deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #6508 from MicrosoftDocs/aljupudi-5864419-CSPImprovementupdates-part5

Browse Source 
CSP Improvement Updates -part 5
This commit is contained in:
Daniel Simpson 2022-06-10 14:30:03 -07:00 committed by GitHub
commit dcc378e40d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 146 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/client-management/mdm/policy-csp-admx-cpls.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Cpls
description: Policy CSP - ADMX_Cpls
description: Learn about the Policy CSP - ADMX_Cpls.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -65,7 +65,7 @@ manager: dansimp
This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
> [!NOTE]
> The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed.
> The default account picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg.` The default guest picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg.` If the default pictures do not exist, an empty frame is displayed.
If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed.
@ -85,6 +85,8 @@ ADMX Info:
<!--/Policy-->
<hr/>
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

8
windows/client-management/mdm/policy-csp-admx-credentialproviders.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_CredentialProviders
description: Policy CSP - ADMX_CredentialProviders
description: Learn about the Policy CSP - ADMX_CredentialProviders.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -124,7 +124,7 @@ This policy setting allows the administrator to assign a specified credential pr
If you enable this policy setting, the specified credential provider is selected on other user tile.
If you disable or do not configure this policy setting, the system picks the default credential provider on other user tile.
If you disable or don't configure this policy setting, the system picks the default credential provider on other user tile.
> [!NOTE]
> A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
@ -194,3 +194,7 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

5
windows/client-management/mdm/policy-csp-admx-credssp.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_CredSsp
description: Policy CSP - ADMX_CredSsp
description: Learn about the Policy CSP - ADMX_CredSsp.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -710,3 +710,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

7
windows/client-management/mdm/policy-csp-admx-credui.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_CredUI
description: Policy CSP - ADMX_CredUI
description: Learn about the Policy CSP - ADMX_CredUI.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -68,7 +68,7 @@ manager: dansimp
This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the users Windows credentials.
> [!NOTE]
> This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled.
> This policy affects non-logon authentication tasks only. As a security best practice, this policy should be enabled.
If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop through the trusted path mechanism.
@ -131,3 +131,6 @@ ADMX Info:
<
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

11
windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_CtrlAltDel
description: Policy CSP - ADMX_CtrlAltDel
description: Learn about the Policy CSP - ADMX_CtrlAltDel.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -75,7 +75,7 @@ This policy setting prevents users from changing their Windows password on deman
If you enable this policy setting, the **Change Password** button on the Windows Security dialog box won't appear when you press Ctrl+Alt+Del.
However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
However, users will still be able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
<!--/Description-->
@ -219,11 +219,11 @@ ADMX Info:
<!--Description-->
This policy setting disables or removes all menu items and buttons that log the user off the system.
If you enable this policy setting, users won't see the Log off menu item when they press Ctrl+Alt+Del. This scenario will prevent them from logging off unless they restart or shut down the computer, or clicking Log off from the Start menu.
If you enable this policy setting, users won't see the Logoff menu item when they press Ctrl+Alt+Del. This scenario will prevent them from logging off unless they restart or shut down the computer, or clicking Log off from the Start menu.
Also, see the 'Remove Logoff on the Start Menu' policy setting.
If you disable or don't configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del.
If you disable or don't configure this policy setting, users can see and select the Logoff menu item when they press Ctrl+Alt+Del.
<!--/Description-->
@ -241,3 +241,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

5
windows/client-management/mdm/policy-csp-admx-datacollection.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DataCollection
description: Policy CSP - ADMX_DataCollection
description: Learn about the Policy CSP - ADMX_DataCollection.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -87,3 +87,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

22
windows/client-management/mdm/policy-csp-admx-dcom.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DCOM
description: Policy CSP - ADMX_DCOM
description: Learn about the Policy CSP - ADMX_DCOM.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -67,9 +67,10 @@ manager: dansimp
<!--Description-->
This policy setting allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.
- If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list.
- If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list.
If you don't configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy isn't configured.
> [!NOTE]
@ -122,14 +123,20 @@ DCOM server application IDs added to this policy must be listed in curly brace f
For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`.
If you enter a non-existent or improperly formatted application, ID DCOM will add it to the list without checking for errors.
- If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings.
If you add an application ID to this list and set its value to one, DCOM won't enforce the Activation security check for that DCOM server.
If you add an application ID to this list and set its value to 0, DCOM will always enforce the Activation security check for that DCOM server regardless of local
settings.
- If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.
If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used. Notes: The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.
If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings.
If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.
If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used.
>[!Note]
> The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.
This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries, then the object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.
The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid.
@ -156,3 +163,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

6
windows/client-management/mdm/policy-csp-admx-desktop.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_Desktop
description: Policy CSP - ADMX_Desktop
description: Learn about Policy CSP - ADMX_Desktop.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -790,7 +790,6 @@ If you disable or don't configure this policy setting, the Properties menu comma
<!--/Description-->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Remove Properties from the Documents icon context menu*
@ -1530,3 +1529,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

6
windows/client-management/mdm/policy-csp-admx-devicecompat.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DeviceCompat
description: Policy CSP - ADMX_DeviceCompat
description: Learn about Policy CSP - ADMX_DeviceCompat.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -121,3 +121,7 @@ ADMX Info:
<!--/Policy-->
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

10
windows/client-management/mdm/policy-csp-admx-deviceguard.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DeviceGuard
description: Policy CSP - ADMX_DeviceGuard
description: Learn about Policy CSP - ADMX_DeviceGuard.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -72,8 +72,9 @@ or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`.
The local machine account (LOCAL SYSTEM) must have access permission to the policy file.
If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:
1. First update the policy to a non-protected policy and then disable the setting.
2. Disable the setting and then remove the policy from each computer, with a physically present user.
- First update the policy to a non-protected policy and then disable the setting. (or)
- Disable the setting and then remove the policy from each computer, with a physically present user.
<!--/Description-->
@ -90,3 +91,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

9
windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DeviceInstallation
description: Policy CSP - ADMX_DeviceInstallation
description: Learn about Policy CSP - ADMX_DeviceInstallation.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -277,7 +277,8 @@ If you enable this policy setting, set the number of seconds you want the system
If you disable or don't configure this policy setting, the system doesn't force a reboot.
Note: If no reboot is forced, the device installation restriction right won't take effect until the system is restarted.
>[!Note]
> If no reboot is forced, the device installation restriction right won't take effect until the system is restarted.
<!--/Description-->
@ -435,3 +436,7 @@ ADMX Info:
<hr/>
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

10
windows/client-management/mdm/policy-csp-admx-devicesetup.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DeviceSetup
description: Policy CSP - ADMX_DeviceSetup
description: Learn about Policy CSP - ADMX_DeviceSetup.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -116,7 +116,10 @@ This policy setting allows you to specify the order in which Windows searches so
If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all.
Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching only if needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system.
>[!Note]
> Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates.
This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching is enabled and only when needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system.
If you disable or don't configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers.
@ -135,3 +138,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

10
windows/client-management/mdm/policy-csp-admx-dfs.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DFS
description: Policy CSP - ADMX_DFS
description: Learn about Policy CSP - ADMX_DFS.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -64,10 +64,9 @@ manager: dansimp
This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network.
By default, a DFS client attempts to discover domain controllers every 15 minutes.
- If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers.
This value is specified in minutes.
If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes.
- If you disable or do not configure this policy setting, the default value of 15 minutes applies.
If you disable or don't configure this policy setting, the default value of 15 minutes applies.
> [!NOTE]
> The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.
@ -88,3 +87,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

6
windows/client-management/mdm/policy-csp-admx-digitallocker.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DigitalLocker
description: Policy CSP - ADMX_DigitalLocker
description: Learn about Policy CSP - ADMX_DigitalLocker.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -75,7 +75,6 @@ If you disable or don't configure this setting, Digital Locker can be run.
<!--/Description-->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Do not allow Digital Locker to run*
@ -139,3 +138,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

27
windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DiskDiagnostic
description: Policy CSP - ADMX_DiskDiagnostic
description: Learn about Policy CSP - ADMX_DiskDiagnostic.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -67,12 +67,13 @@ manager: dansimp
<!--Description-->
This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed.
No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately.
This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
The DPS can be configured with the Services snap-in to the Microsoft Management Console.
> [!NOTE]
@ -123,12 +124,15 @@ This policy setting determines the execution level for S.M.A.R.T.-based disk dia
Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur.
- If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.
- If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.
- If you do not configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.
No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.
If you don't configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately.
This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
> [!NOTE]
> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
@ -149,3 +153,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

13
windows/client-management/mdm/policy-csp-admx-disknvcache.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DiskNVCache
description: Policy CSP - ADMX_DiskNVCache
description: Learn about Policy CSP - ADMX_DiskNVCache.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -72,7 +72,6 @@ This policy setting turns off the boot and resumes optimizations for the hybrid
If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume.
If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume.
The system determines the data that will be stored in the NV cache to optimize boot and resume.
The required data is stored in the NV cache during shutdown and hibernate, respectively. This storage in such a location might cause a slight increase in the time taken for shutdown and hibernate. If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.
@ -127,8 +126,6 @@ If you disable this policy setting, the system will manage the NV cache on the d
This policy setting will take effect on next boot. If you don't configure this policy setting, the default behavior is to turn on support for the NV cache.
<!--/Description-->
<!--ADMXBacked-->
@ -175,7 +172,10 @@ If you enable this policy setting, frequently written files such as the file sys
If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This storage allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power.
This usage can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache. Note: This policy setting is applicable only if the NV cache feature is on.
This can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.
>[!Note]
> This policy setting is applicable only if the NV cache feature is on.
<!--/Description-->
@ -195,3 +195,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

5
windows/client-management/mdm/policy-csp-admx-diskquota.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DiskQuota
description: Policy CSP - ADMX_DiskQuota
description: Learn about Policy CSP - ADMX_DiskQuota.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -360,3 +360,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

9
windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DistributedLinkTracking
description: Policy CSP - ADMX_DistributedLinkTracking
description: Learn about Policy CSP - ADMX_DistributedLinkTracking.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -63,7 +63,9 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers.
The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer.
The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer.
The DLT client can more reliably track links when allowed to use the DLT server.
This policy shouldn't be set unless the DLT server is running on all domain controllers in the domain.
@ -86,3 +88,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

16
windows/client-management/mdm/policy-csp-admx-dnsclient.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DnsClient
description: Policy CSP - ADMX_DnsClient
description: Learn about Policy CSP - ADMX_DnsClient.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -590,7 +590,8 @@ If you enable this policy setting, a computer will register A and PTR resource r
For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, a computer will register A and PTR resource records for mycomputer.VPNconnection and mycomputer.microsoft.com when this policy setting is enabled.
Important: This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled.
>[!Important]
> This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled.
If you disable this policy setting, or if you don't configure this policy setting, a DNS client computer won't register any A and PTR resource records using a connection-specific DNS suffix.
<!--/Description-->
@ -642,7 +643,7 @@ If you enable this policy setting, registration of PTR records will be determine
To use this policy setting, click Enabled, and then select one of the following options from the drop-down list:
- don't register: Computers won't attempt to register PTR resource records
- Do not register: Computers won't attempt to register PTR resource records
- Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records wasn't successful.
- Register only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A records was successful.
@ -739,11 +740,11 @@ This policy setting specifies whether dynamic updates should overwrite existing
This policy setting is designed for computers that register address (A) resource records in DNS zones that don't use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and doesn't allow a DNS client to overwrite records that are registered by other computers.
During dynamic update of resource records in a zone that doesn't use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address.
During dynamic update of resource records in a zone that doesn't use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing (A) resource record with an (A) resource record that has the client's current IP address.
If you enable this policy setting or if you don't configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update.
If you enable this policy setting or if you don't configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting (A) resource records during dynamic update.
If you disable this policy setting, existing A resource records that contain conflicting IP addresses won't be replaced during a dynamic update, and an error will be recorded in Event Viewer.
If you disable this policy setting, existing (A) resource records that contain conflicting IP addresses won't be replaced during a dynamic update, and an error will be recorded in Event Viewer.
<!--/Description-->
@ -1229,3 +1230,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

5
windows/client-management/mdm/policy-csp-admx-dwm.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - ADMX_DWM
description: Policy CSP - ADMX_DWM
description: Learn about Policy CSP - ADMX_DWM.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
@ -349,3 +349,6 @@ ADMX Info:
<!--/Policies-->
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)