mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
Merge pull request #5341 from gkomatsu/ADMXIngetionUpdate
Update for ADMX Ingestion Refresh
This commit is contained in:
Daniel Simpson
GitHub
commit
c9200c666f
@ -25,7 +25,13 @@ manager: dansimp
|
|||||||
|
|
||||||
## <a href="" id="overview"></a>Overview
|
## <a href="" id="overview"></a>Overview
|
||||||
|
|
||||||
Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies.
|
Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies.
|
||||||
|
|
||||||
|
NOTE: Starting from the following Windows 10 version Replace command is supported
|
||||||
|
- Windows 10, version 1903 with KB4512941 and KB4517211 installed
|
||||||
|
- Windows 10, version 1809 with KB4512534 and KB installed
|
||||||
|
- Windows 10, version 1803 with KB4512509 and KB installed
|
||||||
|
- Windows 10, version 1709 with KB4516071 and KB installed
|
||||||
|
|
||||||
When the ADMX policies are imported, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations:
|
When the ADMX policies are imported, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations:
|
||||||
|
|
||||||
@ -48,6 +54,8 @@ When the ADMX policies are imported, the registry keys to which each policy is w
|
|||||||
- software\microsoft\exchange\
|
- software\microsoft\exchange\
|
||||||
- software\policies\microsoft\vba\security\
|
- software\policies\microsoft\vba\security\
|
||||||
- software\microsoft\onedrive
|
- software\microsoft\onedrive
|
||||||
|
- software\Microsoft\Edge
|
||||||
|
- Software\Microsoft\EdgeUpdate\
|
||||||
|
|
||||||
> [!Warning]
|
> [!Warning]
|
||||||
> Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined.
|
> Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user