtniehaus
**Applies to**
-- Windows 10
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
Operating system images are typically the production image used for deployment throughout the organization. This topic shows you how to add a Windows 10 operating system image created with Microsoft System Center 2012 R2 Configuration Manager, and how to distribute the image to a distribution point.
diff --git a/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index 26edb53a36..275852e418 100644
--- a/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -15,7 +15,11 @@ author: mtniehaus
**Applies to**
-- Windows 10
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it is likely you will have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system.
diff --git a/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 8f39c84fb0..8bc4b7fb7e 100644
--- a/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -15,7 +15,11 @@ author: mtniehaus
**Applies to**
-- Windows 10
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
In Microsoft System Center 2012 R2 Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
diff --git a/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
index 74a433d179..2ecea45145 100644
--- a/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@@ -15,7 +15,11 @@ author: mtniehaus
**Applies to**
-- Windows 10
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
Microsoft System Center 2012 R2 Configuration Manager supports deploying applications as part of the Windows 10 deployment process. In this section, you create an application in System Center 2012 R2 Configuration Manager that you later configure the task sequence to use.
diff --git a/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md
index f79fad1745..bfbb8af872 100644
--- a/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md
@@ -15,7 +15,11 @@ author: mtniehaus
**Applies to**
-- Windows 10
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
In this topic, you will learn how to deploy Windows 10 using Microsoft System Center 2012 R2 Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) machine named PC0001.
diff --git a/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md b/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
index cad56a0160..95c5db41d0 100644
--- a/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
@@ -15,9 +15,13 @@ author: mtniehaus
**Applies to**
-- Windows 10
+- Windows 10 versions 1507, 1511
-If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT).
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+
+If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT).
For the purposes of this topic, we will use four machines: DC01, CM01, PC0003, and PC0004. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 standard. PC0003 and PC0004 are machines with Windows 7 SP1, on which Windows 10 will be deployed via both refresh and replace scenarios. In addition to these four ready-made machines, you could also include a few blank virtual machines to be used for bare-metal deployments. DC01, CM01, PC003, and PC0004 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
diff --git a/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
index 5534680f26..d7f678277e 100644
--- a/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@@ -15,7 +15,11 @@ author: mtniehaus
**Applies to**
-- Windows 10
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft System Center 2012 R2 Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence.
diff --git a/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md
index 1f778d1399..770ff5a251 100644
--- a/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md
@@ -15,7 +15,11 @@ author: mtniehaus
**Applies to**
-- Windows 10
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
In this topic, you will learn how to monitor a Windows 10 deployment that was started previously using Microsoft System Center 2012 R2 Configuration Manager and the Microsoft Deployment Toolkit (MDT) Deployment Workbench. You will also use the Deployment Workbench to access the computer remotely via the Microsoft Diagnostics and Recovery Toolkit (DaRT) Remote Connection feature.
diff --git a/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 5d3fafb49e..2b6360a89e 100644
--- a/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -15,7 +15,11 @@ author: mtniehaus
**Applies to**
-- Windows 10
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
This topic will walk you through the process of integrating Microsoft System Center 2012 R2 Configuration Manager SP1 with Microsoft Deployment Toolkit (MDT) 2013 Update 2, as well as the other preparations needed to deploying Windows 10 via Zero Touch Installation. Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE).
diff --git a/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index f8e6e98777..e872322669 100644
--- a/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -15,7 +15,11 @@ author: mtniehaus
**Applies to**
-- Windows 10
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2. When refreshing a machine to a later version, it appears as an upgrade to the end user, but technically it is not an in-place upgrade. A computer refresh also involves taking care of user data and settings from the old installation and making sure to restore those at the end of the installation. For more information, see [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
diff --git a/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index a30798b35b..4ff7b936bf 100644
--- a/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -15,7 +15,11 @@ author: mtniehaus
**Applies to**
-- Windows 10
+- Windows 10 versions 1507, 1511
+
+>[!IMPORTANT]
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
In this topic, you will learn how to replacing a Windows 7 SP1 computer using Microsoft System Center 2012 R2 Configuration Manager. This process is similar to refreshing a computer, but since you are replacing the machine, you have to run the backup job separately from the deployment of Windows 10.
diff --git a/windows/deployment/update/change-history-for-update-windows-10.md b/windows/deployment/update/change-history-for-update-windows-10.md
index 97ece9af22..3af0220b18 100644
--- a/windows/deployment/update/change-history-for-update-windows-10.md
+++ b/windows/deployment/update/change-history-for-update-windows-10.md
@@ -5,6 +5,8 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
+ms.author: daniha
+ms.date: 05/16/2017
---
# Change history for Update Windows 10
@@ -13,6 +15,12 @@ This topic lists new and updated topics in the [Update Windows 10](index.md) doc
>If you're looking for **update history** for Windows 10, see [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/help/12387/windows-10-update-history).
+## May 2017
+
+| New or changed topic | Description |
+| --- | --- |
+| [Manage additional Windows Update settings](waas-wu-settings.md) | New |
+
## RELEASE: Windows 10, version 1703
The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topics have been added:
diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md
index bc18ab0d95..4d6601fda8 100644
--- a/windows/deployment/update/index.md
+++ b/windows/deployment/update/index.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Update Windows 10 in the enterprise
diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md
index 4c15562191..e284dc274b 100644
--- a/windows/deployment/update/waas-branchcache.md
+++ b/windows/deployment/update/waas-branchcache.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Configure BranchCache for Windows 10 updates
diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md
index 18983b1998..b41a060c96 100644
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Configure Windows Update for Business
diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 919c9ff1d3..e15cd39494 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Configure Delivery Optimization for Windows 10 updates
diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
index bec102fa51..f8a51fb650 100644
--- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
+++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Build deployment rings for Windows 10 updates
diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md
index 36bba4f716..294a8ed333 100644
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Integrate Windows Update for Business with management solutions
diff --git a/windows/deployment/update/waas-manage-updates-configuration-manager.md b/windows/deployment/update/waas-manage-updates-configuration-manager.md
index 6d68004a30..13e614dbf4 100644
--- a/windows/deployment/update/waas-manage-updates-configuration-manager.md
+++ b/windows/deployment/update/waas-manage-updates-configuration-manager.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Deploy Windows 10 updates using System Center Configuration Manager
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index 2c9f7a83e5..f9cc0b2feb 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Deploy Windows 10 updates using Windows Server Update Services (WSUS)
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index d7207457f6..2c33b3ad01 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Deploy updates using Windows Update for Business
diff --git a/windows/deployment/update/waas-mobile-updates.md b/windows/deployment/update/waas-mobile-updates.md
index 570725361b..35ed31ba72 100644
--- a/windows/deployment/update/waas-mobile-updates.md
+++ b/windows/deployment/update/waas-mobile-updates.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile
diff --git a/windows/deployment/update/waas-optimize-windows-10-updates.md b/windows/deployment/update/waas-optimize-windows-10-updates.md
index 0d6fac4aab..f6ff84324d 100644
--- a/windows/deployment/update/waas-optimize-windows-10-updates.md
+++ b/windows/deployment/update/waas-optimize-windows-10-updates.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Optimize Windows 10 update delivery
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index c8811f1289..b1034016b5 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Overview of Windows as a service
diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md
index ae3f319cef..3a5f929896 100644
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Quick guide to Windows as a service
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index 4d57b5a82a..1c88ea8fb5 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Manage device restarts after updates
diff --git a/windows/deployment/update/waas-servicing-branches-windows-10-updates.md b/windows/deployment/update/waas-servicing-branches-windows-10-updates.md
index 964db9c8fc..43aade46a5 100644
--- a/windows/deployment/update/waas-servicing-branches-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-branches-windows-10-updates.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Assign devices to servicing branches for Windows 10 updates
diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
index 99c0566d7f..a53ddfc63c 100644
--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Prepare servicing strategy for Windows 10 updates
diff --git a/windows/deployment/update/waas-windows-insider-for-business-aad.md b/windows/deployment/update/waas-windows-insider-for-business-aad.md
index 5467e01600..9b9ebc28ce 100644
--- a/windows/deployment/update/waas-windows-insider-for-business-aad.md
+++ b/windows/deployment/update/waas-windows-insider-for-business-aad.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Windows Insider Program for Business using Azure Active Directory
diff --git a/windows/deployment/update/waas-windows-insider-for-business-faq.md b/windows/deployment/update/waas-windows-insider-for-business-faq.md
index aa84530023..4ad1cd7e3f 100644
--- a/windows/deployment/update/waas-windows-insider-for-business-faq.md
+++ b/windows/deployment/update/waas-windows-insider-for-business-faq.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Windows Insider Program for Business Frequently Asked Questions
diff --git a/windows/deployment/update/waas-windows-insider-for-business.md b/windows/deployment/update/waas-windows-insider-for-business.md
index 5308d3e795..4a57a47307 100644
--- a/windows/deployment/update/waas-windows-insider-for-business.md
+++ b/windows/deployment/update/waas-windows-insider-for-business.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Windows Insider Program for Business
diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index b2d249199f..006e2e91e3 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -6,6 +6,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
+ms.date: 05/16/2017
---
# Manage additional Windows Update settings
diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md
index 4b8c9d6362..5833d568ae 100644
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Walkthrough: use Group Policy to configure Windows Update for Business
diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md
index fd8cb722f8..8375a45ceb 100644
--- a/windows/deployment/update/waas-wufb-intune.md
+++ b/windows/deployment/update/waas-wufb-intune.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
+ms.author: daniha
---
# Walkthrough: use Microsoft Intune to configure Windows Update for Business
diff --git a/windows/deployment/windows-10-auto-pilot.md b/windows/deployment/windows-10-auto-pilot.md
index da64ff50b4..7413ecc71c 100644
--- a/windows/deployment/windows-10-auto-pilot.md
+++ b/windows/deployment/windows-10-auto-pilot.md
@@ -8,6 +8,8 @@ localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: DaniHalfin
+ms.author: daniha
+ms.date: 06/30/2017
---
# Overview of Windows AutoPilot
@@ -73,7 +75,7 @@ $wmi = Get-WMIObject -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01
$wmi.DeviceHardwareData | Out-File "$($env:COMPUTERNAME).txt"
```
>[!NOTE]
->This PowerShell script requires elevated permissions. The output format might not fit the upload method. Check out the [Microsoft Store for Business](/microsoft-store/add-profile-to-devices) or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot) for additional guidance.
+>This PowerShell script requires elevated permissions. The output format might not fit the upload method. Check out the Microsoft Store for Business or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot) for additional guidance.
By uploading this information to the Microsoft Store for Business or Partner Center admin portal, you'll be able to assign devices to your organization.
Additional options and customization is available through these portals to pre-configure the devices.
@@ -84,12 +86,9 @@ Options available for Windows 10, Version 1703:
* Skipping privacy settings
* Preventing the account used to set-up the device from getting local administrator permissions
-Additional options we are working on for the next Windows 10 release:
-* Skipping EULA
-* Personalizing the setup experience
-* MDM Support
+We are working to add additional options to further personalize and streamline the setup experience in future releases.
-To see additional details on how to customize the OOBE experience and how to follow this process, see guidance for [Microsoft Store for Business](/microsoft-store/add-profile-to-devices) or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot).
+To see additional details on how to customize the OOBE experience and how to follow this process, see guidance for Microsoft Store for Business or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot).
### IT-Driven
diff --git a/windows/device-security/applocker/tools-to-use-with-applocker.md b/windows/device-security/applocker/tools-to-use-with-applocker.md
index a5346774ab..7708198815 100644
--- a/windows/device-security/applocker/tools-to-use-with-applocker.md
+++ b/windows/device-security/applocker/tools-to-use-with-applocker.md
@@ -46,7 +46,7 @@ The following tools can help you administer the application control policies cre
- **AppLocker PowerShell cmdlets**
- The AppLocker Windows PowerShell cmdlets are designed to streamline the administration of AppLocker policy. They can be used to help create, test, maintain, and troubleshoot an AppLocker policy. The cmdlets are intended to be used in conjunction with the AppLocker user interface that is accessed through the Local Security Policy snap-in and the GPMC. For information about the cmdlets, see the [AppLocker PowerShell Command Reference](http://technet.microsoft.com/library/hh847210.aspx).
+ The AppLocker Windows PowerShell cmdlets are designed to streamline the administration of AppLocker policy. They can be used to help create, test, maintain, and troubleshoot an AppLocker policy. The cmdlets are intended to be used in conjunction with the AppLocker user interface that is accessed through the Local Security Policy snap-in and the GPMC. For information about the cmdlets, see the [AppLocker PowerShell Command Reference](https://technet.microsoft.com/itpro/powershell/windows/applocker/applocker).
## Related topics
diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md
index 266a77fc24..9714c77347 100644
--- a/windows/threat-protection/TOC.md
+++ b/windows/threat-protection/TOC.md
@@ -152,6 +152,7 @@
#### [Using Outlook Web Access with Windows Information Protection (WIP)](windows-information-protection\using-owa-with-wip.md)
## [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md)
## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
+## [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md)
## [Secure the windows 10 boot process](secure-the-windows-10-boot-process.md)
## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
diff --git a/windows/threat-protection/change-history-for-threat-protection.md b/windows/threat-protection/change-history-for-threat-protection.md
index c664fa8066..ee84b688ce 100644
--- a/windows/threat-protection/change-history-for-threat-protection.md
+++ b/windows/threat-protection/change-history-for-threat-protection.md
@@ -14,7 +14,8 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc
## June 2017
|New or changed topic |Description |
|---------------------|------------|
-[Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
+| [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) | New |
+|[Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
[Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
[Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
|[List of enlightened Microsoft apps for use with Windows Information Protection (WIP)](windows-information-protection\enlightened-microsoft-apps-and-wip.md)|Updated to include newly enlightened and supported apps.|
diff --git a/windows/threat-protection/how-hardware-based-containers-help-protect-windows.md b/windows/threat-protection/how-hardware-based-containers-help-protect-windows.md
new file mode 100644
index 0000000000..8b6124f000
--- /dev/null
+++ b/windows/threat-protection/how-hardware-based-containers-help-protect-windows.md
@@ -0,0 +1,60 @@
+---
+title: How hardware-based containers help protect Windows 10 (Windows 10)
+description: Windows 10 uses containers to isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised.
+ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: justinha
+ms.date: 06/29/2017
+---
+
+# How hardware-based containers help protect Windows 10
+
+Windows 10 uses containers to isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised.
+Windows 10 protects critical resources, such as the Windows authentication stack, single sign-on tokens, Windows Hello biometric stack, and Virtual Trusted Platform Module, by using a container type called Windows Defender System Guard.
+
+Protecting system services and data with Windows Defender System Guard is an important first step, but is just the beginning of what we need to do as it doesn’t protect the rest of the operating system, information on the device, other apps, or the network.
+Since systems are generally compromised through the application layer, and often though browsers, Windows 10 includes Windows Defender Application Guard to isolate Microsoft Edge from the operating system, information on the device, and the network.
+With this, Windows can start to protect the broader range of resources.
+
+The following diagram shows Windows Defender System Guard and Windows Defender Application Guard in relation to the Windows 10 operating system.
+
+
+
+## What security threats do containers protect against
+
+Exploiting zero days and vulnerabilities are an increasing threat that attackers are attempting to take advantage of.
+The following diagram shows the traditional Windows software stack: a kernel with an app platform, and an app running on top of it.
+Let’s look at how an attacker might elevate privileges and move down the stack.
+
+
+
+In desktop operating systems, those apps typically run under the context of the user’s privileges.
+If the app was malicious, it would have access to all the files in the file system, all the settings that you as a user Standard user have access to, and so on.
+
+A different type of app may run under the context of an Administrator.
+If attackers exploit a vulnerability in that app, they could gain Administrator privileges.
+Then they can start turning off defenses.
+
+They can poke down a little bit lower in the stack and maybe elevate to System, which is greater than Administrator.
+Or if they can exploit the kernel mode, they can turn on and turn off all defenses, while at the same time making the computer look healthy.
+SecOps tools could report the computer as healthy when in fact it’s completely under the control of someone else.
+
+One way to address this threat is to use a sandbox, as smartphones do.
+That puts a layer between the app layer and the Windows platform services.
+Universal Windows Platform (UWP) applications work this way.
+But what if a vulnerability in the sandbox exists?
+The attacker can escape and take control of the system.
+
+## How containers help protect Windows 10
+
+Windows 10 addresses this by using virtualization based security to isolate more and more components out of Windows (left side) over time and moving those components into a separate, isolated hardware container.
+The container helps prevent zero days and vulnerabilities from allowing an attacker to take control of a device.
+
+Anything that's running in that container on the right side will be safe, even from Windows, even if the kernel's compromised.
+Anything that's running in that container will also be secure against a compromised app.
+Initially, Windows Defender System Guard will protect things like authentication and other system services and data that needs to resist malware, and more things will be protected over time.
+
+
diff --git a/windows/threat-protection/images/application-guard-and-system-guard.png b/windows/threat-protection/images/application-guard-and-system-guard.png
new file mode 100644
index 0000000000..b4b883db90
Binary files /dev/null and b/windows/threat-protection/images/application-guard-and-system-guard.png differ
diff --git a/windows/threat-protection/images/traditional-windows-software-stack.png b/windows/threat-protection/images/traditional-windows-software-stack.png
new file mode 100644
index 0000000000..0da610c368
Binary files /dev/null and b/windows/threat-protection/images/traditional-windows-software-stack.png differ
diff --git a/windows/threat-protection/images/windows-defender-system-guard.png b/windows/threat-protection/images/windows-defender-system-guard.png
new file mode 100644
index 0000000000..865af86b19
Binary files /dev/null and b/windows/threat-protection/images/windows-defender-system-guard.png differ
diff --git a/windows/threat-protection/secure-the-windows-10-boot-process.md b/windows/threat-protection/secure-the-windows-10-boot-process.md
index 069d8b1578..2f0931b1dc 100644
--- a/windows/threat-protection/secure-the-windows-10-boot-process.md
+++ b/windows/threat-protection/secure-the-windows-10-boot-process.md
@@ -8,6 +8,7 @@ ms.pagetype: security
ms.sitesec: library
localizationpriority: medium
author: brianlic-msft
+ms.date: 06/23/2017
---
# Secure the Windows 10 boot process
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
index bcce59abef..d331e9d39e 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
@@ -21,7 +21,7 @@ Windows Defender Antivirus is a built-in antimalware solution that provides secu
This library of documentation is aimed for enterprise security administrators who are either considering deployment, or have already deployed and are wanting to manage and configure Windows Defender AV on PC endpoints in their network.
-For more important information about running Windows Defender on a server platform, see [Windows Defender Overview for Windows Server](https://technet.microsoft.com/library/dn765478.aspx).
+For more important information about running Windows Defender AV on a server platform, see [Windows Defender Overview for Windows Server](https://technet.microsoft.com/library/dn765478.aspx).
Windows Defender AV can be managed with:
- System Center Configuration Manager (as System Center Endpoint Protection, or SCEP)