@ -366,7 +366,7 @@ This setting allows the IT admin to set an app to be nonremovable, or unable to
NonRemovable requires admin permission. This can only be set per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
Value type is integer. Supported operations are Add, Get, and Replace.
Valid values:
- 0 – app is not in the nonremovable app policy list
<Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension.
When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel.
If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
If disabled or not configured, extensions defined as part of this policy get ignored.
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
<Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension.
When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel.
If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
If disabled or not configured, extensions defined as part of this policy get ignored.
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
<Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension.
When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel.
If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
If disabled or not configured, extensions defined as part of this policy get ignored.
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
@ -27063,7 +27208,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
</DFProperties>
</Node>
<Node>
<NodeName>DoNotSyncBrowserSetting</NodeName>
<NodeName>DoNotSyncBrowserSettings</NodeName>
<DFProperties>
<AccessType>
<Add/>
@ -27098,7 +27243,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
<Replace/>
</AccessType>
<Description>You can configure Microsoft Edge to allow users to turn on the Sync your Settings option to sync information, such as history and favorites, between user's devices. When enabled and you enable the Do not sync browser setting policy, browser settings sync automatically. If disabled, users have the option to sync the browser settings.
Related policy: DoNotSyncBrowserSetting
Related policy: DoNotSyncBrowserSettings
1 (default) = Do not allow users to turn on syncing, 0 = Allows users to turn on syncing</Description>
<Description>Microsoft network server: Amount of idle time required before suspending a session
This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity.
Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, the session is automatically reestablished.
For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days; in effect, this value disables the policy.
Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.</Description>
<Description>This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or do not configure this policy setting, then device name will not be sent to Microsoft as part of Windows diagnostic data.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne/>
</Occurrence>
<Scope>
<Dynamic/>
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>AllowEmbeddedMode</NodeName>
<DFProperties>
@ -44073,7 +44234,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
<Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension.
When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel.
If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
If disabled or not configured, extensions defined as part of this policy get ignored.
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
@ -54899,7 +55077,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
</DFProperties>
</Node>
<Node>
<NodeName>DoNotSyncBrowserSetting</NodeName>
<NodeName>DoNotSyncBrowserSettings</NodeName>
<DFProperties>
<AccessType>
<Get/>
@ -54935,7 +55113,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>You can configure Microsoft Edge to allow users to turn on the Sync your Settings option to sync information, such as history and favorites, between user's devices. When enabled and you enable the Do not sync browser setting policy, browser settings sync automatically. If disabled, users have the option to sync the browser settings.
Related policy: DoNotSyncBrowserSetting
Related policy: DoNotSyncBrowserSettings
1 (default) = Do not allow users to turn on syncing, 0 = Allows users to turn on syncing</Description>
<Description>Microsoft network server: Amount of idle time required before suspending a session
This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity.
Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, the session is automatically reestablished.
For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days; in effect, this value disables the policy.
Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.</Description>
@ -63402,7 +63545,7 @@ This setting can affect the ability of computers running Windows 2000 Server, Wi
<AccessType>
<Get/>
</AccessType>
<DefaultValue>0</DefaultValue>
<DefaultValue>3</DefaultValue>
<Description>Network security LAN Manager authentication level
This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:
@ -63455,7 +63598,7 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send
<AccessType>
<Get/>
</AccessType>
<DefaultValue>0</DefaultValue>
<DefaultValue>536870912</DefaultValue>
<Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
@ -63493,7 +63636,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
<AccessType>
<Get/>
</AccessType>
<DefaultValue>0</DefaultValue>
<DefaultValue>536870912</DefaultValue>
<Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
<Description>This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or do not configure this policy setting, then device name will not be sent to Microsoft as part of Windows diagnostic data.</Description>
### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
huypub
GitHub