diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index 25ce545184..ddb335eaf8 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -65,9 +65,8 @@ manager: dansimp Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars. -If you enable this setting, Windows Calendar will be turned off. - -If you disable or do not configure this setting, Windows Calendar will be turned on. +- If you enable this setting, Windows Calendar will be turned off. +- If you disable or do not configure this setting, Windows Calendar will be turned on. The default is for Windows Calendar to be turned on. @@ -114,9 +113,8 @@ ADMX Info: Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars. -If you enable this setting, Windows Calendar will be turned off. - -If you disable or do not configure this setting, Windows Calendar will be turned on. +- If you enable this setting, Windows Calendar will be turned off. +- If you disable or do not configure this setting, Windows Calendar will be turned on. The default is for Windows Calendar to be turned on. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index 1922a73f28..ab23a7e11c 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -68,9 +68,13 @@ manager: dansimp This policy setting prohibits access to Windows Connect Now (WCN) wizards. -If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. +- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. -If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. +All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. + +- If you disable or don't configure this policy setting, users can access the wizard tasks. + +They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. @@ -113,9 +117,13 @@ ADMX Info: This policy setting prohibits access to Windows Connect Now (WCN) wizards. -If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. +- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. -If you disable or don't configure this policy setting, users can access the wizard tasks. They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. +All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. + +- If you disable or don't configure this policy setting, users can access the wizard tasks. + +They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. @@ -161,9 +169,8 @@ This policy setting allows the configuration of wireless settings using Windows More options are available to allow discovery and configuration over a specific medium. -If you enable this policy setting, more choices are available to turn off the operations over a specific medium. - -If you disable this policy setting, operations are disabled over all media. +- If you enable this policy setting, more choices are available to turn off the operations over a specific medium. +- If you disable this policy setting, operations are disabled over all media. If you don't configure this policy setting, operations are enabled over all media. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index 3046a4d8ab..bc33d0aa47 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -330,7 +330,6 @@ Enabling this policy will also turn off the preview pane and set the folder opti If you disable or not configure this policy, the default File Explorer behavior is applied to the user. - @@ -379,7 +378,6 @@ If you disable or do not configure this setting, the default behavior of not dis - ADMX Info: - GP Friendly name: *Display confirmation dialog when deleting files* @@ -426,7 +424,6 @@ If you disable or do not configure this policy setting, no changes are made to t - ADMX Info: - GP Friendly name: *Location where all default Library definition files for users/machines reside.* @@ -473,7 +470,6 @@ This disables access to user-defined properties, and properties stored in NTFS s - ADMX Info: - GP Friendly name: *Disable binding directly to IPropertySetStorage without intermediate layers.* @@ -529,7 +525,6 @@ If you disable or do not configure this policy, all default Windows Libraries fe - ADMX Info: - GP Friendly name: *Turn off Windows Libraries features that rely on indexed file data* @@ -669,9 +664,8 @@ ADMX Info: This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons. -If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths. - -If you disable or do not configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed. +- If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths. +- If you disable or do not configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed. > [!NOTE] > Allowing the use of remote paths in file shortcut icons can expose users’ computers to security risks. @@ -869,9 +863,8 @@ ADMX Info: This policy setting allows you to turn off the display of snippets in Content view mode. -If you enable this policy setting, File Explorer will not display snippets in Content view mode. - -If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default. +- If you enable this policy setting, File Explorer will not display snippets in Content view mode. +- If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default. @@ -916,9 +909,8 @@ ADMX Info: This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. -If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - -If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. @@ -967,9 +959,8 @@ ADMX Info: This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. -If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. - -If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. +- If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. @@ -2399,13 +2390,10 @@ If you disable this setting or do not configure it, the "File name" field includ This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs. -To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open. - - +To see an example of the standard Open dialog box, start WordPad and, on the **File** menu, click **Open**. - ADMX Info: - GP Friendly name: *Hide the dropdown list of recent files* @@ -2628,9 +2616,8 @@ ADMX Info: This policy setting allows you to remove the Shared Documents folder from My Computer. When a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under "Other Places" and also under "Files Stored on This Computer" in My Computer. Using this policy setting, you can choose not to have these items displayed. -If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer. - -If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup. +- If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer. +- If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup. @@ -2674,7 +2661,7 @@ ADMX Info: Prevents users from using File Explorer or Network Locations to map or disconnect network drives. -If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the File Explorer or Network Locations icons. +If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the **File Explorer** or **Network Locations** icons. This setting does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box. @@ -2769,7 +2756,7 @@ ADMX Info: Removes the shortcut bar from the Open dialog box. This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs. -To see an example of the standard Open dialog box, start WordPad and, on the File menu, click Open. +To see an example of the standard Open dialog box, start WordPad and, on the **File** menu, click **Open**. @@ -3297,7 +3284,7 @@ The valid items you may display in the Places Bar are: The list of Common Shell Folders that may be specified: -Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments and Saved Searches. +Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments, and Saved Searches. If you disable or do not configure this setting the default list of items will be displayed in the Places Bar. @@ -3700,7 +3687,7 @@ If you disable or do not configure this policy setting, no custom Internet searc -ADMX Info: +ADMX Info: ] - GP Friendly name: *Pin Internet search sites to the "Search again" links and the Start menu* - GP name: *TryHarderPinnedOpenSearch* - GP path: *Windows Components\File Explorer* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 07a9a6b53d..fc13ee8a02 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -294,7 +294,7 @@ This policy setting allows you to turn off do not show first use dialog boxes. If you enable this policy setting, the Privacy Options and Installation Options dialog boxes are prevented from being displayed the first time a user starts Windows Media Player. -This policy setting prevents the dialog boxes which allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the options can be configured by using other Windows Media Player group policies. +This policy setting prevents the dialog boxes,] which allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the options can be configured by using other Windows Media Player group policies. If you disable or do not configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time. @@ -342,7 +342,7 @@ This policy setting allows you to hide the Network tab. If you enable this policy setting, the Network tab in Windows Media Player is hidden. The default network settings are used unless the user has previously defined network settings for the Player. -If you disable or do not configure this policy setting, the Network tab appears and users can use it to configure network settings. +If you disable or do not configure this policy setting, the **Network** tab appears and users can use it to configure network settings. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md index 1d922a36c6..b5469d2dd5 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md @@ -67,7 +67,9 @@ manager: dansimp This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network. -If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client. +If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. + +If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client. diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index 629647238f..f11ff65306 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -284,7 +284,7 @@ This policy controls whether the logged on user should be notified if the logon If enabled, a notification popup will be displayed to the user when the user logs on with cached credentials. -If disabled or not configured, no popup will be displayed to the user. +If disabled or not configured, no pop up will be displayed to the user. @@ -327,7 +327,7 @@ ADMX Info: -This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS). +This policy setting controls whether the software can simulate the Secure Attention Sequence (SAS). If you enable this policy setting, you have one of four options: diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md index 017e045dda..cc07201d99 100644 --- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md +++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md @@ -73,7 +73,7 @@ If this policy setting is enabled, a drop-down list box presenting possible cost - Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. - Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. -- Variable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default. +- Variable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default. diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md index 4b2031c3a7..0bd91f4093 100644 --- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md +++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md @@ -72,7 +72,8 @@ This policy setting specifies whether Work Folders should be set up automaticall - If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer. -This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting does not apply to a user, Work Folders is not automatically set up. +This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting does not apply to a user, Work Folders is not automatically set up. + - If you disable or do not configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user. diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 532d154577..b716270161 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -100,7 +100,6 @@ manager: dansimp This policy setting controls whether the system can archive infrequently used apps. - If you enable this policy setting, then the system will periodically check for and archive infrequently used apps. - - If you disable this policy setting, then the system will not archive any apps. If you do not configure this policy setting (default), then the system will follow default behavior, which is to periodically check for and archive infrequently used apps, and the user will be able to configure this setting themselves. diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 70bb648c9b..ad1ff24bea 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -187,7 +187,7 @@ ADMX Info: -Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls. +This policy enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls. @@ -230,7 +230,7 @@ ADMX Info: -Enables automatic cleanup of appv packages that were added after Windows10 anniversary release. +Enables automatic cleanup of App-v packages that were added after Windows 10 anniversary release. @@ -273,7 +273,7 @@ ADMX Info: -Enables scripts defined in the package manifest of configuration files that should run. +This policy enables scripts defined in the package manifest of configuration files that should run. @@ -316,11 +316,10 @@ ADMX Info: -Enables a UX to display to the user when a publishing refresh is performed on the client. +This policy enables a UX to display to the user when a publishing refresh is performed on the client. - ADMX Info: - GP Friendly name: *Enable Publishing Refresh UX* @@ -361,7 +360,7 @@ ADMX Info: Reporting Server URL: Displays the URL of reporting server. -Reporting Time: When the client data should be reported to the server. Acceptable range is 0~23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, e.g. 9AM. +Reporting Time: When the client data should be reported to the server. Acceptable range is 0 ~ 23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, for example, 9AM. Delay reporting for the random minutes: The maximum minutes of random delay on top of the reporting time. For a busy system, the random delay will help reduce the server load. @@ -412,7 +411,7 @@ ADMX Info: -Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'. +This policy specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'. @@ -455,7 +454,7 @@ ADMX Info: -Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients. +This policy specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients. @@ -498,7 +497,7 @@ ADMX Info: -Specifies how new packages should be loaded automatically by App-V on a specific computer. +This policy specifies how new packages should be loaded automatically by App-V on a specific computer. @@ -584,7 +583,7 @@ ADMX Info: -Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration. +This policy specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration. @@ -627,7 +626,7 @@ ADMX Info: -Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration. +This policy specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration. @@ -975,7 +974,7 @@ ADMX Info: -Specifies the path to a valid certificate in the certificate store. +This policy specifies the path to a valid certificate in the certificate store. @@ -1061,7 +1060,7 @@ ADMX Info: -Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. +This policy specifies the CLSID for a compatible implementation of the AppvPackageLocationProvider interface. @@ -1104,7 +1103,7 @@ ADMX Info: -Specifies directory where all new applications and updates will be installed. +This policy specifies directory where all new applications and updates will be installed. @@ -1147,7 +1146,7 @@ ADMX Info: -Overrides source location for downloading package content. +This policy overrides source location for downloading package content. @@ -1190,7 +1189,7 @@ ADMX Info: -Specifies the number of seconds between attempts to reestablish a dropped session. +This policy specifies the number of seconds between attempts to reestablish a dropped session. @@ -1233,7 +1232,7 @@ ADMX Info: -Specifies the number of times to retry a dropped session. +This policy specifies the number of times to retry a dropped session. @@ -1276,7 +1275,7 @@ ADMX Info: -Specifies that streamed package contents will be not be saved to the local hard disk. +This policy specifies that streamed package contents will be not be saved to the local hard disk. @@ -1405,7 +1404,7 @@ ADMX Info: -Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc.). Only processes whose full path matches one of these items can use virtual components. +This policy specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc.). Only processes whose full path matches one of these items can use virtual components. diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index b839ee8d78..5d541b51be 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -70,7 +70,7 @@ manager: dansimp -This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments. +This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments. If you enable this policy setting, Windows does not mark file attachments with their zone information. diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index 30473c76c3..491be8d1e5 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -292,6 +292,7 @@ This policy allows you to audit the group membership information in the user's s When this setting is configured, one or more security audit events are generated for each successful sign in. Enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group membership information can't fit in a single security audit event. Volume: Low on a client computer. Medium on a domain controller or a network server. + GP Info: @@ -581,10 +582,11 @@ Events in this subcategory are related to the creation of sign in sessions and o The following events are included: - Successful sign in attempts. - Failed sign in attempts. -- sign in attempts using explicit credentials. This event is generated when a process attempts to sign in an account by explicitly specifying that account’s credentials. This most commonly occurs in batch sign in configurations, such as scheduled tasks or when using the RUNAS command. +- Sign in attempts using explicit credentials. This event is generated when a process attempts to sign in an account by explicitly specifying that account’s credentials. This most commonly occurs in batch sign in configurations, such as scheduled tasks or when using the RUNAS command. - Security identifiers (SIDs) were filtered and not allowed to sign in. Volume: Low on a client computer. Medium on a domain controller or a network server. + GP Info: @@ -642,6 +644,7 @@ If you configure this policy setting, an audit event is generated for each IAS a If you do not configure this policy settings, IAS and NAP user access requests are not audited. Volume: Medium or High on NPS and IAS server. No volume on other computers. + GP Info: @@ -821,6 +824,7 @@ User claims are added to a sign in token when claims are included with a user's When this setting is configured, one or more security audit events are generated for each successful sign in. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the user and device claims information cannot fit in a single security audit event. Volume: Low on a client computer. Medium on a domain controller or a network server. + GP Info: @@ -878,6 +882,7 @@ This policy setting allows you to audit events generated by validation tests on Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative. Volume: High on domain controllers. + GP Info: @@ -885,7 +890,7 @@ GP Info: - GP path: *Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Account Logon* - +] The following are the supported values: - 0 (default)—Off/None - 1—Success @@ -936,6 +941,7 @@ If you configure this policy setting, an audit event is generated after a Kerber If you do not configure this policy setting, no audit event is generated after a Kerberos authentication TGT request. Volume: High on Kerberos Key Distribution Center servers. + GP Info: @@ -2609,7 +2615,7 @@ The following are the supported values: This policy setting allows you to audit attempts to access the kernel, which includes mutexes and semaphores. -Only kernel objects with a matching system access control list (SACL) generate security audit events. +Only kernel objects with a matching System Access Control List (SACL) generate security audit events. > [!Note] > The Audit: Audit the access of global system objects policy setting controls the default SACL of kernel objects. @@ -2731,7 +2737,7 @@ The following are the supported values: -This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL. +This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have SACLs specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL. If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL. diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 7344f3ddf4..63ac494288 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -124,7 +124,7 @@ The following list shows the supported values: -Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources. +Allows an EAP cert-based authentication for a Single Sign on (SSO) to access internal resources. diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 9efb1181a2..5ff66f1393 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -72,9 +72,8 @@ manager: dansimp This policy setting disallows AutoPlay for MTP devices like cameras or phones. -If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. - -If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices. +- If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. +- If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices. @@ -191,7 +190,8 @@ This policy setting disables Autoplay on additional types of drives. You cannot If you disable or do not configure this policy setting, AutoPlay is enabled. -Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. +> [!Note] +> This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index 283f6421fa..b247fc02ef 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -60,7 +60,7 @@ manager: dansimp -Specifies the BitLocker Drive Encryption method and cipher strength. +This policy specifies the BitLocker Drive Encryption method and cipher strength. > [!NOTE] > XTS-AES 128-bit and XTS-AES 256-bit values are supported only on Windows 10 for desktop. diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md index 81ec70c880..bcb93ed44d 100644 --- a/windows/client-management/mdm/policy-csp-bits.md +++ b/windows/client-management/mdm/policy-csp-bits.md @@ -93,7 +93,7 @@ If you disable or do not configure this policy setting, BITS uses all available > [!NOTE] > You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. -Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs). +Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56 Kbs). @@ -159,7 +159,7 @@ If you disable or do not configure this policy setting, BITS uses all available > [!NOTE] > You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. -Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs). +Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56 Kbs). @@ -223,7 +223,7 @@ Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrott If you disable or do not configure this policy setting, BITS uses all available unused bandwidth. > [!NOTE] -> You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. +> You should base the limit on the speed of the network link, not the computer's Network Interface Card (NIC). This policy setting does not affect peer caching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs). diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 025122b10d..0818fe627e 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -73,7 +73,7 @@ manager: dansimp -Specifies whether the device can send out Bluetooth advertisements. +This policy specifies whether the device can send out Bluetooth advertisements. If this is not set or it is deleted, the default value of 1 (Allow) is used. @@ -118,7 +118,7 @@ The following list shows the supported values: -Specifies whether other Bluetooth-enabled devices can discover the device. +This policy specifies whether other Bluetooth-enabled devices can discover the device. If this is not set or it is deleted, the default value of 1 (Allow) is used. @@ -163,7 +163,7 @@ The following list shows the supported values: -Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device. +This policy specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device. diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 1a06b54ae0..dc0a922a83 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -43,7 +43,6 @@ manager: dansimp |Enterprise|Yes|Yes| |Education|Yes|Yes| -
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index a4eb170e5c..c70fa1100e 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -102,7 +102,7 @@ manager: dansimp -Allows the user to enable Bluetooth or restrict access. +This policy allows the user to enable Bluetooth or restrict access. > [!NOTE] >  This value is not supported in Windows 10. @@ -151,7 +151,7 @@ The following list shows the supported values: -Allows the cellular data channel on the device. Device reboot is not required to enforce the policy. +This policy allows the cellular data channel on the device. Device reboot is not required to enforce the policy. @@ -258,7 +258,7 @@ To validate on devices, do the following: > [!NOTE] > This policy requires reboot to take effect. -Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences. +This policy allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences. @@ -301,7 +301,10 @@ The following list shows the supported values: This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue tasks, such as reading, email, and other tasks that require linking between Phone and PC. -If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'. If you disable this policy setting, the Windows device is not allowed to be linked to phones, will remove itself from the device list of any linked Phones, and cannot participate in 'Continue on PC experiences'. +If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'. + +If you disable this policy setting, the Windows device is not allowed to be linked to phones, will remove itself from the device list of any linked Phones, and cannot participate in 'Continue on PC experiences'. + If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. @@ -448,7 +451,7 @@ The following list shows the supported values: -Prevents the device from connecting to VPN when the device roams over cellular networks. +This policy prevents the device from connecting to VPN when the device roams over cellular networks. Most restricted value is 0. @@ -739,7 +742,7 @@ ADMX Info: -Determines whether a user can install and configure the Network Bridge. +This policy determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply. diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 12fbbf04b0..972e0d45a8 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -61,7 +61,8 @@ This policy allows the IT admin to control which policy will be used whenever bo > [!NOTE] > MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs. -This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1. +This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. +The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1. > [!NOTE] > This policy doesn't support the Delete command and doesn’t support setting the value to 0 again after it was previously set to 1. Windows 10 version 1809 will support using the Delete command to set the value to 0 again, if it was previously set to 1. @@ -71,7 +72,8 @@ The following list shows the supported values: - 0 (default) - 1 - The MDM policy is used and the GP policy is blocked. -The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. This ensures that: +The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. +This ensures that: - GP settings that correspond to MDM applied settings are not conflicting - The current Policy Manager policies are refreshed from what MDM has set