From 6dcdcc43c2b9ce158b9adbf90af05f86b12936c5 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 20 Sep 2021 14:15:43 +0530 Subject: [PATCH 01/36] Updated --- .../policy-configuration-service-provider.md | 10 + .../policy-csp-admx-mobilepcmobilitycenter.md | 190 ++++++++++++++++++ windows/client-management/mdm/toc.yml | 2 + 3 files changed, 202 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 6922bada43..dc10c98c81 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2306,6 +2306,16 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC +### ADMX_MobilePCMobilityCenter policies +
+
+ ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1 +
+
+ ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2 +
+
+ ### ADMX_MSAPolicy policies
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md new file mode 100644 index 0000000000..c514981896 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md @@ -0,0 +1,190 @@ +--- +title: Policy CSP - ADMX_MobilePCMobilityCenter +description: Policy CSP - ADMX_MobilePCMobilityCenter +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/20/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_MobilePCMobilityCenter +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_MobilePCMobilityCenter policies + +
+
+ ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1 +
+
+ ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2 +
+
+ + +
+ + +**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting turns off Windows Mobility Center. +- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it. + +- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it. + +If you do not configure this policy setting, Windows Mobility Center is on by default. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Turn off Windows Mobility Center* +- GP name: *MobilityCenterEnable_1* +- GP path: *Windows Components\Windows Mobility Center* +- GP ADMX file name: *MobilePCMobilityCenter.admx* + + + +
+ + +**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting turns off Windows Mobility Center. +- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it. + +- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it. + +If you do not configure this policy setting, Windows Mobility Center is on by default. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Turn off Windows Mobility Center* +- GP name: *MobilityCenterEnable_2* +- GP path: *Windows Components\Windows Mobility Center* +- GP ADMX file name: *MobilePCMobilityCenter.admx* + + +
+ +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index af181cb7c5..37c84827f5 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -519,6 +519,8 @@ items: href: policy-csp-admx-mmc.md - name: ADMX_MMCSnapins href: policy-csp-admx-mmcsnapins.md + - name: ADMX_MobilePCMobilityCenter + href: policy-csp-admx-mobilepcmobilitycenter.md - name: ADMX_MSAPolicy href: policy-csp-admx-msapolicy.md - name: ADMX_msched From 023fcde4af5f6675f04a17cb4b1bcb99b5b10802 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 20 Sep 2021 14:43:30 +0530 Subject: [PATCH 02/36] Update policies-in-policy-csp-admx-backed.md --- .../client-management/mdm/policies-in-policy-csp-admx-backed.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 586e5edcc6..353f5eca6e 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -640,6 +640,8 @@ ms.date: 10/08/2020 - [ADMX_MMCSnapins/MMC_WiredNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirednetworkpolicy) - [ADMX_MMCSnapins/MMC_WirelessMon](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessmon) - [ADMX_MMCSnapins/MMC_WirelessNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessnetworkpolicy) +- [ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1](./policy-csp-admx-mobilepcmobilitycenter.md#admx-mobilepcmobilitycenter-mobilitycenterenable_1) +- [ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2](./policy-csp-admx-mobilepcmobilitycenter.md#admx-mobilepcmobilitycenter-mobilitycenterenable_2) - [ADMX_MSAPolicy/IncludeMicrosoftAccount_DisableUserAuthCmdLine](./policy-csp-admx-msapolicy.md#admx-msapolicy-microsoftaccount-disableuserauth) - [ADMX_msched/ActivationBoundaryPolicy](./policy-csp-admx-msched.md#admx-msched-activationboundarypolicy) - [ADMX_msched/RandomDelayPolicy](./policy-csp-admx-msched.md#admx-msched-randomdelaypolicy) From eca59c5b077d5a70229b7a490a1700a70acbf15e Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 20 Sep 2021 15:04:15 +0530 Subject: [PATCH 03/36] Updated --- .../mdm/policies-in-policy-csp-admx-backed.md | 2 + .../policy-configuration-service-provider.md | 10 + ...y-csp-admx-mobilepcpresentationsettings.md | 201 ++++++++++++++++++ windows/client-management/mdm/toc.yml | 2 + 4 files changed, 215 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 353f5eca6e..1bb7ad184c 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -642,6 +642,8 @@ ms.date: 10/08/2020 - [ADMX_MMCSnapins/MMC_WirelessNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessnetworkpolicy) - [ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1](./policy-csp-admx-mobilepcmobilitycenter.md#admx-mobilepcmobilitycenter-mobilitycenterenable_1) - [ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2](./policy-csp-admx-mobilepcmobilitycenter.md#admx-mobilepcmobilitycenter-mobilitycenterenable_2) +- - [ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1](./policy-csp-admx-mobilepcpresentationsettings.md#admx-mobilepcpresentationsettings-presentationsettingsenable_1) +- [ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2](./policy-csp-admx-mobilepcpresentationsettings.md#admx-mobilepcpresentationsettings-presentationsettingsenable_2) - [ADMX_MSAPolicy/IncludeMicrosoftAccount_DisableUserAuthCmdLine](./policy-csp-admx-msapolicy.md#admx-msapolicy-microsoftaccount-disableuserauth) - [ADMX_msched/ActivationBoundaryPolicy](./policy-csp-admx-msched.md#admx-msched-activationboundarypolicy) - [ADMX_msched/RandomDelayPolicy](./policy-csp-admx-msched.md#admx-msched-randomdelaypolicy) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index dc10c98c81..268a0d7466 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2316,6 +2316,16 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_MobilePCPresentationSettings policies +
+
+ ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1 +
+
+ ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2 +
+
+ ### ADMX_MSAPolicy policies
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md new file mode 100644 index 0000000000..c9acb157db --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md @@ -0,0 +1,201 @@ +--- +title: Policy CSP - ADMX_MobilePCPresentationSettings +description: Policy CSP - ADMX_MobilePCPresentationSettings +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/20/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_MobilePCPresentationSettings +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_MobilePCPresentationSettings policies + +
+
+ ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1 +
+
+ ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2/a> +
+
+ + +
+ + +**ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting turns off Windows presentation settings. + +- If you enable this policy setting, Windows presentation settings cannot be invoked. + +- If you disable this policy setting, Windows presentation settings can be invoked. + +The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image. + +> [!NOTE] +> Users will be able to customize their system settings for presentations in Windows Mobility Center. +If you do not configure this policy setting, Windows presentation settings can be invoked. + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Turn off Windows presentation settings* +- GP name: *PresentationSettingsEnable_1* +- GP path: *Windows Components\Presentation Settings* +- GP ADMX file name: *MobilePCPresentationSettings.admx* + + + +
+ + +**ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting turns off Windows presentation settings. + +- If you enable this policy setting, Windows presentation settings cannot be invoked. + +- If you disable this policy setting, Windows presentation settings can be invoked. + +The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image. + +> [!NOTE] +> Users will be able to customize their system settings for presentations in Windows Mobility Center. +If you do not configure this policy setting, Windows presentation settings can be invoked. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Turn off Windows presentation settings* +- GP name: *PresentationSettingsEnable_2* +- GP path: *Windows Components\Presentation Settings* +- GP ADMX file name: *MobilePCPresentationSettings.admx* + + +
+ +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 37c84827f5..2dd529ab0c 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -521,6 +521,8 @@ items: href: policy-csp-admx-mmcsnapins.md - name: ADMX_MobilePCMobilityCenter href: policy-csp-admx-mobilepcmobilitycenter.md + - name: ADMX_MobilePCPresentationSettings + href: policy-csp-admx-mobilepcpresentationsettings.md - name: ADMX_MSAPolicy href: policy-csp-admx-msapolicy.md - name: ADMX_msched From 72434e722d84ef3da046397c37632035f66528f6 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 20 Sep 2021 16:21:19 +0530 Subject: [PATCH 04/36] Updated --- .../mdm/policies-in-policy-csp-admx-backed.md | 1 + .../policy-configuration-service-provider.md | 7 + .../mdm/policy-csp-admx-msifilerecovery.md | 124 ++++++++++++++++++ windows/client-management/mdm/toc.yml | 2 + 4 files changed, 134 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-msifilerecovery.md diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 1bb7ad184c..13e3236ece 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -674,6 +674,7 @@ ms.date: 10/08/2020 - [ADMX_MSI/SafeForScripting](./policy-csp-admx-msi.md#admx-msi-safeforscripting) - [ADMX_MSI/SearchOrder](./policy-csp-admx-msi.md#admx-msi-searchorder) - [ADMX_MSI/TransformsSecure](./policy-csp-admx-msi.md#admx-msi-transformssecure) +- [ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy](./policy-csp-admx-msifilerecovery.md#admx-msifilerecovery-wdiscenarioexecutionpolicy) - [ADMX_nca/CorporateResources](./policy-csp-admx-nca.md#admx-nca-corporateresources) - [ADMX_nca/CustomCommands](./policy-csp-admx-nca.md#admx-nca-customcommands) - [ADMX_nca/DTEs](./policy-csp-admx-nca.md#admx-nca-dtes) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 268a0d7466..92295261e4 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2435,6 +2435,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_MsiFileRecovery policies +
+
+ ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy +
+
+ ### ADMX_nca policies
diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md new file mode 100644 index 0000000000..e21f15744c --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md @@ -0,0 +1,124 @@ +--- +title: Policy CSP - ADMX_MsiFileRecovery +description: Policy CSP - ADMX_MsiFileRecovery +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/20/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_MsiFileRecovery +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_MsiFileRecovery policies + +
+
+ ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy +
+
+ +
+ + +**ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states: + +- Prompt for Resolution: Detection, troubleshooting, and recovery of corrupted MSI applications will be turned on. Windows will prompt the user with a dialog-box when application reinstallation is required. +This is the default recovery behavior on Windows client. + +- Silent: Detection, troubleshooting, and notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will suggest the application that should be re-installed. This behavior is recommended for headless operation and is the default recovery behavior on Windows server. + +- Troubleshooting Only: Detection and verification of file corruption will be performed without UI. +Recovery is not attempted. + +- If you enable this policy setting, the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client), Silent (default on Windows server), or Troubleshooting Only. + +- If you disable this policy setting, the troubleshooting and recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be attempted. + +If you do not configure this policy setting, the recovery behavior for corrupted files will be set to the default recovery behavior. No system or service restarts are required for changes to this policy setting to take immediate effect after a Group Policy refresh. + +> [!NOTE] +> This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in to the Microsoft Management Console. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Configure MSI Corrupted File Recovery behavior* +- GP name: *WdiScenarioExecutionPolicy* +- GP path: *System\Troubleshooting and Diagnostics\MSI Corrupted File Recovery* +- GP ADMX file name: *MsiFileRecovery.admx* + + + + +
+ +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + \ No newline at end of file diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 2dd529ab0c..3629dd19f6 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -531,6 +531,8 @@ items: href: policy-csp-admx-msdt.md - name: ADMX_MSI href: policy-csp-admx-msi.md + - name: ADMX_MsiFileRecovery + href: policy-csp-admx-msifilerecovery.md - name: ADMX_nca href: policy-csp-admx-nca.md - name: ADMX_NCSI From 70eca1d8acd782683c5bde30516389b50993121a Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Mon, 20 Sep 2021 16:25:56 +0530 Subject: [PATCH 05/36] Update toc.yml --- windows/client-management/mdm/toc.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 3629dd19f6..ba198b9a24 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -531,8 +531,8 @@ items: href: policy-csp-admx-msdt.md - name: ADMX_MSI href: policy-csp-admx-msi.md - - name: ADMX_MsiFileRecovery - href: policy-csp-admx-msifilerecovery.md + - name: ADMX_MsiFileRecovery + href: policy-csp-admx-msifilerecovery.md - name: ADMX_nca href: policy-csp-admx-nca.md - name: ADMX_NCSI From 1831d0f21258b92ab44eabfe095b27877dcf171a Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Tue, 21 Sep 2021 00:02:43 +0530 Subject: [PATCH 06/36] Create policy-csp-admx-pca.md --- .../mdm/policy-csp-admx-pca.md | 612 ++++++++++++++++++ 1 file changed, 612 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-pca.md diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md new file mode 100644 index 0000000000..1e864220e1 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -0,0 +1,612 @@ +--- +title: Policy CSP - ADMX_pca +description: Policy CSP - ADMX_pca +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/20/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_pca +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_pca policies + +
+
+ ADMX_pca/CorporateResources +
+
+ ADMX_pca/CustomCommands +
+
+ ADMX_pca/DTEs +
+
+ ADMX_pca/FriendlyName +
+
+ ADMX_pca/LocalNamesOn +
+
+ ADMX_pca/PassiveMode +
+
+ + +
+ + +**ADMX_nca/CorporateResources** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. + +Each string can be one of the following types: + +- A DNS name or IPv6 address that NCA pings. The syntax is “PING:” followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com or PING:2002:836b:1::1. + +> [!NOTE] +> We recommend that you use FQDNs instead of IPv6 addresses wherever possible. + +> [!IMPORTANT] +> At least one of the entries must be a PING: resource. +> - A Uniform Resource Locator (URL) that NCA queries with a Hypertext Transfer Protocol (HTTP) request. The contents of the web page do not matter. The syntax is “HTTP:” followed by a URL. The host portion of the URL must resolve to an IPv6 address of a Web server or contain an IPv6 address. Examples: HTTP:http://myserver.corp.contoso.com/ or HTTP:http://2002:836b:1::1/. +> - A Universal Naming Convention (UNC) path to a file that NCA checks for existence. The contents of the file do not matter. The syntax is “FILE:” followed by a UNC path. The ComputerName portion of the UNC path must resolve to an IPv6 address or contain an IPv6 address. Examples: FILE:\\myserver\myshare\test.txt or FILE:\\2002:836b:1::1\myshare\test.txt. + +You must configure this setting to have complete NCA functionality. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Corporate Resources* +- GP name: *CorporateResources* +- GP path: *Network\DirectAccess Client Experience Settings* +- GP ADMX file name: *nca.admx* + + + +
+ + +**ADMX_nca/CustomCommands** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Custom Commands* +- GP name: *CustomCommands* +- GP path: *Network\DirectAccess Client Experience Settings* +- GP ADMX file name: *nca.admx* + + + +
+ + +**ADMX_nca/DTEs** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. + +By default, NCA uses the same DirectAccess server that the DirectAccess client computer connection is using. In default configurations of DirectAccess, there are typically two IPsec tunnel endpoints: one for the infrastructure tunnel and one for the intranet tunnel. You should configure one endpoint for each tunnel. + +Each entry consists of the text PING: followed by the IPv6 address of an IPsec tunnel endpoint. Example: PING:2002:836b:1::836b:1. + +You must configure this setting to have complete NCA functionality. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *IPsec Tunnel Endpoints* +- GP name: *DTEs* +- GP path: *Network\DirectAccess Client Experience Settings* +- GP ADMX file name: *nca.admx* + + + +
+ + +**ADMX_nca/FriendlyName** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example, you can specify “Contoso Intranet Access” for the DirectAccess clients of the Contoso Corporation. + +If this setting is not configured, the string that appears for DirectAccess connectivity is “Corporate Connection”. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Friendly Name* +- GP name: *FriendlyName* +- GP path: *Network\DirectAccess Client Experience Settings* +- GP ADMX file name: *nca.admx* + + + +
+ + +**ADMX_nca/LocalNamesOn** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon. + +If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names. + +The ability to disconnect allows users to specify single-label, unqualified names (such as “PRINTSVR”) for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAccess client computer is connected to its own intranet. + +To restore the DirectAccess rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect. + +> [!NOTE] +> If the DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect because the rules for DirectAccess are already removed from the NRPT. + +If this setting is not configured, users do not have Connect or Disconnect options. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Prefer Local Names Allowed* +- GP name: *LocalNamesOn* +- GP path: *Network\DirectAccess Client Experience Settings* +- GP ADMX file name: *nca.admx* + + + +
+ + +**ADMX_nca/PassiveMode** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether NCA service runs in Passive Mode or not. + +Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured, NCA probing is in active mode by default. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *DirectAccess Passive Mode* +- GP name: *PassiveMode* +- GP path: *Network\DirectAccess Client Experience Settings* +- GP ADMX file name: *nca.admx* + + + +
+ + +**ADMX_nca/ShowUI** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon. + +Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. + +If this setting is not configured, the entry for DirectAccess connectivity appears. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *User Interface* +- GP name: *ShowUI* +- GP path: *Network\DirectAccess Client Experience Settings* +- GP ADMX file name: *nca.admx* + + + +
+ + +**ADMX_nca/SupportEmail** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. + +When the user sends the log files to the Administrator, NCA uses the default e-mail client to open a new message with the support email address in the To: field of the message, then attaches the generated log files as a .html file. The user can review the message and add additional information before sending the message. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Support Email Address* +- GP name: *SupportEmail* +- GP path: *Network\DirectAccess Client Experience Settings* +- GP ADMX file name: *nca.admx* + + + +
+ +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + + From 975f118841778abd83a7546441be9450f45b69e5 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Tue, 21 Sep 2021 10:09:46 +0530 Subject: [PATCH 07/36] Update policy-csp-admx-pca.md --- .../mdm/policy-csp-admx-pca.md | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md index 1e864220e1..44a74c85ba 100644 --- a/windows/client-management/mdm/policy-csp-admx-pca.md +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -23,22 +23,25 @@ manager: dansimp
- ADMX_pca/CorporateResources + ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy
- ADMX_pca/CustomCommands + ADMX_pca/DetectDeprecatedComponentFailuresPolicy
- ADMX_pca/DTEs + ADMX_pca/DetectInstallFailuresPolicy
- ADMX_pca/FriendlyName + ADMX_pca/DetectUndetectedInstallersPolicy
- ADMX_pca/LocalNamesOn + ADMX_pca/DetectUpdateFailuresPolicy
- ADMX_pca/PassiveMode + ADMX_pca/DisablePcaUIPolicy +
+
+ ADMX_pca/DetectBlockedDriversPolicy
@@ -51,8 +54,9 @@ manager: dansimp - - + + + From 8770f865dae605025a92ea0d1c710262ede7d540 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 22 Sep 2021 00:20:59 +0530 Subject: [PATCH 08/36] Updated --- .../mdm/policies-in-policy-csp-admx-backed.md | 6 - .../policy-configuration-service-provider.md | 59 ++- .../mdm/policy-csp-admx-pca.md | 352 ++++++++---------- ...csp-admx-shellcommandpromptregedittools.md | 340 ----------------- .../policy-csp-admx-windowsanytimeupgrade.md | 106 ------ .../policy-csp-admx-windowsfileprotection.md | 348 ----------------- windows/client-management/mdm/toc.yml | 4 - 7 files changed, 180 insertions(+), 1035 deletions(-) delete mode 100644 windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md delete mode 100644 windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md delete mode 100644 windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 13e3236ece..718cb27cee 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -963,7 +963,6 @@ ms.date: 10/08/2020 - [ADMX_ShellCommandPromptRegEditTools/DisableRegedit](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disableregedit) - [ADMX_ShellCommandPromptRegEditTools/DisallowApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disallowapps) - [ADMX_ShellCommandPromptRegEditTools/RestrictApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd) -- [ADMX_SkyDrive/PreventNetworkTrafficPreUserSignIn](./policy-csp-admx-skydrive.md#admx-skydrive-preventnetworktrafficpreusersignin) - [ADMX_Smartcard/AllowCertificatesWithNoEKU](./policy-csp-admx-smartcard.md#admx-smartcard-allowcertificateswithnoeku) - [ADMX_Smartcard/AllowIntegratedUnblock](./policy-csp-admx-smartcard.md#admx-smartcard-allowintegratedunblock) - [ADMX_Smartcard/AllowSignatureOnlyKeys](./policy-csp-admx-smartcard.md#admx-smartcard-allowsignatureonlykeys) @@ -1242,7 +1241,6 @@ ms.date: 10/08/2020 - [ADMX_WCM/WCM_MinimizeConnections](./policy-csp-admx-wcm.md#admx-wcm-wcm-minimizeconnections) - [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1) - [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2) -- [ADMX_WindowsAnytimeUpgrade/Disabled](./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled) - [ADMX_WindowsConnectNow/WCN_DisableWcnUi_1](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1) - [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2) - [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar) @@ -1317,10 +1315,6 @@ ms.date: 10/08/2020 - [ADMX_WindowsExplorer/ShowSleepOption](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-showsleepoption) - [ADMX_WindowsExplorer/TryHarderPinnedLibrary](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedlibrary) - [ADMX_WindowsExplorer/TryHarderPinnedOpenSearch](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedopensearch) -- [ADMX_WindowsFileProtection/WFPShowProgress](./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpshowprogress) -- [ADMX_WindowsFileProtection/WFPQuota](./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpquota) -- [ADMX_WindowsFileProtection/WFPScan](./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpscan) -- [ADMX_WindowsFileProtection/WFPDllCacheDir](./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpdllcachedir) - [ADMX_WindowsMediaDRM/DisableOnline](./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline) - [ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurehttpproxysettings) - [ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configuremmsproxysettings) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 92295261e4..ff5d419c89 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2833,6 +2833,32 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC +### ADMX_pca policies + +
+
+ ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy +
+
+ ADMX_pca/DetectDeprecatedComponentFailuresPolicy +
+
+ ADMX_pca/DetectInstallFailuresPolicy +
+
+ ADMX_pca/DetectUndetectedInstallersPolicy +
+
+ ADMX_pca/DetectUpdateFailuresPolicy +
+
+ ADMX_pca/DisablePcaUIPolicy +
+
+ ADMX_pca/DetectBlockedDriversPolicy +
+
+ ### ADMX_PeerToPeerCaching policies
@@ -3426,14 +3452,6 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
-### ADMX_SkyDrive policies - -
-
- ADMX_SkyDrive/PreventNetworkTrafficPreUserSignIn -
-
- ### ADMX_Smartcard policies
@@ -4333,14 +4351,6 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
-### ADMX_WindowsAnytimeUpgrade policies - -
-
- ADMX_WindowsAnytimeUpgrade/Disabled -
-
- ### ADMX_WindowsConnectNow policies
@@ -8611,23 +8621,6 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
-### ADMX_WindowsFileProtection policies - -
-
- ADMX_WindowsFileProtection/WFPShowProgress -
-
- ADMX_WindowsFileProtection/WFPQuota -
-
- ADMX_WindowsFileProtection/WFPScan -
-
- ADMX_WindowsFileProtection/WFPDllCacheDir -
-
- ### WindowsInkWorkspace policies
diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md index 44a74c85ba..614dba42f4 100644 --- a/windows/client-management/mdm/policy-csp-admx-pca.md +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -49,7 +49,7 @@ manager: dansimp
-**ADMX_nca/CorporateResources** +**ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy**
Windows EditionSupported?EditionWindows 10Windows 11
Home
@@ -60,23 +60,28 @@ manager: dansimp - + + - + + - + + - + + - + +
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck markYesYes
Educationcross markYesYes
@@ -93,21 +98,17 @@ manager: dansimp -Available in the latest Windows 10 Insider Preview Build. This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. +This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility. -Each string can be one of the following types: +- If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website. +- If you disable this policy setting, the PCA does not detect compatibility issues for applications and drivers. -- A DNS name or IPv6 address that NCA pings. The syntax is “PING:” followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com or PING:2002:836b:1::1. +If you do not configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. > [!NOTE] -> We recommend that you use FQDNs instead of IPv6 addresses wherever possible. +> This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy setting is enabled. -> [!IMPORTANT] -> At least one of the entries must be a PING: resource. -> - A Uniform Resource Locator (URL) that NCA queries with a Hypertext Transfer Protocol (HTTP) request. The contents of the web page do not matter. The syntax is “HTTP:” followed by a URL. The host portion of the URL must resolve to an IPv6 address of a Web server or contain an IPv6 address. Examples: HTTP:http://myserver.corp.contoso.com/ or HTTP:http://2002:836b:1::1/. -> - A Universal Naming Convention (UNC) path to a file that NCA checks for existence. The contents of the file do not matter. The syntax is “FILE:” followed by a UNC path. The ComputerName portion of the UNC path must resolve to an IPv6 address or contain an IPv6 address. Examples: FILE:\\myserver\myshare\test.txt or FILE:\\2002:836b:1::1\myshare\test.txt. - -You must configure this setting to have complete NCA functionality. +The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console. > [!TIP] @@ -119,43 +120,48 @@ You must configure this setting to have complete NCA functionality. ADMX Info: -- GP Friendly name: *Corporate Resources* -- GP name: *CorporateResources* -- GP path: *Network\DirectAccess Client Experience Settings* -- GP ADMX file name: *nca.admx* +- GP Friendly name: *Detect compatibility issues for applications and drivers* +- GP name: *DetectDeprecatedCOMComponentFailuresPolicy* +- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* +- GP ADMX file name: *pca.admx* -
- -**ADMX_nca/CustomCommands** +
+**ADMX_pca/DetectDeprecatedComponentFailuresPolicy** - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck markYesYes
Educationcross markYesYes
@@ -172,7 +178,10 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands. +This setting exists only for backward compatibility, and is not valid for this version of Windows. + +To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative +Templates\Windows Components\Application Compatibility. > [!TIP] @@ -184,43 +193,50 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting sp ADMX Info: -- GP Friendly name: *Custom Commands* -- GP name: *CustomCommands* -- GP path: *Network\DirectAccess Client Experience Settings* -- GP ADMX file name: *nca.admx* +- GP Friendly name: *Detect application install failures* +- GP name: *DetectDeprecatedComponentFailuresPolicy* +- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* +- GP ADMX file name: *pca.admx* +
- -**ADMX_nca/DTEs** +**ADMX_pca/DetectInstallFailuresPolicy** - +
+ - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck markYesYes
Educationcross markYesYes
@@ -237,13 +253,8 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. -By default, NCA uses the same DirectAccess server that the DirectAccess client computer connection is using. In default configurations of DirectAccess, there are typically two IPsec tunnel endpoints: one for the infrastructure tunnel and one for the intranet tunnel. You should configure one endpoint for each tunnel. - -Each entry consists of the text PING: followed by the IPv6 address of an IPsec tunnel endpoint. Example: PING:2002:836b:1::836b:1. - -You must configure this setting to have complete NCA functionality. +This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. > [!TIP] @@ -255,43 +266,49 @@ You must configure this setting to have complete NCA functionality. ADMX Info: -- GP Friendly name: *IPsec Tunnel Endpoints* -- GP name: *DTEs* -- GP path: *Network\DirectAccess Client Experience Settings* -- GP ADMX file name: *nca.admx* +- GP Friendly name: *Detect applications unable to launch installers under UAC* +- GP name: *DetectInstallFailuresPolicy* +- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* +- GP ADMX file name: *pca.admx*
- -**ADMX_nca/FriendlyName** +**ADMX_pca/DetectUndetectedInstallersPolicy** - +
+ - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck markYesYes
Educationcross markYesYes
@@ -308,9 +325,8 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example, you can specify “Contoso Intranet Access” for the DirectAccess clients of the Contoso Corporation. -If this setting is not configured, the string that appears for DirectAccess connectivity is “Corporate Connection”. +This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. > [!TIP] @@ -322,43 +338,49 @@ If this setting is not configured, the string that appears for DirectAccess conn ADMX Info: -- GP Friendly name: *Friendly Name* -- GP name: *FriendlyName* -- GP path: *Network\DirectAccess Client Experience Settings* -- GP ADMX file name: *nca.admx* +- GP Friendly name: *Detect application failures caused by deprecated Windows DLLs* +- GP name: *DetectUndetectedInstallersPolicy* +- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* +- GP ADMX file name: *pca.admx*
- -**ADMX_nca/LocalNamesOn** +**ADMX_pca/DetectUpdateFailuresPolicy** - +
+ - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck markYesYes
Educationcross markYesYes
@@ -375,18 +397,9 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon. -If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names. - -The ability to disconnect allows users to specify single-label, unqualified names (such as “PRINTSVR”) for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAccess client computer is connected to its own intranet. - -To restore the DirectAccess rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect. - -> [!NOTE] -> If the DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect because the rules for DirectAccess are already removed from the NRPT. - -If this setting is not configured, users do not have Connect or Disconnect options. +This setting exists only for backward compatibility, and is not valid for this version of Windows. +To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. > [!TIP] @@ -398,43 +411,49 @@ If this setting is not configured, users do not have Connect or Disconnect optio ADMX Info: -- GP Friendly name: *Prefer Local Names Allowed* -- GP name: *LocalNamesOn* -- GP path: *Network\DirectAccess Client Experience Settings* -- GP ADMX file name: *nca.admx* +- GP Friendly name: *Detect application failures caused by deprecated COM objects* +- GP name: *DetectUpdateFailuresPolicy* +- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* +- GP ADMX file name: *pca.admx*
- -**ADMX_nca/PassiveMode** +**ADMX_pca/DisablePcaUIPolicy** - +
+ - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck markYesYes
Educationcross markYesYes
@@ -451,9 +470,10 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether NCA service runs in Passive Mode or not. -Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured, NCA probing is in active mode by default. +This setting exists only for backward compatibility, and is not valid for this version of Windows. +To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -464,43 +484,49 @@ Set this to Disabled to keep NCA probing actively all the time. If this setting ADMX Info: -- GP Friendly name: *DirectAccess Passive Mode* -- GP name: *PassiveMode* -- GP path: *Network\DirectAccess Client Experience Settings* -- GP ADMX file name: *nca.admx* +- GP Friendly name: *Detect application installers that need to be run as administrator* +- GP name: *DisablePcaUIPolicy* +- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* +- GP ADMX file name: *pca.admx*
- -**ADMX_nca/ShowUI** +**ADMX_pca/DetectBlockedDriversPolicy** - +
+ - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck markYesYes
Educationcross markYesYes
@@ -517,11 +543,9 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon. -Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. - -If this setting is not configured, the entry for DirectAccess connectivity appears. +This setting exists only for backward compatibility, and is not valid for this version of Windows. +To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. > [!TIP] @@ -533,81 +557,13 @@ If this setting is not configured, the entry for DirectAccess connectivity appea ADMX Info: -- GP Friendly name: *User Interface* -- GP name: *ShowUI* -- GP path: *Network\DirectAccess Client Experience Settings* -- GP ADMX file name: *nca.admx* +- GP Friendly name: *Notify blocked drivers* +- GP name: *DetectBlockedDriversPolicy* +- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics* +- GP ADMX file name: *pca.admx* -
- - -**ADMX_nca/SupportEmail** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. - -When the user sends the log files to the Administrator, NCA uses the default e-mail client to open a new message with the support email address in the To: field of the message, then attaches the generated log files as a .html file. The user can review the message and add additional information before sending the message. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP Friendly name: *Support Email Address* -- GP name: *SupportEmail* -- GP path: *Network\DirectAccess Client Experience Settings* -- GP ADMX file name: *nca.admx* - - - -
> [!NOTE] > These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md deleted file mode 100644 index 7d8f85894f..0000000000 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ /dev/null @@ -1,340 +0,0 @@ ---- -title: Policy CSP - ADMX_ShellCommandPromptRegEditTools -description: Policy CSP - ADMX_ShellCommandPromptRegEditTools -ms.author: dansimp -ms.localizationpriority: medium -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 09/21/2020 -ms.reviewer: -manager: dansimp ---- - -# Policy CSP - ADMX_ShellCommandPromptRegEditTools -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - -
- - -## ADMX_ShellCommandPromptRegEditTools policies - -
-
- ADMX_ShellCommandPromptRegEditTools/DisableCMD -
-
- ADMX_ShellCommandPromptRegEditTools/DisableRegedit -
-
- ADMX_ShellCommandPromptRegEditTools/DisallowApps -
-
- ADMX_ShellCommandPromptRegEditTools/RestrictApps -
-
- - -
- - -**ADMX_ShellCommandPromptRegEditTools/DisableCMD** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from running the interactive command prompt, Cmd.exe. This policy setting also determines whether batch files (.cmd and .bat) can run on the computer. - -If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. - -If you disable this policy setting or do not configure it, users can run Cmd.exe and batch files normally. - -> [!NOTE] -> Do not prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP Friendly name: *Prevent access to the command prompt* -- GP name: *DisableCMD* -- GP path: *System* -- GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx* - - - -
- - -**ADMX_ShellCommandPromptRegEditTools/DisableRegedit** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in the latest Windows 10 Insider Preview Build. Disables the Windows registry editor Regedit.exe. - -If you enable this policy setting and the user tries to start Regedit.exe, a message appears explaining that a policy setting prevents the action. - -If you disable this policy setting or do not configure it, users can run Regedit.exe normally. - -To prevent users from using other administrative tools, use the "Run only specified Windows applications" policy setting. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP Friendly name: *Prevent access to registry editing tools* -- GP name: *DisableRegedit* -- GP path: *System* -- GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx* - - - - -
- - -**ADMX_ShellCommandPromptRegEditTools/DisallowApps** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Windows from running the programs you specify in this policy setting. - -If you enable this policy setting, users cannot run programs that you add to the list of disallowed applications. - -If you disable this policy setting or do not configure it, users can run any programs. - -This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. - -> [!NOTE] -> Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. -> To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe). - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP Friendly name: *Don't run specified Windows applications* -- GP name: *DisallowApps* -- GP path: *System* -- GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx* - - - -
- - -**ADMX_ShellCommandPromptRegEditTools/RestrictApps** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in the latest Windows 10 Insider Preview Build. Limits the Windows programs that users have permission to run on the computer. - -If you enable this policy setting, users can only run programs that you add to the list of allowed applications. - -If you disable this policy setting or do not configure it, users can run all applications. - -This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. - -> [!NOTE] -> Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. -> To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe). - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP Friendly name: *Run only specified Windows applications* -- GP name: *RestrictApps* -- GP path: *System* -- GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx* - - - -
- -> [!NOTE] -> These policies are currently only available as part of a Windows Insider release. - - - diff --git a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md deleted file mode 100644 index ab4c4a6c88..0000000000 --- a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Policy CSP - ADMX_WindowsAnytimeUpgrade -description: Policy CSP - ADMX_WindowsAnytimeUpgrade -ms.author: dansimp -ms.localizationpriority: medium -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 09/29/2020 -ms.reviewer: -manager: dansimp ---- - -# Policy CSP - ADMX_WindowsAnytimeUpgrade -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - -
- - -## ADMX_WindowsAnytimeUpgrade policies - -
-
- ADMX_WindowsAnytimeUpgrade/Disabled -
-
- - -
- - -**ADMX_WindowsAnytimeUpgrade/Disabled** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device -> * User - -
- - - -Available in the latest Windows 10 Insider Preview Build. By default, Add features to Windows 10 is available for all administrators. - -If you enable this policy setting, the wizard will not run. - -If you disable this policy setting or set it to Not Configured, the wizard will run. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP Friendly name: *Prevent the wizard from running.* -- GP name: *Disabled* -- GP path: *Windows Components\Add features to Windows 10* -- GP ADMX file name: *WindowsAnytimeUpgrade.admx* - - - -
- -> [!NOTE] -> These policies are currently only available as part of a Windows Insider release. - - diff --git a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md b/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md deleted file mode 100644 index bc2f8b6a02..0000000000 --- a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md +++ /dev/null @@ -1,348 +0,0 @@ ---- -title: Policy CSP - ADMX_WindowsFileProtection -description: Policy CSP - ADMX_WindowsFileProtection -ms.author: dansimp -ms.localizationpriority: medium -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 01/03/2021 -ms.reviewer: -manager: dansimp ---- - -# Policy CSP - ADMX_WindowsFileProtection -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - -
- - -## ADMX_WindowsFileProtection policies - -
-
- ADMX_WindowsFileProtection/WFPShowProgress -
-
- ADMX_WindowsFileProtection/WFPQuota -
-
- ADMX_WindowsFileProtection/WFPScan -
-
- ADMX_WindowsFileProtection/WFPDllCacheDir -
-
- - -
- - -**ADMX_WindowsFileProtection/WFPShowProgress** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Machine - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting hides the file scan progress window. This window provides status information to sophisticated users, but it might confuse the users. - -- If you enable this policy setting, the file scan window does not appear during file scanning. -- If you disable or do not configure this policy setting, the file scan progress window appears. - - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP Friendly name: *Hide the file scan progress window* -- GP name: *WFPShowProgress* -- GP path: *Windows File Protection!SfcShowProgress* -- GP ADMX file name: *WindowsFileProtection.admx* - - - -
- - -**ADMX_WindowsFileProtection/WFPQuota** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Machine - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the maximum amount of disk space that can be used for the Windows File Protection file cache. -Windows File Protection adds protected files to the cache until the cache content reaches the quota. -If the quota is greater than 50 MB, Windows File Protection adds other important Windows XP files to the cache until the cache size reaches the quota. - -- If you enable this policy setting, enter the maximum amount of disk space to be used (in MB). -To indicate that the cache size is unlimited, select "4294967295" as the maximum amount of disk space. - -- If you disable this policy setting or do not configure it, the default value is set to 50 MB on Windows XP Professional and is unlimited (4294967295 MB) on Windows Server 2003. -> [!NOTE] -> Icon size is dependent upon what the user has set it to in the previous session. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP Friendly name: *Limit Windows File Protection cache size* -- GP name: *WFPQuota* -- GP path: *System\Windows File Protection* -- GP ADMX file name: *WindowsFileProtection.admx* - - - -
- - -**ADMX_WindowsFileProtection/WFPScan** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Machine - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set when Windows File Protection scans protected files. -This policy setting directs Windows File Protection to enumerate and scan all system files for changes. - -- If you enable this policy setting, select a rate from the "Scanning Frequency" box. -You can use this setting to direct Windows File Protection to scan files more often. --- "Do not scan during startup," the default, scans files only during setup. --- "Scan during startup" also scans files each time you start Windows XP. -This setting delays each startup. - -- If you disable or do not configure this policy setting, by default, files are scanned only during setup. - -> [!NOTE] -> This policy setting affects file scanning only. It does not affect the standard background file change detection that Windows File Protection provides. - - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP Friendly name: *Set Windows File Protection scanning* -- GP name: *WFPScan* -- GP path: *System\Windows File Protection* -- GP ADMX file name: *WindowsFileProtection.admx* - - - -
- - -**ADMX_WindowsFileProtection/WFPDllCacheDir** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Machine - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting specifies an alternate location for the Windows File Protection cache. - -- If you enable this policy setting, enter the fully qualified local path to the new location in the "Cache file path" box. -- If you disable this setting or do not configure it, the Windows File Protection cache is located in the "%Systemroot%\System32\Dllcache directory". - -> [!NOTE] -> Do not add the cache on a network shared directory. - - -> [!NOTE] -> For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name, for example timedate.cpl or inetcpl.cpl, should be entered. If a Control Panel item does not have a CPL file, or the CPL file contains multiple applets, then its module name and string resource identification number should be entered. For example, enter @systemcpl.dll,-1 for System or @themecpl.dll,-1 for Personalization. A complete list of canonical and module names of Control Panel items can be found in MSDN by searching "Control Panel items". - -If both the "Hide specified Control Panel items" setting and the "Show only specified Control Panel items" setting are enabled, the "Show only specified Control Panel items" setting is ignored. - -> [!NOTE] -> The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead. -> -> To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP Friendly name: *Specify Windows File Protection cache location* -- GP name: *WFPDllCacheDir* -- GP path: *System\Windows File Protection* -- GP ADMX file name: *WindowsFileProtection.admx* - - - -
- -> [!NOTE] -> These policies are currently only available as part of a Windows Insider release. - - \ No newline at end of file diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index ba198b9a24..868b6a76a7 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -583,8 +583,6 @@ items: href: policy-csp-admx-sharing.md - name: ADMX_ShellCommandPromptRegEditTools href: policy-csp-admx-shellcommandpromptregedittools.md - - name: ADMX_SkyDrive - href: policy-csp-admx-skydrive.md - name: ADMX_Smartcard href: policy-csp-admx-smartcard.md - name: ADMX_Snmp @@ -611,8 +609,6 @@ items: href: policy-csp-admx-wcm.md - name: ADMX_WinCal href: policy-csp-admx-wincal.md - - name: ADMX_WindowsAnytimeUpgrade - href: policy-csp-admx-windowsanytimeupgrade.md - name: ADMX_WindowsConnectNow href: policy-csp-admx-windowsconnectnow.md - name: ADMX_WindowsExplorer From 6ff916a89f2e03468a06914a3e8d7efe4d4334f0 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 22 Sep 2021 00:40:34 +0530 Subject: [PATCH 09/36] Update policies-in-policy-csp-admx-backed.md --- .../mdm/policies-in-policy-csp-admx-backed.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 718cb27cee..3cac1ce228 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -798,6 +798,13 @@ ms.date: 10/08/2020 - [ADMX_OfflineFiles/Pol_SyncOnCostedNetwork](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-synconcostednetwork) - [ADMX_OfflineFiles/Pol_WorkOfflineDisabled_1](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-workofflinedisabled-1) - [ADMX_OfflineFiles/Pol_WorkOfflineDisabled_2](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-workofflinedisabled-2) +- [ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy](./policy-csp-admx-pca.md#admx-pca-detectdeprecatedcomcomponentfailurespolicy) +- [ADMX_pca/DetectDeprecatedComponentFailuresPolicy](./policy-csp-admx-pca.md#admx-pca-detectdeprecatedcomponentfailurespolicy) +- [ADMX_pca/DetectInstallFailuresPolicy](./policy-csp-admx-pca.md#admx-pca-detectinstallfailurespolicy) +- [ADMX_pca/DetectUndetectedInstallersPolicy](./policy-csp-admx-pca.md#admx-pca-detectundetectedinstallerspolicy) +- [ADMX_pca/DetectUpdateFailuresPolicy](./policy-csp-admx-pca.md#admx-pca-detectupdatefailurespolicy) +- [ADMX_pca/DisablePcaUIPolicy](./policy-csp-admx-pca.md#admx-pca-disablepcauipolicy) +- [ADMX_pca/DetectBlockedDriversPolicy](./policy-csp-admx-pca.md#admx-pca-detectblockeddriverspolicy) - [ADMX_PeerToPeerCaching/EnableWindowsBranchCache](./policy-csp-admx-peertopeercaching.md#admx-peertopeercaching-enablewindowsbranchcache) - [ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Distributed](./policy-csp-admx-peertopeercaching.md#admx-peertopeercaching-enablewindowsbranchcache-distributed) - [ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Hosted](./policy-csp-admx-peertopeercaching.md#admx-peertopeercaching-enablewindowsbranchcache-hosted) From 7aeadb97898b639019158bc5e8f05d8d18ff8c56 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 22 Sep 2021 00:53:45 +0530 Subject: [PATCH 10/36] Updated --- .../mdm/policies-in-policy-csp-admx-backed.md | 2 + .../policy-configuration-service-provider.md | 11 + .../mdm/policy-csp-admx-pentraining.md | 188 ++++++++++++++++++ windows/client-management/mdm/toc.yml | 2 + 4 files changed, 203 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-pentraining.md diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 3cac1ce228..a66b8dedc1 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -814,6 +814,8 @@ ms.date: 10/08/2020 - [ADMX_PeerToPeerCaching/SetCachePercent](./policy-csp-admx-peertopeercaching.md#admx-peertopeercaching-setcachepercent) - [ADMX_PeerToPeerCaching/SetDataCacheEntryMaxAge](./policy-csp-admx-peertopeercaching.md#admx-peertopeercaching-setdatacacheentrymaxage) - [ADMX_PeerToPeerCaching/SetDowngrading](./policy-csp-admx-peertopeercaching.md#admx-peertopeercaching-setdowngrading) +- [ADMX_PenTraining/PenTrainingOff_1](./policy-csp-admx-pentraining.md#admx-pentraining-pentrainingoff_1) +- [ADMX_PenTraining/PenTrainingOff_2](./policy-csp-admx-pentraining.md#admx-pentraining-pentrainingoff_2) - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_1](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-1) - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-2) - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-3) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index ff5d419c89..16ef150f1d 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2891,6 +2891,17 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_PenTraining policies + +
+
+ ADMX_PenTraining/PenTrainingOff_1 +
+
+ ADMX_PenTraining/PenTrainingOff_2 +
+
+ ### ADMX_PerformanceDiagnostics policies
diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md new file mode 100644 index 0000000000..9741c345b9 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md @@ -0,0 +1,188 @@ +--- +title: Policy CSP - ADMX_PenTraining +description: Policy CSP - ADMX_PenTraining +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 12/22/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_PenTraining +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_PenTraining policies + +
+
+ ADMX_PenTraining/PenTrainingOff_1 +
+
+ ADMX_PenTraining/PenTrainingOff_2 +
+
+ +
+ + +**ADMX_PenTraining/PenTrainingOff_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Turns off Tablet PC Pen Training. + +- If you enable this policy setting, users cannot open Tablet PC Pen Training. + +- If you disable or do not configure this policy setting, users can open Tablet PC Pen Training. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Turn off Tablet PC Pen Training* +- GP name: *PenTrainingOff_1* +- GP path: *Windows Components\Tablet PC\Tablet PC Pen Training* +- GP ADMX file name: *PenTraining.admx* + + + +
+ +< +**ADMX_PenTraining/PenTrainingOff_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Turns off Tablet PC Pen Training. + +- If you enable this policy setting, users cannot open Tablet PC Pen Training. + +- If you disable or do not configure this policy setting, users can open Tablet PC Pen Training. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Turn off Tablet PC Pen Training* +- GP name: *PenTrainingOff_2* +- GP path: *Windows Components\Tablet PC\Tablet PC Pen Training* +- GP ADMX file name: *PenTraining.admx* + + + +
+ +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 868b6a76a7..7616e699e3 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -545,6 +545,8 @@ items: href: policy-csp-admx-offlinefiles.md - name: ADMX_PeerToPeerCaching href: policy-csp-admx-peertopeercaching.md + - name: ADMX_PenTraining + href: policy-csp-admx-pentraining.md - name: ADMX_PerformanceDiagnostics href: policy-csp-admx-performancediagnostics.md - name: ADMX_Power From 8a4ff9dfac1257246c9312ef97a5870ea6556d3d Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 22 Sep 2021 00:59:16 +0530 Subject: [PATCH 11/36] Update toc.yml --- windows/client-management/mdm/toc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 7616e699e3..ecb1bae405 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -545,7 +545,7 @@ items: href: policy-csp-admx-offlinefiles.md - name: ADMX_PeerToPeerCaching href: policy-csp-admx-peertopeercaching.md - - name: ADMX_PenTraining + - name: ADMX_PenTraining href: policy-csp-admx-pentraining.md - name: ADMX_PerformanceDiagnostics href: policy-csp-admx-performancediagnostics.md From e66a0a1913d9e21afbbc9dbf82875d4fee148878 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 22 Sep 2021 01:04:04 +0530 Subject: [PATCH 12/36] Updated --- .../mdm/policies-in-policy-csp-admx-backed.md | 4 ---- .../mdm/policy-configuration-service-provider.md | 16 ---------------- windows/client-management/mdm/toc.yml | 4 ---- 3 files changed, 24 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index a66b8dedc1..a9a5317625 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -968,10 +968,6 @@ ms.date: 10/08/2020 - [ADMX_SharedFolders/PublishDfsRoots](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishdfsroots) - [ADMX_SharedFolders/PublishSharedFolders](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishsharedfolders) - [ADMX_Sharing/NoInplaceSharing](./policy-csp-admx-sharing.md#admx-sharing-noinplacesharing) -- [ADMX_ShellCommandPromptRegEditTools/DisableCMD](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd) -- [ADMX_ShellCommandPromptRegEditTools/DisableRegedit](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disableregedit) -- [ADMX_ShellCommandPromptRegEditTools/DisallowApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disallowapps) -- [ADMX_ShellCommandPromptRegEditTools/RestrictApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd) - [ADMX_Smartcard/AllowCertificatesWithNoEKU](./policy-csp-admx-smartcard.md#admx-smartcard-allowcertificateswithnoeku) - [ADMX_Smartcard/AllowIntegratedUnblock](./policy-csp-admx-smartcard.md#admx-smartcard-allowintegratedunblock) - [ADMX_Smartcard/AllowSignatureOnlyKeys](./policy-csp-admx-smartcard.md#admx-smartcard-allowsignatureonlykeys) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 16ef150f1d..4b8da6eacf 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -3446,22 +3446,6 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
-## ADMX_ShellCommandPromptRegEditTools policies - -
-
- ADMX_ShellCommandPromptRegEditTools/DisableCMD -
-
- ADMX_ShellCommandPromptRegEditTools/DisableRegedit -
-
- ADMX_ShellCommandPromptRegEditTools/DisallowApps -
-
- ADMX_ShellCommandPromptRegEditTools/RestrictApps -
-
### ADMX_Smartcard policies diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index ecb1bae405..cc485c9c03 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -583,8 +583,6 @@ items: href: policy-csp-admx-sharedfolders.md - name: ADMX_Sharing href: policy-csp-admx-sharing.md - - name: ADMX_ShellCommandPromptRegEditTools - href: policy-csp-admx-shellcommandpromptregedittools.md - name: ADMX_Smartcard href: policy-csp-admx-smartcard.md - name: ADMX_Snmp @@ -615,8 +613,6 @@ items: href: policy-csp-admx-windowsconnectnow.md - name: ADMX_WindowsExplorer href: policy-csp-admx-windowsexplorer.md - - name: ADMX_WindowsFileProtection - href: policy-csp-admx-windowsfileprotection.md - name: ADMX_WindowsMediaDRM href: policy-csp-admx-windowsmediadrm.md - name: ADMX_WindowsMediaPlayer From acb2205fc1443216acc92c0fede3516fdc1893a0 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 22 Sep 2021 01:22:38 +0530 Subject: [PATCH 13/36] Updated --- .../policy-configuration-service-provider.md | 8 ++ .../mdm/policy-csp-admx-wordwheel.md | 112 ++++++++++++++++++ windows/client-management/mdm/toc.yml | 2 + 3 files changed, 122 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-wordwheel.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 4b8da6eacf..1d7e33d0b9 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4745,6 +4745,14 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_WordWheel policies + +
+
+ ADMX_WordWheel/CustomSearch +
+
+ ### ADMX_WPN policies
diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md new file mode 100644 index 0000000000..858ad6bece --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md @@ -0,0 +1,112 @@ +--- +title: Policy CSP - ADMX_WordWheel +description: Policy CSP - ADMX_WordWheel +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/22/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_WordWheel +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_WordWheel policies + +
+
+ ADMX_WordWheel/CustomSearch +
+
+ + +
+ + +**ADMX_WordWheel/CustomSearch** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Set up the menu name and URL for the custom Internet search provider. + +- If you enable this setting, the specified menu name and URL will be used for Internet searches. +- If you disable or not configure this setting, the default Internet search provider will be used. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Custom Instant Search Internet search provider* +- GP name: *CustomSearch* +- GP path: *Windows Components\Instant Search* +- GP ADMX file name: *WordWheel.admx* + + + +
+ + +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + + diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index cc485c9c03..3846b9bc14 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -629,6 +629,8 @@ items: href: policy-csp-admx-winsrv.md - name: ADMX_wlansvc href: policy-csp-admx-wlansvc.md + - name: ADMX_WordWheel + href: policy-csp-admx-wordwheel.md - name: ADMX_WPN href: policy-csp-admx-wpn.md - name: ApplicationDefaults From 41a72c6bb93a7f2988f4a7bd35956d01e3ae5466 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 22 Sep 2021 10:57:46 +0530 Subject: [PATCH 14/36] Update policies-in-policy-csp-admx-backed.md --- .../client-management/mdm/policies-in-policy-csp-admx-backed.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index a9a5317625..006e365c1f 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1362,6 +1362,7 @@ ms.date: 10/08/2020 - [ADMX_wlansvc/SetCost](./policy-csp-admx-wlansvc.md#admx-wlansvc-setcost) - [ADMX_wlansvc/SetPINEnforced](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinenforced) - [ADMX_wlansvc/SetPINPreferred](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinpreferred) +- [ADMX_WordWheel/CustomSearch](./policy-csp-admx-wordwheel.md#admx-wordwheelcustomsearch) - [ADMX_WPN/NoCallsDuringQuietHours](./policy-csp-admx-wpn.md#admx-wpn-nocallsduringquiethours) - [ADMX_WPN/NoLockScreenToastNotification](./policy-csp-admx-wpn.md#admx-wpn-nolockscreentoastnotification) - [ADMX_WPN/NoQuietHours](./policy-csp-admx-wpn.md#admx-wpn-noquiethours) From 5c7a3f217f075a85c82a38e14afa39ef42941cee Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 22 Sep 2021 12:39:34 +0530 Subject: [PATCH 15/36] Updated --- .../mdm/policies-in-policy-csp-admx-backed.md | 2 +- .../policy-configuration-service-provider.md | 14 + .../mdm/policy-csp-admx-workfoldersclient.md | 276 ++++++++++++++++++ windows/client-management/mdm/toc.yml | 4 +- 4 files changed, 294 insertions(+), 2 deletions(-) create mode 100644 windows/client-management/mdm/policy-csp-admx-workfoldersclient.md diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 006e365c1f..b88103b646 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1362,7 +1362,7 @@ ms.date: 10/08/2020 - [ADMX_wlansvc/SetCost](./policy-csp-admx-wlansvc.md#admx-wlansvc-setcost) - [ADMX_wlansvc/SetPINEnforced](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinenforced) - [ADMX_wlansvc/SetPINPreferred](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinpreferred) -- [ADMX_WordWheel/CustomSearch](./policy-csp-admx-wordwheel.md#admx-wordwheelcustomsearch) +- [ADMX_WordWheel/CustomSearch](./policy-csp-admx-wordwheel.md#admx-wordwheel-customsearch) - [ADMX_WPN/NoCallsDuringQuietHours](./policy-csp-admx-wpn.md#admx-wpn-nocallsduringquiethours) - [ADMX_WPN/NoLockScreenToastNotification](./policy-csp-admx-wpn.md#admx-wpn-nolockscreentoastnotification) - [ADMX_WPN/NoQuietHours](./policy-csp-admx-wpn.md#admx-wpn-noquiethours) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 1d7e33d0b9..ed2019d348 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4753,6 +4753,20 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_WorkFoldersClient policies + +
+
+ ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker +
+
+ ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders +
+
+ ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders +
+
+ ### ADMX_WPN policies
diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md new file mode 100644 index 0000000000..4bc202be58 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md @@ -0,0 +1,276 @@ +--- +title: Policy CSP - ADMX_WorkFoldersClient +description: Policy CSP - ADMX_WorkFoldersClient +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/22/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_WorkFoldersClient +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_WorkFoldersClient policies + +
+
+ ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker +
+
+ ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders +
+
+ ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders +
+
+ + +
+ + +**ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether Work Folders should be set up automatically for all users of the affected computer. + +- If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer. + +This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting does not apply to a user, Work Folders is not automatically set up. +- If you disable or do not configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Force automatic setup for all users* +- GP name: *Pol_UserEnableTokenBroker* +- GP path: *Windows Components\Work Folders* +- GP ADMX file name: *WorkFoldersClient.admx* + + + + +
+ + +**ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting specifies the Work Folders server for affected users, as well as whether or not users are allowed to change settings when setting up Work Folders on a domain-joined computer. + +- If you enable this policy setting, affected users receive Work Folders settings when they sign in to a domain-joined PC. + +If this policy setting is disabled or not configured, no Work Folders settings are specified for the affected users, though users can manually set up Work Folders by using the Work Folders Control Panel item. The "Work Folders URL" can specify either the URL used by the organization for Work Folders discovery, or the specific URL of the file server that stores the affected users' data. The "Work Folders Local Path" specifies the local folder used on the client machine to sync files. This path may contain environment variables. + +> [!NOTE] +> In order for this configuration to take effect, a valid 'Work Folders URL' must also be specified. + +The “On-demand file access preference” option controls whether to enable on-demand file access. When enabled, the user controls which files in Work Folders are available offline on a given PC. The rest of the files in Work Folders are always visible and don’t take up any space on the PC, but the user must be connected to the Internet to access them. If you enable this policy setting, on-demand file access is enabled. + +- If you disable this policy setting, on-demand file access is disabled, and enough storage space to store all the user’s files is required on each of their PCs. + +If you specify User choice or do not configure this policy setting, the user decides whether to enable on-demand file access. However, if the Force automatic setup policy setting is enabled, Work Folders is set up automatically with on-demand file access enabled. + +The "Force automatic setup" option specifies that Work Folders should be set up automatically without prompting users. This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. By default, Work Folders is stored in the "%USERPROFILE%\Work Folders" folder. If this option is not specified, users must use the Work Folders Control Panel item on their computers to set up Work Folders. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Specify Work Folders settings* +- GP name: *Pol_UserEnableWorkFolders* +- GP path: *Windows Components\Work Folders* +- GP ADMX file name: *WorkFoldersClient.admx* + + + +
+ + +**ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy specifies whether Work Folders should use Token Broker for interactive AD FS authentication instead of its own OAuth2 token flow used in previous versions. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Enables the use of Token Broker for AD FS authentication* +- GP name: *Pol_MachineEnableWorkFolders* +- GP path: *Windows Components\Work Folders* +- GP ADMX file name: *WorkFoldersClient.admx* + + + + +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + \ No newline at end of file diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 3846b9bc14..a52a4922f6 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -630,7 +630,9 @@ items: - name: ADMX_wlansvc href: policy-csp-admx-wlansvc.md - name: ADMX_WordWheel - href: policy-csp-admx-wordwheel.md + href: policy-csp-admx-wordwheel.md + - name: ADMX_WorkFoldersClient + href: policy-csp-admx-workfoldersclient.md - name: ADMX_WPN href: policy-csp-admx-wpn.md - name: ApplicationDefaults From 77bbe6308c9996b6d192ff7336621dc92e947408 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 22 Sep 2021 14:15:59 +0530 Subject: [PATCH 16/36] Update policies-in-policy-csp-admx-backed.md --- .../mdm/policies-in-policy-csp-admx-backed.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index b88103b646..2fc8c02088 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1363,6 +1363,9 @@ ms.date: 10/08/2020 - [ADMX_wlansvc/SetPINEnforced](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinenforced) - [ADMX_wlansvc/SetPINPreferred](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinpreferred) - [ADMX_WordWheel/CustomSearch](./policy-csp-admx-wordwheel.md#admx-wordwheel-customsearch) +- [ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker](./policy-csp-admx-workfoldersclient.md#admx-workfoldersclient-pol_userenabletokenbroker) +- [ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders](./policy-csp-admx-workfoldersclient.md#admx-workfoldersclient-pol_userenableworkfolders) +- [ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders](./policy-csp-admx-workfoldersclient.md#admx-workfoldersclient-pol_machineenableworkfolders) - [ADMX_WPN/NoCallsDuringQuietHours](./policy-csp-admx-wpn.md#admx-wpn-nocallsduringquiethours) - [ADMX_WPN/NoLockScreenToastNotification](./policy-csp-admx-wpn.md#admx-wpn-nolockscreentoastnotification) - [ADMX_WPN/NoQuietHours](./policy-csp-admx-wpn.md#admx-wpn-noquiethours) From 0b53dd666a5562824b998d426375c2281a09b033 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Thu, 23 Sep 2021 10:29:48 +0530 Subject: [PATCH 17/36] Updated --- .openpublishing.redirection.json | 1 + .../mdm/policies-in-policy-csp-admx-backed.md | 2 +- .../mdm/policy-csp-admx-mobilepcpresentationsettings.md | 5 ++--- windows/client-management/mdm/policy-csp-admx-pca.md | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 1fc2ec8e56..20920efa7a 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -18961,6 +18961,7 @@ "redirect_document_id": false }, + ] } diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index ee2647b40c..0d401997ef 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -648,7 +648,7 @@ ms.date: 10/08/2020 - [ADMX_MMCSnapins/MMC_WirelessNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessnetworkpolicy) - [ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1](./policy-csp-admx-mobilepcmobilitycenter.md#admx-mobilepcmobilitycenter-mobilitycenterenable_1) - [ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2](./policy-csp-admx-mobilepcmobilitycenter.md#admx-mobilepcmobilitycenter-mobilitycenterenable_2) -- - [ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1](./policy-csp-admx-mobilepcpresentationsettings.md#admx-mobilepcpresentationsettings-presentationsettingsenable_1) +- [ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1](./policy-csp-admx-mobilepcpresentationsettings.md#admx-mobilepcpresentationsettings-presentationsettingsenable_1) - [ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2](./policy-csp-admx-mobilepcpresentationsettings.md#admx-mobilepcpresentationsettings-presentationsettingsenable_2) - [ADMX_MSAPolicy/IncludeMicrosoftAccount_DisableUserAuthCmdLine](./policy-csp-admx-msapolicy.md#admx-msapolicy-microsoftaccount-disableuserauth) - [ADMX_msched/ActivationBoundaryPolicy](./policy-csp-admx-msched.md#admx-msched-activationboundarypolicy) diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md index c9acb157db..9fc774b07d 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md @@ -23,14 +23,13 @@ manager: dansimp
- ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1 + ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1
- ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2/a> + ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2
-
diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md index 614dba42f4..e45c9f4a5c 100644 --- a/windows/client-management/mdm/policy-csp-admx-pca.md +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -49,7 +49,7 @@ manager: dansimp
-**ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy** +**ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy** From 36c64934e1554ea9a4cc9ef663c4254b605ea09d Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Thu, 23 Sep 2021 19:44:53 +0530 Subject: [PATCH 18/36] Updated --- windows/client-management/mdm/policy-csp-admx-pca.md | 4 ++-- windows/client-management/mdm/policy-csp-admx-pentraining.md | 2 +- windows/client-management/mdm/toc.yml | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md index e45c9f4a5c..e0f88e5254 100644 --- a/windows/client-management/mdm/policy-csp-admx-pca.md +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -49,8 +49,8 @@ manager: dansimp
-**ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy** - +**ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy** +
diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md index 9741c345b9..fba51703fe 100644 --- a/windows/client-management/mdm/policy-csp-admx-pentraining.md +++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md @@ -107,7 +107,7 @@ ADMX Info:
-< +**ADMX_PenTraining/PenTrainingOff_2** diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index c59664b8dd..77029e273d 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -553,6 +553,8 @@ items: href: policy-csp-admx-networkconnections.md - name: ADMX_OfflineFiles href: policy-csp-admx-offlinefiles.md + - name: ADMX_pca + href: policy-csp-admx-pca.md - name: ADMX_PeerToPeerCaching href: policy-csp-admx-peertopeercaching.md - name: ADMX_PenTraining From 7ac2ac74d3d800bada54da26348fa54e2a621630 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Thu, 23 Sep 2021 19:51:24 +0530 Subject: [PATCH 19/36] Updated --- windows/client-management/mdm/toc.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 77029e273d..69d22a89dd 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -455,6 +455,8 @@ items: href: policy-csp-admx-dfs.md - name: ADMX_DigitalLocker href: policy-csp-admx-digitallocker.md + - name: ADMX_DiskDiagnostic + href: policy-csp-admx-diskdiagnostic.md - name: ADMX_DistributedLinkTracking href: policy-csp-admx-distributedlinktracking.md - name: ADMX_DnsClient @@ -503,6 +505,8 @@ items: href: policy-csp-admx-help.md - name: ADMX_HelpAndSupport href: policy-csp-admx-helpandsupport.md + - name: ADMX_HotSpotAuth + href: policy-csp-admx-hotspotauth.md - name: ADMX_ICM href: policy-csp-admx-icm.md - name: ADMX_IIS From f61e507179d42770c4a7d0ede47c252455cc61ae Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 4 Oct 2021 20:51:14 -0700 Subject: [PATCH 20/36] Moved HR to see if that will allow correct processing of "**ADMX_pca/DetectDeprecatedComponentFailuresPolicy**" The HR tag that precedes "**ADMX_pca/DetectDeprecatedComponentFailuresPolicy**" is closer than other similar instances in this article. In preview, "**ADMX_pca/DetectDeprecatedComponentFailuresPolicy**" was rendered as plain text with asterisks around it, rather than bold text as is the case in the other similar instances. Markdown is unreliable when in or near HTML, so another solution here would have been to replace the asterisks HTML bold tags. --- windows/client-management/mdm/policy-csp-admx-pca.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md index e0f88e5254..6919eebaf5 100644 --- a/windows/client-management/mdm/policy-csp-admx-pca.md +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -127,8 +127,8 @@ ADMX Info: -
+ **ADMX_pca/DetectDeprecatedComponentFailuresPolicy** From d628a71beae3be1aeec078e0321864ce83a0cc71 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Tue, 5 Oct 2021 10:42:14 +0530 Subject: [PATCH 21/36] Updated Updated --- .openpublishing.redirection.json | 11 ++++++++--- .../policy-csp-admx-mobilepcpresentationsettings.md | 10 +++++----- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 4f25032fbc..a8692280d5 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -19022,10 +19022,15 @@ }, { "source_path": "windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md", - "redirect_url": "/windows/client-management/mdm/policy-csp-admx-wordwheel", + "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter", "redirect_document_id": true - } - + + }, + { + "source_path": "windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md", + "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter", + "redirect_document_id": true + } ] diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md index 9fc774b07d..9701a24c0d 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md @@ -13,8 +13,6 @@ manager: dansimp --- # Policy CSP - ADMX_MobilePCPresentationSettings -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
@@ -23,17 +21,19 @@ manager: dansimp
- ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1 + ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1
- ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2 + ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2
-**ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1** + +**ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_1** +
From 6611d8baf14df24ab74efba920c214090b6a56ea Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Tue, 5 Oct 2021 10:45:44 +0530 Subject: [PATCH 22/36] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index d4b8fb8cc9..6a38e2a92b 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -19043,7 +19043,7 @@ }, { "source_path": "windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md", - "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter", + "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings", "redirect_document_id": true } From 6568fbda21799a4d279f09637c778de3915680d3 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Tue, 5 Oct 2021 10:59:39 +0530 Subject: [PATCH 23/36] Updated --- .../policy-csp-admx-mobilepcmobilitycenter.md | 26 ++++---- ...y-csp-admx-mobilepcpresentationsettings.md | 23 +++----- .../mdm/policy-csp-admx-msifilerecovery.md | 19 +++--- .../mdm/policy-csp-admx-pca.md | 59 ++++--------------- .../mdm/policy-csp-admx-pentraining.md | 25 +++----- .../mdm/policy-csp-admx-wordwheel.md | 7 +++ .../mdm/policy-csp-admx-workfoldersclient.md | 32 ++++------ 7 files changed, 66 insertions(+), 125 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md index c514981896..ee4176f585 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md @@ -13,8 +13,13 @@ manager: dansimp --- # Policy CSP - ADMX_MobilePCMobilityCenter -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -91,12 +96,7 @@ This policy setting turns off Windows Mobility Center. If you do not configure this policy setting, Windows Mobility Center is on by default. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -123,6 +123,7 @@ ADMX Info: + @@ -167,12 +168,7 @@ This policy setting turns off Windows Mobility Center. If you do not configure this policy setting, Windows Mobility Center is on by default. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -184,7 +180,5 @@ ADMX Info:
-> [!NOTE] -> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md index 9701a24c0d..afa84fef27 100644 --- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md @@ -14,6 +14,13 @@ manager: dansimp # Policy CSP - ADMX_MobilePCPresentationSettings +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +
@@ -96,12 +103,7 @@ If you do not configure this policy setting, Windows presentation settings can b -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -177,12 +179,7 @@ The presentation settings icon will be displayed in the notification area. This If you do not configure this policy setting, Windows presentation settings can be invoked. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -194,7 +191,5 @@ ADMX Info:
-> [!NOTE] -> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md index e21f15744c..ca757d87c6 100644 --- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md @@ -13,8 +13,13 @@ manager: dansimp --- # Policy CSP - ADMX_MsiFileRecovery -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -99,12 +104,7 @@ If you do not configure this policy setting, the recovery behavior for corrupted > This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in to the Microsoft Management Console. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -118,7 +118,4 @@ ADMX Info:
-> [!NOTE] -> These policies are currently only available as part of a Windows Insider release. - \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md index 6919eebaf5..1ec34c4edd 100644 --- a/windows/client-management/mdm/policy-csp-admx-pca.md +++ b/windows/client-management/mdm/policy-csp-admx-pca.md @@ -13,8 +13,13 @@ manager: dansimp --- # Policy CSP - ADMX_pca -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -111,12 +116,7 @@ If you do not configure this policy setting, the PCA is configured to detect fai The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -184,12 +184,7 @@ To configure the Program Compatibility Assistant, use the 'Turn off Program Comp Templates\Windows Components\Application Compatibility. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -257,12 +252,6 @@ ADMX Info: This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). ADMX Info: @@ -329,12 +318,7 @@ ADMX Info: This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -402,12 +386,7 @@ This setting exists only for backward compatibility, and is not valid for this v To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -475,12 +454,7 @@ This setting exists only for backward compatibility, and is not valid for this v To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -548,12 +522,7 @@ This setting exists only for backward compatibility, and is not valid for this v To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -565,8 +534,6 @@ ADMX Info: -> [!NOTE] -> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md index fba51703fe..83f6c2e71a 100644 --- a/windows/client-management/mdm/policy-csp-admx-pentraining.md +++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md @@ -13,8 +13,13 @@ manager: dansimp --- # Policy CSP - ADMX_PenTraining -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -89,12 +94,7 @@ Turns off Tablet PC Pen Training. - If you disable or do not configure this policy setting, users can open Tablet PC Pen Training. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -164,12 +164,7 @@ Turns off Tablet PC Pen Training. - If you disable or do not configure this policy setting, users can open Tablet PC Pen Training. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -182,7 +177,5 @@ ADMX Info:
-> [!NOTE] -> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md index 9fe0a0904f..d66b03aaee 100644 --- a/windows/client-management/mdm/policy-csp-admx-wordwheel.md +++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md @@ -14,6 +14,13 @@ manager: dansimp # Policy CSP - ADMX_WordWheel +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). +
diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md index 4bc202be58..35838e210e 100644 --- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md +++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md @@ -13,8 +13,13 @@ manager: dansimp --- # Policy CSP - ADMX_WorkFoldersClient -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -95,12 +100,7 @@ This prevents users from choosing not to use Work Folders on the computer; it al - If you disable or do not configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -182,12 +182,7 @@ If you specify User choice or do not configure this policy setting, the user dec The "Force automatic setup" option specifies that Work Folders should be set up automatically without prompting users. This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. By default, Work Folders is stored in the "%USERPROFILE%\Work Folders" folder. If this option is not specified, users must use the Work Folders Control Panel item on their computers to set up Work Folders. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -253,12 +248,7 @@ ADMX Info: This policy specifies whether Work Folders should use Token Broker for interactive AD FS authentication instead of its own OAuth2 token flow used in previous versions. -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: @@ -270,7 +260,5 @@ ADMX Info: -> [!NOTE] -> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file From 098ce24a944e1621814a920694847cf4a879cc86 Mon Sep 17 00:00:00 2001 From: Doug Eby Date: Mon, 4 Oct 2021 23:22:26 -0700 Subject: [PATCH 24/36] Update index.yml --- windows/hub/index.yml | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/windows/hub/index.yml b/windows/hub/index.yml index 5a0881cad0..3d697a0ce8 100644 --- a/windows/hub/index.yml +++ b/windows/hub/index.yml @@ -32,10 +32,9 @@ highlightedContent: itemType: overview url: /windows/release-health/ # Card - - title: Learn more about Hybrid Work + - title: Empower your hybrid workforce itemType: overview - url: https://www.microsoft.com/hybridwork/ - + url: https://www.microsoft.com/microsoft-365/blog/2021/10/04/empower-your-hybrid-workforce-today-with-windows-11/ # productDirectory section (optional) productDirectory: @@ -190,23 +189,21 @@ additionalContent: - title: More Windows resources # < 60 chars (optional) items: # Card - - title: Windows 11 product site - summary: Find out more about Windows 11 for enterprise and Windows 11 for business + - title: Windows product site + summary: Find out how Windows enables your business to do more url: https://www.microsoft.com/microsoft-365/windows + - title: "Windows 11: A new era for the PC begins today" + summary: Blog article that describes how Windows 11 empowers you to produce and inspires you to create + url: https://blogs.windows.com/windowsexperience/2021/10/04/windows-11-a-new-era-for-the-pc-begins-today/ + - title: Windows IT Pro blogs + summary: The latest Windows blog articles for the IT Pro + url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog - title: Windows blogs summary: Keep up with the latest news about Windows url: https://blogs.windows.com/ - - title: "Planning for Windows 11: best practices for organizations" - summary: Blog article with best practices to help you plan for Windows 11 - url: https://aka.ms/Windows/blog002 - - title: Windows 11 security explained - summary: Blog article to learn how Windows 11 enables security by design from the chip to the cloud - url: https://aka.ms/Windows/blog010 - # Card - title: Participate in the Tech Community summary: Learn how to be part of the Windows Tech Community url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10 - # Card - title: Ask the community summary: Get help, and help others url: https://answers.microsoft.com/windows/forum @@ -221,6 +218,10 @@ additionalContent: url: /mem/endpoint-manager-overview - text: Getting started with Microsoft Endpoint Manager url: /mem/endpoint-manager-getting-started + - text: Microsoft Endpoint Manager simplifies upgrades to Windows 11 + url: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/endpoint-manager-simplifies-upgrades-to-windows-11/ba-p/2771886 + - text: Understanding readiness for Windows 11 with Microsoft Endpoint Manager + url: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/understanding-readiness-for-windows-11-with-microsoft-endpoint/ba-p/2770866 - text: Microsoft Endpoint Manager blog url: https://aka.ms/memblog - title: Windows 365 @@ -229,8 +230,11 @@ additionalContent: url: /windows-365 - text: What is Windows 365 url: /windows-365/overview + - text: Windows 365 Enterprise now supports Windows 11 + url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-365-enterprise-now-supports-windows-11/ba-p/2810334 - text: Windows 365 blog url: https://www.microsoft.com/microsoft-365/blog/ + - title: Windows Server links: - text: Windows Server documentation From 30a144ec9c6d64820b1b2b8e3ef9276b22cfe6ab Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Tue, 5 Oct 2021 13:25:38 +0530 Subject: [PATCH 25/36] Updated --- .../policy-configuration-service-provider.md | 17 + .../mdm/policy-csp-admx-admpwd.md | 299 ++++++++++++++++++ windows/client-management/mdm/toc.yml | 2 + 3 files changed, 318 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-admpwd.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index dbc08873bd..af24745349 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -213,6 +213,23 @@ The following diagram shows the Policy configuration service provider in tree fo +### ADMX_AdmPwd policies + +
+
+ ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy +
+
+ ADMX_AdmPwd/POL_AdmPwd_Enabled +
+
+ ADMX_AdmPwd/POL_AdmPwd_AdminName +
+
+ ADMX_AdmPwd/POL_AdmPwd +
+
+ ### ADMX_AppCompat policies
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md new file mode 100644 index 0000000000..19b22053f4 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md @@ -0,0 +1,299 @@ +--- +title: Policy CSP - ADMX_AdmPwd +description: Policy CSP - ADMX_AdmPwd +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 11/09/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_AdmPwd + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +
+ + +## ADMX_AdmPwd policies + +
+
+ ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy +
+
+ ADMX_AdmPwd/POL_AdmPwd_Enabled +
+
+ ADMX_AdmPwd/POL_AdmPwd_AdminName +
+
+ ADMX_AdmPwd/POL_AdmPwd +
+
+ + +
+ + +**ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy** + + +
Home No No
Pro
+ + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +When you enable this setting, planned password expiration longer than password age dictated by "Password Settings" policy is NOT allowed. When such expiration is detected, password is changed immediately and password expiration is set according to policy. + +When you disable or not configure this setting, password expiration time may be longer than required by "Password Settings" policy. + + + +ADMX Info: +- GP Friendly name: *Do not allow password expiration time longer than required by policy* +- GP name: *POL_AdmPwd_DontAllowPwdExpirationBehindPolicy* +- GP path: *Windows Components\AdmPwd* +- GP ADMX file name: *AdmPwd.admx* + + + +
+ + +**ADMX_AdmPwd/POL_AdmPwd_Enabled** + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy enables the management of password for local administrator account + +If you enable this setting, local administrator password is managed. + +If you disable or not configure this setting, local administrator password is NOT managed. + + + +ADMX Info: +- GP Friendly name: *Enable local admin password management* +- GP name: *POL_AdmPwd_Enabled* +- GP path: *Windows Components\AdmPwd* +- GP ADMX file name: *AdmPwd.admx* + + + + +
+ + +**ADMX_AdmPwd/POL_AdmPwd_AdminName** + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +When you enable this setting, planned password expiration longer than password age dictated by "Password Settings" policy is NOT allowed. When such expiration is detected, password is changed immediately and password expiration is set according to policy. + +When you disable or not configure this setting, password expiration time may be longer than required by "Password Settings" policy. + + + + +ADMX Info: +- GP Friendly name: *Name of administrator account to manage* +- GP name: *POL_AdmPwd_AdminName* +- GP path: *Windows Components\AdmPwd* +- GP ADMX file name: *AdmPwd.admx* + + + + + +
+ + +**ADMX_AdmPwd/POL_AdmPwd** + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + + +This policy setting enables management of password for local administrator account + +If you enable this setting, local administrator password is managed + +If you disable or not configure this setting, local administrator password is NOT managed. + + + + + +ADMX Info: +- GP Friendly name: *Password Settings* +- GP name: *POL_AdmPwd* +- GP path: *Windows Components\AdmPwd* +- GP ADMX file name: *AdmPwd.admx* + + + + + + + diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 932fdd0cbb..8fa76c2a7f 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -407,6 +407,8 @@ items: href: policy-csp-admx-activexinstallservice.md - name: ADMX_AddRemovePrograms href: policy-csp-admx-addremoveprograms.md + - name: ADMX_AdmPwd + href: policy-csp-admx-admpwd.md - name: ADMX_AppCompat href: policy-csp-admx-appcompat.md - name: ADMX_AppxPackageManager From 80978a1f2583d7140964a568b70e8052a8da2c62 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Tue, 5 Oct 2021 16:05:30 +0530 Subject: [PATCH 26/36] Updated --- .../mdm/policies-in-policy-csp-admx-backed.md | 8 + .../policy-configuration-service-provider.md | 2 +- ...csp-admx-shellcommandpromptregedittools.md | 349 ++++++++++++++++++ windows/client-management/mdm/toc.yml | 2 + 4 files changed, 360 insertions(+), 1 deletion(-) create mode 100644 windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 8ac470ea9c..6256ffe15a 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -33,6 +33,10 @@ ms.date: 10/08/2020 - [ADMX_AddRemovePrograms/NoServices](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-noservices) - [ADMX_AddRemovePrograms/NoSupportInfo](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-nosupportinfo) - [ADMX_AddRemovePrograms/NoWindowsSetupPage](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-nowindowssetuppage) +- [ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy](./policy-csp-admx-admpwd.md#admx-admpwd-pol_admpwd_dontallowpwdexpirationbehindpolicy) +- [ADMX_AdmPwd/POL_AdmPwd_Enabled](./policy-csp-admx-admpwd.md#admx-admpwd-pol_admpwd_enabled) +- [ADMX_AdmPwd/POL_AdmPwd_AdminName](./policy-csp-admx-admpwd.md#admx-admpwd-pol_admpwd_adminname) +- [ADMX_AdmPwd/POL_AdmPwd](./policy-csp-admx-admpwd.md#admx-admpwd-pol_admpwd) - [ADMX_AppCompat/AppCompatPrevent16BitMach](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatprevent16bitmach) - [ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatremoveprogramcompatproppage) - [ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffapplicationimpacttelemetry) @@ -999,6 +1003,10 @@ ms.date: 10/08/2020 - [ADMX_SharedFolders/PublishDfsRoots](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishdfsroots) - [ADMX_SharedFolders/PublishSharedFolders](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishsharedfolders) - [ADMX_Sharing/NoInplaceSharing](./policy-csp-admx-sharing.md#admx-sharing-noinplacesharing) +- [ADMX_ShellCommandPromptRegEditTools/DisallowApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disallowapps) +- [ADMX_ShellCommandPromptRegEditTools/DisableRegedit](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disableregedit) +- [ADMX_ShellCommandPromptRegEditTools/DisableCMD](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd) +- [ADMX_ShellCommandPromptRegEditTools/RestrictApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-restrictapps) - [ADMX_Smartcard/AllowCertificatesWithNoEKU](./policy-csp-admx-smartcard.md#admx-smartcard-allowcertificateswithnoeku) - [ADMX_Smartcard/AllowIntegratedUnblock](./policy-csp-admx-smartcard.md#admx-smartcard-allowintegratedunblock) - [ADMX_Smartcard/AllowSignatureOnlyKeys](./policy-csp-admx-smartcard.md#admx-smartcard-allowsignatureonlykeys) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index af24745349..faa617028b 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -3622,7 +3622,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
- +### ADMX_ShellCommandPromptRegEditTools policies ### ADMX_Smartcard policies
diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md new file mode 100644 index 0000000000..1214046238 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -0,0 +1,349 @@ +--- +title: Policy CSP - ADMX_ShellCommandPromptRegEditTools +description: Policy CSP - ADMX_ShellCommandPromptRegEditTools +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/18/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_ShellCommandPromptRegEditTools + +
+ + +## ADMX_ShellCommandPromptRegEditTools policies + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + +
+
+ ADMX_ShellCommandPromptRegEditTools/DisallowApps +
+
+ ADMX_ShellCommandPromptRegEditTools/DisableRegedit +
+
+ ADMX_ShellCommandPromptRegEditTools/DisableCMD +
+
+ ADMX_ShellCommandPromptRegEditTools/RestrictApps +
+
+ + +
+ + +**ADMX_ShellCommandPromptRegEditTools/DisallowApps** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting prevents users from running the interactive command prompt, Cmd.exe. + +This policy setting also determines whether batch files (.cmd and .bat) can run on the computer. + +- If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. . + +- If you disable this policy setting or do not configure it, users can run Cmd.exe and batch files normally. + +> [!NOTE] +> Do not prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services. + + + + + + +ADMX Info: +- GP Friendly name: *Prevent access to the command prompt* +- GP name: *DisallowApps* +- GP path: *System* +- GP ADMX file name: *ShellCommandPromptRegEditTools.admx* + + + +
+ + + +**ADMX_ShellCommandPromptRegEditTools/DisableRegedit** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting disables the Windows registry editor Regedit.exe. + +- If you enable this policy setting and the user tries to start Regedit.exe, a message appears explaining that a policy setting prevents the action. + +- If you disable this policy setting or do not configure it, users can run Regedit.exe normally. + +To prevent users from using other administrative tools, use the "Run only specified Windows applications" policy setting. + + + + + +ADMX Info: +- GP Friendly name: *Prevent access to registry editing tools* +- GP name: *DisableRegedit* +- GP path: *System\Server Manager* +- GP ADMX file name: *ShellCommandPromptRegEditTools.admx* + + + +
+ + +**ADMX_ShellCommandPromptRegEditTools/DisableCMD** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting limits the Windows programs that users have permission to run on the computer. + +- If you enable this policy setting, users can only run programs that you add to the list of allowed applications. + +- If you disable this policy setting or do not configure it, users can run all applications. This policy setting only prevents users from running programs that are started by the File Explorer process. + +It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. + +Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. + +To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (e.g., Winword.exe, Poledit.exe, Powerpnt.exe). + + + + + +ADMX Info: +- GP Friendly name: *Run only specified Windows applications* +- GP name: *DisableCMD* +- GP path: *System* +- GP ADMX file name: *ShellCommandPromptRegEditTools.admx* + + + +
+ + +**ADMX_ShellCommandPromptRegEditTools/RestrictApps** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting prevents Windows from running the programs you specify in this policy setting. + +- If you enable this policy setting, users cannot run programs that you add to the list of disallowed applications. + +- If you disable this policy setting or do not configure it, users can run any programs. + +This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. + +Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. + +To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (e.g., Winword.exe, Poledit.exe, Powerpnt.exe). + + + + + + +ADMX Info: +- GP Friendly name: *Don't run specified Windows applications* +- GP name: *RestrictApps* +- GP path: *System* +- GP ADMX file name: *ShellCommandPromptRegEditTools.admx* + + + + + + diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 8fa76c2a7f..9472789042 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -609,6 +609,8 @@ items: href: policy-csp-admx-sharedfolders.md - name: ADMX_Sharing href: policy-csp-admx-sharing.md + - name: ADMX_ShellCommandPromptRegEditTools + href: policy-csp-admx-shellcommandpromptregedittools.md - name: ADMX_Smartcard href: policy-csp-admx-smartcard.md - name: ADMX_Snmp From b98e31d8b5d47758c634da8535326ebe66e3eae0 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Tue, 5 Oct 2021 16:37:34 +0530 Subject: [PATCH 27/36] Delete policy-csp-admx-skydrive.md --- .../mdm/policy-csp-admx-skydrive.md | 113 ------------------ 1 file changed, 113 deletions(-) delete mode 100644 windows/client-management/mdm/policy-csp-admx-skydrive.md diff --git a/windows/client-management/mdm/policy-csp-admx-skydrive.md b/windows/client-management/mdm/policy-csp-admx-skydrive.md deleted file mode 100644 index 90f1b868a1..0000000000 --- a/windows/client-management/mdm/policy-csp-admx-skydrive.md +++ /dev/null @@ -1,113 +0,0 @@ ---- -title: Policy CSP - ADMX_SkyDrive -description: Policy CSP - ADMX_SkyDrive -ms.author: dansimp -ms.localizationpriority: medium -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: manikadhiman -ms.date: 12/08/2020 -ms.reviewer: -manager: dansimp ---- - -# Policy CSP - ADMX_SkyDrive - - -
- - -## ADMX_SkyDrive policies - -
-
- ADMX_SkyDrive/PreventNetworkTrafficPreUserSignIn -
-
- - -
- - -**ADMX_SkyDrive/PreventNetworkTrafficPreUserSignIn** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Enable this setting to prevent the OneDrive sync client (OneDrive.exe) from generating network traffic (checking for updates, etc.) until the user signs in to OneDrive or starts syncing files to the local computer. - -If you enable this setting, users must sign in to the OneDrive sync client on the local computer, or select to sync OneDrive or SharePoint files on the computer, for the sync client to start automatically. - -If this setting is not enabled, the OneDrive sync client will start automatically when users sign in to Windows. - -If you enable or disable this setting, do not return the setting to Not Configured. Doing so will not change the configuration and the last configured setting will remain in effect. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP Friendly name: *Prevent OneDrive from generating network traffic until the user signs in to OneDrive* -- GP name: *PreventNetworkTrafficPreUserSignIn* -- GP path: *Windows Components\OneDrive* -- GP ADMX file name: *SkyDrive.admx* - - - -
- -> [!NOTE] -> These policies are currently only available as part of a Windows Insider release. - - - From 66707bc6abb2cecd1b17187271a83b40e45d9196 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Tue, 5 Oct 2021 17:04:48 +0530 Subject: [PATCH 28/36] Updated --- .openpublishing.redirection.json | 7 ++++++- .../mdm/policy-configuration-service-provider.md | 16 ++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 6a38e2a92b..18d290138b 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -19046,7 +19046,12 @@ "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings", "redirect_document_id": true } - + }, + { + "source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md", + "redirect_url": "/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools", + "redirect_document_id": true + } ] } diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index faa617028b..18c2823552 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -3623,6 +3623,22 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
### ADMX_ShellCommandPromptRegEditTools policies + +
+
+ ADMX_ShellCommandPromptRegEditTools/DisallowApps +
+
+ ADMX_ShellCommandPromptRegEditTools/DisableRegedit +
+
+ ADMX_ShellCommandPromptRegEditTools/DisableCMD +
+
+ ADMX_ShellCommandPromptRegEditTools/RestrictApps +
+
+ ### ADMX_Smartcard policies
From 1b5511079c485e83382727c13447d8d592aad9de Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Tue, 5 Oct 2021 17:07:55 +0530 Subject: [PATCH 29/36] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 18d290138b..43856a342b 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -19045,7 +19045,7 @@ "source_path": "windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md", "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings", "redirect_document_id": true - } + }, { "source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md", From a525209dea6fce55825ccc05d82ca82beaa110c2 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 5 Oct 2021 12:56:40 -0400 Subject: [PATCH 30/36] Update index.yml --- windows/hub/index.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/windows/hub/index.yml b/windows/hub/index.yml index 3d697a0ce8..67be6734bf 100644 --- a/windows/hub/index.yml +++ b/windows/hub/index.yml @@ -50,6 +50,18 @@ productDirectory: imageSrc: /windows/resources/images/winlogo.svg summary: See the system requirements for Windows 11, including running Windows 11 on a virtual machine url: /windows/whats-new/windows-11-requirements + - title: Compare Windows 11 Editions + imageSrc: /windows/resources/images/winlogo.svg + summary: Get more information on the edition that's right for your organization + url: https://www.microsoft.com/windows/business/compare-windows-11 + - title: FAQ: Upgrade to Windows 11 + imageSrc: /windows/resources/images/winlogo.svg + summary: See some common questions and answers when upgrading to Windows 11 + url: https://support.microsoft.com/windows/upgrade-to-windows-11-faq-fb6206a2-1a0f-448a-80f1-8668ee5b2bf9 + - title: Windows 11 chip to cloud protection: Security challenges of hybrid work + imageSrc: /windows/resources/images/winlogo.svg + summary: Blog from the Microsoft Windows Security Team + url: https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work - title: Trusted Platform Module (TPM) imageSrc: /windows/resources/images/winlogo.svg summary: Learn more about TPM, and why it's a good thing @@ -135,6 +147,9 @@ conceptualContent: - url: /windows/application-management/remove-provisioned-apps-during-update itemType: how-to-guide text: Keep removed apps from returning during an update + - url: https://blogs.windows.com/windowsdeveloper/2021/10/04/developing-for-windows-11/ + itemType: blog + text: Blog: Develop apps for Windows 11 # Card - title: Client management @@ -244,4 +259,4 @@ additionalContent: - text: Get started with Windows Server url: /windows-server/get-started/get-started-with-windows-server - text: Windows Server blog - url: https://cloudblogs.microsoft.com/windowsserver/ \ No newline at end of file + url: https://cloudblogs.microsoft.com/windowsserver/ From ddba34ce0b284151a0be029adf6f664983c825ba Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 5 Oct 2021 12:59:11 -0400 Subject: [PATCH 31/36] Replaced colon --- windows/hub/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/hub/index.yml b/windows/hub/index.yml index 67be6734bf..e0bf68fd93 100644 --- a/windows/hub/index.yml +++ b/windows/hub/index.yml @@ -54,7 +54,7 @@ productDirectory: imageSrc: /windows/resources/images/winlogo.svg summary: Get more information on the edition that's right for your organization url: https://www.microsoft.com/windows/business/compare-windows-11 - - title: FAQ: Upgrade to Windows 11 + - title: FAQ - Upgrade to Windows 11 imageSrc: /windows/resources/images/winlogo.svg summary: See some common questions and answers when upgrading to Windows 11 url: https://support.microsoft.com/windows/upgrade-to-windows-11-faq-fb6206a2-1a0f-448a-80f1-8668ee5b2bf9 From ed95e8305b008eb67e4ad9fa0d49ce7604483371 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 5 Oct 2021 13:02:02 -0400 Subject: [PATCH 32/36] Replaced colons --- windows/hub/index.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/hub/index.yml b/windows/hub/index.yml index e0bf68fd93..78210cc37c 100644 --- a/windows/hub/index.yml +++ b/windows/hub/index.yml @@ -58,7 +58,7 @@ productDirectory: imageSrc: /windows/resources/images/winlogo.svg summary: See some common questions and answers when upgrading to Windows 11 url: https://support.microsoft.com/windows/upgrade-to-windows-11-faq-fb6206a2-1a0f-448a-80f1-8668ee5b2bf9 - - title: Windows 11 chip to cloud protection: Security challenges of hybrid work + - title: Windows 11 chip to cloud protection - Security challenges of hybrid work imageSrc: /windows/resources/images/winlogo.svg summary: Blog from the Microsoft Windows Security Team url: https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work @@ -149,7 +149,7 @@ conceptualContent: text: Keep removed apps from returning during an update - url: https://blogs.windows.com/windowsdeveloper/2021/10/04/developing-for-windows-11/ itemType: blog - text: Blog: Develop apps for Windows 11 + text: Blog - Develop apps for Windows 11 # Card - title: Client management From be2b46ea7073f02d471a7c0a630bdb55f86bf90d Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 5 Oct 2021 13:05:31 -0400 Subject: [PATCH 33/36] Updated itemType --- windows/hub/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/hub/index.yml b/windows/hub/index.yml index 78210cc37c..92b6a6bdcd 100644 --- a/windows/hub/index.yml +++ b/windows/hub/index.yml @@ -148,7 +148,7 @@ conceptualContent: itemType: how-to-guide text: Keep removed apps from returning during an update - url: https://blogs.windows.com/windowsdeveloper/2021/10/04/developing-for-windows-11/ - itemType: blog + itemType: overview text: Blog - Develop apps for Windows 11 # Card From 6802d42e96de930973134cccf2ddbc88f0d612a5 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 5 Oct 2021 14:16:36 -0400 Subject: [PATCH 34/36] Added Win11 Enterprise link --- windows/hub/index.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/hub/index.yml b/windows/hub/index.yml index 92b6a6bdcd..9c115c5b15 100644 --- a/windows/hub/index.yml +++ b/windows/hub/index.yml @@ -50,10 +50,10 @@ productDirectory: imageSrc: /windows/resources/images/winlogo.svg summary: See the system requirements for Windows 11, including running Windows 11 on a virtual machine url: /windows/whats-new/windows-11-requirements - - title: Compare Windows 11 Editions + - title: Learn more about Windows 11 Enterprise imageSrc: /windows/resources/images/winlogo.svg - summary: Get more information on the edition that's right for your organization - url: https://www.microsoft.com/windows/business/compare-windows-11 + summary: Get more information on the features, security, and licensing plans designed for organizations + url: https://www.microsoft.com/microsoft-365/windows/windows-11-enterprise - title: FAQ - Upgrade to Windows 11 imageSrc: /windows/resources/images/winlogo.svg summary: See some common questions and answers when upgrading to Windows 11 From 6024d0566908f9bae3676bede959dd737df14375 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 6 Oct 2021 00:22:03 +0530 Subject: [PATCH 35/36] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 43856a342b..737c498593 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -19037,7 +19037,7 @@ }, { "source_path": "windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md", - "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter", + "redirect_url": "/windows/client-management/mdm/policy-csp-admx-wordwheel", "redirect_document_id": true }, From 4256cbf65c7d846837ac152c7159a1cde9de806d Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Tue, 5 Oct 2021 13:26:26 -0700 Subject: [PATCH 36/36] specify setup --- ...grade-to-windows-11-with-the-microsoft-deployment-toolkit.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-11-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-11-with-the-microsoft-deployment-toolkit.md index 0623eb51b1..ccbb15d9c5 100644 --- a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-11-with-the-microsoft-deployment-toolkit.md +++ b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-11-with-the-microsoft-deployment-toolkit.md @@ -30,7 +30,7 @@ The simplest path to upgrade PCs that are currently running an earlier version o In-place upgrade differs from [computer refresh](refresh-a-windows-10-computer-with-windows-11.md) in that you cannot use a custom image to perform the in-place upgrade. In this article we will add a default Windows 11 image to the production deployment share specifically to perform an in-place upgrade. > [!IMPORTANT] -> Windows 11 will block the upgrade process on devices that do not meet [Windows 11 hardware requirements](/windows/whats-new/windows-11-requirements). Be sure to verify that your device meets these requirements before attempting to upgrade to Windows 11. +> Windows 11 setup will block the upgrade process on devices that do not meet [Windows 11 hardware requirements](/windows/whats-new/windows-11-requirements). Be sure to verify that your device meets these requirements before attempting to upgrade to Windows 11. Three computers are used in this topic: DC01, MDT01, and PC0002.