deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

tpm userexperiencevirtualization userprofiles

Browse Source
This commit is contained in:
Liz Long 2023-01-03 15:42:25 -05:00
parent 9d3c5d14d9
commit b603a8a257
3 changed files with 7049 additions and 5560 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

906
windows/client-management/mdm/policy-csp-admx-tpm.md
View File

File diff suppressed because it is too large Load Diff

10940
windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
View File

File diff suppressed because it is too large Load Diff

763
windows/client-management/mdm/policy-csp-admx-userprofiles.md
View File

@ -1,468 +1,553 @@
--- ---
title: Policy CSP - ADMX_UserProfiles title: ADMX_UserProfiles Policy CSP
description: Learn about Policy CSP - ADMX_UserProfiles. description: Learn more about the ADMX_UserProfiles Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 01/03/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 11/11/2020
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_UserProfiles-Begin -->
# Policy CSP - ADMX_UserProfiles # Policy CSP - ADMX_UserProfiles
<hr/>
> [!TIP] > [!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> >
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
> >
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--Policies-->
## ADMX_UserProfiles policies
<dl> <!-- ADMX_UserProfiles-Editable-Begin -->
<dd> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<a href="#admx-userprofiles-cleanupprofiles">ADMX_UserProfiles/CleanupProfiles</a> <!-- ADMX_UserProfiles-Editable-End -->
</dd>
<dd>
<a href="#admx-userprofiles-dontforceunloadhive">ADMX_UserProfiles/DontForceUnloadHive</a>
</dd>
<dd>
<a href="#admx-userprofiles-leaveappmgmtdata">ADMX_UserProfiles/LeaveAppMgmtData</a>
</dd>
<dd>
<a href="#admx-userprofiles-limitsize">ADMX_UserProfiles/LimitSize</a>
</dd>
<dd>
<a href="#admx-userprofiles-profileerroraction">ADMX_UserProfiles/ProfileErrorAction</a>
</dd>
<dd>
<a href="#admx-userprofiles-slowlinktimeout">ADMX_UserProfiles/SlowLinkTimeOut</a>
</dd>
<dd>
<a href="#admx-userprofiles-user-home">ADMX_UserProfiles/USER_HOME</a>
</dd>
<dd>
<a href="#admx-userprofiles-userinfoaccessaction">ADMX_UserProfiles/UserInfoAccessAction</a>
</dd>
</dl>
<!-- CleanupProfiles-Begin -->
## CleanupProfiles
<hr/> <!-- CleanupProfiles-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- CleanupProfiles-Applicability-End -->
<!--Policy--> <!-- CleanupProfiles-OmaUri-Begin -->
<a href="" id="admx-userprofiles-cleanupprofiles"></a>**ADMX_UserProfiles/CleanupProfiles** ```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_UserProfiles/CleanupProfiles
```
<!-- CleanupProfiles-OmaUri-End -->
<!--SupportedSKUs--> <!-- CleanupProfiles-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days.
|Edition|Windows 10|Windows 11| **Note**: One day is interpreted as 24 hours after a specific user profile was accessed.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that have not been used within the specified number of days.
<hr/>
<!--Scope--> If you disable or do not configure this policy setting, User Profile Service will not automatically delete any profiles on the next system restart.
[Scope](./policy-configuration-service-provider.md#policy-scope): <!-- CleanupProfiles-Description-End -->
> [!div class = "checklist"] <!-- CleanupProfiles-Editable-Begin -->
> * Device <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- CleanupProfiles-Editable-End -->
<hr/> <!-- CleanupProfiles-DFProperties-Begin -->
**Description framework properties**:
<!--/Scope--> | Property name | Property value |
<!--Description--> |:--|:--|
This policy setting allows an administrator to automatically delete user profiles on system restart that haven't been used within a specified number of days. | Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- CleanupProfiles-DFProperties-End -->
> [!NOTE] <!-- CleanupProfiles-AdmxBacked-Begin -->
> One day is interpreted as 24 hours after a specific user profile was accessed. > [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that haven't been used within the specified number of days. **ADMX mapping**:
If you disable or don't configure this policy setting, User Profile Service won't automatically delete any profiles on the next system restart. | Name | Value |
|:--|:--|
| Name | CleanupProfiles |
| Friendly Name | Delete user profiles older than a specified number of days on system restart |
| Location | Computer Configuration |
| Path | System > User Profiles |
| Registry Key Name | Software\Policies\Microsoft\Windows\System |
| ADMX File Name | UserProfiles.admx |
<!-- CleanupProfiles-AdmxBacked-End -->
<!--/Description--> <!-- CleanupProfiles-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- CleanupProfiles-Examples-End -->
<!--ADMXBacked--> <!-- CleanupProfiles-End -->
ADMX Info:
- GP Friendly name: *Delete user profiles older than a specified number of days on system restart*
- GP name: *CleanupProfiles*
- GP path: *System\User Profiles*
- GP ADMX file name: *UserProfiles.admx*
<!--/ADMXBacked--> <!-- DontForceUnloadHive-Begin -->
<!--/Policy--> ## DontForceUnloadHive
<hr/>
<!--Policy--> <!-- DontForceUnloadHive-Applicability-Begin -->
<a href="" id="admx-userprofiles-dontforceunloadhive"></a>**ADMX_UserProfiles/DontForceUnloadHive** | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- DontForceUnloadHive-Applicability-End -->
<!--SupportedSKUs--> <!-- DontForceUnloadHive-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_UserProfiles/DontForceUnloadHive
```
<!-- DontForceUnloadHive-OmaUri-End -->
|Edition|Windows 10|Windows 11| <!-- DontForceUnloadHive-Description-Begin -->
|--- |--- |--- | <!-- Description-Source-ADMX -->
|Home|No|No| This policy setting controls whether Windows forcefully unloads the user's registry at logoff, even if there are open handles to the per-user registry keys.
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> Note: This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile.
<hr/>
<!--Scope--> If you enable this policy setting, Windows will not forcefully unload the users registry at logoff, but will unload the registry when all open handles to the per-user registry keys are closed.
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] If you disable or do not configure this policy setting, Windows will always unload the users registry at logoff, even if there are any open handles to the per-user registry keys at user logoff.
> * Device <!-- DontForceUnloadHive-Description-End -->
<hr/> <!-- DontForceUnloadHive-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- DontForceUnloadHive-Editable-End -->
<!--/Scope--> <!-- DontForceUnloadHive-DFProperties-Begin -->
<!--Description--> **Description framework properties**:
This policy setting controls whether Windows forcefully unloads the user's registry at sign out, even if there are open handles to the per-user registry keys.
> [!NOTE] | Property name | Property value |
> This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile. |:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- DontForceUnloadHive-DFProperties-End -->
If you enable this policy setting, Windows won't forcefully unload the user's registry at sign out, but will unload the registry when all open handles to the per-user registry keys are closed. <!-- DontForceUnloadHive-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
If you disable or don't configure this policy setting, Windows will always unload the user's registry at sign out, even if there are any open handles to the per-user registry keys at user sign out. **ADMX mapping**:
<!--/Description--> | Name | Value |
|:--|:--|
| Name | DontForceUnloadHive |
| Friendly Name | Do not forcefully unload the users registry at user logoff |
| Location | Computer Configuration |
| Path | System > User Profiles |
| Registry Key Name | Software\Policies\Microsoft\Windows\System |
| Registry Value Name | DisableForceUnload |
| ADMX File Name | UserProfiles.admx |
<!-- DontForceUnloadHive-AdmxBacked-End -->
<!--ADMXBacked--> <!-- DontForceUnloadHive-Examples-Begin -->
ADMX Info: <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
- GP Friendly name: *Do not forcefully unload the users registry at user logoff* <!-- DontForceUnloadHive-Examples-End -->
- GP name: *DontForceUnloadHive*
- GP path: *System\User Profiles*
- GP ADMX file name: *UserProfiles.admx*
<!--/ADMXBacked--> <!-- DontForceUnloadHive-End -->
<!--/Policy-->
<hr/>
<!--Policy--> <!-- LeaveAppMgmtData-Begin -->
<a href="" id="admx-userprofiles-leaveappmgmtdata"></a>**ADMX_UserProfiles/LeaveAppMgmtData** ## LeaveAppMgmtData
<!--SupportedSKUs--> <!-- LeaveAppMgmtData-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- LeaveAppMgmtData-Applicability-End -->
|Edition|Windows 10|Windows 11| <!-- LeaveAppMgmtData-OmaUri-Begin -->
|--- |--- |--- | ```Device
|Home|No|No| ./Device/Vendor/MSFT/Policy/Config/ADMX_UserProfiles/LeaveAppMgmtData
|Pro|Yes|Yes| ```
|Windows SE|No|Yes| <!-- LeaveAppMgmtData-OmaUri-End -->
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> <!-- LeaveAppMgmtData-Description-Begin -->
<hr/> <!-- Description-Source-ADMX -->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion. This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.
By default Windows deletes all information related to a roaming user (which includes the user's settings, data, Windows Installer related data, and the like) when their profile is deleted. As a result, the next time roaming users whose profiles were previously deleted on that client sign in, they'll need to reinstall all apps published via policy at sign in, increasing sign-in time. You can use this policy setting to change this behavior. By default Windows deletes all information related to a roaming user (which includes the user's settings, data, Windows Installer related data, and the like) when their profile is deleted. As a result, the next time a roaming user whose profile was previously deleted on that client logs on, they will need to reinstall all apps published via policy at logon increasing logon time. You can use this policy setting to change this behavior.
If you enable this policy setting, Windows won't delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from the machine. This data retention will improve the performance of Group Policy-based Software Installation during user sign in when a user profile is deleted and that user later signs in to the machine. If you enable this policy setting, Windows will not delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from the machine. This will improve the performance of Group Policy based Software Installation during user logon when a user profile is deleted and that user subsequently logs on to the machine.
If you disable or don't configure this policy setting, Windows will delete the entire profile for roaming users, including the Windows Installer and Group Policy software installation data when those profiles are deleted. If you disable or do not configure this policy setting, Windows will delete the entire profile for roaming users, including the Windows Installer and Group Policy software installation data when those profiles are deleted.
> [!NOTE] Note: If this policy setting is enabled for a machine, local administrator action is required to remove the Windows Installer or Group Policy software installation data stored in the registry and file system of roaming users' profiles on the machine.
> If this policy setting is enabled for a machine, local administrator action is required to remove the Windows Installer or Group Policy software installation data stored in the registry and file system of roaming users' profiles on the machine. <!-- LeaveAppMgmtData-Description-End -->
<!--/Description--> <!-- LeaveAppMgmtData-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- LeaveAppMgmtData-Editable-End -->
<!--ADMXBacked--> <!-- LeaveAppMgmtData-DFProperties-Begin -->
ADMX Info: **Description framework properties**:
- GP Friendly name: *Leave Windows Installer and Group Policy Software Installation Data*
- GP name: *LeaveAppMgmtData*
- GP path: *System\User Profiles*
- GP ADMX file name: *UserProfiles.admx*
<!--/ADMXBacked--> | Property name | Property value |
<!--/Policy--> |:--|:--|
<hr/> | Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- LeaveAppMgmtData-DFProperties-End -->
<!--Policy--> <!-- LeaveAppMgmtData-AdmxBacked-Begin -->
<a href="" id="admx-userprofiles-limitsize"></a>**ADMX_UserProfiles/LimitSize** > [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--SupportedSKUs--> **ADMX mapping**:
|Edition|Windows 10|Windows 11| | Name | Value |
|--- |--- |--- | |:--|:--|
|Home|No|No| | Name | LeaveAppMgmtData |
|Pro|Yes|Yes| | Friendly Name | Leave Windows Installer and Group Policy Software Installation Data |
|Windows SE|No|Yes| | Location | Computer Configuration |
|Business|Yes|Yes| | Path | System > User Profiles |
|Enterprise|Yes|Yes| | Registry Key Name | Software\Policies\Microsoft\Windows\System |
|Education|Yes|Yes| | Registry Value Name | LeaveAppMgmtData |
| ADMX File Name | UserProfiles.admx |
<!-- LeaveAppMgmtData-AdmxBacked-End -->
<!--/SupportedSKUs--> <!-- LeaveAppMgmtData-Examples-Begin -->
<hr/> <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- LeaveAppMgmtData-Examples-End -->
<!--Scope--> <!-- LeaveAppMgmtData-End -->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] <!-- ProfileErrorAction-Begin -->
> * User ## ProfileErrorAction
<hr/> <!-- ProfileErrorAction-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- ProfileErrorAction-Applicability-End -->
<!--/Scope--> <!-- ProfileErrorAction-OmaUri-Begin -->
<!--Description--> ```Device
This policy setting sets the maximum size of each user profile and determines the system's response when a user profile reaches the maximum size. This policy setting affects both local and roaming profiles. ./Device/Vendor/MSFT/Policy/Config/ADMX_UserProfiles/ProfileErrorAction
```
<!-- ProfileErrorAction-OmaUri-End -->
If you disable this policy setting or don't configure it, the system doesn't limit the size of user profiles. <!-- ProfileErrorAction-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting will automatically log off a user when Windows cannot load their profile.
If you enable this policy setting, you can: If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from loggin on the user with a temporary profile.
- Set a maximum permitted user profile size. If you enable this policy setting, Windows will not log on a user with a temporary profile. Windows logs the user off if their profile cannot be loaded.
- Determine whether the registry files are included in the calculation of the profile size.
- Determine whether users are notified when the profile exceeds the permitted maximum size.
- Specify a customized message notifying users of the oversized profile.
- Determine how often the customized message is displayed.
<!--/Description--> If you disable this policy setting or do not configure it, Windows logs on the user with a temporary profile when Windows cannot load their user profile.
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Limit profile size*
- GP name: *LimitSize*
- GP path: *System\User Profiles*
- GP ADMX file name: *UserProfiles.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-userprofiles-profileerroraction"></a>**ADMX_UserProfiles/ProfileErrorAction**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting will automatically sign out a user when Windows can't load their profile.
If Windows can't access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from logging on the user with a temporary profile.
If you enable this policy setting, Windows won't sign in users with a temporary profile. Windows signs out the users if their profiles can't be loaded.
If you disable this policy setting or don't configure it, Windows logs on the user with a temporary profile when Windows can't load their user profile.
Also, see the "Delete cached copies of roaming profiles" policy setting. Also, see the "Delete cached copies of roaming profiles" policy setting.
<!-- ProfileErrorAction-Description-End -->
<!--/Description--> <!-- ProfileErrorAction-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ProfileErrorAction-Editable-End -->
<!--ADMXBacked--> <!-- ProfileErrorAction-DFProperties-Begin -->
ADMX Info: **Description framework properties**:
- GP Friendly name: *Do not log users on with temporary profiles*
- GP name: *ProfileErrorAction*
- GP path: *System\User Profiles*
- GP ADMX file name: *UserProfiles.admx*
<!--/ADMXBacked--> | Property name | Property value |
<!--/Policy--> |:--|:--|
<hr/> | Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- ProfileErrorAction-DFProperties-End -->
<!--Policy--> <!-- ProfileErrorAction-AdmxBacked-Begin -->
<a href="" id="admx-userprofiles-slowlinktimeout"></a>**ADMX_UserProfiles/SlowLinkTimeOut** > [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--SupportedSKUs--> **ADMX mapping**:
|Edition|Windows 10|Windows 11| | Name | Value |
|--- |--- |--- | |:--|:--|
|Home|No|No| | Name | ProfileErrorAction |
|Pro|Yes|Yes| | Friendly Name | Do not log users on with temporary profiles |
|Windows SE|No|Yes| | Location | Computer Configuration |
|Business|Yes|Yes| | Path | System > User Profiles |
|Enterprise|Yes|Yes| | Registry Key Name | Software\Policies\Microsoft\Windows\System |
|Education|Yes|Yes| | Registry Value Name | ProfileErrorAction |
| ADMX File Name | UserProfiles.admx |
<!-- ProfileErrorAction-AdmxBacked-End -->
<!--/SupportedSKUs--> <!-- ProfileErrorAction-Examples-Begin -->
<hr/> <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- ProfileErrorAction-Examples-End -->
<!--Scope--> <!-- ProfileErrorAction-End -->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] <!-- SlowLinkTimeOut-Begin -->
> * Device ## SlowLinkTimeOut
<hr/> <!-- SlowLinkTimeOut-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- SlowLinkTimeOut-Applicability-End -->
<!--/Scope--> <!-- SlowLinkTimeOut-OmaUri-Begin -->
<!--Description--> ```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_UserProfiles/SlowLinkTimeOut
```
<!-- SlowLinkTimeOut-OmaUri-End -->
<!-- SlowLinkTimeOut-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed. This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed.
To determine the network performance characteristics, a connection is made to the file share storing the user's profile and 64 kilobytes of data is transferred. From that connection and data transfer, the network's latency and connection speed are determined. To determine the network performance characteristics, a connection is made to the file share storing the user's profile and 64 kilobytes of data is transfered. From that connection and data transfer, the network's latency and connection speed are determined.
This policy setting and related policy settings in this folder together define the system's response when roaming user profiles are slow to load. This policy setting and related policy settings in this folder together define the system's response when roaming user profiles are slow to load.
If you enable this policy setting, you can change how long Windows waits for a response from the server before considering the connection to be slow. If you enable this policy setting, you can change how long Windows waits for a response from the server before considering the connection to be slow.
If you disable or don't configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond.Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections.Important: If the "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there's no local copy of the roaming profile to load when the system detects a slow connection. If you disable or do not configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond.Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections.
<!--/Description--> **Important**: If the "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection.
<!-- SlowLinkTimeOut-Description-End -->
<!--ADMXBacked--> <!-- SlowLinkTimeOut-Editable-Begin -->
ADMX Info: <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
- GP Friendly name: *Control slow network connection timeout for user profiles* <!-- SlowLinkTimeOut-Editable-End -->
- GP name: *SlowLinkTimeOut*
- GP path: *System\User Profiles*
- GP ADMX file name: *UserProfiles.admx*
<!--/ADMXBacked--> <!-- SlowLinkTimeOut-DFProperties-Begin -->
<!--/Policy--> **Description framework properties**:
<hr/>
<!--Policy--> | Property name | Property value |
<a href="" id="admx-userprofiles-user-home"></a>**ADMX_UserProfiles/USER_HOME** |:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- SlowLinkTimeOut-DFProperties-End -->
<!--SupportedSKUs--> <!-- SlowLinkTimeOut-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
|Edition|Windows 10|Windows 11| **ADMX mapping**:
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> | Name | Value |
<hr/> |:--|:--|
| Name | SlowLinkTimeOut |
| Friendly Name | Control slow network connection timeout for user profiles |
| Location | Computer Configuration |
| Path | System > User Profiles |
| Registry Key Name | Software\Policies\Microsoft\Windows\System |
| ADMX File Name | UserProfiles.admx |
<!-- SlowLinkTimeOut-AdmxBacked-End -->
<!--Scope--> <!-- SlowLinkTimeOut-Examples-Begin -->
[Scope](./policy-configuration-service-provider.md#policy-scope): <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SlowLinkTimeOut-Examples-End -->
> [!div class = "checklist"] <!-- SlowLinkTimeOut-End -->
> * Device
<hr/> <!-- USER_HOME-Begin -->
## USER_HOME
<!--/Scope--> <!-- USER_HOME-Applicability-Begin -->
<!--Description--> | Scope | Editions | Applicable OS |
This policy setting allows you to specify the location and root (file share or local path) of a user's home folder for a sign-in session. |:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- USER_HOME-Applicability-End -->
<!-- USER_HOME-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_UserProfiles/USER_HOME
```
<!-- USER_HOME-OmaUri-End -->
<!-- USER_HOME-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting allows you to specify the location and root (file share or local path) of a user's home folder for a logon session.
If you enable this policy setting, the user's home folder is configured to the specified local or network location, creating a new folder for each user name. If you enable this policy setting, the user's home folder is configured to the specified local or network location, creating a new folder for each user name.
To use this policy setting, in the Location list, choose the location for the home folder. If you choose “On the network,” enter the path to a file share in the Path box (for example, \\\\ComputerName\ShareName), and then choose the drive letter to assign to the file share. If you choose “On the local computer,” enter a local path (for example, C:\HomeFolder) in the Path box. To use this policy setting, in the Location list, choose the location for the home folder. If you choose “On the network,” enter the path to a file share in the Path box (for example, \\ComputerName\ShareName), and then choose the drive letter to assign to the file share. If you choose “On the local computer,” enter a local path (for example, C:\HomeFolder) in the Path box.
Don't specify environment variables or ellipses in the path. Also, don't specify a placeholder for the user name because the user name will be appended at sign in. Do not specify environment variables or ellipses in the path. Also, do not specify a placeholder for the user name because the user name will be appended at logon.
> [!NOTE] Note: The Drive letter box is ignored if you choose “On the local computer” from the Location list. If you choose “On the local computer” and enter a file share, the user's home folder will be placed in the network location without mapping the file share to a drive letter.
> The Drive letter box is ignored if you choose “On the local computer” from the Location list. If you choose “On the local computer” and enter a file share, the user's home folder will be placed in the network location without mapping the file share to a drive letter.
If you disable or don't configure this policy setting, the user's home folder is configured as specified in the user's Active Directory Domain Services account. If you disable or do not configure this policy setting, the user's home folder is configured as specified in the user's Active Directory Domain Services account.
If the "Set Remote Desktop Services User Home Directory" policy setting is enabled, the “Set user home folder” policy setting has no effect. If the "Set Remote Desktop Services User Home Directory" policy setting is enabled, the “Set user home folder” policy setting has no effect.
<!-- USER_HOME-Description-End -->
<!--/Description--> <!-- USER_HOME-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- USER_HOME-Editable-End -->
<!--ADMXBacked--> <!-- USER_HOME-DFProperties-Begin -->
ADMX Info: **Description framework properties**:
- GP Friendly name: *Set user home folder*
- GP name: *USER_HOME*
- GP path: *System\User Profiles*
- GP ADMX file name: *UserProfiles.admx*
<!--/ADMXBacked--> | Property name | Property value |
<!--/Policy--> |:--|:--|
<hr/> | Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- USER_HOME-DFProperties-End -->
<!--Policy--> <!-- USER_HOME-AdmxBacked-Begin -->
<a href="" id="admx-userprofiles-userinfoaccessaction"></a>**ADMX_UserProfiles/UserInfoAccessAction** > [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--SupportedSKUs--> **ADMX mapping**:
|Edition|Windows 10|Windows 11| | Name | Value |
|--- |--- |--- | |:--|:--|
|Home|No|No| | Name | USER_HOME |
|Pro|Yes|Yes| | Friendly Name | Set user home folder |
|Windows SE|No|Yes| | Location | Computer Configuration |
|Business|Yes|Yes| | Path | System > User Profiles |
|Enterprise|Yes|Yes| | Registry Key Name | Software\Policies\Microsoft\Windows\System |
|Education|Yes|Yes| | ADMX File Name | UserProfiles.admx |
<!-- USER_HOME-AdmxBacked-End -->
<!--/SupportedSKUs--> <!-- USER_HOME-Examples-Begin -->
<hr/> <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- USER_HOME-Examples-End -->
<!--Scope--> <!-- USER_HOME-End -->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] <!-- UserInfoAccessAction-Begin -->
> * Device ## UserInfoAccessAction
<hr/> <!-- UserInfoAccessAction-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- UserInfoAccessAction-Applicability-End -->
<!--/Scope--> <!-- UserInfoAccessAction-OmaUri-Begin -->
<!--Description--> ```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_UserProfiles/UserInfoAccessAction
```
<!-- UserInfoAccessAction-OmaUri-End -->
<!-- UserInfoAccessAction-Description-Begin -->
<!-- Description-Source-ADMX -->
This setting prevents users from managing the ability to allow apps to access the user name, account picture, and domain information. This setting prevents users from managing the ability to allow apps to access the user name, account picture, and domain information.
If you enable this policy setting, sharing of user name, picture and domain information may be controlled by setting one of the following options: If you enable this policy setting, sharing of user name, picture and domain information may be controlled by setting one of the following options:
- "Always on" - users won't be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS. "Always on" - users will not be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS.
- "Always off" - users won't be able to change this setting and the user's name and account picture won't be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability won't be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources.
If you don't configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn off the setting. "Always off" - users will not be able to change this setting and the user's name and account picture will not be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will not be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources.
<!--/Description--> If you do not configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn the setting off.
<!-- UserInfoAccessAction-Description-End -->
<!--ADMXBacked--> <!-- UserInfoAccessAction-Editable-Begin -->
ADMX Info: <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
- GP Friendly name: *User management of sharing user name, account picture, and domain information with apps (not desktop apps)* <!-- UserInfoAccessAction-Editable-End -->
- GP name: *UserInfoAccessAction*
- GP path: *System\User Profiles*
- GP ADMX file name: *UserProfiles.admx*
<!--/ADMXBacked--> <!-- UserInfoAccessAction-DFProperties-Begin -->
<!--/Policy--> **Description framework properties**:
<hr/> | Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- UserInfoAccessAction-DFProperties-End -->
<!--/Policies--> <!-- UserInfoAccessAction-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
## Related topics **ADMX mapping**:
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) | Name | Value |
|:--|:--|
| Name | UserInfoAccessAction_Name |
| Friendly Name | User management of sharing user name, account picture, and domain information with apps (not desktop apps) |
| Location | Computer Configuration |
| Path | System > User Profiles |
| Registry Key Name | Software\Policies\Microsoft\Windows\System |
| Registry Value Name | AllowUserInfoAccess |
| ADMX File Name | UserProfiles.admx |
<!-- UserInfoAccessAction-AdmxBacked-End -->
<!-- UserInfoAccessAction-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- UserInfoAccessAction-Examples-End -->
<!-- UserInfoAccessAction-End -->
<!-- LimitSize-Begin -->
## LimitSize
<!-- LimitSize-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- LimitSize-Applicability-End -->
<!-- LimitSize-OmaUri-Begin -->
```User
./User/Vendor/MSFT/Policy/Config/ADMX_UserProfiles/LimitSize
```
<!-- LimitSize-OmaUri-End -->
<!-- LimitSize-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting sets the maximum size of each user profile and determines the system's response when a user profile reaches the maximum size. This policy setting affects both local and roaming profiles.
If you disable this policy setting or do not configure it, the system does not limit the size of user profiles.
If you enable this policy setting, you can:
-- Set a maximum permitted user profile size.
-- Determine whether the registry files are included in the calculation of the profile size.
-- Determine whether users are notified when the profile exceeds the permitted maximum size.
-- Specify a customized message notifying users of the oversized profile.
-- Determine how often the customized message is displayed.
Note: In operating systems earlier than Microsoft Windows Vista, Windows will not allow users to log off until the profile size has been reduced to within the allowable limit. In Microsoft Windows Vista, Windows will not block users from logging off. Instead, if the user has a roaming user profile, Windows will not synchronize the user's profile with the roaming profile server if the maximum profile size limit specified here is exceeded.
<!-- LimitSize-Description-End -->
<!-- LimitSize-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- LimitSize-Editable-End -->
<!-- LimitSize-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- LimitSize-DFProperties-End -->
<!-- LimitSize-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | LimitSize |
| Friendly Name | Limit profile size |
| Location | User Configuration |
| Path | System > User Profiles |
| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
| Registry Value Name | EnableProfileQuota |
| ADMX File Name | UserProfiles.admx |
<!-- LimitSize-AdmxBacked-End -->
<!-- LimitSize-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- LimitSize-Examples-End -->
<!-- LimitSize-End -->
<!-- ADMX_UserProfiles-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_UserProfiles-CspMoreInfo-End -->
<!-- ADMX_UserProfiles-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)