From fd273e19ad6450e3836e2a35599f6a203937273b Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 13:37:19 +0530
Subject: [PATCH 01/13] Updated
---
.../mdm/policies-in-policy-csp-admx-backed.md | 2 +
.../policy-configuration-service-provider.md | 10 +
.../mdm/policy-csp-admx-admpwd.md | 125 +++++++++++
.../mdm/policy-csp-admx-dcom.md | 212 ++++++++++++++++++
windows/client-management/mdm/toc.yml | 2 +
5 files changed, 351 insertions(+)
create mode 100644 windows/client-management/mdm/policy-csp-admx-admpwd.md
create mode 100644 windows/client-management/mdm/policy-csp-admx-dcom.md
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 6c81fd4df2..dc030851a1 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -121,6 +121,8 @@ ms.date: 10/08/2020
- [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr)
- [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff)
- [ADMX_DataCollection/CommercialIdPolicy](./policy-csp-admx-datacollection.md#admx-datacollection-commercialidpolicy)
+- [ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList](./policy-csp-admx-dcom-dcomactivationsecuritycheckallowlocallist)
+- [ADMX_DCOM/DCOMActivationSecurityCheckExemptionList](./policy-csp-admx-dcom-dcomactivationsecuritycheckexemptionlist)
- [ADMX_Desktop/AD_EnableFilter](./policy-csp-admx-desktop.md#admx-desktop-ad-enablefilter)
- [ADMX_Desktop/AD_HideDirectoryFolder](./policy-csp-admx-desktop.md#admx-desktop-ad-hidedirectoryfolder)
- [ADMX_Desktop/AD_QueryLimit](./policy-csp-admx-desktop.md#admx-desktop-ad-querylimit)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index a03f3f09f7..c9104ce9b1 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -555,6 +555,16 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_DCOM policies
+
+
+ -
+ ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList
+
+ -
+ ADMX_DCOM/DCOMActivationSecurityCheckExemptionList
+
+
### ADMX_Desktop policies
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
new file mode 100644
index 0000000000..e67627501c
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@@ -0,0 +1,125 @@
+---
+title: Policy CSP - ADMX_AdmPwd
+description: Policy CSP - ADMX_AdmPwd
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 08/09/2021
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_AdmPwd
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_AdmPwd policies
+
+
+ -
+ ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy
+
+ -
+ ADMX_AdmPwd/POL_AdmPwd_Enabled
+
+ -
+ ADMX_AdmPwd/POL_AdmPwd_AdminName
+
+ -
+ ADMX_AdmPwd/POL_AdmPwd
+
+
+
+
+
+**ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting controls the installation of ActiveX controls for sites in Trusted zone.
+
+If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting.
+
+If you disable or do not configure this policy setting, ActiveX controls prompt the user before installation.
+
+If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certificate errors that you want to ignore.
+
+> [!NOTE]
+> This policy setting applies to all sites in Trusted zones.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Establish ActiveX installation policy for sites in Trusted zones*
+- GP name: *AxISURLZonePolicies*
+- GP path: *Windows Components\ActiveX Installer Service*
+- GP ADMX file name: *ActiveXInstallService.admx*
+
+
+
+
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md
new file mode 100644
index 0000000000..a7729ee3a4
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@@ -0,0 +1,212 @@
+---
+title: Policy CSP - ADMX_DCOM
+description: Policy CSP - ADMX_DCOM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/08/2021
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DCOM
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_DCOM policies
+
+
+ -
+ ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList
+
+ -
+ ADMX_DCOM/DCOMActivationSecurityCheckExemptionList
+
+
+
+
+
+
+
+**ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.
+
+- If you enable this policy setting, and DCOM does not find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
+
+- If you disable this policy setting, DCOM will not look in the locally configured DCOM activation security check exemption list.
+If you do not configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy is not configured.
+
+> [!NOTE]
+> This policy setting applies to all sites in Trusted zones.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Allow local activation security check exemptions*
+- GP name: *DCOMActivationSecurityCheckAllowLocalList*
+- GP path: *Windows Components\AppCompat!AllowLocalActivationSecurityCheckExemptionList*
+- GP ADMX file name: *DCOM.admx*
+
+
+
+
+
+
+**ADMX_DCOM/DCOMActivationSecurityCheckExemptionList**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to view and change a list of DCOM server application IDs (appids), which are exempted from the DCOM Activation security check.
+DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators.
+DCOM ignores the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled.
+DCOM server application IDs added to this policy must be listed in curly brace format.
+
+For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`.
+If you enter a non-existent or improperly formatted application ID DCOM will add it to the list without checking for errors.
+- If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings.
+
+If you add an application ID to this list and set its value to 1, DCOM will not enforce the Activation security check for that DCOM server.
+If you add an application ID to this list and set its value to 0 DCOM will always enforce the Activation security check for that DCOM server regardless of local
+settings.
+- If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.
+
+If you do not configure this policy setting, the application ID exemption list defined by local computer administrators is used. Notes: The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.
+This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries this may mean that object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.
+
+The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short-term as an application compatibility deployment aid.
+DCOM servers added to this exemption list are only exempted if their custom launch permissions do not contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups.
+
+> [!NOTE]
+> Exemptions for DCOM Server Application IDs added to this list will apply to both 32-bit and 64-bit versions of the server if present.
+>
+> [!NOTE]
+> This policy setting applies to all sites in Trusted zones.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Allow local activation security check exemptions*
+- GP name: *DCOMActivationSecurityCheckExemptionList*
+- GP path: *Windows Components\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList*
+- GP ADMX file name: *DCOM.admx*
+
+
+
+
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 1d385366fb..2059ba23b0 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -439,6 +439,8 @@ items:
href: policy-csp-admx-ctrlaltdel.md
- name: ADMX_DataCollection
href: policy-csp-admx-datacollection.md
+ - name: ADMX_DCOM
+ href: policy-csp-admx-dcom.md
- name: ADMX_Desktop
href: policy-csp-admx-desktop.md
- name: ADMX_DeviceInstallation
From 81e900e93d74da11793a280db26f9bff7043b332 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 14:41:26 +0530
Subject: [PATCH 02/13] Updated
---
.../mdm/policies-in-policy-csp-admx-backed.md | 2 +
.../policy-configuration-service-provider.md | 5 +-
.../mdm/policy-csp-admx-devicecompat.md | 175 ++++++++++++++++++
3 files changed, 180 insertions(+), 2 deletions(-)
create mode 100644 windows/client-management/mdm/policy-csp-admx-devicecompat.md
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index dc030851a1..048284cd5f 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -152,6 +152,8 @@ ms.date: 10/08/2020
- [ADMX_Desktop/sz_DB_DragDropClose](./policy-csp-admx-desktop.md#admx-desktop-sz-db-dragdropclose)
- [ADMX_Desktop/sz_DB_Moving](./policy-csp-admx-desktop.md#admx-desktop-sz-db-moving)
- [ADMX_Desktop/sz_DWP_NoHTMLPaper](./policy-csp-admx-desktop.md#admx-desktop-sz-dwp-nohtmlpaper)
+- [ADMX_DeviceCompat/DeviceFlags](./policy-csp-admx-devicecompat.md#admx-devicecompat-deviceflags)
+- [ADMX_DeviceCompat/DriverShims](./policy-csp-admx-devicecompat.md#admx-devicecompat-drivershims)
- [ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-allowadmininstall)
- [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-detailtext)
- [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-simpletext)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index c9104ce9b1..bfc4d24d58 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -565,7 +565,8 @@ The following diagram shows the Policy configuration service provider in tree fo
ADMX_DCOM/DCOMActivationSecurityCheckExemptionList
-### ADMX_Desktop policies
+
+### ADMX_Desktop policies
-
@@ -656,7 +657,7 @@ The following diagram shows the Policy configuration service provider in tree fo
ADMX_Desktop/sz_DWP_NoHTMLPaper
-
+
### ADMX_DeviceInstallation policies
diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
new file mode 100644
index 0000000000..f53dd522fc
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@@ -0,0 +1,175 @@
+---
+title: Policy CSP - ADMX_DeviceCompat
+description: Policy CSP - ADMX_DeviceCompat
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 08/09/2021
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DeviceCompat
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_DeviceCompat policies
+
+
+ -
+ ADMX_DeviceCompat/DeviceFlags
+
+ -
+ ADMX_DeviceCompat/DriverShims
+
+
+
+
+
+
+
+**ADMX_DeviceCompat/DeviceFlags**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Changes behavior of Microsoft bus drivers to work with specific devices.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Device compatibility settings*
+- GP name: *DeviceFlags*
+- GP path: *Windows Components\Device and Driver Compatibility*
+- GP ADMX file name: *DeviceCompat.admx*
+
+
+
+
+
+
+**ADMX_DeviceCompat/DriverShims**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Changes behavior of third-party drivers to work around incompatibilities introduced between OS versions.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Driver compatibility settings*
+- GP name: *DriverShims*
+- GP path: *Windows Components\Device and Driver Compatibility*
+- GP ADMX file name: *DeviceCompat.admx*
+
+
+
+
+
\ No newline at end of file
From cc6b656412dcddfaafb53794b723d320bcb24a42 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 14:50:36 +0530
Subject: [PATCH 03/13] Updated
---
.../mdm/policy-configuration-service-provider.md | 14 +++++++++++++-
windows/client-management/mdm/toc.yml | 2 ++
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index bfc4d24d58..88d025827c 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -657,7 +657,19 @@ The following diagram shows the Policy configuration service provider in tree fo
ADMX_Desktop/sz_DWP_NoHTMLPaper
-
+
+### ADMX_DeviceCompat policies
+
+
+ -
+ ADMX_DeviceCompat/DeviceFlags
+
+ -
+ ADMX_DeviceCompat/DriverShims
+
+
+
+
### ADMX_DeviceInstallation policies
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 2059ba23b0..f3d73b6112 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -443,6 +443,8 @@ items:
href: policy-csp-admx-dcom.md
- name: ADMX_Desktop
href: policy-csp-admx-desktop.md
+ - name: ADMX_DeviceCompat
+ href: policy-csp-admx-devicecompat.md
- name: ADMX_DeviceInstallation
href: policy-csp-admx-deviceinstallation.md
- name: ADMX_DeviceSetup
From aed5d2a66d9283798d9b15acad3c0272d15eb8a1 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 15:11:45 +0530
Subject: [PATCH 04/13] Updated
---
.../mdm/policies-in-policy-csp-admx-backed.md | 1 +
.../policy-configuration-service-provider.md | 3 +-
.../mdm/policy-csp-admx-dfs.md | 117 ++++++++++++++++++
3 files changed, 119 insertions(+), 2 deletions(-)
create mode 100644 windows/client-management/mdm/policy-csp-admx-dfs.md
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 048284cd5f..ce9b2705ba 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -189,6 +189,7 @@ ms.date: 10/08/2020
- [ADMX_DnsClient/DNS_UpdateTopLevelDomainZones](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-updatetopleveldomainzones)
- [ADMX_DnsClient/DNS_UseDomainNameDevolution](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-usedomainnamedevolution)
- [ADMX_DnsClient/Turn_Off_Multicast](./policy-csp-admx-dnsclient.md#admx-dnsclient-turn-off-multicast)
+- [ADMX_DFS/DFSDiscoverDC](./policy-csp-admx-dfs.md#admx-dfs-dfsdiscoverdc)
- [ADMX_DWM/DwmDefaultColorizationColor_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-1)
- [ADMX_DWM/DwmDefaultColorizationColor_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdefaultcolorizationcolor-2)
- [ADMX_DWM/DwmDisallowAnimations_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowanimations-1)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 88d025827c..8e071ca433 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -799,8 +799,7 @@ The following diagram shows the Policy configuration service provider in tree fo
-### ADMX_DWM policies
-
+###_ADMX_DWM policies
-
ADMX_DWM/DwmDefaultColorizationColor_1
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
new file mode 100644
index 0000000000..c2f21eea30
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -0,0 +1,117 @@
+---
+title: Policy CSP - ADMX_DFS
+description: Policy CSP - ADMX_DFS
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/08/2021
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DFS
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_DFS policies
+
+
+ -
+ ADMX_DFS/DFSDiscoverDC
+
+
+
+
+
+
+
+**ADMX_DFS/DFSDiscoverDC**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network.
+By default, a DFS client attempts to discover domain controllers every 15 minutes.
+
+- If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers.
+This value is specified in minutes.
+
+- If you disable or do not configure this policy setting, the default value of 15 minutes applies.
+
+> [!NOTE]
+> The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Configure how often a DFS client discovers domain controllers*
+- GP name: *DFSDiscoverDC*
+- GP path: *Windows Components\ActiveX Installer Service*
+- GP ADMX file name: *DFS.admx*
+
+
+
+
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+
+
From 5ea5020592f5016f275b29af33f214324191f73c Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 15:34:18 +0530
Subject: [PATCH 05/13] Updated
---
.../mdm/policy-configuration-service-provider.md | 2 +-
windows/client-management/mdm/toc.yml | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 8e071ca433..0bf7c71cf4 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -799,7 +799,7 @@ The following diagram shows the Policy configuration service provider in tree fo
-###_ADMX_DWM policies
+### ADMX_DWM policies
-
ADMX_DWM/DwmDefaultColorizationColor_1
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index f3d73b6112..4409c38540 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -449,6 +449,8 @@ items:
href: policy-csp-admx-deviceinstallation.md
- name: ADMX_DeviceSetup
href: policy-csp-admx-devicesetup.md
+ - name: ADMX_DFS
+ href: policy-csp-admx-dfs.md
- name: ADMX_DigitalLocker
href: policy-csp-admx-digitallocker.md
- name: ADMX_DistributedLinkTracking
From 41169cc5f9b454bc238991fe19443b1128930845 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 15:52:24 +0530
Subject: [PATCH 06/13] Updated
---
.../mdm/policy-configuration-service-provider.md | 1 -
windows/client-management/mdm/policy-csp-admx-dfs.md | 1 +
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 0bf7c71cf4..f9a17d97e0 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -711,7 +711,6 @@ The following diagram shows the Policy configuration service provider in tree fo
### ADMX_DigitalLocker policies
-
-
ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
index c2f21eea30..fc3cdf1b1d 100644
--- a/windows/client-management/mdm/policy-csp-admx-dfs.md
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -16,6 +16,7 @@ manager: dansimp
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
From f7f107fb73761a36a312e2fbac48cc78431ae9b8 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 16:00:37 +0530
Subject: [PATCH 07/13] Updated
---
.../mdm/policy-configuration-service-provider.md | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index f9a17d97e0..36b9ca5353 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -710,8 +710,19 @@ The following diagram shows the Policy configuration service provider in tree fo
-### ADMX_DigitalLocker policies
+### ADMX_DFS policies
+
+
-
+ ADMX_DFS/DFSDiscoverDC
+
+
+
+### ADMX_DigitalLocker policies
+
+
+
ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1
From 66db42db3d07a9cd58b9f7fc582a4fd5b90ac42f Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 17:27:59 +0530
Subject: [PATCH 08/13] Updated
---
.../mdm/policies-in-policy-csp-admx-backed.md | 1 +
.../policy-configuration-service-provider.md | 1 -
.../mdm/policy-csp-admx-deviceguard.md | 119 ++++++++++++++++++
3 files changed, 120 insertions(+), 1 deletion(-)
create mode 100644 windows/client-management/mdm/policy-csp-admx-deviceguard.md
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index ce9b2705ba..cb9e4b2fbd 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -162,6 +162,7 @@ ms.date: 10/08/2020
- [ADMX_DeviceInstallation/DeviceInstall_Removable_Deny](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-removable-deny)
- [ADMX_DeviceInstallation/DeviceInstall_SystemRestore](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-systemrestore)
- [ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-classes-allowuser)
+- [ADMX_DeviceGuard/ConfigCIPolicy](./policy-csp-admx-deviceguard.md#admx-deviceguard-configcipolicy)
- [ADMX_DeviceSetup/DeviceInstall_BalloonTips](./policy-csp-admx-devicesetup.md#admx-devicesetup-deviceinstall-balloontips)
- [ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-searchorderconfiguration)
- [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 36b9ca5353..895c4bf6e4 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -669,7 +669,6 @@ The following diagram shows the Policy configuration service provider in tree fo
-
### ADMX_DeviceInstallation policies
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
new file mode 100644
index 0000000000..079455128a
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -0,0 +1,119 @@
+---
+title: Policy CSP - ADMX_DeviceGuard
+description: Policy CSP - ADMX_DeviceGuard
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/08/2021
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DeviceGuard
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_DeviceGuard policies
+
+
+ -
+ ADMX_DeviceGuard/ConfigCIPolicy
+
+
+
+
+
+
+
+**ADMX_DeviceGuard/ConfigCIPolicy**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed to run on that machine.
+
+If you deploy a Code Integrity Policy, Windows will restrict what can run in both kernel mode and on the Windows Desktop based on the policy.
+
+To enable this policy the machine must be rebooted.
+The file path must be either a UNC path (for example, `\\ServerName\ShareName\SIPolicy.p7b`),
+or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`.
+
+The local machine account (LOCAL SYSTEM) must have access permission to the policy file.
+If using a signed and protected policy then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:
+1. First update the policy to a non-protected policy and then disable the setting.
+2. Disable the setting and then remove the policy from each computer, with a physically present user.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Deploy Windows Defender Application Control*
+- GP name: *ConfigCIPolicy*
+- GP path: *Windows Components/DeviceGuard!DeployConfigCIPolicy*
+- GP ADMX file name: *DeviceGuard.admx*
+
+
+
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+
+
From b91e9bdc1b946853d368246f5e0d912bf4924a5f Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Wed, 8 Sep 2021 17:34:16 +0530
Subject: [PATCH 09/13] Updated
---
.../mdm/policy-configuration-service-provider.md | 7 +++++++
windows/client-management/mdm/toc.yml | 4 +++-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 895c4bf6e4..e3f98b9005 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -669,6 +669,13 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_DeviceGuard policies
+
+ -
+ ADMX_DeviceGuard/ConfigCIPolicy
+
+
+
### ADMX_DeviceInstallation policies
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 4409c38540..4395fbc920 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -444,7 +444,9 @@ items:
- name: ADMX_Desktop
href: policy-csp-admx-desktop.md
- name: ADMX_DeviceCompat
- href: policy-csp-admx-devicecompat.md
+ href: policy-csp-admx-devicecompat.md
+ - name: ADMX_DeviceGuard
+ href: policy-csp-admx-deviceguard.md
- name: ADMX_DeviceInstallation
href: policy-csp-admx-deviceinstallation.md
- name: ADMX_DeviceSetup
From 7ae962b5fba949d615df06e981ed24d35faf0245 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 9 Sep 2021 11:07:34 +0530
Subject: [PATCH 10/13] Updated
---
.../policy-configuration-service-provider.md | 11 +
.../mdm/policy-csp-admx-diskdiagnostic.md | 204 ++++++++++++++++++
2 files changed, 215 insertions(+)
create mode 100644 windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index e3f98b9005..a394943879 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -736,6 +736,17 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_DiskDiagnostic policies
+
+
+ -
+ ADMX_DiskDiagnostic/DfdAlertPolicy
+
+ -
+ ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy
+
+
+
### ADMX_DistributedLinkTracking policies
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
new file mode 100644
index 0000000000..eecf8264d6
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -0,0 +1,204 @@
+---
+title: Policy CSP - ADMX_DiskDiagnostic
+description: Policy CSP - ADMX_DiskDiagnostic
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/08/2021
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_DiskDiagnostic
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_DiskDiagnostic policies
+
+
+ -
+ ADMX_DiskDiagnostic/DfdAlertPolicy
+
+ -
+ ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy
+
+
+
+
+
+
+
+**ADMX_DiskDiagnostic/DfdAlertPolicy**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
+
+- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
+- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
+
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed.
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
+> [!NOTE]
+> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Configure custom alert text*
+- GP name: *DfdAlertPolicy*
+- GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
+- GP ADMX file name: *DiskDiagnostic.admx*
+
+
+
+
+
+
+
+**ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics.
+
+Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur.
+
+- If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.
+- If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.
+- If you do not configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
+
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
+> [!NOTE]
+> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP Friendly name: *Configure execution level*
+- GP name: *WdiScenarioExecutionPolicy*
+- GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
+- GP ADMX file name: *DiskDiagnostic.admx*
+
+
+
+
+
+> [!NOTE]
+> These policies are for upcoming release.
+
+
+
From 5c827349602dd50932ae91b533329359de75c654 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 9 Sep 2021 15:01:01 +0530
Subject: [PATCH 11/13] Updated
---
.../mdm/policies-in-policy-csp-admx-backed.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index cb9e4b2fbd..b5ce749a5a 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -121,8 +121,8 @@ ms.date: 10/08/2020
- [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr)
- [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff)
- [ADMX_DataCollection/CommercialIdPolicy](./policy-csp-admx-datacollection.md#admx-datacollection-commercialidpolicy)
-- [ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList](./policy-csp-admx-dcom-dcomactivationsecuritycheckallowlocallist)
-- [ADMX_DCOM/DCOMActivationSecurityCheckExemptionList](./policy-csp-admx-dcom-dcomactivationsecuritycheckexemptionlist)
+- [ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList](./policy-csp-admx-dcom.md#admx-dcomactivationsecuritycheckallowlocallist)
+- [ADMX_DCOM/DCOMActivationSecurityCheckExemptionList](./policy-csp-admx-dcom.md#admx-dcomactivationsecuritycheckexemptionlist)
- [ADMX_Desktop/AD_EnableFilter](./policy-csp-admx-desktop.md#admx-desktop-ad-enablefilter)
- [ADMX_Desktop/AD_HideDirectoryFolder](./policy-csp-admx-desktop.md#admx-desktop-ad-hidedirectoryfolder)
- [ADMX_Desktop/AD_QueryLimit](./policy-csp-admx-desktop.md#admx-desktop-ad-querylimit)
From 6f64bc5651706a553acc637c85cc3e35edcda1de Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 9 Sep 2021 20:59:25 +0530
Subject: [PATCH 12/13] Updated
---
.../mdm/policies-in-policy-csp-admx-backed.md | 4 ++--
windows/client-management/mdm/policy-csp-admx-admpwd.md | 4 +++-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index b5ce749a5a..c4eba79f3d 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -121,8 +121,8 @@ ms.date: 10/08/2020
- [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr)
- [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff)
- [ADMX_DataCollection/CommercialIdPolicy](./policy-csp-admx-datacollection.md#admx-datacollection-commercialidpolicy)
-- [ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList](./policy-csp-admx-dcom.md#admx-dcomactivationsecuritycheckallowlocallist)
-- [ADMX_DCOM/DCOMActivationSecurityCheckExemptionList](./policy-csp-admx-dcom.md#admx-dcomactivationsecuritycheckexemptionlist)
+- [ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList](./policy-csp-admx-dcom.md#admx-dcom-dcomactivationsecuritycheckallowlocallist)
+- [ADMX_DCOM/DCOMActivationSecurityCheckExemptionList](./policy-csp-admx-dcom.md#admx-dcom-dcomactivationsecuritycheckexemptionlist)
- [ADMX_Desktop/AD_EnableFilter](./policy-csp-admx-desktop.md#admx-desktop-ad-enablefilter)
- [ADMX_Desktop/AD_HideDirectoryFolder](./policy-csp-admx-desktop.md#admx-desktop-ad-hidedirectoryfolder)
- [ADMX_Desktop/AD_QueryLimit](./policy-csp-admx-desktop.md#admx-desktop-ad-querylimit)
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
index e67627501c..273f31c37b 100644
--- a/windows/client-management/mdm/policy-csp-admx-admpwd.md
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@@ -22,7 +22,8 @@ manager: dansimp
## ADMX_AdmPwd policies
- -
+
+
-
ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy
-
@@ -34,6 +35,7 @@ manager: dansimp
-
ADMX_AdmPwd/POL_AdmPwd
From d72ad55cf12e1ac2d582d8ee6eedfe6928c2028c Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 9 Sep 2021 21:11:26 +0530
Subject: [PATCH 13/13] Updated
---
.../mdm/policy-csp-admx-admpwd.md | 127 ------------------
1 file changed, 127 deletions(-)
delete mode 100644 windows/client-management/mdm/policy-csp-admx-admpwd.md
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
deleted file mode 100644
index 273f31c37b..0000000000
--- a/windows/client-management/mdm/policy-csp-admx-admpwd.md
+++ /dev/null
@@ -1,127 +0,0 @@
----
-title: Policy CSP - ADMX_AdmPwd
-description: Policy CSP - ADMX_AdmPwd
-ms.author: dansimp
-ms.localizationpriority: medium
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: nimishasatapathy
-ms.date: 08/09/2021
-ms.reviewer:
-manager: dansimp
----
-
-# Policy CSP - ADMX_AdmPwd
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-
-
-
-
-## ADMX_AdmPwd policies
-
-
-
--
- ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy
-
- -
- ADMX_AdmPwd/POL_AdmPwd_Enabled
-
- -
- ADMX_AdmPwd/POL_AdmPwd_AdminName
-
- -
- ADMX_AdmPwd/POL_AdmPwd
-
-
-
-
-
-**ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy**
-
-
-
-
- | Edition |
- Windows 10 |
- Windows 11 |
-
-
- | Home |
- No |
- No |
-
-
- | Pro |
- No |
- No |
-
-
- | Business |
- No |
- No |
-
-
- | Enterprise |
- Yes |
- Yes |
-
-
- | Education |
- Yes |
- Yes |
-
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting controls the installation of ActiveX controls for sites in Trusted zone.
-
-If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting.
-
-If you disable or do not configure this policy setting, ActiveX controls prompt the user before installation.
-
-If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certificate errors that you want to ignore.
-
-> [!NOTE]
-> This policy setting applies to all sites in Trusted zones.
-
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-
-ADMX Info:
-- GP Friendly name: *Establish ActiveX installation policy for sites in Trusted zones*
-- GP name: *AxISURLZonePolicies*
-- GP path: *Windows Components\ActiveX Installer Service*
-- GP ADMX file name: *ActiveXInstallService.admx*
-
-
-
-
-
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
-
-