deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Add final set of CSPs

Browse Source
This commit is contained in:
Vinay Pamnani 2023-01-09 13:01:28 -05:00
parent 3927b0e331
commit c2b331c811
11 changed files with 7213 additions and 5758 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

362
windows/client-management/mdm/policy-csp-admx-disknvcache.md
View File

@ -1,200 +1,296 @@
--- ---
title: Policy CSP - ADMX_DiskNVCache title: ADMX_DiskNVCache Policy CSP
description: Learn about Policy CSP - ADMX_DiskNVCache. description: Learn more about the ADMX_DiskNVCache Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 01/09/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 08/12/2020
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_DiskNVCache-Begin -->
# Policy CSP - ADMX_DiskNVCache # Policy CSP - ADMX_DiskNVCache
<hr/>
<!--Policies-->
## ADMX_DiskNVCache policies
> [!TIP] > [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
> >
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!-- ADMX_DiskNVCache-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ADMX_DiskNVCache-Editable-End -->
<dl> <!-- BootResumePolicy-Begin -->
<dd> ## BootResumePolicy
<a href="#admx-disknvcache-bootresumepolicy">ADMX_DiskNVCache/BootResumePolicy</a>
</dd>
<dd>
<a href="#admx-disknvcache-featureoffpolicy">ADMX_DiskNVCache/FeatureOffPolicy</a>
</dd>
<dd>
<a href="#admx-disknvcache-solidstatepolicy">ADMX_DiskNVCache/SolidStatePolicy</a>
</dd>
</dl>
<!-- BootResumePolicy-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- BootResumePolicy-Applicability-End -->
<hr/> <!-- BootResumePolicy-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_DiskNVCache/BootResumePolicy
```
<!-- BootResumePolicy-OmaUri-End -->
<!--Policy--> <!-- BootResumePolicy-Description-Begin -->
<a href="" id="admx-disknvcache-bootresumepolicy"></a>**ADMX_DiskNVCache/BootResumePolicy** <!-- Description-Source-ADMX -->
<!--SupportedSKUs--> This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system.
|Edition|Windows 10|Windows 11| - If you enable this policy setting, the system does not use the non-volatile (NV) cache to optimize boot and resume.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> - If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume. The system determines the data that will be stored in the NV cache to optimize boot and resume. The required data is stored in the NV cache during shutdown and hibernate, respectively. This might cause a slight increase in the time taken for shutdown and hibernate.
<hr/>
<!--Scope--> - If you do not configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] > [!NOTE]
> * Device > This policy setting is applicable only if the NV cache feature is on.
<!-- BootResumePolicy-Description-End -->
<hr/> <!-- BootResumePolicy-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- BootResumePolicy-Editable-End -->
<!--/Scope--> <!-- BootResumePolicy-DFProperties-Begin -->
<!--Description--> **Description framework properties**:
This policy setting turns off the boot and resumes optimizations for the hybrid hard disks in the system.
If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume. | Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- BootResumePolicy-DFProperties-End -->
The system determines the data that will be stored in the NV cache to optimize boot and resume. <!-- BootResumePolicy-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
The required data is stored in the NV cache during shutdown and hibernate, respectively. This storage in such a location might cause a slight increase in the time taken for shutdown and hibernate. If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations. **ADMX mapping**:
This policy setting is applicable only if the NV cache feature is on. | Name | Value |
|:--|:--|
| Name | BootResumePolicy |
| Friendly Name | Turn off boot and resume optimizations |
| Location | Computer Configuration |
| Path | System > Disk NV Cache |
| Registry Key Name | Software\Policies\Microsoft\Windows\NvCache |
| Registry Value Name | OptimizeBootAndResume |
| ADMX File Name | DiskNVCache.admx |
<!-- BootResumePolicy-AdmxBacked-End -->
<!--/Description--> <!-- BootResumePolicy-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- BootResumePolicy-Examples-End -->
<!--ADMXBacked--> <!-- BootResumePolicy-End -->
ADMX Info:
- GP Friendly name: *Turn off boot and resume optimizations*
- GP name: *BootResumePolicy*
- GP path: *System\Disk NV Cache*
- GP ADMX file name: *DiskNVCache.admx*
<!--/ADMXBacked--> <!-- CachePowerModePolicy-Begin -->
<!--/Policy--> ## CachePowerModePolicy
<hr/>
<a href="" id="admx-disknvcache-featureoffpolicy"></a>**ADMX_DiskNVCache/FeatureOffPolicy** <!-- CachePowerModePolicy-Applicability-Begin -->
<!--SupportedSKUs--> | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- CachePowerModePolicy-Applicability-End -->
|Edition|Windows 10|Windows 11| <!-- CachePowerModePolicy-OmaUri-Begin -->
|--- |--- |--- | ```Device
|Home|No|No| ./Device/Vendor/MSFT/Policy/Config/ADMX_DiskNVCache/CachePowerModePolicy
|Pro|Yes|Yes| ```
|Windows SE|No|Yes| <!-- CachePowerModePolicy-OmaUri-End -->
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> <!-- CachePowerModePolicy-Description-Begin -->
<hr/> <!-- Description-Source-ADMX -->
This policy setting turns off power save mode on the hybrid hard disks in the system.
<!--Scope--> - If you enable this policy setting, the hard disks are not put into NV cache power save mode and no power savings are achieved.
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] - If you disable this policy setting, the hard disks are put into an NV cache power saving mode. In this mode, the system tries to save power by aggressively spinning down the disk.
> * Device
<hr/> - If you do not configure this policy setting, the default behavior is to allow the hybrid hard disks to be in power save mode.
<!--/Scope--> > [!NOTE]
<!--Description--> > This policy setting is applicable only if the NV cache feature is on.
This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. <!-- CachePowerModePolicy-Description-End -->
To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache. <!-- CachePowerModePolicy-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- CachePowerModePolicy-Editable-End -->
If you enable this policy setting, the system won't manage the NV cache and won't enable NV cache power saving mode. <!-- CachePowerModePolicy-DFProperties-Begin -->
**Description framework properties**:
If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured. | Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- CachePowerModePolicy-DFProperties-End -->
This policy setting will take effect on next boot. If you don't configure this policy setting, the default behavior is to turn on support for the NV cache. <!-- CachePowerModePolicy-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
<!--/Description--> **ADMX mapping**:
<!--ADMXBacked--> | Name | Value |
ADMX Info: |:--|:--|
- GP Friendly name: *Turn off non-volatile cache feature* | Name | CachePowerModePolicy |
- GP name: *FeatureOffPolicy* | Friendly Name | Turn off cache power mode |
- GP path: *System\Disk NV Cache* | Location | Computer Configuration |
- GP ADMX file name: *DiskNVCache.admx* | Path | System > Disk NV Cache |
| Registry Key Name | Software\Policies\Microsoft\Windows\NvCache |
| Registry Value Name | EnablePowerModeState |
| ADMX File Name | DiskNVCache.admx |
<!-- CachePowerModePolicy-AdmxBacked-End -->
<!--/ADMXBacked--> <!-- CachePowerModePolicy-Examples-Begin -->
<!--/Policy--> <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- CachePowerModePolicy-Examples-End -->
<hr/> <!-- CachePowerModePolicy-End -->
<!--Policy--> <!-- FeatureOffPolicy-Begin -->
<a href="" id="admx-disknvcache-solidstatepolicy"></a>**ADMX_DiskNVCache/SolidStatePolicy** ## FeatureOffPolicy
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11| <!-- FeatureOffPolicy-Applicability-Begin -->
|--- |--- |--- | | Scope | Editions | Applicable OS |
|Home|No|No| |:--|:--|:--|
|Pro|Yes|Yes| | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
|Windows SE|No|Yes| <!-- FeatureOffPolicy-Applicability-End -->
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> <!-- FeatureOffPolicy-OmaUri-Begin -->
<hr/> ```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_DiskNVCache/FeatureOffPolicy
```
<!-- FeatureOffPolicy-OmaUri-End -->
<!--Scope--> <!-- FeatureOffPolicy-Description-Begin -->
[Scope](./policy-configuration-service-provider.md#policy-scope): <!-- Description-Source-ADMX -->
This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache.
> [!div class = "checklist"] - If you enable this policy setting, the system will not manage the NV cache and will not enable NV cache power saving mode.
> * Device
<hr/> - If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured.
<!--/Scope--> > [!NOTE]
<!--Description--> > This policy setting will take effect on next boot.
- If you do not configure this policy setting, the default behavior is to turn on support for the NV cache.
<!-- FeatureOffPolicy-Description-End -->
<!-- FeatureOffPolicy-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- FeatureOffPolicy-Editable-End -->
<!-- FeatureOffPolicy-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- FeatureOffPolicy-DFProperties-End -->
<!-- FeatureOffPolicy-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | FeatureOffPolicy |
| Friendly Name | Turn off non-volatile cache feature |
| Location | Computer Configuration |
| Path | System > Disk NV Cache |
| Registry Key Name | Software\Policies\Microsoft\Windows\NvCache |
| Registry Value Name | EnableNvCache |
| ADMX File Name | DiskNVCache.admx |
<!-- FeatureOffPolicy-AdmxBacked-End -->
<!-- FeatureOffPolicy-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- FeatureOffPolicy-Examples-End -->
<!-- FeatureOffPolicy-End -->
<!-- SolidStatePolicy-Begin -->
## SolidStatePolicy
<!-- SolidStatePolicy-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- SolidStatePolicy-Applicability-End -->
<!-- SolidStatePolicy-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_DiskNVCache/SolidStatePolicy
```
<!-- SolidStatePolicy-OmaUri-End -->
<!-- SolidStatePolicy-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting turns off the solid state mode for the hybrid hard disks. This policy setting turns off the solid state mode for the hybrid hard disks.
If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache. - If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache.
If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This storage allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power. - If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power. **Note** that this can cause increased wear of the NV cache.
This can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache. - If you do not configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.
>[!Note] > [!NOTE]
> This policy setting is applicable only if the NV cache feature is on. > This policy setting is applicable only if the NV cache feature is on.
<!-- SolidStatePolicy-Description-End -->
<!-- SolidStatePolicy-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SolidStatePolicy-Editable-End -->
<!--/Description--> <!-- SolidStatePolicy-DFProperties-Begin -->
**Description framework properties**:
<!--ADMXBacked--> | Property name | Property value |
ADMX Info: |:--|:--|
- GP Friendly name: *Turn off solid state mode* | Format | chr (string) |
- GP name: *SolidStatePolicy* | Access Type | Add, Delete, Get, Replace |
- GP path: *System\Disk NV Cache* <!-- SolidStatePolicy-DFProperties-End -->
- GP ADMX file name: *DiskNVCache.admx*
<!--/ADMXBacked--> <!-- SolidStatePolicy-AdmxBacked-Begin -->
<!--/Policy--> > [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
<hr/> **ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | SolidStatePolicy |
| Friendly Name | Turn off solid state mode |
| Location | Computer Configuration |
| Path | System > Disk NV Cache |
| Registry Key Name | Software\Policies\Microsoft\Windows\NvCache |
| Registry Value Name | EnableSolidStateMode |
| ADMX File Name | DiskNVCache.admx |
<!-- SolidStatePolicy-AdmxBacked-End -->
<!--/Policies--> <!-- SolidStatePolicy-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SolidStatePolicy-Examples-End -->
## Related topics <!-- SolidStatePolicy-End -->
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) <!-- ADMX_DiskNVCache-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_DiskNVCache-CspMoreInfo-End -->
<!-- ADMX_DiskNVCache-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)

670
windows/client-management/mdm/policy-csp-admx-diskquota.md
View File

@ -1,365 +1,437 @@
--- ---
title: Policy CSP - ADMX_DiskQuota title: ADMX_DiskQuota Policy CSP
description: Learn about Policy CSP - ADMX_DiskQuota. description: Learn more about the ADMX_DiskQuota Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 01/09/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 08/12/2020
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_DiskQuota-Begin -->
# Policy CSP - ADMX_DiskQuota # Policy CSP - ADMX_DiskQuota
<hr/>
> [!TIP] > [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
> >
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--Policies--> <!-- ADMX_DiskQuota-Editable-Begin -->
## ADMX_DiskQuota policies <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ADMX_DiskQuota-Editable-End -->
<!-- DQ_Enable-Begin -->
## DQ_Enable
<dl> <!-- DQ_Enable-Applicability-Begin -->
<dd> | Scope | Editions | Applicable OS |
<a href="#admx-diskquota-dq_removablemedia">ADMX_DiskQuota/DQ_RemovableMedia</a> |:--|:--|:--|
</dd> | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<dd> <!-- DQ_Enable-Applicability-End -->
<a href="#admx-diskquota-dq_enable">ADMX_DiskQuota/DQ_Enable</a>
</dd>
<dd>
<a href="#admx-diskquota-dq_enforce">ADMX_DiskQuota/DQ_Enforce</a>
</dd>
<dd>
<a href="#admx-diskquota-dq_logeventoverlimit">ADMX_DiskQuota/DQ_LogEventOverLimit</a>
</dd>
<dd>
<a href="#admx-diskquota-dq_logeventoverthreshold">ADMX_DiskQuota/DQ_LogEventOverThreshold</a>
</dd>
<dd>
<a href="#admx-diskquota-dq_limit">ADMX_DiskQuota/DQ_Limit</a>
</dd>
</dl>
<!-- DQ_Enable-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_DiskQuota/DQ_Enable
```
<!-- DQ_Enable-OmaUri-End -->
<hr/> <!-- DQ_Enable-Description-Begin -->
<!-- Description-Source-ADMX -->
<!--Policy-->
<a href="" id="admx-diskquota-dq_removablemedia"></a>**ADMX_DiskQuota/DQ_RemovableMedia**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting extends the disk quota policies in this folder to NTFS file system volumes on the removable media.
If you disable or don't configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only.
When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media.
<!--/Description-->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Apply policy to removable media*
- GP name: *DQ_RemovableMedia*
- GP path: *System\Disk Quotas*
- GP ADMX file name: *DiskQuota.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-diskquota-dq_enable"></a>**ADMX_DiskQuota/DQ_Enable**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting. This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.
If you enable this policy setting, disk quota management is turned on, and users can't turn it off. - If you enable this policy setting, disk quota management is turned on, and users cannot turn it off.
If you disable the policy setting, disk quota management is turned off, and users can't turn it on. When this policy setting isn't configured then the disk quota management is turned off by default, and the administrators can turn it on. - If you disable the policy setting, disk quota management is turned off, and users cannot turn it on.
- If this policy setting is not configured, disk quota management is turned off by default, but administrators can turn it on.
To prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes. To prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes.
This policy setting turns on disk quota management but doesn't establish or enforce a particular disk quota limit. > [!NOTE]
> This policy setting turns on disk quota management but does not establish or enforce a particular disk quota limit. To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.
To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit. > [!NOTE]
> To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click "Enable quota management."
<!-- DQ_Enable-Description-End -->
To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click "Enable quota management." <!-- DQ_Enable-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- DQ_Enable-Editable-End -->
<!--/Description--> <!-- DQ_Enable-DFProperties-Begin -->
**Description framework properties**:
<!--ADMXBacked--> | Property name | Property value |
ADMX Info: |:--|:--|
- GP Friendly name: *Enable disk quotas* | Format | chr (string) |
- GP name: *DQ_Enable* | Access Type | Add, Delete, Get, Replace |
- GP path: *System\Disk Quotas* <!-- DQ_Enable-DFProperties-End -->
- GP ADMX file name: *DiskQuota.admx*
<!--/ADMXBacked--> <!-- DQ_Enable-AdmxBacked-Begin -->
<!--/Policy--> > [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
<hr/> **ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | DQ_Enable |
| Friendly Name | Enable disk quotas |
| Location | Computer Configuration |
| Path | System > Disk Quotas |
| Registry Key Name | Software\Policies\Microsoft\Windows NT\DiskQuota |
| Registry Value Name | Enable |
| ADMX File Name | DiskQuota.admx |
<!-- DQ_Enable-AdmxBacked-End -->
<!--Policy--> <!-- DQ_Enable-Examples-Begin -->
<a href="" id="admx-diskquota-dq_enforce"></a>**ADMX_DiskQuota/DQ_Enforce** <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!--SupportedSKUs--> <!-- DQ_Enable-Examples-End -->
|Edition|Windows 10|Windows 11| <!-- DQ_Enable-End -->
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> <!-- DQ_Enforce-Begin -->
<hr/> ## DQ_Enforce
<!--Scope--> <!-- DQ_Enforce-Applicability-Begin -->
[Scope](./policy-configuration-service-provider.md#policy-scope): | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- DQ_Enforce-Applicability-End -->
> [!div class = "checklist"] <!-- DQ_Enforce-OmaUri-Begin -->
> * Device ```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_DiskQuota/DQ_Enforce
```
<!-- DQ_Enforce-OmaUri-End -->
<hr/> <!-- DQ_Enforce-Description-Begin -->
<!-- Description-Source-ADMX -->
<!--/Scope-->
<!--Description-->
This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting. This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.
If you enable this policy setting, disk quota limits are enforced. - If you enable this policy setting, disk quota limits are enforced.
- If you disable this policy setting, disk quota limits are not enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceeding quota limit" option on the Quota tab so administrators cannot make changes while the setting is in effect.
If you disable this policy setting, disk quota limits aren't enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceed quota limit" option on the Quota tab. Therefore, the administrators can't make changes while the setting is in effect. - If you do not configure this policy setting, the disk quota limit is not enforced by default, but administrators can change the setting.
If you don't configure this policy setting, the disk quota limit isn't enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes. However, the users can continue to write to the volume as long as physical space is available. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes, but they can continue to write to the volume as long as physical space is available.
This policy setting overrides user settings that enable or disable quota enforcement on their volumes. > [!NOTE]
> This policy setting overrides user settings that enable or disable quota enforcement on their volumes.
To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit. > [!NOTE]
> To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.
<!-- DQ_Enforce-Description-End -->
<!--/Description--> <!-- DQ_Enforce-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- DQ_Enforce-Editable-End -->
<!--ADMXBacked--> <!-- DQ_Enforce-DFProperties-Begin -->
ADMX Info: **Description framework properties**:
- GP Friendly name: *Enforce disk quota limit*
- GP name: *DQ_Enforce*
- GP path: *System\Disk Quotas*
- GP ADMX file name: *DiskQuota.admx*
<!--/ADMXBacked--> | Property name | Property value |
<!--/Policy--> |:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- DQ_Enforce-DFProperties-End -->
<hr/> <!-- DQ_Enforce-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
<!--Policy--> **ADMX mapping**:
<a href="" id="admx-diskquota-dq_logeventoverlimit"></a>**ADMX_DiskQuota/DQ_LogEventOverLimit** | Name | Value |
<!--SupportedSKUs--> |:--|:--|
| Name | DQ_Enforce |
| Friendly Name | Enforce disk quota limit |
| Location | Computer Configuration |
| Path | System > Disk Quotas |
| Registry Key Name | Software\Policies\Microsoft\Windows NT\DiskQuota |
| Registry Value Name | Enforce |
| ADMX File Name | DiskQuota.admx |
<!-- DQ_Enforce-AdmxBacked-End -->
|Edition|Windows 10|Windows 11| <!-- DQ_Enforce-Examples-Begin -->
|--- |--- |--- | <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
|Home|No|No| <!-- DQ_Enforce-Examples-End -->
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> <!-- DQ_Enforce-End -->
<hr/>
<!--Scope--> <!-- DQ_Limit-Begin -->
[Scope](./policy-configuration-service-provider.md#policy-scope): ## DQ_Limit
> [!div class = "checklist"] <!-- DQ_Limit-Applicability-Begin -->
> * Device | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- DQ_Limit-Applicability-End -->
<hr/> <!-- DQ_Limit-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_DiskQuota/DQ_Limit
```
<!-- DQ_Limit-OmaUri-End -->
<!--/Scope--> <!-- DQ_Limit-Description-Begin -->
<!--Description--> <!-- Description-Source-ADMX -->
This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.
If you enable this policy setting, the system records an event when the user reaches their limit.
If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators can't change the setting while a setting is in effect. If you don't configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting.
This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their limit, because their status in the Quota Entries window changes.
To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
<!--/Description-->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Log event when quota limit is exceeded*
- GP name: *DQ_LogEventOverLimit*
- GP path: *System\Disk Quotas*
- GP ADMX file name: *DiskQuota.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-diskquota-dq_logeventoverthreshold"></a>**ADMX_DiskQuota/DQ_LogEventOverThreshold**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.
If you enable this policy setting, the system records an event.
If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators can't change logging while a policy setting is in effect.
If you don't configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their warning level because their status in the Quota Entries window changes.
To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
<!--/Description-->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Log event when quota warning level is exceeded*
- GP name: *DQ_LogEventOverThreshold*
- GP path: *System\Disk Quotas*
- GP ADMX file name: *DiskQuota.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-diskquota-dq_limit"></a>**ADMX_DiskQuota/DQ_Limit**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting specifies the default disk quota limit and warning level for new users of the volume. This policy setting specifies the default disk quota limit and warning level for new users of the volume.
This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit. This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit.
This setting overrides new users settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab. This setting overrides new users' settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab.
This policy setting applies to all new users as soon as they write to the volume. It doesn't affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).
If you disable or don't configure this policy setting, the disk space available to users isn't limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it's reasonable for the range of volumes in the group. This policy setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).
This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas aren't enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume. - If you disable or do not configure this policy setting, the disk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level.
<!--/Description--> When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it is reasonable for the range of volumes in the group.
<!--ADMXBacked--> This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume.
ADMX Info: <!-- DQ_Limit-Description-End -->
- GP Friendly name: *Specify default quota limit and warning level*
- GP name: *DQ_Limit*
- GP path: *System\Disk Quotas*
- GP ADMX file name: *DiskQuota.admx*
<!--/ADMXBacked--> <!-- DQ_Limit-Editable-Begin -->
<!--/Policy--> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- DQ_Limit-Editable-End -->
<hr/> <!-- DQ_Limit-DFProperties-Begin -->
**Description framework properties**:
<!--/Policies--> | Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- DQ_Limit-DFProperties-End -->
## Related topics <!-- DQ_Limit-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) **ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | DQ_Limit |
| Friendly Name | Specify default quota limit and warning level |
| Location | Computer Configuration |
| Path | System > Disk Quotas |
| Registry Key Name | Software\Policies\Microsoft\Windows NT\DiskQuota |
| ADMX File Name | DiskQuota.admx |
<!-- DQ_Limit-AdmxBacked-End -->
<!-- DQ_Limit-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- DQ_Limit-Examples-End -->
<!-- DQ_Limit-End -->
<!-- DQ_LogEventOverLimit-Begin -->
## DQ_LogEventOverLimit
<!-- DQ_LogEventOverLimit-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- DQ_LogEventOverLimit-Applicability-End -->
<!-- DQ_LogEventOverLimit-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_DiskQuota/DQ_LogEventOverLimit
```
<!-- DQ_LogEventOverLimit-OmaUri-End -->
<!-- DQ_LogEventOverLimit-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.
- If you enable this policy setting, the system records an event when the user reaches their limit.
- If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators cannot change the setting while a setting is in effect.
- If you do not configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting.
This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit.
Also, this policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their limit, because their status in the Quota Entries window changes.
> [!NOTE]
> To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
<!-- DQ_LogEventOverLimit-Description-End -->
<!-- DQ_LogEventOverLimit-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- DQ_LogEventOverLimit-Editable-End -->
<!-- DQ_LogEventOverLimit-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- DQ_LogEventOverLimit-DFProperties-End -->
<!-- DQ_LogEventOverLimit-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | DQ_LogEventOverLimit |
| Friendly Name | Log event when quota limit is exceeded |
| Location | Computer Configuration |
| Path | System > Disk Quotas |
| Registry Key Name | Software\Policies\Microsoft\Windows NT\DiskQuota |
| Registry Value Name | LogEventOverLimit |
| ADMX File Name | DiskQuota.admx |
<!-- DQ_LogEventOverLimit-AdmxBacked-End -->
<!-- DQ_LogEventOverLimit-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- DQ_LogEventOverLimit-Examples-End -->
<!-- DQ_LogEventOverLimit-End -->
<!-- DQ_LogEventOverThreshold-Begin -->
## DQ_LogEventOverThreshold
<!-- DQ_LogEventOverThreshold-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- DQ_LogEventOverThreshold-Applicability-End -->
<!-- DQ_LogEventOverThreshold-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_DiskQuota/DQ_LogEventOverThreshold
```
<!-- DQ_LogEventOverThreshold-OmaUri-End -->
<!-- DQ_LogEventOverThreshold-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.
- If you enable this policy setting, the system records an event.
- If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators cannot change logging while a policy setting is in effect.
- If you do not configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting.
This policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their warning level because their status in the Quota Entries window changes.
> [!NOTE]
> To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
<!-- DQ_LogEventOverThreshold-Description-End -->
<!-- DQ_LogEventOverThreshold-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- DQ_LogEventOverThreshold-Editable-End -->
<!-- DQ_LogEventOverThreshold-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- DQ_LogEventOverThreshold-DFProperties-End -->
<!-- DQ_LogEventOverThreshold-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | DQ_LogEventOverThreshold |
| Friendly Name | Log event when quota warning level is exceeded |
| Location | Computer Configuration |
| Path | System > Disk Quotas |
| Registry Key Name | Software\Policies\Microsoft\Windows NT\DiskQuota |
| Registry Value Name | LogEventOverThreshold |
| ADMX File Name | DiskQuota.admx |
<!-- DQ_LogEventOverThreshold-AdmxBacked-End -->
<!-- DQ_LogEventOverThreshold-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- DQ_LogEventOverThreshold-Examples-End -->
<!-- DQ_LogEventOverThreshold-End -->
<!-- DQ_RemovableMedia-Begin -->
## DQ_RemovableMedia
<!-- DQ_RemovableMedia-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- DQ_RemovableMedia-Applicability-End -->
<!-- DQ_RemovableMedia-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_DiskQuota/DQ_RemovableMedia
```
<!-- DQ_RemovableMedia-OmaUri-End -->
<!-- DQ_RemovableMedia-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.
- If you disable or do not configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only
> [!NOTE]
> When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media.
<!-- DQ_RemovableMedia-Description-End -->
<!-- DQ_RemovableMedia-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- DQ_RemovableMedia-Editable-End -->
<!-- DQ_RemovableMedia-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- DQ_RemovableMedia-DFProperties-End -->
<!-- DQ_RemovableMedia-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | DQ_RemovableMedia |
| Friendly Name | Apply policy to removable media |
| Location | Computer Configuration |
| Path | System > Disk Quotas |
| Registry Key Name | Software\Policies\Microsoft\Windows NT\DiskQuota |
| Registry Value Name | ApplyToRemovableMedia |
| ADMX File Name | DiskQuota.admx |
<!-- DQ_RemovableMedia-AdmxBacked-End -->
<!-- DQ_RemovableMedia-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- DQ_RemovableMedia-Examples-End -->
<!-- DQ_RemovableMedia-End -->
<!-- ADMX_DiskQuota-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_DiskQuota-CspMoreInfo-End -->
<!-- ADMX_DiskQuota-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)

5
windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
View File

@ -24,8 +24,9 @@ ms.topic: reference
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!-- ADMX_LocationProviderAdm-Editable-Begin --> <!-- ADMX_LocationProviderAdm-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->[!WARNING] <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. > [!WARNING]
> Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<!-- ADMX_LocationProviderAdm-Editable-End --> <!-- ADMX_LocationProviderAdm-Editable-End -->
<!-- DisableWindowsLocationProvider_1-Begin --> <!-- DisableWindowsLocationProvider_1-Begin -->

8444
windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
View File

File diff suppressed because it is too large Load Diff

504
windows/client-management/mdm/policy-csp-admx-mmc.md
View File

@ -1,333 +1,379 @@
--- ---
title: Policy CSP - ADMX_MMC title: ADMX_MMC Policy CSP
description: Learn about Policy CSP - ADMX_MMC. description: Learn more about the ADMX_MMC Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 01/09/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 09/03/2020
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_MMC-Begin -->
# Policy CSP - ADMX_MMC # Policy CSP - ADMX_MMC
>[!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > [!TIP]
> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> >
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<hr/> <!-- ADMX_MMC-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ADMX_MMC-Editable-End -->
<!--Policies--> <!-- MMC_ActiveXControl-Begin -->
## ADMX_MMC policies ## MMC_ActiveXControl
<dl> <!-- MMC_ActiveXControl-Applicability-Begin -->
<dd> | Scope | Editions | Applicable OS |
<a href="#admx-mmc-mmc-activexcontrol">ADMX_MMC/MMC_ActiveXControl</a> |:--|:--|:--|
</dd> | :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<dd> <!-- MMC_ActiveXControl-Applicability-End -->
<a href="#admx-mmc-mmc-extendview">ADMX_MMC/MMC_ExtendView</a>
</dd>
<dd>
<a href="#admx-mmc-mmc-linktoweb">ADMX_MMC/MMC_LinkToWeb</a>
</dd>
<dd>
<a href="#admx-mmc-mmc-restrict-author">ADMX_MMC/MMC_Restrict_Author</a>
</dd>
<dd>
<a href="#admx-mmc-mmc-restrict-to-permitted-snapins">ADMX_MMC/MMC_Restrict_To_Permitted_Snapins</a>
</dd>
</dl>
<!-- MMC_ActiveXControl-OmaUri-Begin -->
```User
./User/Vendor/MSFT/Policy/Config/ADMX_MMC/MMC_ActiveXControl
```
<!-- MMC_ActiveXControl-OmaUri-End -->
<hr/> <!-- MMC_ActiveXControl-Description-Begin -->
<!-- Description-Source-ADMX -->
Permits or prohibits use of this snap-in.
<!--Policy--> - If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
<a href="" id="admx-mmc-mmc-activexcontrol"></a>**ADMX_MMC/MMC_ActiveXControl**
<!--SupportedSKUs--> If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
|Edition|Windows 10|Windows 11| - If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.
<hr/>
<!--Scope--> - If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited.
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.
> * User
<hr/> When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
<!-- MMC_ActiveXControl-Description-End -->
<!--/Scope--> <!-- MMC_ActiveXControl-Editable-Begin -->
<!--Description--> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
This policy setting permits or prohibits use of this snap-in. <!-- MMC_ActiveXControl-Editable-End -->
If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. <!-- MMC_ActiveXControl-DFProperties-Begin -->
**Description framework properties**:
If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. | Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- MMC_ActiveXControl-DFProperties-End -->
- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those snap-ins explicitly permitted. <!-- MMC_ActiveXControl-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
To explicitly permit use of this snap-in, enable this setting. If this setting isn't configured (or disabled), this snap-in is prohibited. **ADMX mapping**:
- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those snap-ins explicitly prohibited. | Name | Value |
|:--|:--|
| Name | MMC_ActiveXControl |
| Friendly Name | ActiveX Control |
| Location | User Configuration |
| Path | Windows Components > Microsoft Management Console > Restricted/Permitted snap-ins |
| Registry Key Name | Software\Policies\Microsoft\MMC\{C96401CF-0E17-11D3-885B-00C04F72C717} |
| Registry Value Name | Restrict_Run |
| ADMX File Name | MMC.admx |
<!-- MMC_ActiveXControl-AdmxBacked-End -->
To explicitly prohibit use of this snap-in, disable this setting. If this setting isn't configured (or enabled), the snap-in is permitted. <!-- MMC_ActiveXControl-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- MMC_ActiveXControl-Examples-End -->
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. <!-- MMC_ActiveXControl-End -->
<!--/Description--> <!-- MMC_ExtendView-Begin -->
## MMC_ExtendView
<!-- MMC_ExtendView-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- MMC_ExtendView-Applicability-End -->
<!--ADMXBacked--> <!-- MMC_ExtendView-OmaUri-Begin -->
ADMX Info: ```User
- GP Friendly name: *ActiveX Control* ./User/Vendor/MSFT/Policy/Config/ADMX_MMC/MMC_ExtendView
- GP name: *MMC_ActiveXControl* ```
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins* <!-- MMC_ExtendView-OmaUri-End -->
- GP ADMX file name: *MMC.admx*
<!--/ADMXBacked--> <!-- MMC_ExtendView-Description-Begin -->
<!--/Policy--> <!-- Description-Source-ADMX -->
<hr/> Permits or prohibits use of this snap-in.
<!--Policy--> - If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
<a href="" id="admx-mmc-mmc-extendview"></a>**ADMX_MMC/MMC_ExtendView**
<!--SupportedSKUs--> If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
|Edition|Windows 10|Windows 11| - If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.
<hr/>
<!--Scope--> - If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited.
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.
> * User
<hr/> When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
<!-- MMC_ExtendView-Description-End -->
<!--/Scope--> <!-- MMC_ExtendView-Editable-Begin -->
<!--Description--> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
This policy setting permits or prohibits use of this snap-in. <!-- MMC_ExtendView-Editable-End -->
If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. <!-- MMC_ExtendView-DFProperties-Begin -->
**Description framework properties**:
If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. | Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- MMC_ExtendView-DFProperties-End -->
- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those snap-ins explicitly permitted. <!-- MMC_ExtendView-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
To explicitly permit use of this snap-in, enable this setting. If this setting isn't configured (or disabled), this snap-in is prohibited. **ADMX mapping**:
- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those snap-ins explicitly prohibited. | Name | Value |
|:--|:--|
| Name | MMC_ExtendView |
| Friendly Name | Extended View (Web View) |
| Location | User Configuration |
| Path | Windows Components > Microsoft Management Console > Restricted/Permitted snap-ins > Extension snap-ins |
| Registry Key Name | Software\Policies\Microsoft\MMC\{B708457E-DB61-4C55-A92F-0D4B5E9B1224} |
| Registry Value Name | Restrict_Run |
| ADMX File Name | MMC.admx |
<!-- MMC_ExtendView-AdmxBacked-End -->
To explicitly prohibit use of this snap-in, disable this setting. If this setting isn't configured (or enabled), the snap-in is permitted. <!-- MMC_ExtendView-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- MMC_ExtendView-Examples-End -->
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. <!-- MMC_ExtendView-End -->
<!--/Description--> <!-- MMC_LinkToWeb-Begin -->
## MMC_LinkToWeb
<!-- MMC_LinkToWeb-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- MMC_LinkToWeb-Applicability-End -->
<!--ADMXBacked--> <!-- MMC_LinkToWeb-OmaUri-Begin -->
ADMX Info: ```User
- GP Friendly name: *Extended View (Web View)* ./User/Vendor/MSFT/Policy/Config/ADMX_MMC/MMC_LinkToWeb
- GP name: *MMC_ExtendView* ```
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins* <!-- MMC_LinkToWeb-OmaUri-End -->
- GP ADMX file name: *MMC.admx*
<!--/ADMXBacked--> <!-- MMC_LinkToWeb-Description-Begin -->
<!--/Policy--> <!-- Description-Source-ADMX -->
<hr/> Permits or prohibits use of this snap-in.
<!--Policy--> - If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
<a href="" id="admx-mmc-mmc-linktoweb"></a>**ADMX_MMC/MMC_LinkToWeb**
<!--SupportedSKUs--> If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
|Edition|Windows 10|Windows 11| - If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.
<hr/>
<!--Scope--> - If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited.
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.
> * User
<hr/> When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
<!-- MMC_LinkToWeb-Description-End -->
<!--/Scope--> <!-- MMC_LinkToWeb-Editable-Begin -->
<!--Description--> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
This policy setting permits or prohibits use of this snap-in. <!-- MMC_LinkToWeb-Editable-End -->
If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. <!-- MMC_LinkToWeb-DFProperties-Begin -->
**Description framework properties**:
If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. | Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- MMC_LinkToWeb-DFProperties-End -->
- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those snap-ins explicitly permitted. <!-- MMC_LinkToWeb-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
To explicitly permit use of this snap-in, enable this setting. If this setting isn't configured (or disabled), this snap-in is prohibited. **ADMX mapping**:
- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those snap-ins explicitly prohibited. | Name | Value |
|:--|:--|
| Name | MMC_LinkToWeb |
| Friendly Name | Link to Web Address |
| Location | User Configuration |
| Path | Windows Components > Microsoft Management Console > Restricted/Permitted snap-ins |
| Registry Key Name | Software\Policies\Microsoft\MMC\{C96401D1-0E17-11D3-885B-00C04F72C717} |
| Registry Value Name | Restrict_Run |
| ADMX File Name | MMC.admx |
<!-- MMC_LinkToWeb-AdmxBacked-End -->
To explicitly prohibit use of this snap-in, disable this setting. If this setting isn't configured (or enabled), the snap-in is permitted. <!-- MMC_LinkToWeb-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- MMC_LinkToWeb-Examples-End -->
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. <!-- MMC_LinkToWeb-End -->
<!--/Description--> <!-- MMC_Restrict_Author-Begin -->
## MMC_Restrict_Author
<!-- MMC_Restrict_Author-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- MMC_Restrict_Author-Applicability-End -->
<!-- MMC_Restrict_Author-OmaUri-Begin -->
<!--ADMXBacked--> ```User
ADMX Info: ./User/Vendor/MSFT/Policy/Config/ADMX_MMC/MMC_Restrict_Author
- GP Friendly name: *Link to Web Address* ```
- GP name: *MMC_LinkToWeb* <!-- MMC_Restrict_Author-OmaUri-End -->
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMC.admx* <!-- MMC_Restrict_Author-Description-Begin -->
<!-- Description-Source-ADMX -->
<!--/ADMXBacked--> Prevents users from entering author mode.
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-mmc-mmc-restrict-author"></a>**ADMX_MMC/MMC_Restrict_Author**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting prevents users from entering author mode.
This setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default. This setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default.
As a result, users can't create console files or add or remove snap-ins. Also, because they can't open author-mode console files, they can't use the tools that the files contain. As a result, users cannot create console files or add or remove snap-ins. Also, because they cannot open author-mode console files, they cannot use the tools that the files contain.
This setting permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users can't open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users also can't open a blank MMC console window from a command prompt. This setting permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users cannot open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users also cannot open a blank MMC console window from a command prompt.
If you disable this setting or don't configure it, users can enter author mode and open author-mode console files. - If you disable this setting or do not configure it, users can enter author mode and open author-mode console files.
<!-- MMC_Restrict_Author-Description-End -->
<!--/Description--> <!-- MMC_Restrict_Author-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- MMC_Restrict_Author-Editable-End -->
<!-- MMC_Restrict_Author-DFProperties-Begin -->
**Description framework properties**:
<!--ADMXBacked--> | Property name | Property value |
ADMX Info: |:--|:--|
- GP Friendly name: *Restrict the user from entering author mode* | Format | chr (string) |
- GP name: *MMC_Restrict_Author* | Access Type | Add, Delete, Get, Replace |
- GP path: *Windows Components\Microsoft Management Console* <!-- MMC_Restrict_Author-DFProperties-End -->
- GP ADMX file name: *MMC.admx*
<!--/ADMXBacked--> <!-- MMC_Restrict_Author-AdmxBacked-Begin -->
<!--/Policy--> > [!TIP]
<hr/> > This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
<!--Policy--> **ADMX mapping**:
<a href="" id="admx-mmc-mmc-restrict-to-permitted-snapins"></a>**ADMX_MMC/MMC_Restrict_To_Permitted_Snapins**
<!--SupportedSKUs--> | Name | Value |
|:--|:--|
| Name | MMC_Restrict_Author |
| Friendly Name | Restrict the user from entering author mode |
| Location | User Configuration |
| Path | Windows Components > Microsoft Management Console |
| Registry Key Name | Software\Policies\Microsoft\MMC |
| Registry Value Name | RestrictAuthorMode |
| ADMX File Name | MMC.admx |
<!-- MMC_Restrict_Author-AdmxBacked-End -->
|Edition|Windows 10|Windows 11| <!-- MMC_Restrict_Author-Examples-Begin -->
|--- |--- |--- | <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
|Home|No|No| <!-- MMC_Restrict_Author-Examples-End -->
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> <!-- MMC_Restrict_Author-End -->
<hr/>
<!--Scope--> <!-- MMC_Restrict_To_Permitted_Snapins-Begin -->
[Scope](./policy-configuration-service-provider.md#policy-scope): ## MMC_Restrict_To_Permitted_Snapins
> [!div class = "checklist"] <!-- MMC_Restrict_To_Permitted_Snapins-Applicability-Begin -->
> * User | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- MMC_Restrict_To_Permitted_Snapins-Applicability-End -->
<hr/> <!-- MMC_Restrict_To_Permitted_Snapins-OmaUri-Begin -->
```User
./User/Vendor/MSFT/Policy/Config/ADMX_MMC/MMC_Restrict_To_Permitted_Snapins
```
<!-- MMC_Restrict_To_Permitted_Snapins-OmaUri-End -->
<!--/Scope--> <!-- MMC_Restrict_To_Permitted_Snapins-Description-Begin -->
<!--Description--> <!-- Description-Source-ADMX -->
This policy setting lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins. Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.
- If you enable this setting, all snap-ins are prohibited, except those snap-ins that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins. - If you enable this setting, all snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins.
To explicitly permit a snap-in, open the Restricted/Permitted snap-ins setting folder and enable the settings representing the snap-in you want to permit. If a snap-in setting in the folder is disabled or not configured, the snap-in is prohibited. To explicitly permit a snap-in, open the Restricted/Permitted snap-ins setting folder and enable the settings representing the snap-in you want to permit. If a snap-in setting in the folder is disabled or not configured, the snap-in is prohibited.
- If you disable this setting or don't configure it, all snap-ins are permitted, except those snap-ins that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins. - If you disable this setting or do not configure it, all snap-ins are permitted, except those that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins.
To explicitly prohibit a snap-in, open the Restricted/Permitted snap-ins setting folder and then disable the settings representing the snap-ins you want to prohibit. If a snap-in setting in the folder is enabled or not configured, the snap-in is permitted. To explicitly prohibit a snap-in, open the Restricted/Permitted snap-ins setting folder and then disable the settings representing the snap-ins you want to prohibit. If a snap-in setting in the folder is enabled or not configured, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
> [!NOTE] > [!NOTE]
> If you enable this setting, and you don't enable any settings in the Restricted/Permitted snap-ins folder, users can't use any MMC snap-ins. > If you enable this setting, and you do not enable any settings in the Restricted/Permitted snap-ins folder, users cannot use any MMC snap-ins.
<!-- MMC_Restrict_To_Permitted_Snapins-Description-End -->
<!--/Description--> <!-- MMC_Restrict_To_Permitted_Snapins-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- MMC_Restrict_To_Permitted_Snapins-Editable-End -->
<!-- MMC_Restrict_To_Permitted_Snapins-DFProperties-Begin -->
**Description framework properties**:
<!--ADMXBacked--> | Property name | Property value |
ADMX Info: |:--|:--|
- GP Friendly name: *Restrict users to the explicitly permitted list of snap-ins* | Format | chr (string) |
- GP name: *MMC_Restrict_To_Permitted_Snapins* | Access Type | Add, Delete, Get, Replace |
- GP path: *Windows Components\Microsoft Management Console* <!-- MMC_Restrict_To_Permitted_Snapins-DFProperties-End -->
- GP ADMX file name: *MMC.admx*
<!--/ADMXBacked--> <!-- MMC_Restrict_To_Permitted_Snapins-AdmxBacked-Begin -->
<!--/Policy--> > [!TIP]
<hr/> > This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | MMC_Restrict_To_Permitted_Snapins |
| Friendly Name | Restrict users to the explicitly permitted list of snap-ins |
| Location | User Configuration |
| Path | Windows Components > Microsoft Management Console |
| Registry Key Name | Software\Policies\Microsoft\MMC |
| Registry Value Name | RestrictToPermittedSnapins |
| ADMX File Name | MMC.admx |
<!-- MMC_Restrict_To_Permitted_Snapins-AdmxBacked-End -->
<!--/Policies--> <!-- MMC_Restrict_To_Permitted_Snapins-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- MMC_Restrict_To_Permitted_Snapins-Examples-End -->
## Related topics <!-- MMC_Restrict_To_Permitted_Snapins-End -->
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) <!-- ADMX_MMC-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_MMC-CspMoreInfo-End -->
<!-- ADMX_MMC-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)

119
windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
View File

@ -1,83 +1,92 @@
--- ---
title: Policy CSP - ADMX_PushToInstall title: ADMX_PushToInstall Policy CSP
description: Learn about Policy CSP - ADMX_PushToInstall. description: Learn more about the ADMX_PushToInstall Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 01/09/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 12/01/2020
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_PushToInstall-Begin -->
# Policy CSP - ADMX_PushToInstall # Policy CSP - ADMX_PushToInstall
> [!TIP] > [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> >
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<hr/> <!-- ADMX_PushToInstall-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ADMX_PushToInstall-Editable-End -->
<!--Policies--> <!-- DisablePushToInstall-Begin -->
## ADMX_PushToInstall policies ## DisablePushToInstall
<dl> <!-- DisablePushToInstall-Applicability-Begin -->
<dd> | Scope | Editions | Applicable OS |
<a href="#admx-pushtoinstall-disablepushtoinstall">ADMX_PushToInstall/DisablePushToInstall</a> |:--|:--|:--|
</dd> | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
</dl> <!-- DisablePushToInstall-Applicability-End -->
<!-- DisablePushToInstall-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_PushToInstall/DisablePushToInstall
```
<!-- DisablePushToInstall-OmaUri-End -->
<hr/> <!-- DisablePushToInstall-Description-Begin -->
<!-- Description-Source-ADMX -->
- If you enable this setting, users will not be able to push Apps to this device from the Microsoft Store running on other devices or the web.
<!-- DisablePushToInstall-Description-End -->
<!--Policy--> <!-- DisablePushToInstall-Editable-Begin -->
<a href="" id="admx-pushtoinstall-disablepushtoinstall"></a>**ADMX_PushToInstall/DisablePushToInstall** <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- DisablePushToInstall-Editable-End -->
<!--SupportedSKUs--> <!-- DisablePushToInstall-DFProperties-Begin -->
**Description framework properties**:
|Edition|Windows 10|Windows 11| | Property name | Property value |
|--- |--- |--- | |:--|:--|
|Home|No|No| | Format | chr (string) |
|Pro|Yes|Yes| | Access Type | Add, Delete, Get, Replace |
|Windows SE|No|Yes| <!-- DisablePushToInstall-DFProperties-End -->
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> <!-- DisablePushToInstall-AdmxBacked-Begin -->
<hr/> > [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
<!--Scope--> **ADMX mapping**:
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] | Name | Value |
> * Device |:--|:--|
| Name | DisablePushToInstall |
| Friendly Name | Turn off Push To Install service |
| Location | Computer Configuration |
| Path | Windows Components > Push To Install |
| Registry Key Name | Software\Policies\Microsoft\PushToInstall |
| Registry Value Name | DisablePushToInstall |
| ADMX File Name | PushToInstall.admx |
<!-- DisablePushToInstall-AdmxBacked-End -->
<hr/> <!-- DisablePushToInstall-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- DisablePushToInstall-Examples-End -->
<!--/Scope--> <!-- DisablePushToInstall-End -->
<!--Description-->
If you enable this setting, users will not be able to push Apps to this device from the Microsoft Store running on other devices or the web.
<!--/Description--> <!-- ADMX_PushToInstall-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_PushToInstall-CspMoreInfo-End -->
<!--ADMXBacked--> <!-- ADMX_PushToInstall-End -->
ADMX Info:
- GP Friendly name: *Turn off Push To Install service*
- GP name: *DisablePushToInstall*
- GP path: *Windows Components\Push To Install*
- GP ADMX file name: *PushToInstall.admx*
<!--/ADMXBacked--> ## Related articles
<!--/Policy-->
<!--/Policies--> [Policy configuration service provider](policy-configuration-service-provider.md)
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

135
windows/client-management/mdm/policy-csp-admx-radar.md
View File

@ -1,99 +1,104 @@
--- ---
title: Policy CSP - ADMX_Radar title: ADMX_Radar Policy CSP
description: Learn about Policy CSP - ADMX_Radar. description: Learn more about the ADMX_Radar Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 01/09/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 12/08/2020
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_Radar-Begin -->
# Policy CSP - ADMX_Radar # Policy CSP - ADMX_Radar
> [!TIP] > [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> >
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<hr/> <!-- ADMX_Radar-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ADMX_Radar-Editable-End -->
<!--Policies--> <!-- WdiScenarioExecutionPolicy-Begin -->
## ADMX_Radar policies ## WdiScenarioExecutionPolicy
<dl> <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
<dd> | Scope | Editions | Applicable OS |
<a href="#admx-radar-wdiscenarioexecutionpolicy">ADMX_Radar/WdiScenarioExecutionPolicy</a> |:--|:--|:--|
</dd> | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
</dl> <!-- WdiScenarioExecutionPolicy-Applicability-End -->
<!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_Radar/WdiScenarioExecutionPolicy
```
<!-- WdiScenarioExecutionPolicy-OmaUri-End -->
<hr/> <!-- WdiScenarioExecutionPolicy-Description-Begin -->
<!-- Description-Source-ADMX -->
Determines the execution level for Windows Resource Exhaustion Detection and Resolution.
<!--Policy--> - If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.
<a href="" id="admx-radar-wdiscenarioexecutionpolicy"></a>**ADMX_Radar/WdiScenarioExecutionPolicy**
<!--SupportedSKUs--> - If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS.
|Edition|Windows 10|Windows 11| - If you do not configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
<hr/>
<!--Scope--> No system restart or service restart is required for this policy to take effect: changes take effect immediately.
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
> * Device <!-- WdiScenarioExecutionPolicy-Description-End -->
<hr/> <!-- WdiScenarioExecutionPolicy-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- WdiScenarioExecutionPolicy-Editable-End -->
<!--/Scope--> <!-- WdiScenarioExecutionPolicy-DFProperties-Begin -->
<!--Description--> **Description framework properties**:
This policy determines the execution level for Windows Resource Exhaustion Detection and Resolution.
If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes. | Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- WdiScenarioExecutionPolicy-DFProperties-End -->
These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available. <!-- WdiScenarioExecutionPolicy-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS. **ADMX mapping**:
If you don't configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default. | Name | Value |
This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured. |:--|:--|
| Name | WdiScenarioExecutionPolicy |
| Friendly Name | Configure Scenario Execution Level |
| Location | Computer Configuration |
| Path | System > Troubleshooting and Diagnostics > Windows Resource Exhaustion Detection and Resolution |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WDI\{3af8b24a-c441-4fa4-8c5c-bed591bfa867} |
| Registry Value Name | ScenarioExecutionEnabled |
| ADMX File Name | Radar.admx |
<!-- WdiScenarioExecutionPolicy-AdmxBacked-End -->
No system restart or service restart is required for this policy to take effect; changes take effect immediately. <!-- WdiScenarioExecutionPolicy-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- WdiScenarioExecutionPolicy-Examples-End -->
>[!Note] <!-- WdiScenarioExecutionPolicy-End -->
> This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
<!--/Description--> <!-- ADMX_Radar-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_Radar-CspMoreInfo-End -->
<!--ADMXBacked--> <!-- ADMX_Radar-End -->
ADMX Info:
- GP Friendly name: *Configure Scenario Execution Level*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Windows Resource Exhaustion Detection and Resolution*
- GP ADMX file name: *Radar.admx*
<hr/> ## Related articles
<!--/ADMXBacked--> [Policy configuration service provider](policy-configuration-service-provider.md)
<!--/Policy-->
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

218
windows/client-management/mdm/policy-csp-admx-soundrec.md
View File

@ -1,142 +1,160 @@
--- ---
title: Policy CSP - ADMX_SoundRec title: ADMX_SoundRec Policy CSP
description: Learn about Policy CSP - ADMX_SoundRec. description: Learn more about the ADMX_SoundRec Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 01/09/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 12/01/2020
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_SoundRec-Begin -->
# Policy CSP - ADMX_SoundRec # Policy CSP - ADMX_SoundRec
<hr/>
<!--Policies-->
## ADMX_SoundRec policies
> [!TIP] > [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> >
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<dl> <!-- ADMX_SoundRec-Editable-Begin -->
<dd> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<a href="#admx-soundrec-soundrec_diableapplication_titletext_1">ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1</a> <!-- ADMX_SoundRec-Editable-End -->
</dd>
<dd>
<a href="#admx-soundrec-soundrec_diableapplication_titletext_2">ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2</a>
</dd>
</dl>
<!-- Soundrec_DiableApplication_TitleText_1-Begin -->
## Soundrec_DiableApplication_TitleText_1
<hr/> <!-- Soundrec_DiableApplication_TitleText_1-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- Soundrec_DiableApplication_TitleText_1-Applicability-End -->
<!--Policy--> <!-- Soundrec_DiableApplication_TitleText_1-OmaUri-Begin -->
<a href="" id="admx-soundrec-soundrec_diableapplication_titletext_1"></a>**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1** ```User
./User/Vendor/MSFT/Policy/Config/ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1
```
<!-- Soundrec_DiableApplication_TitleText_1-OmaUri-End -->
<!--SupportedSKUs--> <!-- Soundrec_DiableApplication_TitleText_1-Description-Begin -->
<!-- Description-Source-ADMX -->
|Edition|Windows 10|Windows 11| Specifies whether Sound Recorder can run.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
This policy specifies whether Sound Recorder can run.
Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
If you enable this policy setting, Sound Recorder won't run. - If you enable this policy setting, Sound Recorder will not run.
If you disable or don't configure this policy setting, Sound Recorder can run. - If you disable or do not configure this policy setting, Sound Recorder can be run.
<!-- Soundrec_DiableApplication_TitleText_1-Description-End -->
<!--/Description--> <!-- Soundrec_DiableApplication_TitleText_1-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Soundrec_DiableApplication_TitleText_1-Editable-End -->
<!--ADMXBacked--> <!-- Soundrec_DiableApplication_TitleText_1-DFProperties-Begin -->
ADMX Info: **Description framework properties**:
- GP Friendly name: *Do not allow Sound Recorder to run*
- GP name: *Soundrec_DiableApplication_TitleText_1*
- GP path: *Windows Components\Sound Recorder*
- GP ADMX file name: *SettingSync.admx*
<!--/ADMXBacked--> | Property name | Property value |
<!--/Policy--> |:--|:--|
<hr/> | Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- Soundrec_DiableApplication_TitleText_1-DFProperties-End -->
<!-- Soundrec_DiableApplication_TitleText_1-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
<!--Policy--> **ADMX mapping**:
<a href="" id="admx-soundrec-soundrec_diableapplication_titletext_2"></a>**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2**
<!--SupportedSKUs--> | Name | Value |
|:--|:--|
| Name | Soundrec_DiableApplication_TitleText_1 |
| Friendly Name | Do not allow Sound Recorder to run |
| Location | User Configuration |
| Path | Windows Components > Sound Recorder |
| Registry Key Name | SOFTWARE\Policies\Microsoft\SoundRecorder |
| Registry Value Name | Soundrec |
| ADMX File Name | SoundRec.admx |
<!-- Soundrec_DiableApplication_TitleText_1-AdmxBacked-End -->
|Edition|Windows 10|Windows 11| <!-- Soundrec_DiableApplication_TitleText_1-Examples-Begin -->
|--- |--- |--- | <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
|Home|No|No| <!-- Soundrec_DiableApplication_TitleText_1-Examples-End -->
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> <!-- Soundrec_DiableApplication_TitleText_1-End -->
<hr/>
<!--Scope--> <!-- Soundrec_DiableApplication_TitleText_2-Begin -->
[Scope](./policy-configuration-service-provider.md#policy-scope): ## Soundrec_DiableApplication_TitleText_2
> [!div class = "checklist"] <!-- Soundrec_DiableApplication_TitleText_2-Applicability-Begin -->
> * User | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- Soundrec_DiableApplication_TitleText_2-Applicability-End -->
<hr/> <!-- Soundrec_DiableApplication_TitleText_2-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2
```
<!-- Soundrec_DiableApplication_TitleText_2-OmaUri-End -->
<!--/Scope--> <!-- Soundrec_DiableApplication_TitleText_2-Description-Begin -->
<!--Description--> <!-- Description-Source-ADMX -->
This policy specifies whether Sound Recorder can run. Specifies whether Sound Recorder can run.
Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
If you enable this policy setting, Sound Recorder won't run. - If you enable this policy setting, Sound Recorder will not run.
If you disable or don't configure this policy setting, Sound Recorder can be run. - If you disable or do not configure this policy setting, Sound Recorder can be run.
<!-- Soundrec_DiableApplication_TitleText_2-Description-End -->
<!--/Description--> <!-- Soundrec_DiableApplication_TitleText_2-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Soundrec_DiableApplication_TitleText_2-Editable-End -->
<!--ADMXBacked--> <!-- Soundrec_DiableApplication_TitleText_2-DFProperties-Begin -->
ADMX Info: **Description framework properties**:
- GP Friendly name: *Do not allow Sound Recorder to run*
- GP name: *Soundrec_DiableApplication_TitleText_2*
- GP path: *Windows Components\Sound Recorder*
- GP ADMX file name: *SettingSync.admx*
<!--/ADMXBacked--> | Property name | Property value |
<!--/Policy--> |:--|:--|
<hr/> | Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- Soundrec_DiableApplication_TitleText_2-DFProperties-End -->
<!--/Policies--> <!-- Soundrec_DiableApplication_TitleText_2-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
## Related topics **ADMX mapping**:
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) | Name | Value |
|:--|:--|
| Name | Soundrec_DiableApplication_TitleText_2 |
| Friendly Name | Do not allow Sound Recorder to run |
| Location | Computer Configuration |
| Path | Windows Components > Sound Recorder |
| Registry Key Name | SOFTWARE\Policies\Microsoft\SoundRecorder |
| Registry Value Name | Soundrec |
| ADMX File Name | SoundRec.admx |
<!-- Soundrec_DiableApplication_TitleText_2-AdmxBacked-End -->
<!-- Soundrec_DiableApplication_TitleText_2-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Soundrec_DiableApplication_TitleText_2-Examples-End -->
<!-- Soundrec_DiableApplication_TitleText_2-End -->
<!-- ADMX_SoundRec-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_SoundRec-CspMoreInfo-End -->
<!-- ADMX_SoundRec-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)

322
windows/client-management/mdm/policy-csp-admx-srmfci.md
View File

@ -1,137 +1,277 @@
--- ---
title: Policy CSP - ADMX_srmfci title: ADMX_srmfci Policy CSP
description: Learn about Policy CSP - ADMX_srmfci. description: Learn more about the ADMX_srmfci Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 01/09/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 09/18/2020
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_srmfci-Begin -->
# Policy CSP - ADMX_srmfci # Policy CSP - ADMX_srmfci
> [!TIP] > [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> >
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<hr/> <!-- ADMX_srmfci-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ADMX_srmfci-Editable-End -->
<!--Policies--> <!-- AccessDeniedConfiguration-Begin -->
## ADMX_srmfci policies ## AccessDeniedConfiguration
<dl> <!-- AccessDeniedConfiguration-Applicability-Begin -->
<dd> | Scope | Editions | Applicable OS |
<a href="#admx-srmfci-enableshellaccesscheck">ADMX_srmfci/EnableShellAccessCheck</a> |:--|:--|:--|
</dd> | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<dd> <!-- AccessDeniedConfiguration-Applicability-End -->
<a href="#admx-srmfci-accessdeniedconfiguration">ADMX_srmfci/AccessDeniedConfiguration</a>
</dd>
</dl>
<!-- AccessDeniedConfiguration-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_srmfci/AccessDeniedConfiguration
```
<!-- AccessDeniedConfiguration-OmaUri-End -->
<hr/> <!-- AccessDeniedConfiguration-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting specifies the message that users see when they are denied access to a file or folder. You can customize the Access Denied message to include additional text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access.
<!--Policy--> - If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied.
<a href="" id="admx-srmfci-enableshellaccesscheck"></a>**ADMX_srmfci/EnableShellAccessCheck**
<!--SupportedSKUs--> - If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionality controlled by this policy setting, regardless of the file server configuration.
|Edition|Windows 10|Windows 11| - If you do not configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message.
|--- |--- |--- | <!-- AccessDeniedConfiguration-Description-End -->
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> <!-- AccessDeniedConfiguration-Editable-Begin -->
<hr/> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- AccessDeniedConfiguration-Editable-End -->
<!--Scope--> <!-- AccessDeniedConfiguration-DFProperties-Begin -->
[Scope](./policy-configuration-service-provider.md#policy-scope): **Description framework properties**:
> [!div class = "checklist"] | Property name | Property value |
> * Device |:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- AccessDeniedConfiguration-DFProperties-End -->
<hr/> <!-- AccessDeniedConfiguration-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
<!--/Scope--> **ADMX mapping**:
<!--Description-->
This group policy setting should be set on Windows clients to enable access-denied assistance for all file types.
<!--/Description--> | Name | Value |
|:--|:--|
| Name | AccessDeniedConfiguration |
| Friendly Name | Customize message for Access Denied errors |
| Location | Computer Configuration |
| Path | System > Access-Denied Assistance |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied |
| Registry Value Name | Enabled |
| ADMX File Name | srm-fci.admx |
<!-- AccessDeniedConfiguration-AdmxBacked-End -->
<!-- AccessDeniedConfiguration-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- AccessDeniedConfiguration-Examples-End -->
<!--ADMXBacked--> <!-- AccessDeniedConfiguration-End -->
ADMX Info:
- GP Friendly name: *Enable access-denied assistance on client for all file types*
- GP name: *EnableShellAccessCheck*
- GP path: *System\Access-Denied Assistance*
- GP ADMX file name: *srmfci.admx*
<!--/ADMXBacked--> <!-- CentralClassificationList-Begin -->
<!--/Policy--> ## CentralClassificationList
<hr/>
<!--Policy--> <!-- CentralClassificationList-Applicability-Begin -->
<a href="" id="admx-srmfci-accessdeniedconfiguration"></a>**ADMX_srmfci/AccessDeniedConfiguration** | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- CentralClassificationList-Applicability-End -->
<!--SupportedSKUs--> <!-- CentralClassificationList-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_srmfci/CentralClassificationList
```
<!-- CentralClassificationList-OmaUri-End -->
|Edition|Windows 10|Windows 11| <!-- CentralClassificationList-Description-Begin -->
|--- |--- |--- | <!-- Description-Source-ADMX -->
|Home|No|No| This policy setting controls which set of properties is available for classifying files on affected computers.
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> Administrators can define the properties for the organization by using Active Directory Domain Services (AD DS), and then group these properties into lists. Administrators can supplement these properties on individual file servers by using File Classification Infrastructure, which is part of the File Server Resource Manager role service.
<hr/>
<!--Scope--> - If you enable this policy setting, you can select which list of properties is available for classification on the affected computers.
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] - If you disable or do not configure this policy setting, the Global Resource Property List in AD DS provides the default set of properties.
> * Device <!-- CentralClassificationList-Description-End -->
<hr/> <!-- CentralClassificationList-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- CentralClassificationList-Editable-End -->
<!--/Scope--> <!-- CentralClassificationList-DFProperties-Begin -->
<!--Description--> **Description framework properties**:
This policy setting specifies the message that users see when they're denied access to a file or folder. You can customize the Access Denied message to include more text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access.
If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied. | Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- CentralClassificationList-DFProperties-End -->
If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionalities controlled by this policy setting, regardless of the file server configuration. <!-- CentralClassificationList-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
If you don't configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message. **ADMX mapping**:
<!--/Description--> | Name | Value |
|:--|:--|
| Name | CentralClassificationList |
| Friendly Name | File Classification Infrastructure: Specify classification properties list |
| Location | Computer Configuration |
| Path | System > File Classification Infrastructure |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\FCI |
| ADMX File Name | srm-fci.admx |
<!-- CentralClassificationList-AdmxBacked-End -->
<!--ADMXBacked--> <!-- CentralClassificationList-Examples-Begin -->
ADMX Info: <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
- GP Friendly name: *Customize message for Access Denied errors* <!-- CentralClassificationList-Examples-End -->
- GP name: *AccessDeniedConfiguration*
- GP path: *System\Access-Denied Assistance*
- GP ADMX file name: *srmfci.admx*
<!--/ADMXBacked--> <!-- CentralClassificationList-End -->
<!--/Policy-->
<hr/>
<!-- EnableManualUX-Begin -->
## EnableManualUX
<!--/Policies--> <!-- EnableManualUX-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- EnableManualUX-Applicability-End -->
## Related topics <!-- EnableManualUX-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_srmfci/EnableManualUX
```
<!-- EnableManualUX-OmaUri-End -->
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) <!-- EnableManualUX-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting controls whether the Classification tab is displayed in the Properties dialog box in File Explorer.
The Classification tab enables users to manually classify files by selecting properties from a list. Administrators can define the properties for the organization by using Group Policy, and supplement these with properties defined on individual file servers by using File Classification Infrastructure, which is part of the File Server Resource Manager role service.
- If you enable this policy setting, the Classification tab is displayed.
- If you disable or do not configure this policy setting, the Classification tab is hidden.
<!-- EnableManualUX-Description-End -->
<!-- EnableManualUX-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- EnableManualUX-Editable-End -->
<!-- EnableManualUX-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- EnableManualUX-DFProperties-End -->
<!-- EnableManualUX-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | EnableManualUX |
| Friendly Name | File Classification Infrastructure: Display Classification tab in File Explorer |
| Location | Computer Configuration |
| Path | System > File Classification Infrastructure |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\FCI |
| Registry Value Name | EnableManualUX |
| ADMX File Name | srm-fci.admx |
<!-- EnableManualUX-AdmxBacked-End -->
<!-- EnableManualUX-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- EnableManualUX-Examples-End -->
<!-- EnableManualUX-End -->
<!-- EnableShellAccessCheck-Begin -->
## EnableShellAccessCheck
<!-- EnableShellAccessCheck-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- EnableShellAccessCheck-Applicability-End -->
<!-- EnableShellAccessCheck-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_srmfci/EnableShellAccessCheck
```
<!-- EnableShellAccessCheck-OmaUri-End -->
<!-- EnableShellAccessCheck-Description-Begin -->
<!-- Description-Source-ADMX -->
This Group Policy Setting should be set on Windows clients to enable access-denied assistance for all file types
<!-- EnableShellAccessCheck-Description-End -->
<!-- EnableShellAccessCheck-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- EnableShellAccessCheck-Editable-End -->
<!-- EnableShellAccessCheck-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- EnableShellAccessCheck-DFProperties-End -->
<!-- EnableShellAccessCheck-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | EnableShellAccessCheck |
| Friendly Name | Enable access-denied assistance on client for all file types |
| Location | Computer Configuration |
| Path | System > Access-Denied Assistance |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Explorer |
| Registry Value Name | EnableShellExecuteFileStreamCheck |
| ADMX File Name | srm-fci.admx |
<!-- EnableShellAccessCheck-AdmxBacked-End -->
<!-- EnableShellAccessCheck-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- EnableShellAccessCheck-Examples-End -->
<!-- EnableShellAccessCheck-End -->
<!-- ADMX_srmfci-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_srmfci-CspMoreInfo-End -->
<!-- ADMX_srmfci-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)

204
windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
View File

@ -1,136 +1,156 @@
--- ---
title: Policy CSP - ADMX_WindowsColorSystem title: ADMX_WindowsColorSystem Policy CSP
description: Policy CSP - ADMX_WindowsColorSystem description: Learn more about the ADMX_WindowsColorSystem Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 01/09/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 10/27/2020
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_WindowsColorSystem-Begin -->
# Policy CSP - ADMX_WindowsColorSystem # Policy CSP - ADMX_WindowsColorSystem
<hr/>
<!--Policies-->
## ADMX_WindowsColorSystem policies
> [!TIP] > [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> >
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<dl> <!-- ADMX_WindowsColorSystem-Editable-Begin -->
<dd> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<a href="#admx-windowscolorsystem-prohibitchanginginstalledprofilelist_1">ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_1</a> <!-- ADMX_WindowsColorSystem-Editable-End -->
</dd>
<dd>
<a href="#admx-windowscolorsystem-prohibitchanginginstalledprofilelist_2">ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_2</a>
</dd>
</dl>
<!-- ProhibitChangingInstalledProfileList_1-Begin -->
## ProhibitChangingInstalledProfileList_1
<hr/> <!-- ProhibitChangingInstalledProfileList_1-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- ProhibitChangingInstalledProfileList_1-Applicability-End -->
<!--Policy--> <!-- ProhibitChangingInstalledProfileList_1-OmaUri-Begin -->
<a href="" id="admx-windowscolorsystem-prohibitchanginginstalledprofilelist_1"></a>**WindowsColorSystem/ProhibitChangingInstalledProfileList_1** ```User
./User/Vendor/MSFT/Policy/Config/ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_1
```
<!-- ProhibitChangingInstalledProfileList_1-OmaUri-End -->
<!--SupportedSKUs--> <!-- ProhibitChangingInstalledProfileList_1-Description-Begin -->
<!-- Description-Source-ADMX -->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting affects the ability of users to install or uninstall color profiles. This policy setting affects the ability of users to install or uninstall color profiles.
- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles. - If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.
- If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles. - If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
<!-- ProhibitChangingInstalledProfileList_1-Description-End -->
<!--/Description--> <!-- ProhibitChangingInstalledProfileList_1-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ProhibitChangingInstalledProfileList_1-Editable-End -->
<!--ADMXBacked--> <!-- ProhibitChangingInstalledProfileList_1-DFProperties-Begin -->
ADMX Info: **Description framework properties**:
- GP Friendly name: *Prohibit installing or uninstalling color profiles*
- GP name: *ProhibitChangingInstalledProfileList_1*
- GP path: *Windows Components\Windows Color System*
- GP ADMX file name: *WindowsColorSystem.admx*
<!--/ADMXBacked--> | Property name | Property value |
<!--/Policy--> |:--|:--|
<hr/> | Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- ProhibitChangingInstalledProfileList_1-DFProperties-End -->
<!--Policy--> <!-- ProhibitChangingInstalledProfileList_1-AdmxBacked-Begin -->
<a href="" id="admx-windowscolorsystem-prohibitchanginginstalledprofilelist_2"></a>**WindowsColorSystem/ProhibitChangingInstalledProfileList_2** > [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
<!--SupportedSKUs--> **ADMX mapping**:
|Edition|Windows 10|Windows 11| | Name | Value |
|--- |--- |--- | |:--|:--|
|Home|No|No| | Name | ProhibitChangingInstalledProfileList_1 |
|Pro|Yes|Yes| | Friendly Name | Prohibit installing or uninstalling color profiles |
|Windows SE|No|Yes| | Location | User Configuration |
|Business|Yes|Yes| | Path | Windows Components > Windows Color System |
|Enterprise|Yes|Yes| | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsColorSystem |
|Education|Yes|Yes| | Registry Value Name | ProhibitInstallUninstall |
| ADMX File Name | WindowsColorSystem.admx |
<!-- ProhibitChangingInstalledProfileList_1-AdmxBacked-End -->
<!--/SupportedSKUs--> <!-- ProhibitChangingInstalledProfileList_1-Examples-Begin -->
<hr/> <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- ProhibitChangingInstalledProfileList_1-Examples-End -->
<!--Scope--> <!-- ProhibitChangingInstalledProfileList_1-End -->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] <!-- ProhibitChangingInstalledProfileList_2-Begin -->
> * User ## ProhibitChangingInstalledProfileList_2
<hr/> <!-- ProhibitChangingInstalledProfileList_2-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- ProhibitChangingInstalledProfileList_2-Applicability-End -->
<!--/Scope--> <!-- ProhibitChangingInstalledProfileList_2-OmaUri-Begin -->
<!--Description--> ```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_2
```
<!-- ProhibitChangingInstalledProfileList_2-OmaUri-End -->
<!-- ProhibitChangingInstalledProfileList_2-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting affects the ability of users to install or uninstall color profiles. This policy setting affects the ability of users to install or uninstall color profiles.
- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles. - If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.
- If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles. - If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
<!-- ProhibitChangingInstalledProfileList_2-Description-End -->
<!--/Description--> <!-- ProhibitChangingInstalledProfileList_2-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ProhibitChangingInstalledProfileList_2-Editable-End -->
<!--ADMXBacked--> <!-- ProhibitChangingInstalledProfileList_2-DFProperties-Begin -->
ADMX Info: **Description framework properties**:
- GP Friendly name: *Prohibit installing or uninstalling color profiles*
- GP name: *ProhibitChangingInstalledProfileList_2*
- GP path: *Windows Components\Windows Color System*
- GP ADMX file name: *WindowsColorSystem.admx*
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- ProhibitChangingInstalledProfileList_2-DFProperties-End -->
<!--/ADMXBacked--> <!-- ProhibitChangingInstalledProfileList_2-AdmxBacked-Begin -->
<!--/Policy--> > [!TIP]
<hr/> > This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
**ADMX mapping**:
<!--/Policies--> | Name | Value |
|:--|:--|
| Name | ProhibitChangingInstalledProfileList_2 |
| Friendly Name | Prohibit installing or uninstalling color profiles |
| Location | Computer Configuration |
| Path | Windows Components > Windows Color System |
| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsColorSystem |
| Registry Value Name | ProhibitInstallUninstall |
| ADMX File Name | WindowsColorSystem.admx |
<!-- ProhibitChangingInstalledProfileList_2-AdmxBacked-End -->
<!-- ProhibitChangingInstalledProfileList_2-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- ProhibitChangingInstalledProfileList_2-Examples-End -->
<!-- ProhibitChangingInstalledProfileList_2-End -->
<!-- ADMX_WindowsColorSystem-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_WindowsColorSystem-CspMoreInfo-End -->
<!-- ADMX_WindowsColorSystem-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)

1988
windows/client-management/mdm/policy-csp-printers.md
View File

File diff suppressed because it is too large Load Diff