Improved the consistency in the articles.

2025-05-12 13:27:23 +00:00 · 2022-05-25 17:37:03 +05:30 · 2022-05-25 17:37:03 +05:30 · efef3ac286
commit efef3ac286
parent 202c66fd03
8 changed files with 78 additions and 63 deletions
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@ -14,7 +14,6 @@ manager: dansimp
 # Policy CSP - RemoteProcedureCall
 <hr/>
 <!--Policies-->
@ -64,7 +63,7 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they're making contains authentication information.   The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner. 
+This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service, when the call they're making contains authentication information.   The Endpoint Mapper Service on computers running Windows NT4 (all service packs) can't process authentication information supplied in this manner. 
 If you disable this policy setting, RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.
@ -72,7 +71,8 @@ If you enable this policy setting, RPC clients will authenticate to the Endpoint
 If you don't configure this policy setting, it remains disabled. RPC clients won't authenticate to the Endpoint Mapper Service, but they'll be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
-Note: This policy won't be applied until the system is rebooted.
+> [!NOTE]
 > This policy won't be applied until the system is rebooted.
 <!--/Description-->
@ -114,13 +114,13 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.
+This policy setting controls, how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.
 This policy setting impacts all RPC applications. In a domain environment, this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.
 If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting. 
-If you don't configure this policy setting, it remains disabled.  The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting. 
+If you don't configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client, and the value of "None" used for Server SKUs that support this policy setting.
 If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting.
@ -148,3 +148,6 @@ ADMX Info:
 <!--/Policies-->
 ## Related topics
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@ -14,7 +14,6 @@ manager: dansimp
 # Policy CSP - RemoteShell
 <hr/>
 <!--Policies-->
@ -173,7 +172,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it is automatically deleted.
+This policy setting configures the maximum time in milliseconds, and remote shell will stay open without any user activity until it is automatically deleted.
 Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 minute) is used for smaller values.
@ -315,7 +314,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This policy setting configures the maximum number of concurrent shells any user can remotely open on the same system.
+This policy setting configures the maximum number of concurrent shells and any user can remotely open on the same system.
 Any number from 0 to 0x7FFFFFFF can be set, where 0 means unlimited number of shells.
@ -380,3 +379,6 @@ ADMX Info:
 <!--/Policies-->
 ## Related topics
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@ -15,7 +15,7 @@ manager: dansimp
 # Policy CSP - RestrictedGroups
 > [!IMPORTANT]
-> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
+> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy, to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
 <hr/>
@ -60,7 +60,7 @@ manager: dansimp
 <!--Description-->
 This security setting allows an administrator to define the members that are part of a security-sensitive (restricted) group. When a Restricted Groups policy is enforced, any current member of a restricted group that is not on the Members list is removed, except for the built-in administrator in the built-in Administrators group. Any user on the Members list who is not currently a member of the restricted group is added. An empty Members list means that the restricted group has no members. The membership configuration is based on SIDS, therefore renaming these built-in groups does not affect retention of this special membership.
-For example, you can create a Restricted Groups policy to allow only specified users, Alice and John, to be members of the Backup Operators group. When this policy is refreshed, only Alice and John will remain as members of the Backup Operators group and all other members will be removed.  
+For example, you can create a Restricted Groups policy to allow only specified users. Alice and John, to be members of the Backup Operators group. When this policy is refreshed, only Alice and John will remain as members of the Backup Operators group, and all other members will be removed.  
 > [!CAUTION]
 > Attempting to remove the built-in administrator from the Administrators group will result in failure with the following error:  
@ -69,7 +69,7 @@ For example, you can create a Restricted Groups policy to allow only specified u
 > |----------|----------|----------|----------|
 > |  0x55b (Hex)  <br>  1371 (Dec)  |ERROR_SPECIAL_ACCOUNT|Cannot perform this operation on built-in accounts.|  winerror.h  |
-Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of zero members when applying the policy implies clearing the access group and should be used with caution.
+Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of zero members when applying the policy implies clearing the access group, and should be used with caution.
 ```xml
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" version="1.0">  
@ -152,7 +152,7 @@ The following table describes how this policy setting behaves in different Windo
 | ------------------ | --------------- |
 |Windows 10, version 1803 | Added this policy setting. <br> XML accepts group and member only by name. <br> Supports configuring the administrators group using the group name. <br> Expects member name to be in the account name format. |
 | Windows 10, version 1809 <br> Windows 10, version 1903 <br> Windows 10, version 1909 | Supports configuring any local group. <br> `<accessgroup desc>` accepts only name. <br> `<member name>` accepts a name or an SID. <br> This is useful when you want to ensure a certain local group always has a well-known SID as member. |
-| Windows 10, version 2004 | Behaves as described in this topic. <br> Accepts name or SID for group and members and translates as appropriate. | 
+| Windows 10, version 2004 | Behaves as described in this topic. <br> Accepts name or SID for group and members and translates as appropriate.| 
 <!--/Validation-->
@ -160,3 +160,7 @@ The following table describes how this policy setting behaves in different Windo
 <hr/>
 <!--/Policies-->
 ## Related topics
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@ -99,7 +99,7 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources.
+Allow Search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources.
 <!--/Description-->
 <!--ADMXMapped-->
@ -252,9 +252,9 @@ The following list shows the supported values:
 <!--Description-->
 Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files.
-When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified.
+When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes file path and date modified.
-When the policy is disabled, the WIP protected items aren't indexed and don't show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are many WIP-protected media files on the device.
+When the policy is disabled, the WIP protected items aren't indexed and don't show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps, if there are many WIP-protected media files on the device.
 Most restricted value is 0.
@ -359,7 +359,6 @@ This policy controls whether search highlights are shown in the search box or in
 - If you enable this policy setting, then this setting turns on search highlights in the search box or in the search home.
 - If you disable this policy setting, then this setting turns off search highlights in the search box or in the search home. 
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
@ -371,11 +370,13 @@ ADMX Info:
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values in Windows 10:
 - Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the taskbar search box and in search home.
 - Disabled – Disabling this setting turns off search highlights in the taskbar search box and in search home.
 The following list shows the supported values in Windows 11:
 - Not Configured/ Enabled (default) – Enabling or not configuring this setting turns on search highlights in the start menu search box and in search home.
 - Disabled – Disabling this setting turns off search highlights in the start menu search box and in search home.
@ -424,7 +425,6 @@ This policy has been deprecated.
 <!--Description-->
 Allows the use of diacritics.
 Most restricted value is 0.
 <!--/Description-->
@ -473,7 +473,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
-Allow Windows indexer. Value type is integer.
+Allow Windows indexer. Supported value type is integer.
 <!--/Description-->
 <!--/Policy-->
@ -508,7 +508,6 @@ Allow Windows indexer. Value type is integer.
 <!--Description-->
 Specifies whether to always use automatic language detection when indexing content and properties.
 Most restricted value is 0.
 <!--/Description-->
@ -712,9 +711,9 @@ Don't search the web or display web results in Search, or show search highlights
 This policy setting allows you to control whether or not Search can perform queries on the web, if web results are displayed in Search, and if search highlights are shown in the search box and in search home.
- If you enable this policy setting, queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
+- If you enable this policy setting, queries won't be performed on the web. Web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
- If you disable this policy setting, queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
+- If you disable this policy setting, queries will be performed on the web. Web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
 <!--/Description-->
 <!--ADMXMapped-->
@ -728,8 +727,8 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
- 0 - Not allowed. Queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
+- 0 - Not allowed. Queries won't be performed on the web. Web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
- 1 (default) - Allowed. Queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
+- 1 (default) - Allowed. Queries will be performed on the web. Web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -764,7 +763,7 @@ The following list shows the supported values:
 <!--Description-->
 Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1.
-Enable this policy if computers in your environment have limited hard drive space.
+Enable this policy, if computers in your environment have limited hard drive space.
 When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size.
@ -839,3 +838,6 @@ The following list shows the supported values:
 <!--/Policies-->
 ## Related topics
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@ -14,7 +14,6 @@ manager: dansimp
 # Policy CSP - Security
 <hr/>
 <!--Policies-->
@ -53,7 +52,6 @@ manager: dansimp
  </dd>
 </dl>
 <hr/>
 <!--Policy-->
@ -185,7 +183,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
-Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
+Admin access is required. The prompt will appear on first admin logon after a reboot, when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart.
 <!--/Description-->
 <!--ADMXMapped-->
@ -200,7 +198,7 @@ ADMX Info:
 The following list shows the supported values:
 -   0 (default) – Won't force recovery from a non-ready TPM state.
-   1 – Will prompt to clear the TPM if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear.
+-   1 – Will prompt to clear the TPM, if the TPM is in a non-ready state (or reduced functionality) which can be remediated with a TPM Clear.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -242,9 +240,9 @@ Configures the use of passwords for Windows features.
 <!--SupportedValues-->
 The following list shows the supported values:
-  0 -Disallow passwords (Asymmetric credentials will be promoted to replace passwords on Windows features)
+-  0 -Disallow passwords (Asymmetric credentials will be promoted to replace passwords on Windows features).
-  1- Allow passwords (Passwords continue to be allowed to be used for Windows features)
+-  1- Allow passwords (Passwords continue to be allowed to be used for Windows features).
-  2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords")
+-  2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords").
 <!--/SupportedValues-->
 <!--/Policy-->
@ -324,9 +322,10 @@ The following list shows the supported values:
 This policy controls the Admin Authentication requirement in RecoveryEnvironment.
 Supported values:  
-  0 - Default: Keep using default(current) behavior
+
-  1 - RequireAuthentication: Admin Authentication is always required for components in RecoveryEnvironment
+-  0 - Default: Keep using default(current) behavior.
-  2 - NoRequireAuthentication: Admin Authentication isn't required for components in RecoveryEnvironment
+-  1 - RequireAuthentication: Admin Authentication is always required for components in RecoveryEnvironment.
 -  2 - NoRequireAuthentication: Admin Authentication isn't required for components in RecoveryEnvironment.
 <!--/Description-->
 <!--SupportedValues-->
@ -393,7 +392,6 @@ If the MDM policy is set to "NoRequireAuthentication" (2)
 <!--Description-->
 Allows enterprise to turn on internal storage encryption.
 Most restricted value is 1.
 > [!IMPORTANT]
@ -477,8 +475,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
-Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots.
+Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS), when a device boots or reboots.
 Setting this policy to 1 (Required):
@ -488,7 +485,6 @@ Setting this policy to 1 (Required):
 > [!NOTE]
 > We recommend that this policy is set to Required after MDM enrollment.
 Most restricted value is 1.
 <!--/Description-->
@ -504,3 +500,7 @@ The following list shows the supported values:
 <!--/Policies-->
 ## Related topics
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@ -12,8 +12,6 @@ ms.date: 09/27/2019
 # Policy CSP - ServiceControlManager
 <hr/>
 <!--Policies-->
@ -25,7 +23,6 @@ ms.date: 09/27/2019
  </dd>
 </dl>
 <hr/>
 <!--Policy-->
@ -96,3 +93,7 @@ Supported values:
 <hr/>
 <!--/Policies-->
 ## Related topics
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@ -64,7 +64,6 @@ manager: dansimp
  </dd>
 </dl>
 <hr/>
 <!--Policy-->
@ -249,7 +248,7 @@ This policy disables edit device name option on Settings.
 <!--/Description-->
 <!--SupportedValues-->
-Describes what values are supported in by this policy and meaning of each value, default value.
+Describes what values are supported in/by this policy and meaning of each value, and default value.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -664,11 +663,11 @@ The following list shows the supported values:
 <!--Description-->
 Allows IT Admins to either:
- Prevent specific pages in the System Settings app from being visible or accessible
+- Prevent specific pages in the System Settings app from being visible or accessible.
  OR
- To do so for all pages except the pages you enter
+- To do so for all pages except the pages you enter.
 The mode will be specified by the policy string beginning with either the string `showonly:` or `hide:`. Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix.
@ -678,7 +677,7 @@ The following example shows a policy that allows access only to the **about** an
 `showonly:about;bluetooth`
-If the policy isn't specified, then the behavior is that no pages are affected. If the policy string is formatted incorrectly, then it's ignored (that is, treated as not set). It's ignored to prevent the machine from becoming unserviceable if data corruption occurs. If a page is already hidden for another reason, then it stays hidden, even if the page is in a `showonly:` list.
+If the policy isn't specified, then the behavior is that no pages are affected. If the policy string is formatted incorrectly, then it's ignored (that is, treated as not set). It's ignored to prevent the machine from becoming unserviceable, if data corruption occurs. If a page is already hidden for another reason, then it stays hidden, even if the page is in a `showonly:` list.
 The format of the PageVisibilityList value is as follows:
@ -721,3 +720,6 @@ To validate on Desktop, use the following steps:
 <!--/Policies-->
 ## Related topics
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@ -14,7 +14,6 @@ manager: dansimp
 # Policy CSP - Speech
 <hr/>
 <!--Policies-->
@ -26,7 +25,6 @@ manager: dansimp
  </dd>
 </dl>
 <hr/>
 <!--Policy-->
@ -79,3 +77,6 @@ The following list shows the supported values:
 <!--/Policies-->
 ## Related topics
 [Policy configuration service provider](policy-configuration-service-provider.md)