deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

added list of new Group Policy settings for Windows 10, version 1703

Browse Source
This commit is contained in:
Brian Lich 2017-04-28 11:47:31 -07:00
parent 1db7b70b7a
commit d56093a3f9
2 changed files with 140 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
windows/client-management/change-history-for-client-management.md
View File

@ -14,7 +14,10 @@ author: jdeckerMS
This topic lists new and updated topics in the [Client management](index.md) documentation for Windows 10 and Windows 10 Mobile.
## April 2017
| New or changed topic | Description |
|----------------------|-------------|
| [New policies for Windows 10](new-policies-for-windows-10.md) | Added a list of new Group Policy settings for Windows 10, version 1703 |
## RELEASE: Windows 10, version 1703

160
windows/client-management/new-policies-for-windows-10.md
View File

@ -20,32 +20,144 @@ localizationpriority: high
Windows 10 includes the following new policies for management, in addition to policies that were available for Windows 8.1 and Windows Phone 8.1. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://go.microsoft.com/fwlink/p/?LinkID=625081).
## New Group Policy settings in Windows 10
## New Group Policy settings in Windows 10, version 1703
The following Group Policy settings were added in Windows 10, version 1703:
**Control Panel**
- Control Panel\Add or Remove Programs\Specify default category for Add New Programs
- Control Panel\Add or Remove Programs\Hide the "Add a program from CD-ROM or floppy disk" option
- Control Panel\Personalization\Prevent changing lock screen and logon image
**Network**
- Network\Background Intelligent Transfer Service (BITS)\Limit the maximum network bandwidth for BITS background transfers
- Network\Background Intelligent Transfer Service (BITS)\Allow BITS Peercaching
- Network\Background Intelligent Transfer Service (BITS)\Limit the age of files in the BITS Peercache
- Network\Background Intelligent Transfer Service (BITS)\Limit the BITS Peercache size
- Network\DNS Client\Allow NetBT queries for fully qualified domain names
- Network\Network Connections\Prohibit access to properties of components of a LAN connection
- Network\Network Connections\Ability to Enable/Disable a LAN connection
- Network\Offline Files\Turn on economical application of administratively assigned Offline Files
- Network\Offline Files\Configure slow-link mode
- Network\Offline Files\Enable Transparent Caching
- Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds\Set the Seed Server
- Network\Microsoft Peer-to-Peer Networking Services\Disable password strength validation for Peer Grouping
**System**
- System\App-V\Streaming\Location Provider
- System\App-V\Streaming\Certificate Filter For Client SSL
- System\Credentials Delegation\Allow delegating default credentials with NTLM-only server authentication
- System\Ctrl+Alt+Del Options\Remove Change Password
- System\Ctrl+Alt+Del Options\Remove Lock Computer
- System\Ctrl+Alt+Del Options\Remove Task Manager
- System\Ctrl+Alt+Del Options\Remove Logoff
- System\Device Installation\Do not send a Windows error report when a generic driver is installed on a device
- System\Device Installation\Prevent Windows from sending an error report when a device driver requests additional software during installation
- System\Locale Services\Disallow user override of locale settings
- System\Logon\Do not process the legacy run list
- System\Logon\Always use custom logon background
- System\Logon\Do not display network selection UI
- System\Logon\Block user from showing account details on sign-in
- System\Logon\Turn off app notifications on the lock screen
- System\User Profiles\Establish timeout value for dialog boxes
- System\Enable Windows NTP Server\Windows Time Service\Enable Windows NTP Client
**Windows Components**
- Windows Components\ActiveX Installer Service\Approved Installation Sites for ActiveX Controls
- Windows Components\ActiveX Installer Service\Establish ActiveX installation policy for sites in Trusted zones
- Windows Components\Application Compatibility\Turn off Application Compatibility Engine
- Windows Components\Application Compatibility\Turn off Program Compatibility Assistant
- Windows Components\Application Compatibility\Turn off Program Compatibility Assistant
- Windows Components\Application Compatibility\Turn off Steps Recorder
- Windows Components\Attachment Manager\Notify antivirus programs when opening attachments
- Windows Components\Biometrics\Allow the use of biometrics
- Windows Components\NetMeeting\Disable Whiteboard
- Windows Components\Data Collection and Preview Builds\Configure the Commercial ID
- Windows Components\File Explorer\Display the menu bar in File Explorer
- Windows Components\File History\Turn off File History
- Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Play animations in web pages
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn on Cross-Site Scripting Filter
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Cross-Site Scripting Filter
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run ActiveX controls and plugins
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Script ActiveX controls marked safe for scripting
- Windows Components\Internet Explorer\Accelerators\Restrict Accelerators to those deployed through Group Policy
- Windows Components\Internet Explorer\Compatibility View\Turn on Internet Explorer 7 Standards Mode
- Windows Components\Location and Sensors\Windows Location Provider\Turn off Windows Location Provider
- Windows Components\Microsoft Edge\Configure Autofill
- Windows Components\Microsoft Edge\Allow Developer Tools
- Windows Components\Microsoft Edge\Allow Developer Tools
- Windows Components\Microsoft Edge\Configure Do Not Track
- Windows Components\Microsoft Edge\Allow InPrivate browsing
- Windows Components\Microsoft Edge\Configure Password Manager
- Windows Components\Microsoft Edge\Configure Password Manager
- Windows Components\Microsoft Edge\Configure Pop-up Blocker
- Windows Components\Microsoft Edge\Configure Pop-up Blocker
- Windows Components\Microsoft Edge\Allow search engine customization
- Windows Components\Microsoft Edge\Allow search engine customization
- Windows Components\Microsoft Edge\Configure search suggestions in Address bar
- Windows Components\Microsoft Edge\Set default search engine
- Windows Components\Microsoft Edge\Configure additional search engines
- Windows Components\Microsoft Edge\Configure additional search engines
- Windows Components\Microsoft Edge\Configure the Enterprise Mode Site List
- Windows Components\Microsoft Edge\Configure the Enterprise Mode Site List
- Windows Components\Microsoft Edge\Prevent using Localhost IP address for WebRTC
- Windows Components\Microsoft Edge\Prevent using Localhost IP address for WebRTC
- Windows Components\Microsoft Edge\Configure Start pages
- Windows Components\Microsoft Edge\Configure Start pages
- Windows Components\Microsoft Edge\Disable lockdown of Start pages
- Windows Components\Microsoft Edge\Disable lockdown of Start pages
- Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites
- Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites
- Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\.Net Framework Configuration
- Windows Components\Windows Installer\Prohibit use of Restart Manager
- Windows Components\Desktop Gadgets\Restrict unpacking and installation of gadgets that are not digitally signed.
- Windows Components\Desktop Gadgets\Turn Off user-installed desktop gadgets
- Windows Components\Desktop Gadgets\Turn Off user-installed desktop gadgets
- Windows Components\OneDrive\Prevent the usage of OneDrive for file storage
- Windows Components\OneDrive\Prevent the usage of OneDrive for file storage on Windows 8.1
- Windows Components\OneDrive\Prevent OneDrive files from syncing over metered connections
- Windows Components\OneDrive\Save documents to OneDrive by default
- Windows Components\Smart Card\Allow certificates with no extended key usage certificate attribute
- Windows Components\Smart Card\Turn on certificate propagation from smart card
- Windows Components\Tablet PC\Pen UX Behaviors\Prevent flicks
- Windows Components\BitLocker Drive Encryption\Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507])
- Windows Components\Windows Defender Antivirus\Real-time Protection\Turn on behavior monitoring
- Windows Components\Windows Defender Antivirus\Signature Updates\Define file shares for downloading definition updates
- Windows Components\Windows Defender Antivirus\Signature Updates\Turn on scan after signature update
- Windows Components\File Explorer\Display confirmation dialog when deleting files
- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow OpenSearch queries in File Explorer
- Windows Components\Windows Update\Remove access to use all Windows Update features
- Windows Components\Windows Update\Configure Automatic Updates
- Windows Components\Windows Update\Specify intranet Microsoft update service location
- Windows Components\Windows Update\Automatic Updates detection frequency
- Windows Components\Windows Update\Allow non-administrators to receive update notifications
- Windows Components\Windows Update\Allow Automatic Updates immediate installation
- Windows Components\Windows Update\Turn on recommended updates via Automatic Updates
- Windows Components\Shutdown Options\Turn off legacy remote shutdown interface
There are some new policy settings in Group Policy for devices running Windows 10 , such as:
- Microsoft Edge browser settings
- Universal Windows app settings, such as:
- Disable deployment of Windows Store apps to non-system volumes
- Restrict users' application data to always stay on the system volume
- Allow applications to share app data between users
- [Start screen and Start menu layout](/windows/configuration/customize-windows-10-start-screens-by-using-group-policy)
- Windows Tips
- Consumer experiences, such as suggested apps in Start and app tiles from Microsoft dynamically inserted in the default Start menu
- [Microsoft Passport](https://go.microsoft.com/fwlink/p/?LinkId=623294)
- Windows Updates for Business
For a spreadsheet of Group Policy settings included in Windows, see [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=613627).
For a spreadsheet of Group Policy settings included in Windows 10 and Windows Server 2016, see [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=613627).
## New MDM policies