Merge branch 'atp-phase2' of https://cpubwin.visualstudio.com/_git/it-client into atp-phase2

2025-05-16 07:17:24 +00:00 · 2018-08-20 15:21:05 -07:00 · 2018-08-20 15:21:05 -07:00 · 9b4c44f13c
commit 9b4c44f13c
parent 374cbe52e8 1f8987738a
1 changed files with 47 additions and 0 deletions
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@ -66,12 +66,59 @@ This security setting allows an administrator to define the members of a securit

 Caution: If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members.

+Starting in Windows 10, next major version, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of 0 members when applying the policy implies clearing the access group and should be used with caution.
+
+``` syntax
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" version="1.0">  
+  <xs:simpleType name="member_name">
+    <xs:restriction base="xs:string">
+      <xs:maxLength value="255" />
+    </xs:restriction>
+  </xs:simpleType>
+  <xs:element name="accessgroup">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element name="member" minOccurs="0" maxOccurs="unbounded">
+          <xs:annotation>
+            <xs:documentation>Restricted Group Member</xs:documentation>
+          </xs:annotation>
+          <xs:complexType>
+           <xs:attribute name="name" type="member_name" use="required"/>
+          </xs:complexType>
+        </xs:element>
+      </xs:sequence>
+      <xs:attribute name="desc" type="member_name" use="required"/>
+    </xs:complexType>
+  </xs:element>
+  <xs:element name="groupmembership">
+    <xs:complexType>
+       <xs:sequence>
+          <xs:element name="accessgroup" minOccurs="0" maxOccurs="unbounded">
+           <xs:annotation>
+              <xs:documentation>Restricted Group</xs:documentation>
+            </xs:annotation>
+          </xs:element>
+       </xs:sequence>
+    </xs:complexType>
+   </xs:element>
+</xs:schema>
+```
+
 <!--/Description-->
 <!--SupportedValues-->

 <!--/SupportedValues-->
 <!--Example-->
+Here is an example:

+```
+<groupmembership>
+ <accessgroup desc="Administrators">
+    <member name="Contoso\Alice" />
+    <member name = "S-188-5-5666-5-688" / >
+  </accessgroup>
+</groupmembership>
+```
 <!--/Example-->
 <!--Validation-->